Managing regulatory hurdles in data storage facilities
The data centre industry, considered critical infrastructure for national security, faces a multitude of legal and regulatory challenges. These challenges primarily revolve around energy use regulations, data sovereignty, tariffs, merger control, foreign direct investment (FDI), foreign subsidies, anti-trust law, securitisation, and sector-specific regulation.
Energy Use and Sustainability
The EU's Energy Efficiency Directive (EED) imposes mandatory reporting requirements on data centre power consumption and plans to set minimum performance standards (MPS) to enhance sustainability and reduce greenhouse gas emissions. However, the proposed MPS have faced criticism from industry groups for being based on incomplete or inconsistent data, potentially harming Europe's digital ambitions if rushed without strategic design. Data centres also face scrutiny for their energy consumption in cooling and air conditioning, which grows rapidly, prompting concerns about compliance burdens and potential constraints on expansion or innovation.
Data Sovereignty and Protection
Post-Brexit, the UK is treated as a “third country” under the EU’s GDPR. However, the UK’s adoption of the 2025 Data (Use and Access) Act (DUAA) has prompted the European Commission to renew its adequacy decision, allowing for free flow of personal data from the EU to the UK without additional safeguards, provided the UK data protection remains aligned with EU GDPR standards. Businesses must carefully navigate UK and EU data protection regimes to ensure compliance and manage cross-border data transfers efficiently.
Tariffs and Trade Regulations
Tariffs on data centre equipment and electricity costs can be influenced by EU and UK trade policies and energy tariffs, especially with increasing policy focus on sustainability and energy efficiency that can impact operational costs.
Merger Control
Data centres involving mergers or acquisitions must comply with both UK and EU merger control rules, which scrutinize transactions to prevent anti-competitive concentration. This involves review by the UK's Competition and Markets Authority and the EU Commission’s Directorate-General for Competition depending on deal size and market impact.
Foreign Direct Investment (FDI) and Foreign Subsidies
Investments in critical infrastructure like data centres attract FDI screening under both UK and EU rules to assess national security and public interest concerns. The EU also has rules addressing foreign subsidies that can distort competition, requiring businesses to declare such subsidies and potentially face remedies or penalties. The UK similarly imposes FDI regulations, screening investments from certain jurisdictions and sectors, including critical infrastructure that would cover data centres.
Anti-trust Concerns
Anti-trust law applies to data centre operators potentially engaging in anti-competitive behavior, market dominance abuse, or restrictive agreements. Both UK and EU competition frameworks are applicable, particularly given the major global data centre operators active across Europe.
Securitisation and Financial Regulation
Financing data centre projects often involves securitisation of assets or future revenues. Businesses must comply with the UK's Financial Conduct Authority and EU financial regulations regarding securitisation, transparency, and investor protection.
Sector-Specific Regulation
Beyond the above, data centres may be subject to additional environmental, planning, and telecommunications regulatory requirements in both jurisdictions, with ongoing policy shifts aimed at balancing digital growth with climate targets.
In summary, navigating the complex regulatory landscape for data centre investments demands attention to both UK-specific reforms like DUAA and EU-wide initiatives such as the EED and adequacy renewals, all underpinned by rapidly developing sustainability imperatives. Failure to comply with these regulations can result in severe consequences. Industry players must develop and observe policies that uphold rigorous standards in relation to data privacy, energy efficiency, and anti-competitive practices while delivering on their commercial imperatives. Operators need to conduct detailed due diligence of their supply chain and contractual arrangements with suppliers to assess their exposure to tariffs, which may be passed on to customers through higher rent and service fees. The demand for data centre investment is growing, and the market must evolve to respond to incoming laws and regulations, requiring ongoing consideration of their likely impact.
Technology plays a crucial role in the sustainable operation of data centres, as the EU's Energy Efficiency Directive (EED) aims to set minimum performance standards to reduce greenhouse gas emissions. However, concerns about the proposed standards' basis and potential harm to Europe's digital ambitions persist.
In the realm of data protection, the UK's adoption of the 2025 Data (Use and Access) Act (DUAA) is under review by the European Commission to maintain the free flow of personal data from the EU to the UK, provided the UK data protection standards remain aligned with EU GDPR. Businesses must navigate both UK and EU data protection regimes for efficient cross-border data transfers.
