Overcoming regulatory hurdles in data facility management
In the rapidly evolving digital landscape, businesses operating data centres in the UK and EU face a multifaceted regulatory environment. This complex regulatory environment encompasses energy use, data sovereignty, tariffs, merger control, foreign direct investment (FDI), foreign subsidies, anti-trust laws, securitisation, and overall compliance.
Energy Use
The EU’s Energy Efficiency Directive (EED) imposes mandatory energy reporting and aims for minimum performance standards (MPS) to promote sustainability in data centres. However, industry bodies like the Climate Neutral Data Centre Pact (CNDCP) express concerns that current MPS proposals may be rushed, relying on incomplete data and potentially hindering innovation and competitive growth. The EED primarily focuses on larger data centres but excludes smaller ones under 500 kW, limiting full scrutiny. The UK, aligned with EU ambitions on sustainability, is expected to develop its own policies in this regard.
Data Sovereignty and Protection
Following Brexit, the UK is treated as a "third country" under the EU General Data Protection Regulation (GDPR). However, the EU has launched a process to renew the UK’s adequacy decision based on the UK’s Data (Use and Access) Act 2025 (DUAA), confirming UK data laws remain closely aligned with EU GDPR standards. If approved by December 2025, this renewal will allow continued free flow of personal data from the EU to the UK without additional safeguards. The UK is also expected to release updated guidance on data protection reform under the DUAA in winter 2025/2026, promoting innovation while maintaining protections.
Tariffs
Specific tariff regulations for data centre operations are not detailed in the recent sources. However, tariffs impacting data centres may arise indirectly through energy tariffs or cross-border trade policies. No new UK/EU tariffs targeted specifically at data centre businesses were noted.
Merger Control and Anti-trust
EU and UK competition laws apply to mergers and anti-trust behaviour in data centre markets. Businesses must comply with the EU Merger Regulation and UK Competition Act, which govern market dominance, abuse, and merger approvals to prevent anti-competitive practices.
Foreign Direct Investment and Foreign Subsidies
Foreign direct investment in data centres is subject to both UK and EU scrutiny to ensure national security and market fairness. The EU’s foreign subsidies regulation and UK equivalent (aligned post-Brexit) aim to monitor and potentially restrict subsidies from non-EU/UK entities that could distort competition. Compliance requires due diligence in investment structures.
Securitisation and Overall Compliance
Specific details on securitisation related to data centres were not found in the sources. Data centre businesses must ensure financial compliance aligned with corporate governance, financial reporting, and regulatory obligations in both jurisdictions. Overall compliance requires navigating an evolving landscape of data protection (GDPR/DUAA), energy laws (EED, Green Deal), anti-trust, FDI, and sustainability requirements.
In summary, UK and EU data centre operators must carefully monitor evolving energy efficiency standards, ensure alignment with closely harmonized data protection laws for cross-border data flows, prepare for merger and investment scrutiny, and manage overall compliance in a regulatory framework aiming to balance sustainability, security, and innovation. For more information, refer to the Tech Regulation section on the Inside Tech Law hub and the Digital infrastructure insights hub.
Technology plays a crucial role in the operation and regulation of data centres in the UK and EU. Compliance with energy efficiency standards under the EU's Energy Efficiency Directive (EED) and the UK's anticipated equivalent regulations is essential to promote sustainability, while adherence to data protection laws, such as the EU General Data Protection Regulation (GDPR) and the UK's Data (Use and Access) Act 2025 (DUAA), is necessary for maintaining the free flow of personal data between the EU and UK. Moreover, businesses must be vigilant about merger control and foreign direct investment (FDI) regulations to ensure market fairness and prevent anti-competitive practices.
