EU Cloud and AI Development Act annex sets data-center goals

The European Commission has published Annexes to its Proposal for a Regulation (COM(2026)502) — the Cloud and AI Development Act — setting out grand challenges and detailed audit criteria and Union assurance levels for cloud services and data centers.

• Main announcement: The Commission defines Grand Challenges including targets for data centers (notably an average Power Usage Effectiveness (PUE) of 1.15 across the Union and server utilisation towards 50%), and it sets out Union assurance levels 1–4 with concrete criteria on establishment in the Union, data localisation, personnel citizenship, cybersecurity certification, and absence of third-country control. The annexes were published as COM(2026)502 annexes on 3 June 2026.
• Details and implementation criteria: The annexes provide prescriptive audit and evidence requirements (for example SBOMs, lists of infrastructure locations, proof of legal incorporation, contractual clauses forbidding use of customer data to train third-country AI, and requirements for support/operations to be initiated and performed exclusively within the Union). They reference applicable legal instruments and standards such as Regulation (EU) 2024/2847, Regulation (EU) 2019/881, CEN/CLC/TS 18072:2025, and CEN/TS 18026:2024.