- A key federal data center law expires on September 30, 2026
- No replacement legislation has been proposed by Congress or the administration
- Federal agencies could soon design data centers without uniform security standards
A US law setting security, reliability, and sustainability standards for federal data centers is on track to expire September 30, 2026, with no confirmed replacement.
The Federal Data Center Enhancement Act (FDCEA) of 2023 currently governs facilities owned, operated, or maintained by federal agencies nationwide.
Its possible lapse comes at an awkward moment, just as the country keeps building out data center capacity to meet rising AI and computing demand.
Federal data center rules face an uncertain future
Under the FDCEA, federal facilities must maintain protections covering uptime, power reliability, physical security, cybersecurity, and resilience against natural disasters.
The law also sets expectations around sustainable energy use as agencies expand their computing footprint year over year.
Guidance from the Office of Management and Budget (OMB) says agencies must ensure their data centers offer secure, highly available computing environments at all times.
That guidance goes further, stating that proper operation depends on continuous monitoring and resource optimization, including automated systems that track measurements like electrical consumption.
Agencies are also expected to weigh energy and water use against broader financial and environmental considerations before building anything new.
Crucially, the OMB states that federal facilities must meet reliability and resilience requirements through appropriate security protections, both digital and physical.
The FDCEA itself replaced an earlier consolidation effort once agencies recognized that…
