UK data centre expansion creates insurance challenges

The House of Lords has now approved UK data centres as nationally significant infrastructure projects (NSIPs), recognising their essential role in the digital economy. 

This designation coincided with major investment commitments: Amazon Web Services pledged £8bn over 5 years, Microsoft committed £2.5bn, and Google announced £1bn of investment for UK data centre development. However, the sector's rapid expansion creates unprecedented insurance challenges as facilities valued at over £1bn require fundamentally different underwriting approaches than traditional commercial property.

The scale of growth and its implications

UK data centre capacity currently stands at 1.6 gigawatts (GW), heavily concentrated in London (1,048 MW, representing 66% of total capacity). Government projections indicate capacity could reach between 3.3 GW and 6.3 GW by 2030. The sector contributes an estimated £4.7bn annually in gross value added to the UK economy.

National Grid has warned that data centre electricity demand could increase sixfold by 2035. This growth trajectory creates significant infrastructure challenges; limited grid capacity means connection approvals can take years, and powering UK data centres costs four times more than in the United States.

The geographic concentration creates accumulation risks for insurers. London's dominance, combined with emerging hubs in Wales (154 MW), the South East (128 MW), and the North West (52 MW), means insurers face concentrated exposures in specific regions.

Unique risk characteristics

Data centres present risks that differ fundamentally from conventional commercial property:

• Cascading failure potential: Cooling system failures can cause server overheating within minutes, triggering equipment damage, data loss, business interruption for multiple tenants, and liability claims from dependent customers.
• Power density and cooling complexity: AI-driven facilities require exponentially higher power densities than traditional data centres. Liquid cooling systems for AI workloads introduce water damage risks combined with electrical hazards in unprecedented configurations.
• Cyber-physical convergence: Digital attacks on building management systems, cooling controls, or power distribution can manifest as physical damage, challenging traditional distinctions between cyber and property coverage.
• Limited personnel oversight: Data centres are highly automated facilities with modest direct employment; for example, a £10bn campus in Blyth, Northumberland, housing up to 10 data centres, will create only 400 full-time on-site jobs. This automation means fewer personnel are available to monitor and respond to incidents.

Market capacity and expertise gaps

The insurance market faces capacity constraints as multiple large facilities launch simultaneously. The scarcity of expert underwriters creates knowledge gaps as facilities adopt AI-driven cooling systems, liquid cooling technologies, and edge computing deployments. Insurers accustomed to conventional commercial property underwriting lack technical expertise to evaluate these novel systems.

The NSIP designation makes data centres eligible for streamlined approval under the Planning Act 2008, accelerating development timelines and creating pressure on insurers to develop risk assessment capabilities faster than traditional market cycles allow.

What does this mean for insurers?

The NSIP designation and sector expansion create distinct challenges across insurance lines:

• Property insurance: Insurers face physical damage exposures from cooling system failures, climate change impacts, and geographic concentration risks, requiring cyber-physical exclusion reviews, supply chain extensions for specialised equipment, and technical site visits by engineering specialists.

• Business interruption insurance: With the sector contributing £4.7 billion annually, BI exposures may exceed physical damage costs by multiples, necessitating partial loss triggers (as traditional total loss requirements are inadequate) and contingent BI coverage reflecting data centres' systemic role.

• Professional indemnity insurance: NSIP designation introduces regulatory compliance liability under the forthcoming Cyber Resilience Bill and service disruption liability to multiple parties, requiring coverage for regulatory obligations and contractual sustainability performance standards.

• Public/general liability insurance: Third-party claims from service interruptions, environmental liability from water consumption, and cascading failures affecting multiple sectors require liability caps reflecting systemic importance and coverage for critical infrastructure service disruption.

Insurers may want to develop enhanced underwriting methodologies including technical site visits by specialists, detailed backup system evaluations with live testing, ongoing performance monitoring beyond annual renewals, and integration of climate change impacts into long-term risk models. Insurers may also want to consider updating their underwriting in respect of those trades and professions that may be working on data centres as sub-contractors, such as M&E specialists, whose risk profiles may be materially impacted by such work.

The designation of data centres as critical national infrastructure represents a fundamental shift in how these facilities are regulated and insured. With projected capacity potentially quadrupling by 2030, insurers face a choice: insurers may want to invest in specialist underwriting teams, engineering partnerships, and risk modelling capabilities tailored to critical digital infrastructure, or risk being unable to serve this essential and rapidly-growing sector.

The market opportunity is substantial for insurers who develop appropriate expertise, but traditional commercial property underwriting approaches may prove to be inadequate for these complex, high-value, systemically important facilities.