you are being redirected

You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH :

30 January 2023

Key legal topics in data centre development and investments

The recent years' sprint towards digitalisation was one of the decisive factors in accelerating the transformation of telecommunications infrastructure. The global markets expect an increase in investments in telecom infrastructure and Romania is no exception.

Two large data centre investments have been announced in the last two years, one a 200 MW, 25,000 m2 technology campus outside Bucharest (completed) and the second to be developed by Microsoft. These add to the existing 19 operating data centres in Bucharest, which aggregate 65,883 m2 of data storage infrastructure.

A number of key drivers support the increased demand for local infrastructure in the coming years, one of the most relevant being the digitalisation of the public administration. The Recovery and Resilience Plan for Romania implemented as part of the EU's plans to mitigate the economic and social impact of the coronavirus pandemic and make European economies and societies more sustainable and resilient has allocated close to EUR 2bln to the "Digital Transformation" pillar, funds available to the local administration for their digital transition.

Other aspects, such as increased infrastructure demand from telecom operators in response to the big shift in consumer habits and new technology, multimedia and internet demand are also likely drivers towards a larger market for data centres.

Essentially a real estate asset, the legal implications of developing or investing in data centres spread far beyond a traditional real estate transaction. In addition to often complex property issues, these projects will also require careful consideration of aspects such as IT, power supply, regulatory and permitting, financing, contracting and data security.

Irrespective of the nature of the data centre (carrier neutral or non-carrier neutral) or the type of investment and the counterparties to the project, a legal checklist for data centre review is expected to cover at least the following key topics:

1. Title over the premises

Given the big investments required by this asset class, a data centre will likely require ownership title over the premises, or at least a long-term lease agreement with an option for the lessee to extend the term of the lease. Holding real title over the premises will be decisive for obtaining construction permits, while lease or concession structures will prompt discussions on the ultimate benefit over the investments made in the data centre.

Often, investors will also require an overview of the neighbouring properties to evaluate the feasibility of possible extensions.

2. Permitting

Since location is one of the key items to be secured in a project of this kind, providers of data centres will need to ensure compliance with zoning and building-related requirements.

Additionally, given the sensitive nature of the business, the development or acquisition of data centres will likely be subject to the scrutiny of the authorities involved in foreign direct investment (FDI) screening. Similar to other countries, Romania has recently strengthened its FDI screening regime, introducing a standstill obligation and turnover-based fines for breaches. 

3. Material contracts

The data centre's ability to generate long-term revenues largely depends on the clients' concentration and the terms of their service agreements. Considering the fit-out costs incurred by a customer in establishing its presence in a data centre, the risk of early termination of a service agreement should be within reasonable limits. Nevertheless, a large customer will likely be interested in retaining such an early termination right in case it decides to develop its own storage facility, or in case of an increased need for capacity that cannot be serviced by the initial provider. Likewise, continued and flawless servicing will be critical for customers who will be interested in negotiating strict clauses on the minimum service level throughout the agreement.

4. Connection and security

Input is equally critical for the operation of data centres. Customers and, when the time comes, investors will seek certainty over the terms of the third-party connectivity agreements, to ensure that the telecom carriers are equally reliable and can provide long-term uninterrupted connection to their system.

Additionally, being high-value digital assets, data centres are prone to the risk of cyberattacks. This makes cybersecurity a key aspect to be considered in any development or investment into data centres. Just as when taking over traditional financial debt and liabilities, an investor in data centres will inherit all the cyber vulnerabilities of the respective business. Hence, an acquirer must be wary not only of failing to obtain the full value of what it seeks, but also of belatedly discovering the target to be burdened by cybersecurity shortcomings that create risks for the buyer. Such vulnerabilities may translate not only into increased costs to strengthen the security systems, but also into potential liabilities towards customers who may find their confidential or personal data at risk.

Lastly, a thorough due diligence review of connectivity would not be complete without verifying the data centres' energy supply. Uninterrupted supply is of utmost importance for these businesses, and interruptions may have a direct financial impact on their customer agreements.

Data centres have been increasingly interested in reducing their dependency on third-party suppliers and developing their own energy sources as back-up, parallel or even exclusive solutions. The recent surge in energy costs and the data centres' own commitments to sustainability have acted as catalysts in this direction. In terms of due diligence, the scope will likely cover the review of PPAs (power purchase agreements), permitting for their own renewable energy facilities and connectivity to the grid.

5. Data protection

Although data centres do not access or process their customers' personal data, the customers do rely on and entrust these facilities with their personal data. Hence, a data centre should be able to provide sufficient comfort to its customers that their personal data will be fully protected from a GDPR and cybersecurity regulations standpoint.


As the world continues on its path towards ever more digitalisation and the demand for telecommunications infrastructure increases exponentially, data centres will continue to be an attractive investment for infrastructure funds and strategic players. Planning to develop or invest in data centres may present a complex range of legal challenges requiring a holistic approach in terms of both due diligence and transaction structuring.