Data centres have shifted from a largely regulation-light position into a sector attracting closer oversight because of their role in the digital economy and the growth of Artificial Intelligence. The crucial role of data centres in the digital economy was recognised in 2024 when they were designated as critical or essential entities and critical national infrastructure under EU and UK law. The proposed UK Cyber Security and Resilience (Network and Information Systems) Bill would introduce regulatory duties for operators of UK data centres above defined capacity thresholds, including notification to Ofcom and structured information requirements.
The rapid progress of Artificial Intelligence has accelerated investment and development of data centres worldwide. Last year, the European Commission launched its Artificial Intelligence Continent Action Plan, targeting the tripling of data centre capacity in the EU in five to seven years. In the UK, plans for the UK’s biggest Artificial Intelligence data centre, comprising four sites generating 2.5GW of Artificial Intelligence computing power, were approved earlier this year in North Lincolnshire.
The opportunity carries sustainability risks because data centres are energy and water intensive, while generating high levels of heat and noise. Data published by the IDCA in 2026 shows that in the UK, data centres account for 5.9% of electricity consumption, and in the US the figure stands at 6%, both well above the global average of 2%. In its 3 November 2025 data centre planning, sustainability and resilience research briefing the UK government estimated that UK data centres consume around 2.5% of the UK’s electricity and predicted this would increase four-fold by 2030. At the same time, the government reported that while it was seeking to prioritize strategically important projects including Artificial Intelligence data centres, in the 6 months to June 2025 the queue to connect to the grid had grown by 460%, contributing to waits of up to 15 years for projects to connect to the grid.
The United Kingdom has so far focused on cyber security and national infrastructure risk, via the NIS Regulations 2018 and the proposed CSR (NIS) Bill, and has stopped short of direct operational, energy or reporting regulation. In the EU, updates to the Energy Efficiency Directive 2023 combine security rules with mandatory data centre reporting, energy audit obligations and waste heat recovery requirements. Owners and operators of data centres in the EU with over 500kW of installed IT capacity must report a range of key performance indicators by 15 May each year. These KPIs are detailed in Delegated Regulation (EU) 2024/1364, which came into force on 6 June 2024, and cover details including the data centre’s owner and operator, location, installed power, annual data traffic, energy consumption, power utilisation, and water usage.
Beyond reporting, data centres are likely to be caught by wider energy audit and management system obligations because of their energy intensity. Data centres with a total rated energy input exceeding 1MW must utilise waste heat or apply other waste heat recovery measures, unless they can demonstrate it is technically or economically unfeasible to do so. The data collected will feed into a forthcoming ratings scheme for data centres, with a draft regulation published in Q1 2026 and expected to be adopted later this year, and with minimum energy and water performance standards expected to follow. Strong energy, water and heat performance may become a point of differentiation for operators seeking customers with their own climate targets, as well as a way to future-proof assets against a more demanding market.
