Regulating the data centre boom

10 minute read 01.06.2026 Con Boulougouris, Geoff Earl, Paul Kallenbach, Brendan Clark, Janet Yeung, Thomas Galloway

Australia and the US have taken different approaches to data centre regulation. Here's what the recent policy escalation means for M&A dealmakers on cross-border digital infrastructure deals.

Key takeouts

Australia is tightening sovereign and environmental controls on data centre investment. Treat alignment with the Federal AI Expectations as a threshold diligence item - it affects project viability and long-term regulatory risk.

NSW's evolving cost recovery rules mean infrastructure contribution obligations for energy and water are unresolved. Acquirers must treat this as a live diligence uncertainty in any transaction involving NSW data centre assets.

Cross-border Australia-US deals face dual FIRB/CFIUS filing risk, ESG financing mismatches, and data sovereignty deal-breakers. These are no longer policy considerations. They belong in the risk sections of transaction documents.

In March 2026, the Australian Federal Government, NSW Government and US Trump Administration each made significant policy announcements affecting data centre and AI infrastructure investment: and they point in fundamentally different directions. Australia is tightening sovereign and environmental controls while actively channelling investment on national terms. The US is removing regulatory barriers to maximise speed and scale of AI infrastructure buildout. This article explains what each government announced, analyses the contrast in regulatory philosophy, and identifies six concrete M&A implications: valuation divergence, shifting capital flows, FIRB/CFIUS dual-filing risk, ESG financing mismatch, data sovereignty as a deal-breaker, and emerging workforce obligations. It is essential reading for any M&A practitioner advising on cross-border digital infrastructure transactions in either market.

This article is current as of 29 May 2026. The regulatory landscape described herein is subject to rapid change. This article constitutes general information only and does not constitute legal advice. Readers should seek specific legal advice in relation to their particular circumstances.

The global data centre boom has forced governments around the world to confront a core strategic tension: how to accelerate investment in AI‑enabled infrastructure while retaining sovereign control over assets that increasingly underpin economic security, energy systems and public sector operations. During March 2026, there was a significant escalation in government engagement with digital infrastructure policy across the Australian Federal Government, Australia’s most populous State New South Wales (NSW) and the US Government.

The following is a brief summary of key announcements:

Australian Federal Government

Australia’s regulatory posture toward digital infrastructure is shifting decisively. In March 2026, the Albanese Government released its ‘Expectations of data centres and AI infrastructure developers’ (released as a key commitment under the 2025 National AI Plan) (AI Expectations), setting out the Australian Government’s expectations for data centres and AI infrastructure developers. Rather than creating a new legislative regime, the AI Expectations operate as a national policy framework that signals how the Commonwealth intends to assess and prioritise major data centre and AI infrastructure proposals.

The AI Expectations set five benchmarks that developers can no longer afford to ignore: prioritising Australia’s national interest; supporting Australia’s energy transition; sustainable and efficient water usage; investment in Australian skills and workforce; and strengthening research, innovation and local capability. Although the AI Expectations do not amend the current regulatory landscape, they are likely to influence how government assesses major data centre proposals. The AI Expectations are being operationalised through MoUs, with Anthropic signing the first MoU on 1 April 2026.

Also in March 2026, the Albanese Government’s Department of Home Affairs released a consultation paper proposing reforms to the Ministerial directions powers in the SOCI Act (Security of Critical Infrastructure Act 2018), with the aim of enabling Government to anticipate, prevent, and neutralise security threats prospectively. These reforms are directly relevant to data centre investors and acquirers. They propose new powers enabling the Minister to impose tailored governance controls on critical infrastructure entities, including targeted voting exclusions for decisions affecting an asset’s security posture.

Taken together, the proposed reforms indicate a sharpening of Australia’s regulatory posture towards digital infrastructure, with the Government emphasising that these refinements will aim to ensure it can intervene when required. Against this backdrop, the existing Hosting Certification Framework (HCF) is currently undergoing reform. The Department of Home Affairs has paused HCF certification registration of prospective service providers and HCF certified providers seeking supplementary assessment, effective from 3 November 2025 until the reforms are completed. The reform has five objectives: simplifying the certification process; improving compliance and assurance; enhancing transparency and communication; greater clarity of obligations; and industry buy-in. These reforms are part of the Federal Government progressing its 2023–2030 Australian Cyber Security Strategy.

The Federal Government also remains committed to the ‘second tranche’ of reforms to the Privacy Act 1988 (Cth) (Privacy Act), following the first tranche enacted by the Privacy and Other Legislation Amendment Act 2024 (Cth). The second tranche is expected to address the outstanding recommendations from the Government’s Response to the Attorney-General’s Department’s Privacy Act Review Report (2023), including a new ‘fair and reasonable’ test, a right to erasure, and tightened cross-border disclosure requirements, each with operational implications for data centre operators and their customers. No legislative timeline has been announced to date.

KEY DRIVER

A strategic focus on ensuring that rapid AI and data centre investment serves Australia's national interest, balancing data sovereignty, national security, energy and water constraints, and community expectations, while maintaining Australia's attractiveness as a destination for hyperscale and AI infrastructure.

LEGAL IMPLICATIONS

While the Federal Government’s AI Expectations do not themselves amend the SOCI Act, the Privacy Act or the HCF, they will materially influence regulatory assessments, project approvals and government engagement. For M&A and infrastructure transactions involving data centres or AI “factories”, dealmakers should treat alignment with the AI Expectations, and the associated energy, water, workforce and sovereignty settings, as a threshold diligence item, given their impact on project viability, social licence and long‑term regulatory risk.

NSW Government

Again in March 2026, the NSW Government released its NSW Data Centre Consultation Paper (aligned with the national data centre expectations published by the Australian Government on 23 March 2026) (NSW Consultation Paper), setting out a principles-based framework to govern data centre investment across the state. The NSW Consultation Paper aims to facilitate a conversation regarding sustainable and equitable data centre investment, to provide input in creating a smoother planning process for State Significant Development applications for new data centres.

The NSW Consultation Paper notes that the value of data centre investments in NSW has been escalating at 65% per annum on average over the last three years, reaching AUD2.6 billion in 2024–25, approximately 12% of all non-residential building investment. Fifteen data centres are currently in the State Significant Development (SSD) planning pipeline, valued at AUD29.4 billion, with the Investment Delivery Authority assessing 26 submissions worth AUD100 billion in the first round of its Expressions of Interest process.

The NSW Consultation Paper establishes five governing principles: data centres must enable a wider technology ecosystem driving job creation and economic growth; developers and operators must fund their own infrastructure requirements so as not to increase prices for households; data centres must make efficient and sustainable use of energy and water systems; approval and compliance must be based on reliable and transparent data; and regulatory and planning settings must account for differences in size, location, and community needs. Feedback from the consultation will inform the development of NSW Data Centre Guidelines, which will aim to simplify decision-making while managing risks to energy and water security as well as air quality.

KEY DRIVER

The Australian Energy Market Operator forecasts that energy consumption from data centres will double from 5% of NSW’s grid-supplied energy in 2026 to 11% by 2030, with growth not met by additional renewable generation placing upward pressure on wholesale electricity prices and threatening NSW’s legislated 2030 and 2035 emissions reduction targets. Concurrently, growth in water demand from data centres occurs alongside rising demand from other users and long-term water security challenges, with significant discrepancies between credible forecasts making infrastructure planning difficult. The combined pressure on constrained energy and water systems, coupled with a AUD100 billion pipeline of incoming investment, has made a structured regulatory response unavoidable.

LEGAL IMPLICATIONS

The NSW Government is moving towards a flexible, performance-based approach to assessing data centre development, with planning requirements focusing on project outcomes and impacts on resources rather than mandating uniform solutions. Cost recovery regimes for both energy and water infrastructure are under active review, with the expectation that data centres will fund the infrastructure upgrades their connections require, including through bespoke negotiated service agreements with utilities. For M&A dealmakers, the evolving cost allocation framework for upstream energy and water infrastructure, and the as-yet-undetermined final form of the NSW Data Centre Guidelines, represent key areas of diligence uncertainty in any transaction involving NSW data centre assets. Acquirers should closely monitor any Guidelines to be released and treat infrastructure contribution obligations as a threshold diligence item in any transaction signed after the implementation of the Guidelines.

US Federal Government (Trump Administration)

In January 2025, President Trump announced the Stargate Initiative, a USD500 billion private sector AI infrastructure investment programme involving OpenAI, SoftBank, Oracle and MGX, as a flagship economic and national security priority. By March 2026, the initiative had developed, including through the Trump Administration’s announcement of further deregulatory measures. US developments include the following:

Expanding the flagship Stargate campus in Abilene, Texas to several other new US campuses. In parallel, OpenAI launched Stargate projects in overseas jurisdictions, including the UAE, Norway, the UK, Argentina, South Korea and others. OpenAI has stated that it intends to spend over USD400 billion of its USD500 billion commitment over the next three years and had, as at September 2025, committed over USD400 billion of capacity investment over three years towards its USD500 billion program;
Fast-tracking federal permitting for AI data centre developments on federal land;
Relaxing Environmental Protection Agency (EPA) rules, including water usage guidelines that could simplify the treatment and reuse of produced water. This could offer data centres (which require significant volumes of water for cooling purposes) greater flexibility with respect to dependence on municipal water systems, and in drought-affected or groundwater-restricted states. It may also provide greater opportunities for the co-location of energy and computing infrastructure;
Winding-back regulatory barriers to AI development, with a stated policy of sustaining and enhancing ‘America’s global AI dominance’;
Accelerating the grid interconnection of data centres. The US Department of Energy directed the Federal Energy Regulatory Commission (FERC) to rapidly accelerate the grid interconnection of data centres in October 2025, pursuant to the Trump Administration’s Executive Order ‘Unleashing American Energy’. This will potentially reduce interconnection timelines and costs, and fuel investor appetite; and
Adopting the ‘America First Investment Policy’, which directed the Committee on Foreign Investment in the United States (CFIUS) to ease scrutiny of foreign investments by allied countries, and intensify its review of those from countries the US deems to be adversaries, for example, China.

KEY DRIVER

The Trump Administration frames AI infrastructure as a matter of national economic competitiveness and geopolitical supremacy, explicitly positioning the US against China in an AI infrastructure strategic competition. This is particularly the case where the policy environment remains in flux. The Administration has characterised environmental and planning constraints as impediments to national security objectives, a framing that has generated legal challenges from state governments and environmental groups.

LEGAL IMPLICATIONS

CFIUS hardening has direct relevance for Australian clients. Any Australian business investing in US data centre assets should consider whether their upstream investors are from countries deemed US adversaries, as this could pose a risk of not receiving CFIUS approval. Further, any investment in US entities holding downstream interests in data centre assets in Australia could give rise to dual CFIUS and FIRB approval requirements. Deal timetables for such transactions must accommodate parallel review processes, and conditions imposed by one regulator may conflict with or complicate conditions imposed by the other.

For further detail: www.whitehouse.gov and www.energy.gov

The fundamental difference in approach

The contrast between the Australian/NSW regulatory model and the Trump Administration’s approach is significant and has direct implications for M&A activity in both markets.

The Australian/NSW model: Structured facilitation with sovereign control

The Australian Federal and NSW Governments share a common philosophical framework: encourage investment, but on Australian terms, with Australian ownership controls and environmental guardrails intact. The key features of this model are:

Sovereignty first	Australian statutory and regulatory regimes collectively ensure that sensitive government data remains in Australian-controlled facilities, and that foreign acquirers of critical digital infrastructure face meaningful national security scrutiny. These controls are being tightened, not relaxed.
ESG and sustainability obligations	Both levels of government are increasing - not reducing - requirements around renewable energy, water efficiency and carbon reporting for data centre operators.
Superannuation as a capital source	The Australian Government encourages domestic superannuation funds to invest in digital infrastructure, creating a pool of patient, long-term domestic capital that reduces dependence on foreign acquirers and supports data sovereignty objectives.
Converging regulatory pressures on next-generation facilities	The proposed expansion of SOCI Act obligations and reform to the HCF regime, the tranche two Privacy Act reforms, and emerging AI governance measures collectively signal that the regulatory burden for AI-oriented infrastructure will be materially greater than for legacy colocation assets. Sector-specific overlays compound this: most significantly APRA’s CPS 230 (Operational Risk Management), which since 1 July 2025 has treated data centre operators supporting APRA-regulated customers as material service providers, requiring contractual flow-down of operational resilience, business continuity, incident notification and offshoring controls. These are pricing and structuring considerations in any acquisition of AI-oriented infrastructure.

The US Trump model: Deregulatory acceleration with National Security carve-outs

The Trump Administration’s approach is defined by a fundamentally different calculus: remove regulatory friction to maximise the speed and scale of AI infrastructure buildout, subject only to national security constraints around foreign ownership. The key features are:

Deregulation as strategy	Federal permitting streamlining, EPA relaxation and energy priority designation are all designed to compress the time between investment decision and operational data centre - a direct competitive response to China’s state-directed infrastructure buildout.
Environmental constraints deprioritised	Where NSW is tightening water and energy efficiency standards, the Trump Administration is relaxing them. This creates a cost and speed advantage for US developments relative to NSW but has generated legal challenges from state governments and environmental groups contesting the deregulatory measures.
CFIUS hardening	The one area where the Trump Administration is more restrictive than the market might prefer is foreign investment from adversarial nations. CFIUS review of data centre acquisitions involving Chinese, Russian or certain Middle Eastern investors (or what the US have deemed “foreign adversaries”) has become more intensive, with mandatory filing requirements expanded and timelines extended.
Federal land and energy assets	The use of federal land and priority access to federal energy infrastructure for Stargate-designated projects has no Australian equivalent and represents a qualitatively different level of state support for private sector infrastructure investment.
Anti-ESG financing posture	ESG-linked financing such as green bonds and sustainability-linked facilities, has become significantly less prevalent in the current US market than in Australia. Deal teams advising clients with integrated financing platforms spanning both markets must manage the structural mismatch between binding Australian ESG covenants and reporting obligations and a US regulatory environment that is actively discouraging ESG-linked financing obligations.

What this means for M&A: Six key M&A implications

1	Valuation divergence The deregulatory US environment compresses development timelines and reduces sovereign/planning risk premiums in US deals. Australian assets, particularly those in NSW with grid connection and planning complexity, may trade at a relative discount to comparable US assets on a risk-adjusted basis - or alternatively attract a sovereignty premium from acquirers who specifically value Australian data sovereignty attributes.
2	Capital flow dynamics The Trump Administration’s posture is accelerating the concentration of US hyperscaler and private equity capital in domestic US data centre development. This may reduce the pool of US-domiciled capital available for Australian acquisitions in the short to medium term, increasing the relative importance of Asian infrastructure funds, European pension capital and Australian superannuation as acquirers in domestic M&A processes. This shift in the acquirer base has regulatory implications: Japanese, Korean and Singaporean infrastructure funds may face different FIRB risk profiles than US acquirers, and European pension capital, while generally FIRB-benign, brings its own ESG and governance requirements that affect deal structuring.
3	FIRB and CFIUS reciprocity concerns The bilateral regulatory risk for Australia-US data centre transactions is, in practice, not significantly changed. CFIUS scrutiny has intensified primarily, and deliberately, in respect of investments originating from countries the US designates as foreign adversaries, most notably China. For a purely Australian acquirer seeking a US data centre asset, the CFIUS landscape has not materially hardened. Similarly, FIRB continues to apply national security scrutiny to foreign acquisitions of sensitive Australian infrastructure. There is no evidence of a specific tightening directed at US investors in Australian infrastructure assets. Practitioners should remain attentive to CFIUS mandatory filing requirements.
4	ESG financing divergence Australian data centre M&A deals are increasingly financed through green bonds and sustainability-linked facilities that impose binding ESG obligations. US deals under the Trump Administration are moving in the opposite direction, with ESG-linked financing less prevalent and environmental covenants being renegotiated or removed. This creates a structural mismatch for acquirers operating across both markets and managing integrated financing platforms.
5	Sovereign Data as a Deal-Breaker The Australian Government’s tightening of data sovereignty requirements means that the structure of government contracts held by target data centres is an increasingly determinative factor in whether a deal can proceed at all, particularly for foreign acquirers. This is a distinctly Australian regulatory risk that has no precise equivalent in the current US federal framework.
6	Workforce and skills Workforce availability is an emerging constraint on data centre and AI infrastructure development and is increasingly relevant to regulatory engagement. Workforce issues may intersect with government incentives and stakeholder expectations. Acquirers should assess workforce risk alongside regulatory and development constraints when valuing and structuring transactions. Notably, the AI Expectations’ workforce benchmark, “investment in Australian skills and jobs”, is the least prescriptive of the five benchmarks, with the Government yet to specify how alignment will be assessed in practice; dealmakers should monitor any further government guidance on this benchmark as it develops.

Conclusion

The March 2026 government announcements in Australia and the 2025 announcements in the United States crystallise a fundamental divergence in how major governments are approaching the data centre buildout. Australia, at both federal and state level, is pursuing structured facilitation: channelling investment into sovereign, compliant, environmentally managed infrastructure. The Trump Administration is pursuing maximum velocity: removing obstacles, prioritising speed and framing AI infrastructure as a strategic national asset.

For M&A dealmakers advising clients on cross-border digital infrastructure transactions, understanding this divergence is no longer a matter of policy interest. It is a core component of deal risk assessment. The six M&A implications identified in this article: valuation divergence, capital flow dynamics, FIRB/CFIUS risk, ESG financing mismatch, data sovereignty and workforce considerations, should each be addressed explicitly in the risk sections of transaction documentation and in the advice provided to boards considering acquisitions or disposals in this sector.

For further information on digital infrastructure M&A, please contact our team members below. Our multi-disciplinary team brings integrated expertise across M&A, finance, planning, energy and regulatory law.