US Federal Data Center Law Expires Without Replacement, Risks Increase

What happened?

On September 30, 2024, the Federal Data Center Energy Efficiency Law, enacted in 2014, expires. This law required federal agencies to consolidate data centers, measure their energy efficiency using the PUE (Power Usage Effectiveness) indicator, and adopt sustainable practices. According to TechRadar, there are no signs that Congress will renew or replace it before expiration. The law, which also included physical and cybersecurity requirements, was a milestone at the time, but now it remains in limbo as data center demand soars.

Why is it important?

Data centers consume approximately 2% of global electricity and generate CO2 emissions comparable to the aviation industry, according to the International Energy Agency (IEA). In the US, data center demand is growing exponentially due to generative AI and cloud computing: US data center electricity consumption is expected to double by 2030, from 17 GW in 2022 to 35 GW, according to a McKinsey report. Without a federal law, a unified framework for ensuring physical and cybersecurity and energy efficiency is lost. This affects both government and private infrastructure, which often follows federal standards as a reference. The expiration comes just as generative AI, like ChatGPT, requires enormous computational resources: training a model like GPT-4 consumed approximately 50 GWh, equivalent to the annual consumption of 4,600 US households.

Immediate consequences

• Increased emissions: Without mandatory targets, operators might prioritize deployment speed over sustainability. US data centers could emit 200 million metric tons of CO2 annually by 2030 if no action is taken, according to a University of California study.
• Security risks: The law required incident reporting and minimum physical and cybersecurity standards; its absence reduces transparency. In 2023, 15 security incidents were reported in federal data centers, according to the GAO, and without the law, these incidents might go unreported.
• Regulatory fragmentation: States like Virginia (which hosts 70% of global internet traffic) or California could impose their own rules, creating a complex regulatory patchwork for companies. Virginia has already proposed a bill requiring a maximum PUE of 1.4 for new data centers.
• Competitive disadvantage: European companies subject to stricter regulations (such as the EU Data Center Code of Conduct and the Energy Efficiency Directive) could have an advantage in sustainability, while US companies face uncertainty. The EU is also considering mandatory sustainability reporting requirements for data centers.

Historical context

The 2014 law was pioneering in requiring efficiency metrics (PUE) and consolidation. Its expiration comes at a time when the US government is pushing the CHIPS Act to manufacture semiconductors but neglecting the infrastructure that uses them. Similar to what happened with the expiration of the FCC's Privacy Law in 2017, which left ISPs without clear rules, the lack of action now could create uncertainty. Additionally, the Executive Order on AI from October 2023 includes provisions on data centers, but they are temporary and do not replace a comprehensive law. The expiration also echoes the Federal Data Center Modernization Law of 2010, which expired without renewal, leading to a stall in consolidation. According to the GAO, between 2010 and 2019, federal agencies closed only 3,100 of the 6,500 planned data centers, and the lack of a law could reverse that progress.

What should readers know?

Companies operating data centers in the US should prepare for a more uncertain regulatory environment. It is recommended to voluntarily adopt standards such as those from the Uptime Institute or The Green Grid. For citizens, the expiration means the environmental footprint of AI could worsen. Tech investors should monitor reputational and regulatory compliance risk. Moreover, the lack of a federal law could delay the construction of new data centers, as operators wait for regulatory clarity. According to a JLL report, the average time to obtain permits in states with their own regulations could increase by 30%.

"The expiration of this law is a missed opportunity to align AI expansion with US climate goals." — Analyst at TheVortiq

Possible future scenarios

Congress is likely to introduce a new bill before the end of the year, but there are no guarantees. Meanwhile, the Executive Order on AI from October 2023 includes provisions on data centers, but they are temporary. Without legislative action, regulation will fall to the states, which could slow the construction of new facilities. An optimistic scenario would be the passage of the "Data Center Efficiency and Security Act" proposed by some lawmakers, which would include renewable energy targets and cybersecurity requirements. In the worst case, the absence of a federal law could lead to a race to the bottom in standards, with states competing to attract data centers by relaxing regulations. This has already been seen in Ohio, where data centers were exempted from certain taxes without requiring energy efficiency. International experience shows that countries like Singapore have paused new data center construction due to energy impact, while Ireland has imposed moratoriums. The US could face similar issues if it does not act soon.