Data centers have rapidly become a focal point for global investment, attracting significant capital from sovereign wealth funds (SWFs) seeking stable, long-term returns. However, this influx of investment, particularly from state-affiliated entities, is coinciding with increasing regulatory scrutiny as governments worldwide recognize data centers not merely as commercial real estate, but as critical infrastructure. This evolving landscape presents a complex set of legal and national security hurdles for SWFs looking to deploy capital in this burgeoning sector.
The appeal of data centers is multifaceted. Exponential growth in cloud computing, artificial intelligence, and digital services is driving relentless demand for capacity. The capital-intensive nature of development, coupled with long-term contracted revenues, offers a predictable income stream attractive to SWFs with lengthy investment horizons. Data localization trends and government incentives are encouraging localized deployment, creating opportunities in diverse markets. As of February 2026, India is poised to become a major hub, with sector investment projected to reach $100 billion by 2027, bolstered by a 20-year tax break for companies utilizing domestically built data centers.
Navigating the Regulatory Maze
A primary challenge for SWFs lies in the varying legal characterization of data centers across jurisdictions. Depending on the regulatory framework, these facilities can be classified as simple real estate, telecommunications infrastructure, or, crucially, critical infrastructure supporting national security. This classification dictates the level of regulatory review. Investments categorized as critical infrastructure are subject to more stringent scrutiny, potentially involving mandatory filings, extended review timelines, and mitigation obligations.
In the United States, the Committee on Foreign Investment in the United States (CFIUS) is central to this process. CFIUS reviews transactions that could result in foreign control of U.S. Businesses involved in critical infrastructure, those handling sensitive personal data, or located near sensitive government or military sites. Data centers frequently fall under CFIUS’s jurisdiction, particularly those serving government or defense clients. While the Biden administration’s “America First Investment Policy” aims to expedite approvals for investments from allied nations, SWFs, especially those with close ties to foreign governments, still face heightened scrutiny.
It’s important to note that CFIUS doesn’t solely focus on controlling investments. Non-controlling investments that confer governance rights, board representation, or access to sensitive technical information are also subject to review. SWFs investing as limited partners may attempt to structure investments passively to avoid triggering CFIUS jurisdiction.
Europe and the United Kingdom have also significantly expanded their foreign direct investment (FDI) screening regimes. The EU FDI Screening Regulation provides a coordination framework, while individual member states maintain their own national rules. Many European jurisdictions explicitly identify data infrastructure and cloud services as sensitive sectors. The UK’s National Security and Investment Act mandates notification for acquisitions in designated sensitive sectors, with the government possessing broad powers to impose conditions or block transactions, particularly those involving foreign state investors.
Beyond the US, Europe, and the UK, jurisdictions like Australia, Canada, and Singapore have active review regimes. A common thread is increased scrutiny of investments by state-owned or state-influenced entities in sectors involving data, communications, or essential services.
Data Protection and Cybersecurity Concerns
Regulatory hurdles extend beyond foreign investment approval to encompass data protection and cybersecurity. Concerns exist that foreign state ownership could facilitate access to sensitive data or create vulnerabilities in critical systems. The European Union’s General Data Protection Regulation (GDPR) imposes strict obligations regarding data access, processing, and cross-border transfers. Even without operational control, the perceived risk of foreign government influence can raise regulatory or commercial concerns.
The United States, lacking a comprehensive federal data privacy statute, presents a more fragmented regulatory landscape, requiring stakeholders to navigate a complex web of federal, state, and industry-specific rules. This complexity underscores the need for thorough due diligence and proactive compliance measures.
Structuring Investments for Success
Given the evolving regulatory environment, transaction structure is paramount. SWFs and their partners are increasingly employing strategies to mitigate risk and navigate regulatory hurdles. These include minority investments with limited governance rights, joint ventures with clearly defined operational control, and platform investments utilizing jurisdiction-specific subsidiaries.
Proactive diligence and careful structuring are essential. Investors must assess legal and operational risks, ownership structures, and regulatory compliance as core components of their investment process. Early strategic alliances and localization of delivery models can also prove beneficial.
As demand for digital infrastructure continues to surge, SWFs are expected to remain significant investors in the data center sector. However, navigating the increasingly complex regulatory landscape will require a coordinated, multi-jurisdictional legal strategy that balances capital access with regulatory compliance and long-term operational certainty. The ability to anticipate and adapt to evolving regulations will be a key determinant of success in this dynamic market.
