E05 The Governance Behind Modern Data Centres

Key Takeaways

  • A modern data centre operates within multiple layers of governance, extending far beyond planning approval and environmental regulation.
  • Government agencies, utilities, technical standards, customers, insurers, investors and corporate policies all influence how a data centre is designed, built and operated.
  • Many engineering decisions that affect surrounding communities are driven not only by law, but also by market expectations for reliability, security and resilience.
  • Different governance frameworks often pursue different objectives, requiring continual balancing rather than simple compliance.
  • Understanding this governance ecosystem helps explain why data centres are built the way they are and why public discussions often involve complex trade-offs.

The Common Misconception: “Once It Is Approved, Everything Has Been Considered”

When a new data centre is proposed, one question often dominates public discussion:

“Has the authority approved it?”

If the answer is yes, many assume that every important issue has already been fully examined. If the answer is no, many assume the project cannot proceed.

While planning approval is undoubtedly important, it represents only one part of a much broader governance system.

A modern data centre is simultaneously governed by planning law, environmental regulation, electrical engineering requirements, telecommunications standards, occupational safety rules, customer contracts, insurance requirements, financing conditions, corporate policies and international technical standards. Each framework examines the project from a different perspective and seeks to achieve different objectives.

Planning authorities may focus on land use compatibility.

Environmental regulators may assess environmental impacts.

Energy regulators may oversee electricity infrastructure.

Customers may require higher reliability than legislation demands.

Investors may require governance frameworks that reduce long-term operational risk.

International technology companies may impose sustainability commitments that exceed local regulatory requirements.

None of these frameworks replaces another. Instead, they operate alongside one another, sometimes reinforcing each other and sometimes creating competing priorities.

Understanding this wider governance ecosystem provides a more accurate picture of how modern data centres are actually shaped.

MDCO Insight: Planning approval is one important governance milestone, but it is rarely the only framework influencing how a modern data centre is designed and operated.

Why Critical Infrastructure Requires Multiple Layers of Governance

Not every building requires the same degree of oversight.

A warehouse primarily stores goods.

An office building provides workplaces.

A shopping centre accommodates commercial activities.

A modern data centre, however, performs a different role. It supports digital services that millions of people and businesses increasingly depend upon every day.

Online banking, cloud computing, healthcare systems, telecommunications networks, manufacturing systems, logistics platforms and artificial intelligence applications all rely on digital infrastructure operating continuously.

Unlike many other buildings, interruptions lasting only a few minutes may affect thousands or even millions of users simultaneously.

This expectation fundamentally changes how data centres are governed.

Rather than focusing only on traditional building safety, governance must also consider operational resilience, cybersecurity, information security, electrical reliability, telecommunications continuity, emergency response and long-term infrastructure sustainability.

As society’s dependence on digital infrastructure grows, governance inevitably becomes more layered.

Each layer addresses a different category of risk.

Some seek to protect public safety.

Some protect critical infrastructure.

Some protect customers.

Some protect financial markets.

Some protect the environment.

Some protect investors.

Collectively, they form an overlapping system of governance intended to reduce different forms of risk rather than eliminate them entirely.

This also explains why many engineering systems discussed throughout the MDCO Explain series—including redundant electrical supplies, backup generators, multiple telecommunications paths and extensive monitoring systems—exist not because designers prefer complexity, but because society increasingly expects digital services to remain available under a wide range of conditions.

MDCO Insight: As digital services become more critical to society, the governance surrounding data centres naturally becomes more comprehensive.

Layer One: Government Regulation

Government regulation forms the most visible layer of governance because it represents society’s formal legal framework.

In Malaysia, responsibility is distributed across multiple levels of government rather than concentrated within a single authority.

Local authorities generally oversee planning permission, zoning, development control and building approvals.

State governments may influence land matters, water resources and broader development planning.

Federal agencies oversee specialised regulatory responsibilities such as environmental protection, electricity regulation, communications, occupational safety and fire safety.

Each agency focuses on a specific public interest.

For example:

  • Planning authorities consider whether a proposed development is compatible with surrounding land uses.
  • Environmental regulators examine potential impacts on air, water, noise and the surrounding environment.
  • Energy regulators oversee electrical safety and electricity infrastructure.
  • Communications regulators oversee telecommunications matters.
  • Occupational safety regulators focus on worker safety throughout construction and operations.
  • Fire authorities assess fire safety and emergency response requirements.

This distribution of responsibilities reflects the complexity of modern infrastructure.

No single regulator possesses expertise across every discipline involved in designing and operating a data centre.

Instead, governance is intentionally divided among specialist agencies.

This fragmented approach may sometimes appear complicated, but it allows individual regulators to concentrate on the areas where they possess the greatest expertise.

It also means that regulatory approval is seldom a single decision. Rather, it is typically the outcome of multiple regulatory processes addressing different aspects of the project.

MDCO Insight: Government regulation is intentionally distributed across multiple specialist agencies because no single organisation oversees every aspect of a modern data centre.

Layer Two: Utility Governance

Utilities rarely attract public attention, yet they often exert enormous influence over whether and how a data centre can be developed.

Unlike planning authorities, utility providers do not primarily regulate land use. Instead, they govern access to essential infrastructure.

Without electricity, telecommunications connectivity and, where required, water supply, a data centre simply cannot operate.

Before connection is granted, utility providers typically evaluate issues such as:

  • Available network capacity
  • Connection design
  • Protection systems
  • Operational reliability
  • Network stability
  • Long-term infrastructure planning

These technical requirements frequently determine the scale, timing and location of a project.

For example, a site may receive planning approval but still face delays if sufficient electrical capacity is unavailable.

Similarly, telecommunications providers may require redundant fibre routes before a facility can achieve the level of resilience expected by customers.

Large hyperscale facilities may also require new substations, transmission upgrades or expanded telecommunications infrastructure extending well beyond the project boundary.

In this sense, utility providers act as important governance participants.

They do not regulate the project in the same way as government agencies, but they establish technical conditions that developers must satisfy before infrastructure can be connected safely and reliably.

Their decisions therefore influence both engineering design and project feasibility.

MDCO Insight: Planning approval determines where development may occur. Utility governance often determines whether it can operate successfully.

Layer Three: Technical Standards

Not every requirement governing a data centre originates from legislation.

Many of the most influential engineering requirements come from technical standards developed by professional organisations and industry bodies.

These standards represent accumulated engineering knowledge, operational experience and international good practice.

Examples include:

  • Uptime Institute Tier Standards
  • ANSI/TIA-942
  • ISO/IEC 22237
  • EN 50600
  • NFPA fire protection standards
  • BICSI telecommunications guidance

These documents cover subjects such as:

  • Electrical resilience
  • Cooling systems
  • Telecommunications infrastructure
  • Fire protection
  • Physical security
  • Monitoring systems
  • Operational management
  • Facility availability

Most technical standards are voluntary in a legal sense.

However, market forces frequently make them highly influential.

Customers may require certification before leasing capacity.

Insurers may use recognised standards when assessing operational risk.

Investors may view compliance as evidence of sound engineering and reduced long-term risk.

Consequently, standards often become commercially necessary even where legislation does not mandate them.

Another important feature of technical standards is that they convert broad objectives into practical engineering requirements.

Rather than simply stating that a facility should be reliable, a standard may specify redundancy arrangements, maintenance practices or testing requirements needed to achieve that objective.

This helps create consistency across projects developed by different organisations in different countries.

MDCO Insight: Many of the engineering decisions visible in a modern data centre are shaped as much by internationally recognised technical standards as by national legislation.

Layer Four: Customer Governance

One of the least visible—but often most influential—governance layers comes from customers themselves.

Major cloud providers, financial institutions, telecommunications companies, healthcare organisations and government agencies depend heavily on uninterrupted digital services.

As a result, many impose contractual requirements that exceed minimum legal obligations.

Customers may require:

  • Higher levels of availability
  • Greater cybersecurity protection
  • Stronger physical security
  • Independent certification
  • Renewable energy commitments
  • Sustainability reporting
  • More frequent testing of critical systems
  • Enhanced operational procedures

These requirements become commercially important because operators compete for customers who expect exceptionally high levels of reliability.

For example, legislation may not require a particular level of redundancy, yet a customer operating financial payment systems may insist upon it as a contractual condition.

Similarly, a multinational technology company may require environmental reporting that goes well beyond statutory requirements because it forms part of the company’s own global sustainability commitments.

This means that operators frequently answer to two forms of governance simultaneously.

One is regulatory compliance.

The other is customer expectation.

Although customer requirements are private rather than statutory, they often have a direct influence on facility design, operational practices and long-term investment decisions.

MDCO Insight: Some of the most influential governance requirements affecting a data centre arise not from regulators, but from customers whose own businesses depend upon reliable digital infrastructure.

Layer Five: Financial and Insurance Governance

Government regulators oversee compliance with laws. Customers focus on service performance. Investors and insurers view the same facility through a different lens: long-term risk.

Data centres require substantial capital investment, often amounting to hundreds of millions or even billions of ringgit. Before providing finance, lenders and investors typically undertake detailed due diligence to assess whether a project is likely to remain commercially viable throughout its operating life.

They may examine questions such as:

  • Is the project supported by credible long-term customer demand?
  • Can sufficient electricity and telecommunications infrastructure be secured?
  • Are major technical and environmental risks appropriately managed?
  • Does the project comply with recognised international standards?
  • Is the governance structure robust enough to support long-term operations?

Insurers conduct similar assessments, although from the perspective of operational risk rather than investment returns. They may review fire protection systems, business continuity arrangements, maintenance programmes and security measures before determining insurance coverage and premiums.

These financial assessments can have practical consequences. Projects perceived to carry higher operational or governance risks may face higher financing costs, stricter lending conditions or increased insurance premiums. Conversely, projects demonstrating strong governance and effective risk management may find it easier to attract investment and obtain favourable financing terms.

Financial governance therefore influences decisions long before construction begins and continues throughout the operational life of the facility.

MDCO Insight: Investors and insurers do not regulate data centres through legislation, but their assessment of long-term risk can significantly influence how projects are designed and managed.

Layer Six: Corporate Governance and ESG Commitments

Beyond external regulation, many data centres are also governed by internal corporate policies that may be more demanding than legal requirements.

Large technology companies, cloud providers and colocation operators increasingly publish public commitments relating to environmental, social and governance (ESG) performance. These commitments often shape decisions throughout the design, construction and operation of their facilities.

Common examples include commitments relating to:

  • Net zero or carbon reduction targets
  • Renewable electricity procurement
  • Water stewardship
  • Responsible supply chains
  • Human rights and labour practices
  • Diversity and inclusion
  • Corporate ethics and anti-corruption
  • Sustainability reporting and disclosure

Although these commitments are generally voluntary from a legal perspective, they often become mandatory within the organisation itself.

For example, a company may commit publicly to operating entirely on renewable electricity or to achieving specific water efficiency targets. These commitments then influence engineering design, procurement decisions, supplier selection and operational practices.

Corporate governance can therefore create an additional layer of accountability beyond statutory compliance.

Investors monitor progress.

Customers review sustainability performance.

Employees increasingly expect organisations to meet publicly stated commitments.

Civil society organisations may independently evaluate corporate disclosures.

Consequently, governance increasingly extends beyond regulatory compliance towards maintaining organisational credibility and public trust.

This trend is likely to become more significant as sustainability reporting requirements continue to evolve internationally.

MDCO Insight: Increasingly, organisations are governed not only by what the law requires, but also by the commitments they voluntarily make to customers, investors and the public.

Layer Seven: International Governance

Many data centres operating in Malaysia are part of global businesses.

Their owners, customers, investors or tenants may be headquartered in North America, Europe, Japan, South Korea or elsewhere across Asia-Pacific.

As a result, governance frequently extends beyond Malaysia’s legal framework.

International influences may include:

  • Corporate governance requirements
  • Stock exchange disclosure obligations
  • Sustainability reporting frameworks
  • Home-country regulations
  • International financing requirements
  • Global cybersecurity policies
  • Multinational procurement standards

Although a facility operates physically within Malaysia, many strategic decisions are influenced by expectations originating elsewhere.

For example, an international cloud provider may adopt a global engineering standard across all of its facilities regardless of local regulatory differences.

Likewise, investors managing global infrastructure portfolios often seek consistency in governance practices across multiple jurisdictions.

This does not replace Malaysian law.

Rather, international governance typically operates alongside domestic regulation.

The result is a governance ecosystem that is both local and global.

Understanding this helps explain why Malaysian data centres sometimes incorporate engineering features or sustainability initiatives that appear to exceed local regulatory requirements.

MDCO Insight: Modern data centres often operate within multiple governance jurisdictions simultaneously, reflecting the increasingly global nature of digital infrastructure.

When Governance Frameworks Pull in Different Directions

Although governance frameworks often complement one another, they do not always point towards the same outcome.

Different frameworks are designed to protect different interests.

This inevitably creates situations where objectives compete.

For example:

A customer may require additional backup generators to achieve higher reliability.

Nearby communities may prefer fewer generators because of concerns about noise or emissions.

A utility provider may require additional electrical infrastructure to protect grid stability.

Developers may seek simpler designs to reduce costs.

Environmental objectives may favour reducing water consumption.

Engineering considerations may identify water-based cooling as the most energy-efficient solution.

Greater physical security may strengthen protection against malicious threats while reducing opportunities for public access or transparency.

Faster project delivery may support investment and economic development while allowing less time for community engagement.

None of these examples necessarily represents regulatory failure.

Rather, they illustrate the reality that governance frequently involves balancing legitimate but competing objectives.

The challenge is therefore not simply to comply with one requirement.

It is to manage multiple requirements that sometimes point in different directions.

This balancing process explains why governance often involves judgement as well as technical compliance.

MDCO Insight: Governance is rarely about satisfying a single objective. It is about balancing multiple legitimate objectives that do not always align perfectly.

The Information Asymmetry Challenge

The governance ecosystem surrounding a modern data centre is extensive.

Planning legislation.

Environmental regulation.

Engineering standards.

Utility requirements.

Commercial contracts.

Corporate policies.

International frameworks.

Each exists for a particular reason.

However, very few stakeholders possess expertise across all of these disciplines.

Engineers may understand electrical resilience but know relatively little about planning law.

Community members may understand local impacts but have limited familiarity with international engineering standards.

Investors may focus on commercial risk.

Regulators concentrate on statutory responsibilities.

Customers prioritise service continuity.

Each stakeholder therefore observes only part of a much larger system.

This creates information asymmetry.

Importantly, information asymmetry does not necessarily arise because information is intentionally withheld.

More often, it reflects the inherent complexity of modern infrastructure.

Reducing this complexity into simple narratives can unintentionally obscure important trade-offs and create misunderstandings between stakeholders.

Improving public understanding therefore requires more than making information available.

It also requires presenting information in ways that are structured, balanced and accessible to non-specialists.

MDCO Insight: Information asymmetry often arises because modern infrastructure is genuinely complex, not because stakeholders are necessarily acting in bad faith.

The Observatory Perspective

A modern data centre is governed by far more than planning permission.

Its development and operation are influenced by an interconnected network of legislation, regulatory agencies, utilities, engineering standards, commercial contracts, investors, insurers, customers and corporate governance systems.

Each framework exists to address a different category of risk.

Each stakeholder evaluates success through a different lens.

Together, they shape decisions affecting reliability, resilience, environmental performance, safety, security, commercial viability and community outcomes.

Understanding this governance ecosystem helps explain why data centres are designed as they are, why different stakeholders sometimes reach different conclusions about the same project, and why many public debates ultimately concern balancing competing objectives rather than identifying a single correct answer.

One of the roles of the Malaysia Data Centre Observatory (MDCO) is to improve understanding of these governance relationships.

By bringing together technical standards, regulatory frameworks, institutional responsibilities and stakeholder perspectives within a single independent knowledge platform, MDCO seeks to reduce information asymmetry and support more informed, evidence-based public discussion.

Greater transparency does not eliminate trade-offs.

It does, however, provide a stronger foundation for better questions, better decisions and better outcomes.

MDCO Insight: Good governance depends not only on robust rules, but also on shared understanding of how those rules interact.

Selected References

1. Malaysia Regulatory Framework

  • Town and Country Planning Act 1976 (Act 172)
  • Environmental Quality Act 1974 (Act 127)
  • Electricity Supply Act 1990 (Act 447)
  • Occupational Safety and Health Act 1994 (Act 514)
  • Communications and Multimedia Act 1998 (Act 588)

Relevant regulatory authorities include:

2. Utility Governance

3. International Data Centre Standards

  • Uptime Institute – Tier Standards and operational resilience. https://uptimeinstitute.com
  • International Organization for Standardization (ISO) – Data centre facilities and infrastructure (ISO/IEC 22237 series). https://www.iso.org
  • Telecommunications Industry Association (TIA) – Telecommunications infrastructure standards for data centres (ANSI/TIA-942). https://tiaonline.org
  • ASHRAE – Thermal management and environmental guidance for IT equipment. https://www.ashrae.org

4. Information Security and Business Continuity

5. Fire Protection and Building Safety

6. Infrastructure Governance and Sustainability

Citation

Malaysia Data Centre Observatory (MDCO). The Governance Behind Modern Data Centres. MDCO Explain Series No. E05 (Version 1.0, July 2026).

MDCO Note

This article forms part of the Malaysia Data Centre Observatory (MDCO) Explain Series, which aims to improve public understanding of data centre development through evidence-based, accessible and balanced analysis. It is intended for educational and informational purposes only and does not constitute legal, engineering, planning, environmental or professional advice.

Malaysia’s rapidly evolving data centre ecosystem includes facilities developed, owned or operated by organisations such as AirTrunk, Amazon Web Services (AWS), Bridge Data Centres, DayOne, EdgeConneX, Google, K2 Data Centres, Microsoft, NTT Global Data Centers, Princeton Digital Group (PDG), ST Telemedia Global Data Centres (STT GDC), STACK Infrastructure, Vantage Data Centers, YTL Data Centre Park and many others. MDCO is independent of these organisations, as well as governments, regulators, utilities and advocacy groups. Its role is to facilitate transparency, structured understanding and equal access to information by presenting publicly verifiable evidence, relevant context and multiple stakeholder perspectives. MDCO does not endorse, oppose or advocate for any particular organisation, project or policy position.

Similar Posts