Overcoming Regulatory Hurdles in Data Storage Facilities

Overcoming Regulatory Hurdles in Data Storage Facilities

Data Centres Face Tightening Regulations in the UK and EU

The data centre industry in the UK and EU is navigating a complex and rapidly evolving regulatory landscape. Key areas of focus include energy efficiency and sustainability, data sovereignty, tariffs, merger control, foreign direct investment (FDI), foreign subsidies, anti-trust, securitisation, and compliance.

Energy Use and Sustainability

In the EU, data centres with a power consumption of 500 kW or more must report their energy performance annually, including metrics like Power Usage Effectiveness (PUE), renewable energy consumption, water usage, and waste heat reuse. This reporting mandate, which began in 2023, aims to promote energy efficiency and sustainability. New data centre facilities in cooler climates must meet a PUE of 1.3 as of January 2025, with existing facilities expected to comply by 2030. The EU aims for climate-neutral data centres by 2030, emphasizing energy efficiency, clean energy use, water conservation, circular economy principles, and heat reuse.

Data Sovereignty and Data Protection

The EU enforces data residency rules, requiring EU citizen data to be stored within the EU or jurisdictions with equivalent protections. Organisations must comply with the General Data Protection Regulation (GDPR). Post-Brexit, the UK is treated as a "third country," so data transfers require legal safeguards unless an adequacy decision is in place. The EU is in the process of renewing the UK adequacy decision following the UK's adoption of the Data (Use and Access) Act 2025 (DUAA), confirming UK data protection alignment with EU standards and enabling continued free data flow.

Tariffs, Merger Control, FDI, and Foreign Subsidies

While explicit details on tariffs, merger control, FDI, and foreign subsidies specific to the data centre sector in the UK and EU are not extensively detailed, these areas are generally governed under the EU’s and UK’s broader economic and competition laws. The EU and UK monitor foreign direct investment and subsidies via their respective screening and competition regimes to prevent market distortions and ensure competition. Given increasing geopolitical concerns, scrutiny over FDI and subsidies linked to foreign governments or entities is growing, especially for critical infrastructure like data centres.

Anti-Trust and Compliance

The EU and UK enforce anti-trust regulations to prevent anti-competitive behaviour, including in digital infrastructure sectors such as data centres. Organisations must comply with a complex framework of energy, environmental, data protection, and competition laws, alongside ongoing reporting and disclosure mandates routinely updated by regulatory bodies.

Securitisation

No specific information was found in the search results about securitisation in the data centre sector. However, given the capital-intensive nature of data centres, securitisation and project finance are common means for investment, subject to financial regulation compliance.

The data centre industry must balance achieving the EU’s green transition goals with maintaining competitiveness and supporting innovation. The ongoing EU adequacy process for UK data laws and debate around energy performance standards are prominent current challenges. Stakeholders need to consider all applicable regulations from the outset of any investment planning. High tariffs and uncertainty create challenges for data centre operators, leading to increased costs for development and operation. The current tariff environment is impacting data centre supply chains and those of customers. The supply shortage for talent in the sector necessitates vigilance against anti-competitive agreements in the labour market. Merger control, FDI, and foreign subsidies are key considerations for the data centre industry, particularly due to data centres being considered "critical infrastructure" for national security regulations. As the demand for data centre investment continues to grow, the market will need to evolve in response to incoming laws and regulation, requiring ongoing consideration of their likely impact on data privacy, energy efficiency, and anti-competitive practices.

Technology Improvements

To promote energy efficiency and sustainability in data centres, the EU requires annual reporting of energy performance metrics, with new facilities in cooler climates required to achieve a PUE of 1.3 as of January 2025.

Regulatory Compliance

Organisations operating in the data centre sector are subject to a complex framework of energy, environmental, data protection, and competition laws, particularly regarding data sovereignty, antitrust, and securitisation compliance, and ongoing reporting and disclosure mandates.

Read also: