Introduction

Australia's digital infrastructure sector has undergone a remarkable transformation over the past three years. Once regarded as a niche subset of telecommunications infrastructure, data centres are now firmly established as a premium asset class attracting sovereign wealth funds, global infrastructure investors, private equity and hyperscale technology companies. Surging demand driven by artificial intelligence workloads, cloud adoption and the increasing digitisation of government services has made Australian data centre assets among the most sought-after in the Asia-Pacific region. Growing emphasis on data sovereignty, with regulators and government agencies increasingly requiring that data be stored and processed within Australian borders, is adding further momentum - as both domestic operators and global hyperscalers invest in local infrastructure to meet these requirements.

The consequence is that digital infrastructure transactions are now subject to closer regulatory scrutiny, more complex financing architectures and materially higher execution risk than traditional infrastructure M&A.

Hyperscalers, the massive cloud service providers such as Amazon Web Services, Microsoft Azure and Google Cloud, that offer enterprise-level, on-demand computing, storage, and network services on a global scale, are the primary drivers of demand for data centres. AI demand is increasingly the main force behind hyperscaler expansion.

Australia now ranks among the top five Asia-Pacific markets for data centre investment by capacity under development, reflecting both its stable regulatory environment and the depth of its institutional capital base.

This article examines the most significant recent transactions in the sector, identifies the top legal issues confronting M&A deal teams, (with financing structures at the fore,) and considers what NextDC's recent landmark financing arrangements mean for the future of digital infrastructure M&A in Australia and beyond.

Recent notable transactions

1. AirTrunk / Blackstone (2024)

The defining transaction of the cycle so far has been Blackstone's acquisition of AirTrunk from Macquarie Asset Management and its co-investors for approximately AUD24 billion, announced in September 2024. At the time of announcement, it represented the largest data centre acquisition in Asia-Pacific history and one of the largest globally. AirTrunk operates hyperscale campuses across Australia (Sydney and Melbourne), as well as Japan, Singapore, Malaysia and Saudi Arabia. The transaction demonstrated the appetite of global institutional capital for scalable, hyperscaler-contracted digital infrastructure in the region. FIRB approval was required given Blackstone's foreign person status, and the breadth of AirTrunk's Australian Government and defence-adjacent customer base required careful regulatory navigation.

2. NextDC's capital markets activity

NextDC (ASX:NXT) has pursued one of the most ambitious capital programmes of any listed infrastructure company in Australia. On 7 April 2026, NextDC unveiled an AUD1 billion wholesale offer of subordinated hybrid securities to support the Company's growth strategy, which is wholly supported by a matching AUD1 billion binding commitment from Canadian institutional investor La Caisse. In 2024, NextDC completed an AUD1.3 billion equity raise, one of the largest in ASX history, to accelerate development of its next-generation AI-ready data centre campuses at the time, including the landmark S3 facility in Sydney and the M3 campus in Melbourne. NextDC has secured pre-commitment agreements with Microsoft, Google and other hyperscalers, providing contracted revenue underpinning its debt and equity financing. Its green bond issuances and sustainability-linked debt facilities have set a new benchmark for ESG-linked infrastructure financing in Australia.

NextDC's financing architecture, which combines listed equity, hybrid bonds, green bonds, sustainability-linked revolving credit facilities and hyperscaler pre-commitments is examined in detail under Legal Issue 1 below, as it has become the reference structure for the sector.

For acquirers and financiers, this architecture is no longer novel - it is fast becoming the reference point against which digital infrastructure platforms are assessed and valued.

3. CDC data centres

Canberra Data Centres (CDC), 49.75% owned by Infratil, the New Zealand based investment and infrastructure firm, 34.55% owned by The Future Fund and 12.04% owned by Commonwealth Superannuation Corporation, remains one of the most strategically significant unlisted data centre businesses in Australia given its dominance in supplying Commonwealth Government agencies. CDC has expanded across Australia into Sydney, Melbourne and Perth, and also Auckland in New Zealand, and is widely regarded as a potential M&A candidate or subject of secondary market portfolio activity as institutional owners review long-term positioning.

Any transaction involving CDC would engage the full suite of legal issues discussed in this article: FIRB scrutiny, SOCI Act obligations, Hosting Certification Framework compliance and government contract change of control provisions, making it among the most legally complex potential transactions in the Australian market.

4. Global deals with Australian relevance

In the United States, the scale of digital infrastructure M&A has been extraordinary and sets global benchmarks directly relevant to Australia. Blackstone's USD85 billion global data centre platform with a broader powered land bank that can support over USD125 billion of future growth, KKR's portfolio acquisitions, and Brookfield Asset Management's USD20 billion data centre development commitment, all establish valuation multiples and financing structures being replicated in the Australian market. Microsoft's commitment of USD80 billion in global data centre capital expenditure for FY2025, a portion of which flows directly into Australian facilities through its partnership with NextDC, connects US capital strategy directly to Australian M&A deal dynamics.

These global transactions also set a precedent for legal structuring: the Equinix REIT model and Digital Realty's hyperscaler joint venture arrangements are actively informing discussions in Australia about whether a domestic data centre REIT regime could be developed - a development that would materially expand the acquirer universe and affect sector pricing. In a similar vein, Blackstone also announced recently that it intends to launch a publicly-traded AI data centre acquisition company that will invest in pre-built and leased data centre assets.

Top 7 legal issues in digital infrastructure M&A

1. Financing structures, green bonds and intercreditor complexity

Modern data centre M&A transactions at scale involve layered capital structures that are without precedent in traditional real estate or infrastructure M&A. NextDC's financing model has become the reference structure for the Australian sector and deserves careful examination by any deal team.

NextDC has combined ASX-listed equity, a 100-year hybrid bond, green bonds, sustainability-linked revolving credit facilities and critically, binding hyperscaler pre-commitment agreements to create a self-reinforcing financing architecture. The pre-commitments from hyperscalers effectively guarantee a contracted revenue base prior to construction, allowing NextDC to access debt markets on terms more typically associated with investment-grade infrastructure assets rather than development-stage risk. This structure has attracted ESG-mandated institutional investors who might not otherwise participate in data centre financing, broadening the capital base and compressing the cost of debt.

For deal teams, the implications are significant across several dimensions:

• Pre-commitment agreements must be assessed as a primary diligence item. Their term, assignment restrictions, termination rights and revenue profile can make or break a deal's financing case. In the AirTrunk transaction, the contracted hyperscaler revenue base appears to have been central to Blackstone's ability to underwrite the acquisition price.
• NextDC's 100-year AUD1B hybrid bond (the first of its kind for a digital infrastructure financing in Australia) anchored by an international pension fund, highlighted the global commitment to funding digital infrastructure expansion in Australia. The subordinated securities sit below senior debt but above equity, giving them hybrid characteristics paying a 7.5% coupon initially, stepping up to 9.2% after 5 years and increasing again after 10 years. The pricing (initially less than 100 bps above a 5-year subordinated note which NextDC withdrew from after securing the 100-year hybrid bond) and debt quantum demonstrated institutional commitment to Australian data centres via ultra‑long‑dated capital, easing funding pressure for its construction pipeline. Given the long-dated tenor of such instruments, particular attention needs to be paid to change of control triggers and any prepayment rights which may arise in favour of the lenders in a transaction.
• Green bond and sustainability-linked loan covenants are often part of a data centre company's capital stack given the focus on energy usage and ability for borrowers in the sector to be able to achieve carbon neutrality. Green bonds and sustainability linked facilities introduce additional reporting obligations, key performance indicator (KPI) targets relating to renewable energy usage and carbon emissions, additional auditing requirements and step-up interest provisions triggered by non-compliance. Acquirers must absorb and maintain these obligations post-completion and assess whether the target's ESG performance genuinely supports its green financing designations. Deal teams should identify the specific framework governing each instrument, whether the Climate Bonds Initiative standard, the ICMA Green Bond Principles or a bespoke sustainability-linked framework, as the reporting and verification obligations differ materially between frameworks.
• Intercreditor complexity is significant. Security interests over land, plant and equipment, colocation agreements and government contract receivables may be held by different creditor classes: senior secured lenders, green bond holders, subordinated lenders, hybrid bondholders and transactional or ancillary facility providers, with divergent enforcement rights and priority arrangements. Portability and change of control provisions in bond indentures, syndicated loan agreements and bilateral facilities must all be identified and addressed in transaction structuring, together with any make-whole obligations which may be triggered by a transaction. Intercreditor negotiations in digital infrastructure transactions can extend completion timelines by four to eight weeks if not identified and progressed early in the deal process.
• US parallels: Equinix's REIT structure and Digital Realty's joint venture arrangements with hyperscalers demonstrate how innovative financing can transform the M&A landscape. There is active regulatory and tax analysis underway in Australia regarding whether a domestic data centre REIT structure could be developed — a development that would materially expand the universe of potential acquirers and affect sector pricing dynamics significantly.

Practical note: Financing due diligence in digital infrastructure M&A should begin concurrently with legal due diligence, not sequentially. The interdependencies between pre-commitment agreements, debt covenants and FIRB conditions are sufficiently complex that a sequential approach creates unacceptable timeline risk in competitive processes.

2. Foreign Investment Review Board (FIRB) approval

Data centres increasingly fall within the scope of critical infrastructure under Australian law, making FIRB scrutiny a central feature of any acquisition involving a non-Australian acquirer. Even where financial thresholds are not independently met, deals involving data centres that store or process information for government entities or entities that are responsible for critical infrastructure assets may be subject to mandatory notification on national security grounds under the Foreign Acquisitions and Takeovers Act 1975 (Cth). The Blackstone/AirTrunk transaction illustrated the complexity of FIRB engagement for a large, multi-jurisdictional portfolio with significant government customer exposure. Acquirers must engage with FIRB early, consider voluntary notification where mandatory thresholds are not triggered, and be prepared for conditions including operational separation requirements, data security undertakings, governance restrictions, physical site access conditions, and personnel vetting obligations.

Practical note: FIRB review periods for critical infrastructure acquisitions can extend to six months or longer in complex cases. Deal timetables, including any exclusivity periods and financing commitment deadlines, must be structured to accommodate this reality. Conditions precedent to completion should expressly address the level of engagement required with FIRB and allocate risk where conditional approval imposes operational or structural requirements on the target business.

3. Security of Critical Infrastructure Act 2018 (SOCI Act)

Amendments to the SOCI Act in 2021, 2022 and 2024 significantly expanded its reach to include data storage or processing facilities, as well as secondary assets that hold business critical data. Operators of such assets face registration obligations, positive security duties, mandatory cyber incident reporting within 12 hours (for critical incidents) and 72 hours (for other reportable incidents), and exposure to Ministerial intervention directions in cases of serious threat.

In an M&A context, a change of control of a SOCI-registered entity triggers specific notification obligations to the Department of Home Affairs. Acquirers must conduct thorough SOCI compliance due diligence, assess the adequacy of the target's Critical Infrastructure Risk Management Programme (CIRMP), and plan for post-completion SOCI obligations that will bind them as the incoming responsible entity.

Practical note: A CIRMP that is non-compliant or materially deficient at the time of acquisition represents both a regulatory liability and a potential price adjustment lever. Due diligence should include a gap analysis of the CIRMP against the relevant sector-specific Rules and an assessment of the remediation cost and timeline.

Recent March 2026 Government expectations for data centres and AI infrastructure developers emphasise national security and resilience considerations and sit alongside existing SOCI Act obligations. While they do not amend the SOCI Act, they signal potential future regulatory attention on large scale AI computer infrastructure.

4. Government contracts and data sovereignty

A substantial proportion of Australian data centre revenue, particularly for businesses such as CDC, derives from Commonwealth and State Government contracts. These arrangements usually contain explicit data sovereignty requirements mandating Australian-only storage and processing, strict security requirements and controls and change of control provisions requiring agency consent prior to completion.

Commonwealth government contracts may mandate compliance with the Australian Government's Protective Security Policy Framework (PSPF), Australian Government's Information Security Manual (ISM), the Australian Government's Hosting Certification Framework (HCF) and, depending on what data is stored, requirement for membership of the Defence Industry Security Program (DISP). Notably, HCF certification is mandatory for operators handling government sensitive systems and data and government systems rated at the classification level PROTECTED and above.

A change of ownership can disrupt existing HCF certifications and security compliance (including DISP membership) and require re-engagement with the Department of Home Affairs, the Department of Defence and/or the Australian Signals Directory. Failure to address these matters pre-completion creates material contractual and regulatory risk. The HCF certification and DISP membership processes can take up to 6 months.

Practical note: In transactions where government-contracted revenue represents a material proportion of EBITDA, deal teams should consider whether HCF re-certification risk, consent to change of control and/or maintenance of DISP membership risk require a condition precedent to completion, a deferred consideration mechanism or a specific indemnity in the sale documentation. Acquirers of AI-oriented facilities should assess whether existing certifications will remain valid under the HCF once it is reformed.

5. Power infrastructure and grid access

Data centres are among the most power-intensive assets in the built environment, and AI-optimised hyperscale facilities are particularly demanding. Critical to asset value is the security and tenure of grid connection agreements, network access rights with Distribution Network Service Providers (DNSPs) and, increasingly, access to renewable energy through Power Purchase Agreements (PPAs).

Data centres consumed an estimated 3.9 TWh of electricity in the 2024–25 financial year, representing approximately 2 per cent of total energy consumption in Australia's National Electricity Market (NEM). Scenario planning by the Australian Energy Market Operator (AEMO) forecasts that figure to grow at an average annual rate of 25 per cent, reaching 12 TWh by 2029–30. Approximately 80% of Australia's data centre capacity is concentrated in Sydney and Melbourne, where multiple large facilities are competing for access to the same substations and network corridors. Competition for grid capacity in metropolitan areas is acute.

Change of control provisions in these agreements are common and must be reviewed carefully in due diligence. Grid connection in the states of New South Wales (NSW) and Victoria face structural capacity constraints. This means that existing connection rights carry significant embedded value that must be protected in transaction structuring. NextDC's ability to secure early grid connections at its S3 and M3 campuses can be seen as a material competitive advantage and valuation driver.

AEMO's Integrated System Plan (ISP) and the NSW Transmission Infrastructure Roadmap provide important context for assessing long-term grid capacity in the areas where most Australian hyperscale development is concentrated. Deal teams should obtain independent technical advice on grid connection tenure and the risk of connection agreement variation or capacity curtailment over the asset's operational life. Relevantly, data centres connecting to transmission systems or registered participants are subject to strict technical requirements around system strength and voltage control, breach of which can trigger disconnection or costly remediation. Proposed new reforms would impose new behavioural standards on data centres requiring them to respond appropriately to grid disturbances rather than disconnecting and amplifying system events.

Long-term Power Purchase Agreements (PPAs) with renewable energy generators are increasingly central to both ESG compliance and the economic case for green bond financing. They provide price certainty and hedge exposure to wholesale market volatility in the NEM, which is considered one of the world's most volatile spot markets. Many large operators have committed to 100% renewable energy by 2030, and long-term renewable PPAs can be a prerequisite for project financing and third-party institutional investment. Amazon, for example, has expanded its Australian renewable energy portfolio to 990 MW across 20 projects, the majority of which include co-located battery storage systems. Due diligence should address PPA term, counterparty credit quality, basis risk and the impact of any change of control provisions on the validity of the PPA post-completion.

6. Real property, planning and development approvals

Acquisitions of data centre businesses typically involve complex property portfolios encompassing freehold land, leasehold interests, development sites and option agreements. Planning approvals are critical to deal value, particularly in NSW where data centre development in the Western Sydney corridor has been subject to significant Government intervention. Due diligence must address zoning classifications, existing development consents, conditions of approval relating to noise, water usage and visual impact, the status of pending development applications and any third-party objections. Development risk, the risk that future expansion cannot be approved or will be significantly delayed, is a core valuation issue in deals involving development-stage campuses.

7. Due diligence issues – contracts, IP and insurance

The commercial engine of any data centre business is its customer base, documented through Colocation Service Agreements (CSAs) or Master Service Agreements (MSAs). Due diligence must assess customer concentration risk, term and renewal profiles, pricing structures, service level agreement (SLA) exposure, risk allocation and termination rights,including termination rights triggered by change of control. Hyperscale facilities rely on a few anchor tenants under bespoke 10-15 year terms, while colocation portfolios comprise many smaller customers on 3-5 year standard-form contracts. For AI-oriented facilities, take-or-pay structures and pre-commitment arrangements with hyperscalers are increasingly common and can represent the majority of contracted revenue.

Intellectual property ownership, particularly in relation to proprietary data centre management systems, cooling technology and operational software, also requires careful analysis to ensure the acquirer obtains clear title and that no key technology is encumbered by third-party licensing arrangements.

Where target businesses have developed proprietary AI-infrastructure management systems or edge computing platforms, IP ownership and licensing chains should be traced from inception. Software or systems developed in conjunction with hyperscaler customers may be subject to joint ownership claims or complex licence arrangements that affect the acquirer's ability to use, develop or commercialise those IP assets post-completion.

As discussed above, data storage and processing is a critical infrastructure asset class under the SOCI Act, triggering CIRMP, asset register and cyber incident reporting obligations. For a target servicing Commonwealth customers, HCF status (Certified or Strategic) should be verified, as a status downgrade can breach government contracts.

Finally, cyber insurance coverage, - its scope, sub-limits, exclusions and transferability on change of control, is increasingly material given the liability exposure evidenced the Medibank and Optus data breach incidents.

Summary

Australian digital infrastructure M&A is operating at a pace and scale that demands sophisticated legal advice across multiple disciplines simultaneously. The intersection of foreign investment regulation, critical infrastructure law, government contracting, energy law, planning and complex financing structures means that deal teams must be both broad and deep in their expertise. The AirTrunk and NextDC transactions have set the benchmarks; the challenge for deal makers is to ensure that the regulatory and financing frameworks keep pace with the extraordinary capital flows now directed at this sector.

The March 2026 government announcements at both Federal and NSW level confirm that the regulatory environment is actively evolving, not settling. Clients considering acquisitions, disposals or financing transactions in the digital infrastructure sector should seek early and comprehensive legal advice to ensure that emerging regulatory requirements are factored into deal structuring from the outset.

This article is current as of May 2026. The regulatory and transactional landscape described herein is subject to rapid change.  This article constitutes general information only and does not constitute legal advice.  Readers should seek specific legal advice in relation to their particular circumstances.

For further information on digital infrastructure M&A, please contact our team members below. Our multi-disciplinary team brings integrated expertise across M&A, finance, planning, energy and regulatory law.