Data centres under governance pressure

Britain’s data centres are being treated less like back-office warehouses and more like critical infrastructure that must meet formal cyber and compliance rules. (gov.uk) The shift started on 12 September 2024, when the government designated UK data centres as Critical National Infrastructure, the first new designation of that kind in almost a decade. Ministers said the move put data centres alongside water, energy and emergency services systems. (gov.uk) On 6 March 2026, the Department for Science, Innovation and Technology said data centres meeting size thresholds will be designated “essential services” under the Network and Information Systems Regulations 2018, with Ofcom as regulator. Operators will have to notify Ofcom, manage cyber and resilience risks, and report significant incidents. (gov.uk) The government’s April 2025 Cyber Security and Resilience Bill policy statement tied that tougher approach to recent attacks on public services, including a cyberattack on a supplier to London National Health Service hospitals that led to more than 11,000 postponed appointments and procedures. The policy paper said the bill drew on earlier consultations and lessons from the European Union’s Network and Information Systems Directive 2 regime. (gov.uk) The pressure is rising as the sector grows. The House of Commons Library said the UK had about 1.6 gigawatts of data-centre capacity in 2024 and government analysis suggested that could rise to between 3.3 and 6.3 gigawatts by 2030, with most current capacity concentrated in Greater London. (commonslibrary.parliament.uk) That expansion has turned governance into more than a cyber checklist. Data Center Knowledge reported on 13 April 2026 that operators now face overlapping exposure on privacy, cybersecurity, incident reporting, contracts and insurance, with ransomware singled out as a recurring legal and commercial risk. (datacenterknowledge.com) The environmental file is widening at the same time. A Department for Energy Security and Net Zero report published on 14 August 2025 said data-centre growth is increasing electricity demand even if some digital services can use less electricity than physical alternatives over a full delivery chain. (gov.uk) Water is moving onto the same agenda. A Government Digital Sustainability Alliance report highlighted by the United Kingdom government in September 2025 said current water resource plans do not adequately account for rising demand from artificial intelligence and data centres, even as England faces a projected daily water deficit of nearly 5 billion litres by 2050. (gov.uk) (sustainableict.blog.gov.uk) Industry groups have pushed back against the broadest environmental criticisms. techUK said in an August 2025 report based on 73 facilities in England that 51 percent of surveyed sites used waterless cooling and 64 percent consumed under 10,000 cubic metres of water a year, while arguing for better reporting and planning rather than blanket assumptions about usage. (techuk.org) The result is a wider definition of what running a data centre now means in Britain: not just keeping servers online, but proving resilience, reporting incidents, and accounting for power and water in places where growth is fastest. (gov.uk) (commonslibrary.parliament.uk)