Consensus on regulatory goals hides national differences

Consensus on regulatory goals hides national differences

In recent reports, Uptime Institute Intelligence has warned that a wave of resiliency, security and sustainability legislation is making its way toward the statute books. Governments around the world — aware that digital infrastructure is increasingly critical to economic and national security (and consumes a lot of power) — have decided the sector cannot be left unwatched and unmanaged.

New laws relating to data center sustainability have attracted the most attention, partly because some of the provisions will likely prove expensive or difficult to meet. In Germany, for example, the Energy Efficiency Act, which was passed by Germany’s lower house of parliament in September 2023, requires all new data centers to reuse a set proportion of their waste heat (with some exceptions) and have a power usage effectiveness (PUE) of 1.3 or below. The legislation also specifies that older data centers will be required to reach this level by 2026.

The act, which has been dubbed by some as the “data center prevention act,” is the first of many new laws planned by European governments. It anticipates (and adds to) the requirements of the EU’s Energy Efficiency Directive (EED), which comes into force in the latter part of 2023. The EED contains a long list of onerous reporting and improvement requirements for data centers that will be transposed into national law in all 27 EU member states.

Sustainability is not, however, the focus of a lot of the upcoming regulation. A recent Uptime Institute report, Digital resiliency: global trends in regulation, looks at how legislation addressing resiliency across the digital supply chain is being implemented or planned in the US, EU, UK, Singapore, Australia and elsewhere. At least some of these laws will have far-reaching effects on the digital infrastructure ecosystem.

While rules to ensure resiliency are not new, the latest wave signals a significant extension of regulatory oversight. The new laws are a response to the growing threat of complex, systemic or even irrecoverable outages and are a recognition that data center services now play a critical role in a modern economy — a lesson underlined during the COVID-19 pandemic.

A common theme of these new rules is that, effectively, governments are now classifying digital infrastructure as part of the critical national infrastructure. This is a specific term that means operators of critical services are subject to security, availability, transparency and reporting mandates. Under these regulations, all participants in the infrastructure supply chain — whether software, hosting, colocation, cloud or networking — need to be transparent and accountable.

Uptime Intelligence research suggests that few operators are up to date with pending legislation or the requirements and costs of compliance. In the area of sustainability, surveys show that most data center / digital infrastructure operators are not collecting the data they will soon need to report.

Operators in North America (primarily the US) tend to be much more wary of regulation than their counterparts in other parts of the world — wariness that applies both to sustainability and to resiliency / transparency. In a 2021 Uptime Institute climate change survey, for example, three-quarters of European and Asian data center operators said they thought data center sustainability laws were needed — but only about 40% of US operators agreed (see Figure 1).

Figure 1. Majority invite more regulation for sustainability

Diagram: Majority invite more regulation for sustainability

In the 2023 Uptime Institute Global Data Center Survey, operators were asked about their attitude toward resiliency laws that would reveal more details of data center infrastructures and would enable certain customers (i.e., clients with critical requirements) to visit or assess facilities for resiliency. Operators everywhere were broadly supportive, but once again, those in North America were the most wary (see Figure 2).

Figure 2. North American operators least likely to favor transparency laws

Diagram: North American operators least likely to favor transparency laws

Differences in attitudes toward the role of regulation are not limited to businesses; regulators too differ in their aims and methods. The US, for example, generally puts more emphasis on economic incentives, partly through the tax system, such as the Inflation Reduction Act, while Europe favors the stick — rules must be followed, or penalties will follow.

In the US, when resiliency laws are introduced or proposed, for example by the Securities and Exchange Commission, they are not expected to be backed up by tough sanctions for failures to comply — unlike in the EU, where penalties can be high. Instead, organizations are encouraged to conform, or they will be prevented from bidding for certain government contracts.

And while Europe and parts of Asia (such as China and Singapore) have tough sustainability laws in the pipeline, the US has no federal laws planned.

There is, of course, a long-running debate over whether expensive carrots (the US model) or punitive, bureaucratic sticks are the most effective methods in facilitating change. Evidence from the Uptime Institute annual survey does show that regulations drive some investments (see Regulations drive investments in cybersecurity and efficiency). But, of course, so do rules that require investments in equipment.

For data center owners and operators, the end result may not be so different. High levels of resiliency and transparency are mostly expected to be rewarded in law and in the market, as are energy efficiency and low carbon emissions.

However, the incentive model may cost less for operators because of generous rebates and exemptions — Uptime estimates that fulfilling the emerging reporting requirements for sustainability and resiliency can cost upwards of $100,000.


The Uptime Intelligence View

The role and extent of regulation — and of incentives — is likely to change constantly in the next decade, making it difficult for data center operators to formulate a clear strategy. The most successful data center owners and operators will be those that aim for high standards at an early stage, in both areas of resiliency and sustainability, and invest accordingly. The business case for such investments is becoming ever stronger — in all geographies.

Share this