Saudi Arabia’s Data Centre Expansion: Regulatory Framework and Strategic Considerations

Artificial intelligence (AI) and data centres have moved from niche technology topics to central elements of national energy and infrastructure planning. In Saudi Arabia, the data centre market is significant and is projected to grow rapidly in both investment value and information-technology (IT) load capacity over the remainder of this decade, in parallel with the Kingdom’s Vision 2030 objectives to accelerate digital transformation and diversify the economy.

Recent policy announcements, including a national data centre strategy the Ministry of Communications and Information Technology launched in 2025 in collaboration with the Saudi Data and Artificial Intelligence Authority (SDAIA), which targets around 1.5 GW of data centre capacity by 2030, underline the strategic weight of this sector in the Kingdom’s economic and digital agenda. More recent market-facing announcements by major national platforms and sponsors further point to ambitions that extend beyond early gigawatt-scale targets, underscoring the pace at which the Kingdom’s data centre landscape continues to evolve. In parallel, government-led digital infrastructure platforms are also scaling quickly. Recent public-facing communications around SDAIA’s “Hexagon” data centre initiative, for example, reinforce that sovereign and public-sector workloads are emerging as a core anchor of the Kingdom’s data centre build-out, not merely a downstream consequence of private hyperscale demand. For those shaping energy and infrastructure policy, the key question may no longer be whether data centres will be built, but how to integrate them into existing power, fuel, and water systems without creating future stresses on networks, tariffs, or resources.

Alongside power, fuel, and water, digital connectivity increasingly emerges as a foundational element of the infrastructure required to support large-scale data centre development. High-capacity domestic fibre networks, international connectivity, redundancy, and resilience across transmission routes may be as determinative for siting and scalability as access to grid capacity or water resources, particularly for hyperscale and mission-critical facilities with latency-sensitive workloads. In that sense, digital connectivity becomes another layer of infrastructure that must be planned in parallel with power, fuel, and water, rather than after the fact.

Recent policy communications have placed increasing emphasis on integrating large new loads into system-level planning and on siting such loads in locations that are compatible with grid capacity and long-term network development. In practice, this might mean aligning investment decisions for major digital and industrial clusters with the Kingdom’s broader objectives around reliability, affordability, and the energy transition, and managing the risks associated with fragmented, purely demand-driven build-out.

In Saudi Arabia, large data centres are increasingly treated as large industrial consumers with continuous high-density loads that are strategically important to the digital economy, and therefore are integrated into power-system and infrastructure planning rather than handled as a purely IT issue. This GT Advisory outlines the main legal, regulatory, and whole-of-system considerations for investors, operators, and policymakers engaging with Saudi Arabia’s evolving data centre landscape.

1. Data Centres as High-Density Loads in National Energy Planning

Saudi energy policy frameworks increasingly assess large data centres alongside industrial, residential, commercial, and water-sector demand. These facilities have high and relatively continuous loads, often concentrated in major metropolitan areas and new economic or industrial hubs.

Today, data centres may account for a modest but growing share of national electricity demand. Official Saudi statistics do not yet disaggregate data centre consumption as a separate category, but global benchmarks typically place data centres in the low single-digit percentage range of total demand in some markets. Given the current installed IT-load capacity in the Kingdom and total generation capacity exceeding tens of gigawatts, the present share may still be relatively small, with the potential to become more material over the medium term as planned capacity comes online.

Demand composition is also an important consideration. Growth in data-centre capacity may be driven by a mix of hyperscalers, AI-focused compute providers, enterprise and colocation customers, as well as public-sector and regulated-sector workloads. Each of these user groups brings different expectations around uptime, contracting structures, expansion phasing and risk allocation. In practice, the identity and maturity of anchor customers often shape the commercial and financing profile of a project, influencing everything from service-level commitments and step-in rights to the alignment between digital offtake arrangements and long-term power-supply contracts.

Two dimensions are particularly important when planning for large data-centre loads:

• Project maturity: Operational facilities, projects under construction, projects at final investment decision (FID), and earlier-stage schemes supported by land reservations or memoranda of understanding have very different implications for connection queues, network investment, and the timing of load growth.
• Location and timing: Clustering large centres on constrained transmission corridors may create bottlenecks and require reinforcement, whereas siting near strong grid nodes or new generation hubs may reduce costs and risks and shorten connection lead times.

In practice, these considerations mean that assessing the suitability of a site for large-scale data-centre development increasingly requires a holistic view of “infrastructure readiness.” Beyond proximity to generation or strong grid nodes, this might include the availability of scalable digital connectivity, redundancy across physical routes, and the ability to support future expansion without repeated permitting cycles or network reconfiguration.

Looking ahead, some facilities may, in principle, be able to offer a limited degree of operational flexibility. International experience suggests that this is typically confined to specific computing profiles, such as non-mission-critical workloads, batch processing, or certain AI training activities, and often only under tightly defined conditions. For most mission-critical operations, contractual uptime commitments and reliability expectations significantly constrain participation in demand-response or curtailment arrangements. Any future use of such mechanisms would therefore require clear regulatory guidance from the Saudi Electricity Regulatory Authority (SERA) on compensation, reliability standards, and curtailment protocols, and should be viewed as a targeted, use-case-specific tool rather than a system-wide solution.

2. Powering Large-Scale Digital Loads

2.1 Regulatory Framework and Grid Connection

SERA, together with the Ministry of Energy, provides the framework for grid connection, capacity allocation, tariffs, and reliability standards. For data centre sponsors and their lenders, several points are central for consideration:

• Connection timelines and milestones, including the extent of required reinforcement of local or regional networks;
• Cost allocation for grid upgrades, and the degree to which developers are expected to contribute to upstream transmission or distribution investments;
• Curtailment and dispatch risk, including how priority is allocated among competing loads and what relief or compensation, if any, is available; and
• Compliance with network codes and reliability standards, including any additional requirements for high-density, high-availability loads.

As digital loads scale, investors also tend to focus on how connection capacity is allocated and sequenced. In several mature markets, uncertainty has arisen not only from connection timelines, but from queue management and the treatment of early-stage or speculative projects. Clear, transparent processes for prioritisation, milestone-based progression, and capacity reservation may help align network investment with demonstrable demand, reduce uncertainty for mature projects, and support orderly system expansion. These issues must be reflected clearly in project documentation, particularly in grid-connection agreements, power-supply arrangements (including PPAs where applicable), and related project finance covenants.

2.2 Power Procurement Models, Cost Competitiveness, and Pricing Signals

Within this framework, developers might pursue several power-procurement options, including:

• Grid-sourced electricity under regulated tariffs or structures designed for high-density or industrial loads;
• Behind-the-meter generation (on-site power plants dedicated to the data centre), such as co-located gas-fired or renewable assets, potentially combined with on-site storage;
• Hybrid arrangements combining grid supply with private generation and storage; and
• Green power solutions, including long-term renewable power purchase agreements (PPAs) or the use of renewable certificates, supporting national targets to significantly expand solar and wind capacity by 2030.

In the Saudi context, these procurement models operate within a highly centralised planning and regulatory framework. System-level coordination, capacity allocation, and reliability standards remain core features of the power sector. As a result, the practical availability and structuring of any given model would be shaped by sector planning priorities and regulatory approvals. Investors might therefore treat procurement “options” as structuring pathways within a regulated system, not as off-the-shelf products that can be replicated across jurisdictions.

Public statements from Saudi energy leaders indicate that electricity for large data centre projects may, in principle, be sourced at internationally competitive rates, with indicative figures in the low single digits in U.S. cents per kilowatt-hour for both efficient natural gas-fired and renewable generation. These references reflect policy aspirations and directional price signals based on public statements, and investors may wish to assess the actual pricing framework applicable to each project on a case-by-case basis. At present, gas-fired generation still principally serves most large loads in the Kingdom, with renewables expanding from a relatively low base. In practice, some of the Kingdom’s large data centres might rely on a combination of efficient gas-fired generation and increasingly competitive renewable power. In some structures, firm grid and/or gas-fired capacity must be sized to meet the full contracted IT load, with renewable projects operating alongside that capacity as a partial mitigation and portfolio decarbonisation tool, rather than as a stand-alone source of supply. Gas might provide firm, dispatchable capacity for high and stable loads, while renewables and related certificates or PPAs would support sustainability objectives and help reduce the overall emissions footprint. The precise balance between the two would evolve over time as storage, grid flexibility, and regulatory frameworks continue to develop.

At the same time, the way in which the costs of new network and generation investments are allocated between data centre sponsors, utilities, and the wider consumer base may attract closer attention. If not carefully designed, incremental infrastructure required to serve large digital clusters could, over time, increase scrutiny around how network costs are allocated, particularly to avoid unintended pass-through effects on smaller consumers. From a policy perspective, this might make it important to balance cost-reflective signals for large strategic users with the broader objectives of affordability, competitiveness, and fiscal sustainability, and to communicate clearly how data centre investments fit within that balance.

These models raise familiar issues of contractual protections against adverse regulatory changes (often addressed through “change in law” clauses in project finance documentation, the scope and enforceability of which depend on negotiation and applicable law), load curtailment and dispatch priority, and the treatment of outages and disruptions, including whether certain grid events, cyber incidents, or physical disruptions qualify as force majeure under the Civil Transactions Law or are dealt with through bespoke contractual risk-allocation mechanisms. Where data centres are co-located with generation, sponsors must also consider licensing, fuel-supply arrangements, and environmental permitting.

Looking ahead, some observers expect pricing to become an increasingly important regulatory tool. Differentiated tariffs or incentive mechanisms might be used to encourage siting in grid-appropriate locations, reward investments that support system flexibility (for example, through storage or agreed interruptibility), and promote operating profiles that align better with renewable output. Regulators may also explore more dynamic approaches to cost-reflective pricing as digital loads scale. Developers might anticipate that future regulatory design may use price signals more actively to shape behaviour, not merely to recover costs.

These developments sit within a broader evolution of the Kingdom’s energy mix, including large-scale deployment of renewables, the exploration of additional low-carbon baseload options, and the continued application of the Circular Carbon Economy framework to manage emissions across the system. One emerging model in this context involves pairing new high-efficiency gas-fired plants with carbon capture, utilization, and storage (CCUS) facilities dedicated to serving large digital loads, allowing users to benefit from the reliability of gas while supporting their public decarbonisation commitments.

At the same time, AI and advanced analytics deployed by system operators may support a more efficient and resilient energy system: digital tools are increasingly used to improve load and renewable forecasting, optimise dispatch, enhance network planning, and reduce technical losses. While data centres represent a significant and growing load, the computing resources they host may also indirectly support grid optimisation where applied to energy-sector use cases, creating a complex interdependency between digital and physical infrastructure.

3. Environmental, Water, and Sustainability Considerations

3.1 Water-Energy Nexus

In an arid country with significant reliance on desalination, the water footprint of data centre cooling is a strategic issue. National water policy places strong emphasis on efficiency, modernisation of desalination assets, and the expansion of wastewater treatment and reuse, with a focus on safeguarding resources while providing high-quality, affordable services.

For data centre developers, this context manifests in expectations around:

• Adopting high-efficiency cooling technologies, including low-water-intensity or closed-loop systems where feasible;
• Aligning with local limits on groundwater abstraction and broader conservation objectives; and
• Integrating real-time monitoring for both water and energy use, allowing operators and regulators to track performance against agreed benchmarks.



3.2 ESG and Climate-Related Requirements

Saudi climate and environmental policy, including the Circular Carbon Economy framework and initiatives under the Saudi Green Initiative, influences permitting, procurement, and financing. In practice, developers and lenders are increasingly incorporating:

• Renewable energy sourcing requirements, often via PPAs or other structured products;
• Energy-efficiency and emissions-management undertakings;
• Climate- and ESG-related reporting obligations; and
• KPI-linked pricing or covenants in project finance and corporate facilities.

These requirements place data centre projects at the intersection of energy law, environmental regulation, and sustainable finance and are increasingly important for international investors seeking alignment with both local and global standards.

4. Investment Structures, Bankability, and Bubble Risk

Data centre investments in Saudi Arabia often involve partnerships between local and international players, including:

• Joint ventures combining land, power, and permitting capabilities with international operational and technology expertise;
• PPP-style models where national entities provide land or infrastructure support in return for long-term service commitments; and
• Platform structures through which investors deploy capital across multiple sites and phases.

Each model raises questions about ownership, licensing, corporate governance requirements, and regulatory approvals. In broad terms, foreign sponsors typically participate through Saudi-incorporated project or platform companies, often alongside local partners that contribute land, utility-interface capabilities, or broader ecosystem roles. This reflects the Kingdom’s wider foreign investment and localisation framework, and the practical advantages of having counterparties that are familiar with local regulatory processes, permitting practices, and stakeholder expectations, while still allowing international capital and operating expertise to play a central role in developing the sector.

Bankability typically depends on robust long-term agreements governing both power and digital services. Key issues include minimum-capacity commitments and baseload assumptions; service-level agreements addressing uptime and redundancy; allocation of risk for outages arising from grid events, cyber incidents, or physical disruptions; and treatment of upgrades and technology refresh cycles. Careful alignment might be needed between power-supply contracts (including PPAs where used) and data centre offtake or colocation agreements, so that obligations on one side of the structure are back-to-back with protections on the other.

Growing global interest in AI and digital infrastructure may also create the risk of over-building capacity based on overly optimistic demand assumptions. For an energy system, over-concentration of under-utilised assets may impose costs on networks and, indirectly, on other consumers. Disciplined investment would therefore require robust demand validation, alignment between digital offtake contracts and power-supply arrangements and, in some cases, linking financing drawdowns or expansion phases to demonstrable demand milestones. For energy-system stakeholders, an equally important question is who ultimately bears the cost of any incremental network and generation investments made in anticipation of digital demand that fails to materialise on schedule. Clear rules on cost allocation between project sponsors, utilities, and end-consumers would be helpful in ensuring that AI-driven growth does not translate into unwarranted cross-subsidies or affordability pressures. Against this backdrop, careful contractual allocation of demand, curtailment, change-in-law, and cost-pass-through risks may become critical to avoiding the kinds of over-build and stranded-asset scenarios that have emerged in some more mature data-centre markets. It is equally important to ensure that this allocation is fully reflected in financing structures.

On the demand side, the market is likely to be shaped by a mix of hyperscalers, AI providers, regulated-sector workloads and enterprise colocation customers, each of which brings different contracting dynamics, risk appetites, and financing implications. For sponsors and lenders, demand profile and tenant maturity remain central to bankability and risk allocation.

As data centre platforms mature, questions are also beginning to emerge around the hosting of sensitive and sovereign workloads, including public-sector data originating outside the Kingdom. These issues touch on jurisdiction, applicable law, access rights, and functional control, and may over time require clearer articulation within contractual and public-law frameworks. While beyond the scope of this GT Advisory, they form part of the broader legal landscape shaping trusted digital infrastructure.

5. Data, Cloud, and Cybersecurity Regulation

Saudi Arabia has developed a suite of regulations for data governance, cloud services, AI, and cybersecurity, including classification and licensing regimes, data residency and localisation requirements, and specific standards for critical national infrastructure. These frameworks intersect with sectoral regulation in areas such as finance, health, and government services and are complemented by national strategies for data and AI.

For data centre projects, this translates into:

• Clearly defined data segregation, residency, and cross-border transfer obligations;
• Mandatory cybersecurity controls and incident-response requirements;
• Audit rights for regulators and customers; and
• Integration of compliance programmes into operational and contractual design.

Where facilities host advanced AI accelerators, GPUs, or other high-performance computing hardware sourced from jurisdictions with far-reaching export-control and sanctions regimes, operators must also manage compliance with those frameworks. This typically requires understanding the export classification and licensing status of hardware deployed in the facility (for example, under the U.S. Export Administration Regulations (EAR), where U.S.-origin technology is involved), and incorporating appropriate representations, undertakings, and audit or termination rights into contracts with vendors and customers. For cross-border projects and regional hub architectures, alignment between local regulatory requirements and extra-territorial export-control obligations is increasingly becoming a core part of the compliance and risk-allocation strategy for data centre sponsors and financiers. Relevant risk considerations may also include deemed export or deemed import scenarios, potential secondary sanctions exposure, and restrictions applicable to certain categories of personnel supporting controlled compute operations. In response, contractual risk allocation for export-controlled computing hardware may involve more robust audit, clawback, and termination mechanisms than are typically seen in standard colocation agreements, reflecting the heightened compliance and enforcement considerations. These data and cloud frameworks continue to evolve, particularly in relation to cross-border transfers, localisation requirements, and sector-specific rules, and sponsors should monitor regulatory updates when structuring regional or global architectures around Saudi-based facilities.

The continued development of government-grade data-centre platforms, including “Hexagon” initiative, also highlights why classification, auditability, incident-response, and access-governance requirements are likely to remain central design constraints for facilities seeking to host sovereign and regulated workloads. These considerations are particularly important for facilities hosting public sector, financial services, or strategically sensitive workloads.

6. System-Level Considerations and How They Are Being Managed

Saudi regulators have explicitly recognised that rapid data centre expansion must be managed within broader system considerations. Importantly, these considerations reflect the scale and sequencing challenge of integrating large new loads into an expanding system, and the need to align siting and delivery timelines with planned network reinforcements, capacity additions, and cross-sector coordination mechanisms. Several themes are prominent:

• Grid capacity and congestion: Clustering of large data centres may stress local networks and force expensive upgrades if not anticipated in advance. Targeted transmission and distribution investments, coordinated with new load centres, are therefore essential.
• Land-use, permitting and delivery sequencing: large data centre campuses may be affected by land-use controls, industrial zoning, environmental approvals, and construction-permit timelines. Aligning these processes with system planning, including siting decisions, construction impacts and delivery sequencing, might materially improve schedule certainty and bankability, particularly for multi-phase developments.
• Balancing competing loads: Industrial, water, residential, commercial, and digital demand must all be balanced within a single system. Energy efficiency measures, flexible generation, and enhanced forecasting, including AI-enabled tools, are increasingly important.
• Supply chain and human capital: Global constraints in specialised hardware and networking equipment, and the need for skilled engineers, operators, and regulatory professionals, underscore the importance of diversified sourcing, local ecosystem development, and sustained investment in talent.
• Construction delivery and long-lead equipment risk: Beyond IT hardware, delivery timelines for transformers, switchgear, generators, cooling systems, and other long-lead equipment may materially affect project schedules and financing assumptions. Effective procurement sequencing, interface management across vendors, and contingency planning are therefore critical, particularly where projects are developed in phases or ahead of fully contracted demand.

Addressing these constraints might strengthen the credibility of Saudi Arabia’s digital infrastructure plans and aligns with international expectations for critical infrastructure governance.

Conclusion

Saudi Arabia’s data centre expansion reflects a deliberate policy choice: to integrate large digital loads into national energy, water, and infrastructure planning rather than treat them as peripheral technology projects. As high-density, often mission-critical loads, data centres interact directly with electricity regulation, fuel strategy, water policy, environmental standards, and data-governance frameworks.

Three themes emerge for policymakers, investors, and legal teams:

• First, stakeholders may wish to approach large data centres as strategic infrastructure within the national energy and water systems as assets that sit on the same planning map as power plants, desalination facilities, industrial complexes, and critical digital services, rather than as stand-alone IT real estate.
• Second, long-term success may depend less on any single project than on the quality of the surrounding framework: regulation that provides clarity and stability, pricing and tariff design that send the right locational and behavioural signals, and procurement models that align the risk-reward balance between developers, utilities, financiers, end-users, and the state.
• Third, the most significant risks are not confined to under-investment. Experience in other markets shows that mis-investment, such as building too much capacity, in the wrong place, on the wrong timetable, or on contractual terms that do not reflect system realities, can impose lasting costs on networks, public finances, and consumers. Avoiding that outcome may require disciplined planning, robust demand validation, and contractual structures that consciously integrate energy, infrastructure, and digital-regulatory considerations, rather than treating them as separate workstreams.

For participants in this market, a multidisciplinary approach is essential, particularly in a market where policy, infrastructure, and capital are evolving in parallel, combining experience in energy and infrastructure projects with expertise in technology, data protection, cybersecurity, and ESG. As the Kingdom advances its Vision 2030 agenda, the legal and regulatory architecture underpinning data centres may remain central to translating demand for AI and cloud services into bankable, resilient, and sustainable projects.