Data centers that support AI models have expanded rapidly, bringing a growing list of complex and interconnected challenges, including energy availability and operating and cyber risk.
getty
Board members and senior executives increasingly recognize data as critical to successful AI adoption. Accordingly, data centers that support AI models have become a core part of their operations, bringing a growing list of complex and interconnected challenges. In response, boards and C-suites are adopting more holistic governance practices to reduce risk and increase data center effectiveness.
The role of data in AI
Board members and senior leaders report that the data required for AI models to operate effectively and the data centers that manage them often are misperceived as commodities. Data availability, ownership rights, regulatory and governance rules and cyber/data security remain challenges, as does securing the energy required to access, ingest, clean and analyze data. According to the PEX Report 2025/26, 52% of organizations cite data quality and availability as the primary barriers to AI adoption. Further, these challenges are expected to become more frequent and acute in 2026.
The role of energy in AI
Board members and senior leaders increasingly find electricity and water to be constraints on AI development and application. Goldman Sachs Research forecasts that by 2030, overall power consumption from AI data centers will jump 175% from 2023 levels. AI consumes significant energy because training and building large-scale AI models requires immense computational power as data must run through models thousands of times on increasingly more powerful and energy-intensive chips. And data centers are always on. With energy demand increasing faster than capacity and alternative solutions requiring years to develop and implement, data centers risk becoming “maxed out” according to Goldman Sachs and others. JLL reports that accessible power (rather than location or cost) could become the primary factor in data center site selection due to multi-year wait times for a grid connection. The Willis Research Network writes about approaches companies can take to solve the AI energy dilemma.
Key elements of AI governance
This space previously covered an updated AI governance model from the National Association of Corporate Directors (NACD) as reported by Dylan Sandlin, Dr. Helmuth Ludwig and Dr. Benjamin van Giffen. It includes four elements of AI governance: strategic oversight, capital allocation, AI risk and technology competence. As global demand for data center capacity has expanded, organizations face a widening array of interconnected challenges. A 2026 report by WTW’s George Haitsch covers key actions to reduce risk and enhance effectiveness of data centers, which align with the four NACD AI governance elements.
Strategic oversight
Today’s boards and senior leaders recognize AI as a material strategic enabler that influences an organization’s competitive position and business model. The following actions enable strategic oversight of the data centers that power AI:
- Identify and address emerging and strategic risks: Address interconnected and geopolitical risks, including vulnerabilities across assets and people, technological innovation, insurability and policy exclusions. Mitigate systemic vulnerabilities that could trigger cascading global impacts.
- Address supply chain risk: Identify potential physical loss or damage to equipment and machinery, hardware shortages, credit risks, vendor lock-in and third-party or contractor failures and related vulnerabilities. Protect against these perils through enhanced supply chain risk management.
- Protect against physical damage to property and power equipment: Because data centers are centralized, high-density environments (unlike their decentralized telecom counterparts), assess risks from theft, natural disasters, power surges, outages and equipment failures. Protect assets to ensure business continuity.
Capital allocation
More boards and C-suites now see capital allocation as a key challenge in adopting AI technologies, with data centers representing a material component.
- Understand and prioritize investments: Plan data center investments to limit strain on other priorities such as R&D, M&A, marketing, hiring and staffing, and other AI-related costs. JLL’s 2026 report estimates that the global data center sector used by AI, cloud computing and traditional networks will grow at a 14% compound annual growth rate over the next five years. This equates to $1.2 trillion in real estate plus additional tenant spending of $1 to $2 trillion to fit spaces with IT equipment such as graphic processing units and networking infrastructure. According to a recent Goldman Sachs report, estimated 2026 capital spending on AI infrastructure is $527 billion, continuing a trend of upward revisions. Several sources, including the Federal Reserve, indicate significant credit market activity from banks and private credit sources to fund costs.
- Quantify financial risks impacting operations and reputation: Measure financial exposure to operational downtime or redundancy, including revenue loss, working capital impacts, scheduling delays, private equity, M&A risks and insurance gaps. Mitigate risks affecting operations, reputation and investor confidence.
AI risk
More management teams today evaluate AI risk across multiple dimensions, including the impact to and from data centers, for more effective risk-mitigation and controls, sharing findings regularly with their boards.
- Tackle cyber and data-related risks: Address data center threats such as malware and ransomware attacks, data breaches, privacy liability, as well as system failure and insider threats. This includes advanced cyberattacks such as ransomware and malware.
- Protect against compliance and legal risks: Understand regulatory requirements around data center operations, including data protection and cybersecurity regulation violations, licensing issues, possible audit failures and professional error and omission risks, among others. Proactively manage compliance and legal risks and overcome licensing challenges, cross-border and multinational exposures, audit failures and regulatory risk.
Technology competence
Technology governance depends on an organization’s fundamental understanding of data centers and their operational impact.
- Manage operational and people risks: Manage a wide range of operational risks that include those unique to “always on” status, transition risk from the construction phase to operational start-up, shared-fate risk, continuity and planning failures. Address people-related challenges associated with major transitions, including human error, skill shortages, workforce challenges, lack of redundancy, and poor communication and change management.
- Assess climate, environmental and third-party liability risks: Understand, quantify and mitigate exposure to natural disasters, climate-related physical and transition risks, including chronic risks such as drought and heat stress. These may include pre-construction hazards, environmental and construction liability, third-party risk and location-based nuclear exposures.
Effective AI governance includes incorporates material elements of data center risk and resilience, ensuring sites can withstand operating costs, energy constraints and downtime exposures while supporting robust business continuity and scenario planning.
