AI data centre investment: a due diligence checklist for dealmakers
Author
While any major transaction requires careful due diligence on the part of investors, data centres—and particularly data centres built for AI processing—require careful consideration of the specific use case for the data centre being bought or built. Although the universal characteristics of data centres built for AI processing include the need for high-density computing horsepower, specialized processors, high speed data retrieval capabilities and state-of-the-art cooling capabilities, the details and nature of data centre’s daily operations will determine the success of a prospective transaction. In this bulletin, we outline some key questions for investors.
Power supply and geographical location
- Will the data centre be connected to the grid, or will it generate its own power (i.e., “behind the metre”)? Access to power will be a major input into the data centre’s costs and profitability, and will be a key consideration when it comes to regulatory compliance.
- Are there limits on the data centre’s power supply, and what happens if it goes over its limit?
- Does the data centre need to be physically located close to the network to ensure speed and reduce latency? How are network proximity considerations factored into decisions regarding the power supply?
Customer contracts
- Does the data centre have financial commitments (e.g., volume or spend minimums) from its customers?
- What are the pricing models for your customers? Are cost inputs like power, cooling and network connectivity passed through or are they baked into a volume-based pricing matrix?
- What is the term of each of your customer contracts, including renewal rights/obligations?
- Does the customer have rights to expand or scale down? How do those rights affect other customers and power/network supply inputs?
Regulatory requirements
- What are the data residency requirements in the province or region where you intend to site the data centre? How might local residency laws and regulations impact your operations?
- What cybersecurity standards will your data centre uphold? How will your data centre comply with security protocols, such as the NIST Framework, or other industry-specific requirements?
- Who pays for compliance remediation in the event that your data centre violates the terms of existing and emerging regulation?
- How will emerging AI legislation impact your data centre in the short- and long-term? In the absence of concrete AI legislation, consider privacy and industry-specific regulation that may come into play.
Operation
- Will the data centre be run as a managed service, where the operator troubleshoots and maintains the customer’s equipment, or will it be a co-location arrangement, where the customer is responsible for the maintenance of their own equipment?
- What are the customer’s SLA rights and remedies?
- What are the continency plans in the event that a major anchor tenant terminates its contract?
To discuss these issues, please contact the author(s).
This publication is a general discussion of certain legal and related developments and should not be relied upon as legal advice. If you require legal advice, we would be pleased to discuss the issues in this publication with you, in the context of your particular circumstances.
For permission to republish this or any other publication, contact Janelle Weed.
© 2025 by Torys LLP.
All rights reserved.