Opinion
On the Record with

The Evolution of Regulatory Intelligence in Data Centres

Louisa Cilenti
Louisa Cilenti
Louisa Cilenti, Chief Legal Officer and Co-Founder, Clear Decisions

Built in partnership by The DCA and Clear Decisions, the Radar provides data centre leaders with real-time intelligence on the regulatory and policy landscape not just in the UK but right across the EU. Louisa Cilent, Chief Legal Officer and Co-Founder at Clear Decisions tells us more.

Regulatory Radar brings together planning reform, energy policy, sustainability regulation, AI infrastructure strategy, and the emerging Data Centre NPS in one accessible, continuously updated hub. The DCA’s key remit to keep the DC sector informed – access to new regulations is vital. 

A decade ago, data centres operated in a largely self-regulated environment. Voluntary standards and industry codes of practice governed most operational aspects. There were virtually no data centre-specific laws. That regulatory landscape has fundamentally transformed.

The volume of active legislation affecting data centres has surged from nearly zero specific requirements to a complex web of hundreds of regulations, directives and standards across multiple jurisdictions. The shift from light-touch self-regulation to highly mandated frameworks has been particularly pronounced at the EU level: the Energy Efficiency Directive and Delegated Regulation, Corporate Sustainability Reporting Directive, Corporate Sustainability Due Diligence Directive, the Energy Performance of Buildings Directive, NIS2, DORA, Empowering Consumers for the Green Transition Directive, Ecodesign Regulation, EU Battery Regulation, and the EU AI Act.

For years, operators tracked these emerging changes through manual and reactive strategies. That approach made sense when policy was slow-moving and sectorally siloed, making the regulatory landscape more predictable.

That model is collapsing

Regulatory change now moves too fast, touches too many operational domains, and intersects too deeply with commercial strategy for periodic monitoring to remain viable. Data centre operators are discovering that regulatory intelligence can no longer function as a background activity. It is becoming foundational infrastructure – something that shapes capital allocation, informs site selection, supply chain management, customer adoption and determines competitive positioning in real time.

The data centre sector faces this pressure with unusual intensity. We operate at the intersection of energy transition policy, digital infrastructure regulation, and climate compliance – three of the fastest-evolving policy domains in the UK and Europe. Each stream generates continuous signals. Together, they create a monitoring burden which can no longer be handled reliably by manual processing alone.

Why manual tracking has become unviable

The challenge is not simply volume, though volume has increased substantially. The deeper problem is that regulatory developments now carry immediate strategic consequences, making delayed intelligence a material business risk.

Consider Ofgem’s demand queue reform consultation earlier this year. Ofgem proposed a “Curate, Plan and Connect” framework to tackle speculative, non-viable, and slow-moving data centre projects – and gave operators eight weeks to respond. Manual tracking systems may have struggled to surface this early enough for considered engagement. Yet the implications were significant: existing connection positions faced potential reassessment, and projects lacking demonstrable readiness risked losing queue priority entirely.

This example is not isolated and is not confined to the UK. For major operators running pan-European platforms, the burden of actively monitoring all material policy developments and being ready with an engagement strategy is especially high. They need (as a minimum) to track planning reform, grid and energy policy developments in both UK and EU jurisdictions, AI Growth Zone designations, sustainability reporting frameworks, water management regulations, supply chain due diligence requirements, data privacy and cyber security regulations, AI governance regulations, and evolving technical standards, on top of employment laws, health and safety regulations and other mandatory regulations.

A compliance-aware mid-sized operator typically dedicates 15-20 hours per week across multiple teams purely to manual regulatory monitoring – before any impact assessment or strategic response occurs. That represents a substantial opportunity to strategically reinvest time saved by automated regulatory intelligence tools.

Early warning signals: the medium-term horizon

Effective regulatory intelligence is not about reacting faster to consultations or new rules. The real value lies in seeing policy direction emerging at least three years before it becomes binding law, critical for bridging the gap between current operational plans and long-term strategy – identifying emerging frameworks while they are still malleable, enabling quick pivots in response to emerging “unknown unknowns” and positioning strategically to seize opportunities before competitors.

The UK’s PFAS framework, published in February 2026, exemplifies this. “Forever chemicals” used in data centre cooling systems, cables, piping and electronic equipment,  semiconductor manufacturing, and fire suppression equipment – are now subject to a national strategy that, while avoiding immediate prohibitions, establishes a clear trajectory toward stricter lifecycle controls and enhanced disclosure requirements for both current use and historical contamination.

For operators who tracked PFAS policy development early, this creates actionable lead time and proactive risk management. The regulatory implications span multiple business functions: procurement must assess PFAS content across supply chains, facilities teams need to map current usage and potential PFAS-free substitutes, property functions must evaluate contamination exposure in owned and leased sites, and M&A due diligence processes require new assessment protocols. ESG reporting frameworks will shortly reflect PFAS management as a material disclosure item.

Operators who are late in anticipating the shift towards tighter regulations and are only ready to act once mandatory restrictions are implemented face compressed timelines and reactive compliance, whereas those who identified the policy trajectory early have already begun supplier engagement, contamination mapping, and substitution planning – converting potential liability into realisable competitive advantage.

The EU’s Circular Economy Act presents similar dynamics. New producer responsibility frameworks for electronic equipment will fundamentally reshape end-of-life planning for data centre hardware. Early visibility allows operators to integrate these requirements into procurement strategy, adjust capital planning for equipment lifecycle costs, and engage proactively with policymakers during consultation periods. Late awareness means expensive retrofitting under regulatory pressure.

This distinction – between seeing regulatory change years in advance versus months in advance – represents the shift from compliance function to strategic infrastructure. Regulatory intelligence at the medium-term horizon enables market positioning, not just obligation management.

Why we built a human-in-the-loop architecture by design

When we built Regulatory Radar, we made a deliberate architectural choice: human-in-the-loop from the ground up. We recognised the sector’s demands for accuracy, legal sophistication and commercial judgement to build trust and adoption. This made the design choice unambiguous, given the high number of “edge cases” where policy and legislation apply to data centres indirectly: automated monitoring and filtering at scale (where AI performs exceptionally well) to narrow down relevance, combined with expert interpretation (the human legal lens) at every critical decision point, to ensure domain-specific actionable intelligence.

This design choice reflects three fundamental realities about regulatory intelligence that pure automation cannot, at this time, address.

First, the reliability requirement. Large language models generate hallucinations – plausible-sounding assertions unsupported by actual sources. In high-stakes environments like critical national infrastructure, this is not an acceptable risk. I have observed AI tools incorrectly reporting the implementation status of the EU Green Claims Directive, missing the political dynamics that led to its suspension. They also demonstrate systematic bias in impact and risk scoring, often weighing regulatory developments more optimistically (higher impact, greater consequences) than the evidence supports. For data centre operators making capital allocation decisions worth tens or hundreds of millions, reliability is non-negotiable.

Second, the legal complexity requirement. AI struggles with legal complexity that requires contextual judgment. EU Directives exemplify this challenge: they establish binding objectives while delegating implementation methods to 27 national legal systems, creating fragmentation by design. AI cannot reliably navigate this transposition complexity or interpret the grey areas characteristic of emerging regulation.

The EU AI Act illustrates these limitations clearly. As White & Case observed in their EU AI Act Handbook (May 2025), substantial uncertainty remains about how courts and regulators will apply the Act in practice. Experienced lawyers can draw on parallel Directives and political context to assess likely evolution. AI cannot. It lacks the interpretive frameworks and nuance needed to read between lines of consultation documents, recognise when hedged language signals strong policy intent, or understand how ministerial commitments affect implementation probability.

Third, the contextual judgment requirement. Understanding what draft planning reform means for specific operator types, recognising policy signals embedded in seemingly procedural updates, and translating regulatory requirements through the lens of particular business models and risk profiles – this requires domain expertise that cannot be replicated through pattern matching alone.

This is why human-in-the-loop architecture is not simply cautious but essential, with human and technology leading with their respective strengths. AI handles scale: monitoring thousands of sources across jurisdictions, processing millions of data points, and identifying patterns. Human expertise provides skilled interpretation: understanding applicability, assessing business impact and delivering strategic context operators can act on immediately.

What effective regulatory intelligence requires

Purpose-built regulatory intelligence for data centres demands three integrated capabilities and a validation layer to enhance oversight and confidence.

Comprehensive coverage across the full policy landscape – not merely regulations operators anticipate, but consultation documents, policy statements, and directional signals indicating where frameworks are heading.

Expert interpretation that combines AI-powered monitoring with domain expertise.

Operational integration that embeds regulatory intelligence directly into decision-making workflows – capital planning, power procurement strategy, site selection evaluation – rather than treating it as a separate compliance review.

Industry peer validation through practitioner review and testing.

Our partnership with The Data Centre Alliance (The DCA) provides this important validation layer and feedback loop. The DCA brings sector-specific operational context from practitioners and members who understand how regulatory changes affect facility design, power procurement, cooling systems, and capital planning in practice. This peer review ensures that regulatory signals are filtered not just for legal accuracy, but for operational materiality.

From regulatory advantage to competitive advantage

Operators investing in structured regulatory intelligence today gain a genuine competitive edge. Visibility of the direction of policy 18-36 months in advance versus a more typical six months creates strategic advantage through material optionality. There is time to shape consultations, adjust capital plans proactively, and clearly create an advantageous market positioning.

Just as cybersecurity evolved from differentiator to baseline requirement over the past decade, regulatory intelligence is following the same trajectory. While this regulatory advantage might be temporary, it offers longer term advantages in terms of the positioning adopted and strategic path followed. The question facing operators is not whether to procure this capability but when.

Strategic Partner Badge

To find out more about the Regulatory Radar – click here

Categories
Opinion DCAOpinionSkills & Training
Previous article
Stop treating the roof as an afterthought

Related Articles

Artificial IntelligenceCloud & Hybrid ComputingCoolingData Analytics & SecurityData Centre Design & OperationsEdge ComputingGreen IT & SustainabilityIndustryNetworking & ConnectivityPowerSkills & Training

More Opinions

Read more Opinions

Subscribe to our twice weekly newsletter

It takes just one minute to register for the leading twice weekly B2B newsletter for the data centre industry, and it's free.
Register here

Benefits of registering with Data Centre Review

Receive two newsletters each week

Magazine sent directly to your inbox

Invites to exclusive events

Register

The latest developments within the data centre industry across the UK & Ireland

Artificial IntelligenceCloud & Hybrid ComputingCoolingData Analytics & SecurityData Centre Design & OperationsEdge ComputingGreen IT & SustainabilityIndustryNetworking & ConnectivityPowerSkills & Training

HTML tutorial
Access the Digital Edition now



SJP logo
© Data Centre Review / SJP Business Media 2026