Legal and National Security Hurdles Facing Sovereign Wealth Fund Investments in Data Centers

Data centers have emerged as one of the most sought-after infrastructure asset classes globally, including for sovereign investors. Driven by exponential growth in cloud computing, artificial intelligence (AI), and digital services, demand for hyperscale and colocation facilities continues to outpace supply in many markets. The capital-intensive nature of data center development, coupled with long-term contracted revenues, has made the sector particularly attractive to sovereign wealth funds (SWFs), which increasingly view digital infrastructure as a core component of their global investment strategies.

At the same time, data centers are no longer treated solely as commercial real estate assets. Governments are increasingly characterizing them as critical infrastructure due to their role in hosting sensitive data, supporting essential services, and enabling national digital economies. As a result, investments by foreign state-affiliated entities—particularly SWFs—are subject to heightened regulatory scrutiny across multiple jurisdictions.

This Insight examines the key legal and regulatory issues raised by SWF investments in data centers, with a focus on foreign investment review, national security considerations, data protection risks, and transaction structuring strategies.

SWFS AS INFRASTRUCTURE INVESTORS

SWFs collectively manage trillions of dollars in assets and have become increasingly active direct investors in infrastructure. While historically focused on public equities and passive strategies, many SWFs now pursue long-term, control-oriented investments in sectors aligned with national economic objectives, including energy transition, transportation, and digital infrastructure. This is especially true for SWFs that seek to diversify their economies from hydrocarbons and wield a mix of soft power and advantageous geopolitical positioning.

Key drivers of data center investments include the following:

• Data localization and sovereignty frameworks are encouraging providers to deploy capacity locally
• AI adoption is driving demand for high-density compute environments that simply didn’t exist a few years ago
• Government support and investor-friendly policies, including free-zone incentives and streamlined licensing pathways, have significantly reduced barriers to entry
• Region-specific ability to meet power demands associated with hyperscale data centers and semiconductor manufacturing

Importantly, SWFs are not a monolith. Some operate with significant independence from their home governments and pursue purely commercial objectives, while others maintain closer ties to state policy and strategic priorities. This distinction can materially affect regulatory outcomes, particularly in jurisdictions that assess foreign investment risk based on both the investor’s governance and the strategic importance of the target asset. In the data center context, SWFs increasingly invest through joint ventures, platform acquisitions, and minority stakes with governance rights. These structures, while commercially attractive, may nonetheless trigger foreign investment review regimes designed to assess both control and influence over sensitive infrastructure.

LEGAL CHARACTERIZATION OF DATA CENTERS

A threshold legal issue in many jurisdictions is how data centers are characterized for regulatory purposes. Depending on the applicable framework, data centers may be treated as the following:

• Real estate assets
• Telecommunications or digital infrastructure
• Critical infrastructure supporting national security or public services

This characterization has significant legal consequences. Real estate transactions may be subject to limited review, while investments in critical infrastructure or data-intensive businesses may trigger mandatory filings, extended review timelines, and mitigation obligations.

A major regulatory consideration for data center projects continues to be resource consumption and supply, including power and water usage, which increases the reporting obligations for data centers. For example, under the mandatory reporting regime outlined in the EU Energy Efficiency Directive, data centers with power demand exceeding 500 kW must report detailed energy performance data. As we recently discussed, California—a regulatory bellwether in the United States—enacted Senate Bill 57 (SB 57) (formally known as the Ratepayer and Technological Innovation Protection Act), which directs the California Public Utilities Commission (CPUC) to study and identify opportunities to prevent or mitigate the impacts of data center electricity demand on utility ratepayers. Data center developers and operators should view these developments as an early signal of increased scrutiny.

FOREIGN INVESTMENT REVIEW AND NATIONAL SECURITY CONTROLS

The United States

In the United States, the Committee on Foreign Investment in the United States (CFIUS) plays a central role in reviewing foreign investments that may pose national security risks. CFIUS has broad jurisdiction over transactions involving the following:

• Critical infrastructure
• Businesses that collect or maintain sensitive personal data of US persons
• Certain real estate transactions near sensitive government or military sites

Data centers may fall within CFIUS’s remit on multiple grounds, particularly where they host sensitive personal data or support government or defense customers. SWF investments can attract heightened scrutiny, especially where the fund is owned or controlled by a foreign government. However, it is worth noting that the US administration’s America First Investment Policy, which seeks to create a fast-track process for allied nations, may speed the approvals for sovereign investments in data center projects. The US administration has since inked economic partnerships with GCC nations, including Saudi Arabia and Qatar.

While minority investments may avoid “control” under traditional analysis, CFIUS also evaluates non-controlling investments that confer governance rights, board representation, or access to non-public technical or operational information. Certain transactions involving foreign government-linked investors may also trigger mandatory filing obligations. SWFs that invest indirectly in data centers as limited partners may choose to structure investments to be sufficiently passive to limit CFIUS jurisdiction.

Europe and the United Kingdom

Across Europe, foreign direct investment (FDI) screening regimes have expanded significantly in recent years. The EU FDI Screening Regulation establishes a coordination framework, while individual member states maintain their own national regimes. Many European jurisdictions explicitly identify data infrastructure, cloud services, or digital connectivity as sensitive sectors. Review thresholds, timelines, and substantive standards vary widely, creating complexity for cross-border transactions.

In the United Kingdom, the National Security and Investment Act establishes a mandatory notification regime for acquisitions in designated sensitive sectors, including data infrastructure. Transactions involving foreign state investors—regardless of the size of the stake—are likely to attract scrutiny, and the UK government has broad powers to impose conditions or block transactions.

Other Key Jurisdictions

Other jurisdictions with active review regimes relevant to data center investments include Australia (Foreign Investment Review Board), Canada (Investment Canada Act), and Singapore. In many cases, regulators apply enhanced scrutiny to investments by foreign state-owned or state-influenced entities, particularly in sectors involving data, communications, or essential services.

India, another key jurisdiction for data center investments where 20% of the world’s data is hosted and sector investment is set to reach $100 billion by 2027, allows up to 100% FDI under the automatic route for data centers. In February 2026, India unveiled a 20-year tax break for companies using data centers built in the country; this is on top of other incentives, including infrastructure status for data centers and eased land-use rules in several states.

DATA PROTECTION AND CYBERSECURITY

Beyond foreign investment approval, SWF investments in data centers raise complex data protection and cybersecurity issues. Regulators and counterparties may express concern that foreign state ownership could facilitate access to sensitive data or create vulnerabilities in critical systems. In the European Union, the General Data Protection Regulation (GDPR) imposes strict obligations regarding data access, processing, and cross-border transfers. Even where an SWF investor has no operational role, perceived risks associated with foreign government influence can trigger regulatory or commercial concerns. As we previously explored, because the US still lacks an all-encompassing data privacy statute, investments in US data center projects require stakeholders to navigate a complex web of overlapping federal, state, and industry-specific rules.

Data center investments, including those by SWFs, must ensure compliance across jurisdictions regarding privacy, incident response, and cross-border data flow compliance obligations on infrastructure operators. Heightened national security scrutiny of foreign ownership and data access—including expanded export controls, beneficial ownership evaluations, and strategic oversight of technology supply chains—means SWFs should assess legal and operational risk, ownership structure, and regulatory compliance as core components of investment due diligence.

TRANSACTION STRUCTURING AND RISK MITIGATION

Regulatory compliance—especially around data protection, cross-border transfer limitations, and foreign ownership rules—can pose structuring challenges. Moreover, investors must balance rapid deployment timelines with the need for robust partner selection, from engineering, procurement, and construction contractors to long-term operators. Those who succeed tend to form early strategic alliances and localize their delivery model. Given the evolving regulatory landscape, transaction structure plays a critical role in managing legal risk.

Common approaches used by SWFs and their partners include the following:

• Minority investments with limited governance rights
• Joint ventures with clear allocation of operational control
• Platform investments with jurisdiction-specific subsidiaries

Ultimately, proactive diligence and careful structuring—especially in cross-border or sensitive sector investments—can avoid costly surprises and preserve exit optionality.

OUTLOOK

As demand for digital infrastructure continues to grow, sovereign wealth funds are likely to remain significant sources of capital for the data center sector. At the same time, regulatory scrutiny of foreign investment in data-related assets shows no sign of abating. Navigating these issues requires a coordinated, multi-jurisdictional legal strategy that balances capital access with regulatory compliance and long-term operational certainty.