FEATURE
Facilities that combine strong cybersecurity, resilience and internationally recognized certifications become strategic because regulation is moving faster than much of today’ s infrastructure.
In this shifting environment, decisions about where infrastructure is located and who operates it have become decisions about governance.
The nationality and jurisdiction of the infrastructure operator dictate which legal frameworks apply to data and the extent of extraterritorial claims.
These jurisdictional factors have direct architectural consequences. Data centres must be built for adaptability, able to adjust as rules, risks and technologies evolve and trust must be embedded from the ground up.
Regulatory drivers
Hosting decisions for data and applications are increasingly shaped by data sovereignty and resilience laws, which influence both location and interconnection design. For financial services, the Digital Operational Resilience Act, applicable from January 2025, marks a pivotal regulatory milestone for the EU and the European Economic Area.
It requires regulated financial entities and their technology partners, such as data centres, to demonstrate their ability to withstand ICT disruption and report major incidents swiftly.
This points to a broader direction of travel. By 2030, international standards are likely to provide the backbone for simpler cross-border compliance without unnecessary duplication.
ISO standards provide recognized benchmarks for security, continuity and sustainability. They establish a unified control framework that spans multiple regimes through a single, coherent set of control.
In practice, certifications such as ISO / IEC 27001 and ISO / IEC 27701 are frequently requested and often mapped to NIS2 and DORA requirements in the EU and EEA. Meanwhile, NIST’ s updated Cybersecurity Framework reinforces this consistency, giving stakeholders a shared model for risk management as digital operations scale across borders.
For data centres, these frameworks chart a clearer path to evidencing resilience and sustainability at a time when AI, increasing power density and new cooling methods are reshaping operations.
Ultimately, ISO and NIST provide common ground for aligning national rules, supporting the global spread of AI and cloud while keeping within diverse legal boundaries.
Yet, while international convergence is growing, the reality on the ground remains fragmented. GDPR continues to set the baseline across Europe; however, member states often add stricter national provisions, creating complexity for organizations hosting data across borders. www. intelligentcio. com
INTELLIGENT CIO EUROPE
37