Analysis

Data centres’ prospects are rising rapidly in Asia, but so are their regulatory risks

  • Asia Pacific
  • Risk Monitoring
  • Country & portfolio risk benchmarking
  • Market entry/ exit risk assessment
  • Political and Economic Risk Monitoring

Data centres’ prospects are rising rapidly in Asia, but so are their regulatory risks


Demand for data centres in Asia Pacific is expected to grow exponentially in the next five years, driven by high levels of technology adoption, 5G rollout, data localisation, and growth of internet-based companies.

However, security and operational risks aside, foreign investors will also face a range of regulatory risks as authorities in major data centre markets tighten measures on environmental performance, energy efficiency, and data and cyber security.

This article discusses the prospects for the sector, and the regulatory challenges and implications for foreign investors.

Drivers of growth

According to a study published in April 2021, demand for data centres is likely to double to 5,880 megawatts (MW) of installed capacity across the region by 2025. The markets driving demand will largely be China, India and South-East Asian countries, such as Singapore, Indonesia and Malaysia. The impending rollout of 5G technology, growing digital adoption among younger demographics, increasing smartphone penetration and the increasing number of digital technology firms are the key drivers behind such growth.

China in July released a three-year action plan for data centre development, which underscored the importance of building higher-quality data centres for the country’s ambitious data-driven economic growth plans. Meanwhile, in India, cheap data plans and increasing smartphone penetration, coupled with the growth of the domestic financial technology ecosystem and e-commerce, have fostered the growth of the digital economy in recent years. The homegrown digital payment system, Unified Payments Interface (UPI), registered approximately 3bn transactions in June 2021 compared with 1.3bn during the same period last year. In addition, the federal and state governments have also rolled out policies to position India as an international data centre hub.

Digital sovereignty

Across Asia Pacific, national security considerations will continue to shape data-related policies and regulations in the years ahead. This will, in turn, increasingly influence the business environment for data centre operations in the region.

For example, China has significantly ramped up efforts to address cyber security issues since it launched its Cyber Security Law in 2017. Its commitment is also evident in the emphasis on so-called “safe and reliable” data centres that carefully monitor and manage data security risks laid out in its three-year data centre roadmap. The passage of the Data Security Law in June and the planned entry into force of the Personal Information Protection Law (PIPL) – modelled along the EU’s General Data Protection Regulation (GDPR) – will further tighten the regulatory scrutiny for data centre-linked businesses in the coming year.

Similarly, in India, extensive discussions around a Personal Data Protection Bill (PDPB) in parliament since 2018 (also modelled on the GDPR and is likely to be passed in 2021 or 2022) are also likely to shape the operational environment for data centre operators. Once enacted, the PDPB will mark the federal administration’s first nationwide data privacy and governance framework, where national security considerations will play an important role.

Provisions under a draft bill include the establishment of a federal data regulator, requirements around personal and non-personal data storage and strong rules around data localisation and transfer. These factors will drive the demand for companies to store data locally and bolster demand for data centres while shaping the regulatory environment in the coming years.

While sectors reliant on technology and critically important infrastructure, such as banking and financial services, are already subject to technology and information compliance requirements, these requirements will expand to other sectors and subject areas, most notably those with personal information regulation. Technology firms that are fast growing into large enterprises with multi-jurisdictional reach must get up to speed with these regulations, and failure to do so would likely drive adverse enforcement measures by regulators.

Greener and more energy efficient

Alongside increasing data compliance demands are growing calls for companies to go green. Data centre developers and investors across the region are likely to face significantly more stringent environmental and energy efficiency-related regulations over the coming years. Policymakers are increasingly focused on the high energy consumption of data centres, particularly when many countries experience seasonal power shortages.

China’s three-year plan for new data centres explicitly mandates the building of greener, more efficient facilities, and is expected to result in the forced closure of many centres not built to those standards. In India, growing environmental-related activism and concerns over pollution are expected to prompt state and federal policy stakeholders to propose energy efficiency and related requirements for data centres in the coming years.

In Singapore, the government has yet to lift a moratorium on data centre development imposed in 2019. Singapore has indicated it will decide on its next move by end-2021. The outcome of the regulatory review is likely to balance the country’s need to continue competing for data centre investments in South-East Asia and climate-related considerations, given the significant energy demands of data centres. According to the government, data centres accounted for about 7% of Singapore’s total electricity consumption in 2020. The ongoing regulatory drive to encourage and reward the development of greener data centres is almost certain to persist.

Local partnerships, infrastructure, and land-related challenges

Foreign investors and companies in Asia Pacific are likely to increasingly see a growing emphasis on self-reliance that highlights the need for local partnerships. Often, foreign firms are required to adhere to complex regulatory requirements – which are often contradictory – in the multiple jurisdictions that they operate in. Meanwhile, their local counterparts do not have to contend with such challenges since they often operate in a single market.

The drive for self-reliance can sometimes trigger abrupt regulatory changes that are hardly conducive for data centre investments, as seen by Malaysia’s November 2020 revocation of a cabotage exemption permitting foreign companies to conduct submarine cable repairs. The move appeared to make little commercial sense other than to monopolise repair works for domestic companies.

Across Asia Pacific, companies must also consider the significant differences in the quality of infrastructure (such as access to uninterrupted power and water supply), ease of land acquisition or access to land banks. Such a regulatory and operating environment means that companies will have to map comparative strengths and weaknesses across various locations before setting up data centres.

Land-related issues often pose additional operational challenges for data centre developers. In Indonesia, land acquisition is often a complicated process that creates regulatory and operational hurdles for potential investors. In India, political and private stakeholders often view the data centre sector through the commercial real estate prism, as real estate stakeholders have ready access to land parcels and infrastructure to develop data centre parks. However, such factors are likely to expose the data centre industry to legacy operational and integrity risks that the real estate sector in India is mired in.

Conclusion

While the investment environment for data centres across the region will remain largely favourable in the years ahead, foreign companies – whether they are data centre investors, providers or purchasers – need to pay attention to a variety of factors beyond security and operational considerations.

Foreign companies will be required to adhere to potentially competing data sovereignty rules in the multiple jurisdictions that they operate, an aspect their local counterparts may not have to address.

In addition, they will need to contend with land-related challenges in South-East Asia, such as tricky land acquisition processes in Indonesia and high land costs in Singapore.

These mean that foreign companies must closely monitor regulatory developments and assess the implications of policy frameworks from both a compliance and operational standpoint, to ensure that they comply with evolving requirements and regulatory demands. Where possible, foreign firms should seek to benchmark comparative strengths and weaknesses across various locations before setting up a data centre, as factors such as land-related issues, quality infrastructure, and other inherent sector risks could differ significantly. Developments around sustainability and environmental concerns will also be an aspect that data centre businesses will have to factor in the long term.

Find out more

How can our experts help you?