原文
.jpg&w=1920&q=75)
How Big Tech wrote secrecy into EU law to hide data centres’ environmental toll
.jpg&w=3840&q=75)
Credit: Spoovio
Environmental footprint of Europe's data centres kept secret after industry lobbying in a move legal experts warn could violate transparency rules
Microsoft and DigitalEurope, a lobby group whose members include Amazon, Google and Meta, secured a secrecy provision in EU law to block public access to critical information on data centres’ environmental impact, Investigate Europe can reveal.
With the EU set to triple its data centre capacity in the next five years, the European Commission started collecting key metrics like energy efficiency and water consumption from facilities. However, information on individual facilities’ footprint is kept secret, after industry pushed to amend the 2024 legislation to classify it as confidential and commercially sensitive.
The confidentiality clause could violate EU transparency rules, 10 leading legal scholars told Investigate Europe. In particular, it could infringe the bloc’s obligations under the Aarhus Convention, an international treaty on access to environmental information, they warned.
"In two decades, I cannot recall a comparable case," said Professor Jerzy Jendrośka, who spent 19 years on the body overseeing the Aarhus Convention and teaches environmental law at Opole University in Poland. "This clearly seems not to be in line with the convention."
EU member states were also encouraged to refuse public requests for the information, Investigate Europe can reveal. In an email sent in early 2025 and shared with Investigate Europe, a senior Commission figure stressed to national authorities that they were “obliged to keep confidential all information and key performance indicators for individual data centres.”
The confidentiality clause is one of several business-friendly carve-outs that industry pushed to add to EU regulations, Investigate Europe found in its investigation, which is being published with media partners in nine countries, including the Guardian, Le Monde and El País.
Europe is building data centres at break-neck speed, with €176 billion in investment expected over the next five years. The rush has triggered widespread concerns about pollution and intense energy use as well as impacts on communities and natural habitats.
With the EU set to triple its data centre capacity in the next five years, the European Commission started collecting key metrics like energy efficiency and water consumption from facilities. However, information on individual facilities’ footprint is kept secret, after industry pushed to amend the 2024 legislation to classify it as confidential and commercially sensitive.
The confidentiality clause could violate EU transparency rules, 10 leading legal scholars told Investigate Europe. In particular, it could infringe the bloc’s obligations under the Aarhus Convention, an international treaty on access to environmental information, they warned.
"In two decades, I cannot recall a comparable case," said Professor Jerzy Jendrośka, who spent 19 years on the body overseeing the Aarhus Convention and teaches environmental law at Opole University in Poland. "This clearly seems not to be in line with the convention."
EU member states were also encouraged to refuse public requests for the information, Investigate Europe can reveal. In an email sent in early 2025 and shared with Investigate Europe, a senior Commission figure stressed to national authorities that they were “obliged to keep confidential all information and key performance indicators for individual data centres.”
The confidentiality clause is one of several business-friendly carve-outs that industry pushed to add to EU regulations, Investigate Europe found in its investigation, which is being published with media partners in nine countries, including the Guardian, Le Monde and El País.
Europe is building data centres at break-neck speed, with €176 billion in investment expected over the next five years. The rush has triggered widespread concerns about pollution and intense energy use as well as impacts on communities and natural habitats.
“Who does the Commission really represent: Big Tech or the public interest?”
— Bram Vranken, Corporate Europe Observatory
One attempt to regulate the sector was a 2023 revision to the EU Energy Efficiency Directive, obliging operators to report data on key performance indicators like energy use and water consumption.
Soon after, the European Commission drew up more detailed instructions on the new duties. A first draft was circulated in December 2023, stating that the data should be “published in aggregated form.”
The EU executive then fielded comments from stakeholders as per the standard consultative process.
At the start of 2024, Microsoft and DigitalEurope gave feedback: both suggested an identical new article classifying all individual information on data centres as confidential, citing commercial interest. They wanted to go beyond the initial Commission proposal, and ensure that the data could not even be accessed through freedom of information requests.
When the Commission published the final text in March 2024, their proposed article had been added almost word for word.
The final text of Article 5 requires “the Commission and Member States concerned [to] keep confidential all information and key performance indicators for individual data centres. Such information shall be considered confidential information affecting the commercial interests of operators and owners of data centres.”
As a result only broad, national-level data is made public, while information about the precise impact of individual data centres is kept out of reach of affected communities, academics, journalists and the wider public.
It is another example of industry “ramping up their lobby efforts to shape EU legislation”, said Bram Vranken, who researches the area for Corporate Europe Observatory, an NGO in Brussels. He said he had never seen such a striking example of changes to EU law.
“The fact that the Commission copy-pasted a Microsoft amendment is shocking,” Vranken said. “Who does the Commission really represent: Big Tech or the public interest?”
Soon after, the European Commission drew up more detailed instructions on the new duties. A first draft was circulated in December 2023, stating that the data should be “published in aggregated form.”
The EU executive then fielded comments from stakeholders as per the standard consultative process.
At the start of 2024, Microsoft and DigitalEurope gave feedback: both suggested an identical new article classifying all individual information on data centres as confidential, citing commercial interest. They wanted to go beyond the initial Commission proposal, and ensure that the data could not even be accessed through freedom of information requests.
When the Commission published the final text in March 2024, their proposed article had been added almost word for word.
The final text of Article 5 requires “the Commission and Member States concerned [to] keep confidential all information and key performance indicators for individual data centres. Such information shall be considered confidential information affecting the commercial interests of operators and owners of data centres.”
As a result only broad, national-level data is made public, while information about the precise impact of individual data centres is kept out of reach of affected communities, academics, journalists and the wider public.
It is another example of industry “ramping up their lobby efforts to shape EU legislation”, said Bram Vranken, who researches the area for Corporate Europe Observatory, an NGO in Brussels. He said he had never seen such a striking example of changes to EU law.
“The fact that the Commission copy-pasted a Microsoft amendment is shocking,” Vranken said. “Who does the Commission really represent: Big Tech or the public interest?”
.jpg&w=3840&q=75)
Credit: Spoovio
Legal experts say the clause goes against the EU Charter of Fundamental Rights and the Aarhus Convention, which grants public access to environmental information such as emissions data.
Luc Lavrysen, former President of the Belgian Constitutional Court and emeritus professor of environmental law at Ghent University, said the blanket confidentiality clause "is clearly in violation” of EU transparency rules and the Aarhus Convention.
Kristina Irion, an associate professor in information law at the University of Amsterdam, reached the same interpretation. She said the “sweeping presumption of confidentiality” incorrectly benefits corporate interests over public access to at least some of the data.
“What deserves protection as confidential information affecting the commercial interests of data centre companies should be determined on a case-by-case basis,” she said.
When approached for comment, the European Commission said that confidentiality had always been part of its proposal, and declined to give an on-the-record response. “During the consultation we received many comments on the topic,” an EU official said on condition of anonymity. “We analysed the feedback and adopted a text reflecting it, as per usual practice.”
A spokesperson for Microsoft said: “We support greater transparency around data centres, as sustainability disclosure can help drive better outcomes and build public trust. Microsoft has ambitious 2030 commitments on carbon, water, waste, and biodiversity, and tracks performance against high standards. We are taking further steps to increase openness, while protecting confidential business information.”
DigitalEurope did not respond to requests for comment.
The Commission's internal position, according to sources close to the matter, is that making each data centre’s information public might see operators stop reporting despite obligations.
However, according to the EU’s own data, only 36 per cent of eligible data centres – around 770 facilities – have reported so far. The Commission added that only 80 per cent of the reported data is “deemed to be accurate and reliable”.
The industry has “a real interest in keeping the numbers hidden”, said Alex de Vries-Gao, a researcher at VU Amsterdam. De Vries-Gao has published several studies attempting to quantify the environmental footprint of AI but they have mostly relied on aggregated data.
“Public information is extremely limited," he said. “You typically have to bend over backward to come up with any numbers."
Luc Lavrysen, former President of the Belgian Constitutional Court and emeritus professor of environmental law at Ghent University, said the blanket confidentiality clause "is clearly in violation” of EU transparency rules and the Aarhus Convention.
Kristina Irion, an associate professor in information law at the University of Amsterdam, reached the same interpretation. She said the “sweeping presumption of confidentiality” incorrectly benefits corporate interests over public access to at least some of the data.
“What deserves protection as confidential information affecting the commercial interests of data centre companies should be determined on a case-by-case basis,” she said.
When approached for comment, the European Commission said that confidentiality had always been part of its proposal, and declined to give an on-the-record response. “During the consultation we received many comments on the topic,” an EU official said on condition of anonymity. “We analysed the feedback and adopted a text reflecting it, as per usual practice.”
A spokesperson for Microsoft said: “We support greater transparency around data centres, as sustainability disclosure can help drive better outcomes and build public trust. Microsoft has ambitious 2030 commitments on carbon, water, waste, and biodiversity, and tracks performance against high standards. We are taking further steps to increase openness, while protecting confidential business information.”
DigitalEurope did not respond to requests for comment.
The Commission's internal position, according to sources close to the matter, is that making each data centre’s information public might see operators stop reporting despite obligations.
However, according to the EU’s own data, only 36 per cent of eligible data centres – around 770 facilities – have reported so far. The Commission added that only 80 per cent of the reported data is “deemed to be accurate and reliable”.
The industry has “a real interest in keeping the numbers hidden”, said Alex de Vries-Gao, a researcher at VU Amsterdam. De Vries-Gao has published several studies attempting to quantify the environmental footprint of AI but they have mostly relied on aggregated data.
“Public information is extremely limited," he said. “You typically have to bend over backward to come up with any numbers."
Europe is expected to invest €176 billion in data centres over the next five years.Credit: Shutterstock
The secrecy clause may be exceptional in its blatancy, but it’s not the only recent trace of industry fingerprints on laws concerning data centres.
In December the European Commission put forward a draft bill to speed up EU-mandated environmental impact assessments for major construction projects, including many of the biggest data centre projects. The proposal is part of a broader push to slash bureaucratic burden on businesses.
The proposed law, now under review, sets hard response deadlines for responsible authorities, puts a cap of 90 days for community consultation, and could see high-priority applications fast-tracked through certain administrative steps.
A document obtained by freedom of information request shows Microsoft met with an EU official in late October to discuss “permitting”, with the company calling for “capping deadlines”. Microsoft saw the “streamlining of permitting procedures as a critical enabler,” the company wrote in an email to the European Commission. “Together with our teams on the ground, we have developed a set of concrete proposals.”
For months, Microsoft and Amazon were among those publicly lobbying for fast-tracked planning permission processes, both pointing to the Spanish region of Aragón's “one-stop shop” approach for environmental paperwork. The area has emerged as a major European data centre hub, with Amazon investing €33 billion in AI and cloud infrastructure in Spain alone, according to a March report by the company.
In December the European Commission put forward a draft bill to speed up EU-mandated environmental impact assessments for major construction projects, including many of the biggest data centre projects. The proposal is part of a broader push to slash bureaucratic burden on businesses.
The proposed law, now under review, sets hard response deadlines for responsible authorities, puts a cap of 90 days for community consultation, and could see high-priority applications fast-tracked through certain administrative steps.
A document obtained by freedom of information request shows Microsoft met with an EU official in late October to discuss “permitting”, with the company calling for “capping deadlines”. Microsoft saw the “streamlining of permitting procedures as a critical enabler,” the company wrote in an email to the European Commission. “Together with our teams on the ground, we have developed a set of concrete proposals.”
For months, Microsoft and Amazon were among those publicly lobbying for fast-tracked planning permission processes, both pointing to the Spanish region of Aragón's “one-stop shop” approach for environmental paperwork. The area has emerged as a major European data centre hub, with Amazon investing €33 billion in AI and cloud infrastructure in Spain alone, according to a March report by the company.
Amazon Web Services' data centre located in the Villanueva de Gállego technology park, Aragón.Source: Airbus/Google
The region’s new investor-friendly rules have been criticised by local activists for letting operators like Amazon “rezone land, avoid taxes and deadlines, with little public participation.” Amazon failed to respond to requests for comment.
Ioannis Agapakis, a lawyer from non-profit group Client Earth, warned that contracting community consultation could see people miss their chance to identify serious issues. "In the worst case, it could legitimize projects that might have procedural or substantive illegalities," he said.
The consequences of these changes will be felt most by those closest to Europe’s broadening network of data centres. "Society is paying the full price for the carbon emissions and the water consumption of data centres,” said de Vries-Gao of VU Amsterdam.
The Commission does plan to publish sustainability scores covering a handful of indicators for individual data centres. It is a step forward, but the vast majority of what operators report will remain confidential, shielded by the very clause that industry wrote for itself.
------
Additional reporting: Pascal Hansens
Editor: Chris Matthews
This investigation was led and coordinated by Investigate Europe, a cross-border journalism team. The story is being published with media partners including Altreconomia, Die Zeit, El País, EU Observer, the Guardian, the Journal, Le Monde, Publico and Tech Policy Press.
Ioannis Agapakis, a lawyer from non-profit group Client Earth, warned that contracting community consultation could see people miss their chance to identify serious issues. "In the worst case, it could legitimize projects that might have procedural or substantive illegalities," he said.
The consequences of these changes will be felt most by those closest to Europe’s broadening network of data centres. "Society is paying the full price for the carbon emissions and the water consumption of data centres,” said de Vries-Gao of VU Amsterdam.
The Commission does plan to publish sustainability scores covering a handful of indicators for individual data centres. It is a step forward, but the vast majority of what operators report will remain confidential, shielded by the very clause that industry wrote for itself.
------
Additional reporting: Pascal Hansens
Editor: Chris Matthews
This investigation was led and coordinated by Investigate Europe, a cross-border journalism team. The story is being published with media partners including Altreconomia, Die Zeit, El País, EU Observer, the Guardian, the Journal, Le Monde, Publico and Tech Policy Press.
