Artificial intelligence relies on the digital infrastructure provided by hyperscale data centres for model training, real-time inference, data storage, and the low-latency computing that underpins everything from language models to industrial automation. These AI-centric data centres operate as the backbone behind AI’s most significant advancements, but they also present critical infrastructure and risk management challenges. This article examines the intersection of AI risk management with data centre operations in 2025, highlighting frameworks, emerging risks, and best practices for the era of AI-driven infrastructure.
The intersection of AI and data centre infrastructure
Data centres power AI by providing the necessary computational capacity and low-latency environments for training and running complex models such as large language models (LLMs) and generative AI systems. The escalating demand for AI has driven unprecedented growth in AI-specific data centres, which require significant energy, cooling, and security resources.
These data centres not only support model development but also operationalise AI applications that detect fraud, predict cybersecurity threats, and automate risk controls. However, the integration of AI amplifies infrastructure risks, including:
- Increased energy and cooling demands impacting sustainability and operational costs.
- Heightened cybersecurity threats targeting AI models and data assets housed within data centres.
- The operational complexity of managing AI workloads alongside traditional IT functions at scale.
Data centre investors, developers, and operators face significant risks, including supply chain bottlenecks, rising energy costs, and increasing pressure to adopt sustainable construction practices. This comes as global data centre capacity is projected to nearly triple by 2030, primarily driven by surging demand for AI and cloud computing. Effectively understanding and managing these risks is crucial to ensuring resilient and reliable AI deployments worldwide.
Regulating AI-centric data centres
UK data centre operators face direct regulation under cybersecurity and critical infrastructure laws; however, AI-specific rules are mainly principles-based and sectoral. The government has outlined five cross-sectoral AI regulatory principles - safety, transparency, fairness, accountability, and contestability - that guide AI development and deployment, with a focus on AI assurance, which involves demonstrating trustworthiness and regulatory compliance. UK financial regulators, including the FCA and Bank of England, emphasise the importance of data centre resilience as vital to AI risk controls in financial systems, where stability and data integrity are critical. This is reflected in the Critical Third Party (CTP) regime, which addresses risks from third-party providers such as data centre operators.
By contrast, the EU AI Act is a comprehensive, binding regulation that applies across the EU, with extraterritorial reach for any AI system deployed or used within the EU. The Act’s provisions for high-risk AI systems include implicit expectations that the infrastructure supporting those systems - such as data centres - is secure and reliable, with particular emphasis on data governance and protection duties. Data centre operators may become responsible for compliance when they host or manage high-risk AI systems, especially those that impact physical security or the integrity of critical infrastructure and must ensure appropriate technical and organisational safeguards are in place.
In the US, the primary regulatory frameworks tend to be environmental and infrastructure in nature, with data centre projects defined by electricity load thresholds (e.g., >100 MW) related to AI-specific use cases such as training and inference. In contrast, China regulates data centres primarily through a combination of industrial policies, cybersecurity laws, and digital infrastructure controls aimed at ensuring national security, data sovereignty, and energy efficiency.
AI risk management frameworks
AI risk management frameworks provide structured guidance for identifying, assessing, and mitigating risks associated with artificial intelligence. These voluntary frameworks typically recognise the need for infrastructure robustness and operational resilience within AI governance. Examples include:
- The NIST AI Risk Management Framework (AI RMF) provides a comprehensive, lifecycle-based approach to managing AI risks. It emphasises governance, contextual risk mapping - including dependencies on data centre infrastructure and energy supply - and continuous measurement and mitigation of third-party operational resilience risks to support the development of trustworthy and resilient AI systems.
- The NIST Generative AI Profile is a companion resource which extends NIST’s AI RMF framework to address risks specific to generative AI models, such as LLMs and deep learning systems.
- ISO/IEC 23894 provides a comprehensive, AI-specific risk management framework that offers organisations strategic guidance to integrate AI-specific risk identification, assessment, mitigation, and continuous monitoring alongside existing governance frameworks.
- The G7 Code of Conduct for Advanced AI sets out voluntary, risk-based principles, encompassing infrastructure security controls, ethical standards, transparency measures, and ongoing monitoring. It reinforces the importance of managing operational resilience and protecting critical infrastructure while addressing societal and ethical risks throughout AI development and deployment.
Emerging infrastructure risks with AI
Data centre operators face several infrastructure-related risks which must be managed proactively:
- Energy Consumption and Sustainability: AI workloads require power-hungry GPUs and cooling systems, raising risks of operational disruptions and regulatory penalties linked to carbon footprint and sustainability targets.
- Cybersecurity Attacks: data centres face increasing threats from AI-targeted hacking, ransomware, and adversarial attacks designed to manipulate AI outputs or extract sensitive data.
- Supply Chain and Vendor Risks: dependence on third-party AI cloud providers and data centre operators introduces risks of service outages, data leaks, and compliance failures.
- Model and Data Integrity Risks: ensuring the integrity and security of AI training data and model artifacts stored and processed internally is crucial to prevent bias, drift, or corruption caused by infrastructure vulnerabilities.
Best practices to manage these intersecting risks include:
- Energy and Resource Management: deploy AI-driven environmental controls in data centres for optimised energy efficiency and to maintain sustainable operations without compromising AI workloads.
- Robust Cybersecurity Posture: integrate AI-focused threat detection with traditional safeguards, including zero trust access models and encryption at rest and in transit.
- Integrated Risk Governance: ensure AI risk governance frameworks incorporate data centre operational risk assessments, resilience planning, and incident response aligned with organisational risk appetite.
- Vendor and Supply Chain Oversight: screen third-party providers for compliance with AI and infrastructure risk standards, maintain redundancy plans, and enforce SLAs covering AI service availability.
- Transparency and Auditability: maintain detailed logging of AI-related infrastructure events and model handling processes to support regulatory compliance and forensic investigation.
- Human Oversight and Continuous Monitoring: combine automated monitoring and human review to detect anomalies and performance degradation, including AI model drift caused by infrastructure factors.
Conclusion: ensuring resilience at the AI-data centre nexus
In 2025, data centres are more than computing facilities — they are critical enablers and risk management hubs in the AI ecosystem. The global data centre market has more than tripled its IT power capacity over the past decade and is expected to grow from 81 GW in 2024 to approximately 222 GW by 2030, reflecting compound annual growth rates around 13-18% depending on forecasts. This unprecedented scale of expansion makes addressing sustainability, supply constraints, and cost volatility among the top priorities for data centre ecosystem stakeholders.
