Installed data centre capacity in India is projected to reach between 1.7 and 2.0 GW by the end of 2026, supported by nearly USD 30 billion in committed investments. This trajectory is expected to accelerate further, with capacity anticipated to scale to approximately 4–5 GW by 2030. Global cloud service providers, financial institutions and AI-driven enterprises are increasingly factoring India into their long-term infrastructure strategies, not merely as a consumption market but also as a processing and service hub.
A central driver of this momentum is India’s competitive cost advantage. Data centre construction costs in India typically range between USD 6–7 million per MW, substantially lower than those observed in mature Asia Pacific markets such as Singapore and Japan. When combined with improving power availability, expanding fibre networks and supportive state level policies, this cost differential significantly enhances India’s attractiveness for largescale, long-term deployments.
However, as Indian data centres increasingly act as processors and sub processors for European and UK based entities, growth must be accompanied by regulatory maturity. Market access is no longer determined solely by capacity, cost or location; it is equally shaped by the ability to comply with stringent cross border data protection, cybersecurity, and resilience standards.
From a European Union perspective, entities handling data or supporting digital infrastructure for EU based organisations must align with the General Data Protection Regulation (GDPR) obligations on international transfers, security safeguards, and breach notification. Beyond GDPR, the EU’s Network and Information Security Directive (NIS 2) significantly raise the bar for entities considered critical to digital and economic resilience. NIS 2 mandates comprehensive risk assessments, robust technical and organisational security measures,mandatory incident reporting, and enhanced executive level accountability. Penalties for noncompliance can reach up to EUR 10 million or 2% of an organisation’s global annual turnover, whichever is higher.
Similarly, the United Kingdom is moving to expand the regulatory perimeter around critical digital infrastructure. The draft Cyber Security and Resilience Bill is expected to bring data centres squarely within the scope of the UK’s NIS regime, classifying them as Operators of Essential Services. This recognition reflects the increasingly systemic role data centres play in supporting financial services, healthcare, communications, and public sector functions. Under the Draft Bill, in scope data centres would be required to implement appropriate technical and organisational measures to manage cyber risks and minimise operational disruption. They will also be subject to detailed incident notification obligations, including an initial notification to the regulator, Ofcom, within 24 hours of becoming aware of a significant incident, followed by a fuller report within 72 hours. Notably, the expanded framework would empower regulators to assess supply chain risks by designating critical suppliers to NIS regulated entities, thereby extending compliance expectations downstream.
India’s domestic legal framework provides a useful foundation. The Digital Personal Data Protection Act, 2023 and the National Cyber Security Policy, 2013 together articulate baseline expectations around lawful processing, reasonable security practices, and incident response.
Data centres increasingly support critical services and operate within complex transnational value chains. As a result, continuous gap assessments against EU and UK cybersecurity and data protection standards, adoption of higher security benchmarks, and demonstrable governance maturity will be key differentiators.
India’s ability to translate its structural advantages into sustained leadership in the global data centre market will depend on how effectively its digital infrastructure providers embed resilience, compliance, and accountability into their operating models. For those that do, India’s growth story offers not just scale, but strategic relevance in a regulation driven global economy.
About us
DWF is a leading legal adviser to Indian and India-focussed companies, financial institutions and high net worth individuals and families. Our India Group, consisting of 108 lawyers from 9 countries, 16 practice areas and 9 sector groups, is the largest India group of any international law firm located outside India.
Dhruv Chhatralia BEM, the Head of the DWF India Group, was named to the India Business Law Journal’s International A-List 2024 featuring the world’s top-tier international lawyers outside India, based on recommendations by general counsels and lawyers at Indian law firms, for his work on cross-border aspects of India-related matters. DWF was ranked as an International Firm to Watch by the IBLJ in 2025. DWF was also shortlisted for the award of “Legal Practice of the Year” at the 6th Annual UK-India Awards in 2024 based on the achievements of the DWF India Group. Further details about the DWF India Group can be found on the following webpage: https://dwfgroup.com/en/services/india-group.
We would like to thank Tughan Thuraisingham and Vishal Mishra for their contribution to this article.
