The EU Wrote Its Data Centre Secrecy Law Using Microsoft's Draft
An investigation published this week by Investigate Europe — a consortium including The Guardian and Le Monde — has revealed something that should alarm anyone who cares about either climate accountability or democratic governance: the European Commission adopted a confidentiality clause for data centre environmental reporting that is nearly verbatim from Microsoft’s own position paper, submitted during a public consultation in early 2024. The result is that the EU now legally prohibits disclosure of energy consumption, water usage, and emissions data for individual data centres — the very facilities being built at a furious pace to power the AI boom.
The timeline is damning. In December 2023, the Commission’s draft regulation proposed publishing operator data “in aggregated form.” By January 2024, Microsoft and DigitalEurope (the Brussels-based lobby group representing Amazon, Google, and Meta) had submitted near-identical comments arguing that individual site data constituted confidential commercial information. By March 2024, the final regulation adopted their language. The specific clause states that information and KPIs for individual data centres “shall be considered confidential information affecting the commercial interests of operators and owners.” It’s not often you see the word “shall” do this much heavy lifting in regulatory capture.
This matters because the scale of what’s being hidden is enormous. European data centre IT power capacity grew from 10,539 MW in 2023 to 14,784 MW in 2025 — a 40% increase in two years. Data centres already consume roughly 4% of EU electricity, and the EU has explicitly committed to tripling capacity over the next five to seven years as part of its Cloud and AI Development Act. These are facilities with enormous local footprints: massive water consumption for cooling, significant strain on local power grids, and measurable carbon emissions. The secrecy provision means that communities hosting these facilities — in Ireland, the Netherlands, Denmark, Germany, France — cannot access site-specific data about what’s actually happening in their backyards.
The legal analysis is brutal. Three independent legal scholars told Investigate Europe that the blanket confidentiality provision likely violates the Aarhus Convention, an international treaty that obliges EU member states to make environmental information “systematically available” to the public. Prof. Jerzy Jendrośka, a leading Aarhus expert, said he could not recall “a comparable case” in two decades. Emeritus Professor Luc Lavrysen called the clause “clearly in violation” of EU transparency rules. The regulation doesn’t even use case-by-case confidentiality (which is standard practice in commercial law) — it applies a sweeping presumption of secrecy to all individual data, no exceptions.
What makes this particularly cynical is the compliance gap it enables. EU data shows that only 36% of eligible data centres have actually filed their environmental reports. Now that the public cannot see what’s in those reports anyway, the incentive to comply collapses entirely. A senior Commission official has already used the secrecy clause to instruct national authorities to refuse all media and public requests for data centre KPIs. The system is working exactly as designed — just not for the public.
The broader pattern here is one we’ve seen before: industry incumbents lobbying to shape the rules that are supposed to regulate them. But this case is unusual in its brazenness. The EU, which has positioned itself as the world’s leading regulatory power on technology and the environment, has essentially allowed four American companies to write the transparency rules for the infrastructure that powers their own products. As Europe races to become an AI superpower, the public is being told to trust that the environmental costs are acceptable — without being allowed to see what they are.
Sources
- US tech firms successfully lobbied EU to keep datacentre emissions secret
- How the tech lobby made secrecy part of EU law on data centers
- Europe Data Centre Power Demand - ICIS
- AI’s hidden energy bill: Europe grapples with digital growth
- European IT power capacity growth 2023-2025
- EU Energy Efficiency Directive - Data Centres
