UK government says data centres are now Critical National Infrastructure
The UK government has officially designated data centres as Critical National Infrastructure (CNI), as it looks to further boost investment in the UK’s critical hubs of digital information.
With this new status, data centres will receive extra government support to protect crucial data, including NHS records, financial information, and personal smartphone data against major incidents such as cyberattacks, IT outages and extreme weather.
This is the first CNI designation since 2015 when the space and defence sectors were granted the same status. This means that data centres join the ranks of emergency services, finance, healthcare, energy, and water systems.
This means that the data housed and processed in UK data centres – from photos taken on smartphones to patients’ NHS records and sensitive financial investment information – is less likely to be compromised during outages, cyber attacks, and storms.
Tech secretary Peter Kyle said: “Data centres are the engines of modern life, they power the digital economy and keep our most personal information safe. Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the Government against cyber criminals and unexpected events,” he added.
It follows a global IT outage earlier this summer, caused by an update issue with cybersecurity firm Crowdstrike, which disrupted services from Microsoft 365 and Azure, affecting airlines, telecoms, banks, and media outlets.
The government said the new designation will provide businesses and investors with greater confidence that the UK is a secure location for data infrastructure investments, such as a £3.75bn proposal revealed today for what could be one of Europe’s largest data centre campuses in Hertfordshire.
It may also hope for further investment in data centres from tech giants. Amazon announced plans this week to invest £8bn in UK data centres over the next five years.
Microsoft and Google have committed £2.5bn and $1bn (£790m), respectively, to expanding their cloud infrastructure in the country, including to support the development of AI technologies.
“This announcement comes at a crucial inflection point for the sector, with demand for data centres rising significantly due to the growth of AI,” said Doug Loewe, chief executive of Kao Data. “It signals the UK’s commitment to building sustainable infrastructure fit for an AI-driven future.
“Today’s announcement recognises the significant opportunities that new data centres can bring to the UK economy, but this should be viewed as just the first step. We look forward to working closely with the Government and industry peers to develop a comprehensive, joined up UK data centre and energy strategy,” Loewe added.
Dame Dawn Childs, chief executive of Pure DC, also welcomed the government’s decision, calling it a “significant step”.
She said: “We fully support this initiative and are committed to working closely with all stakeholders to strengthen our nation’s digital infrastructure. We hope the new status will encourage all stakeholders to come together to enable smoother planning and delivery of new data centres.”
However, Toby Lewis, global head of threat analysis at cybersecurity firm Darktrace, believes that while the CNI designation is a positive step, it raises other challenges.
“We need to remember that modern data storage isn’t limited to one country,” he said. “Any new rules will need to work across borders.
“Many data centres serve multiple customers at once meaning new restrictions could affect all users of a data centre, even those not considered part of critical infrastructure. This could slow down innovation or make things more expensive for some businesses,” Lewis explained.
To mitigate this, he added, data centres may need to establish separate infrastructure for critical services, but Lewis warned this could make cloud adoption less efficient.