Data centers: Requirements for emergency power generators continue to rise

When the power fails in data centers, the consequences are often severe: Data loss and system failures can cause considerable financial damage to companies. Emergency power generators are therefore practically indispensable in data centers. Depending on the function and importance of the data center, there are also legal requirements that make the use of emergency power generators de facto necessary. These regulations have been continuously tightened since 2024. One of these is the EN 50600 standard. Anyone wishing to have a data center certified must not only have an emergency power generator; since September 2025, this must also meet even stricter requirements, as EN 50600 has been revised. It now places stricter requirements on redundancy and the maximum switching time between mains and emergency power supply.

According to the BSI Act (BSIG) and the BSI Criticality Ordinance (BSI-KritisV), operators of critical infrastructures (KRITIS) are obliged to ensure operation even in the event of a power failure. Here, too, the requirements for documentation and proof of maintenance and functional tests as well as for information security management systems were only tightened in 2024. The draft bill for the KRITIS umbrella law, which the Federal Cabinet passed in September 2025, provides for further precautionary measures by data center operators. In addition, the requirements of the NIS-2 Directive based on the German Implementation Act with extensive cybersecurity requirements may come into effect.

Operators must provide additional evidence for certification in accordance with EN 50600

EN 50600 was amended in August 2025. Anyone wishing to be certified in accordance with EN 50600 or use the standard as a planning guideline must now not only technically ensure their emergency power supply, but also consistently prepare the processes, documentation and evidence. The standard now requires a significantly higher organizational effort.

In concrete terms, this means:

• Clear availability and redundancy requirements
  Operators must provide precise proof of the dimensioning of their emergency power generators: N+1 arrangements, switchover times, backup capacities. Unclear interpretations are no longer permitted. Everything must be verifiable.
• Documented test runs and tests
  Regular test runs of the emergency power generators are mandatory. Load transfer times, operating times and any faults must be documented. The documents later serve as proof for audits and certifications.
• Monitoring and reporting
  Emergency power generators must now be integrated into the monitoring and management systems. Operators must continuously record availability figures and log failures or delays.
• Integration of energy and environmental aspects
  The standard requires the energy efficiency of the emergency power supply to be taken into account. Operators should check whether diesel gensets are compatible with their sustainability goals and plan for alternatives such as battery buffers or hybrid solutions.
• Process responsibility & change management
  Every change to the power supply, data center layout or operating processes must be documented. Responsibilities must be clearly defined and escalation paths for disruptions must be established.

BSI Criticism Ordinance: More responsibility for operators

In addition to the technical standards, the legal requirements for data center operators are also becoming stricter in accordance with the BSI Criticality Ordinance. This applies in the area of critical infrastructure, for example telecommunications, energy, finance and healthcare. The size of a data center can also be decisive: From a contractually agreed IT capacity of at least 3.5 MW, providers of IT infrastructure are considered part of the critical infrastructure. These operators must demonstrate a high degree of technical and organizational resilience, including in the area of emergency power supply.

Data centers are increasingly considered part of the critical infrastructure because their failure can paralyze entire industries or public services.

The requirements have become noticeably stricter as a result of the adjustments in the :

Key innovations and requirements:

• Longer bridging time: For KRITIS data centers, the requirement now applies that the power supply must be ensured by emergency power generators for at least 24 hours in an emergency, but often significantly longer (up to 48 or 72 hours depending on protection requirements).
• Documentation and testing obligations: Operators must carry out regular functional tests and maintenance on their emergency power systems and document the results in full. This evidence forms the basis for audits and official inspections.
• Redundancy and capacity utilization: Data centers must not operate their systems permanently under full load. The infrastructure must be designed in such a way that failures of individual components can be compensated for by others (e.g. N+1 redundancy).
• Risk management and emergency planning: Operators must maintain and regularly update risk analyses, emergency and restart plans, including clearly defined responsibilities.
• Information security management system (ISMS): KRITIS operators must implement a state-of-the-art ISMS and have it audited regularly by independent auditors.
• Building and location requirements: In addition to the IT infrastructure, there are also requirements for construction, fire protection, physical security and location criteria. The BSI has defined its own guidelines and minimum distances that should be taken into account when planning new data centers.
• Integration with energy supply and grid security: The requirements of the BSI Criticality Ordinance are closely interlinked with the Energy Industry Act (EnWG, §§ 11 ff.) and require a secure and redundant connection to the power grid.

The KRITIS Umbrella Act will bring further obligations

The planned KRITIS Umbrella Act transposes the CER Directive (EU) 2022/2557 into German law and strengthens the physical and organizational resilience of critical facilities, including risk analyses, emergency and restart plans and reporting channels. It thus supplements the BSI Criticality Ordinance/BSIG (cyber-related obligations and plant-related thresholds). The Federal Cabinet approved a draft of the law in September 2025. These are the key points of the KRITIS umbrella law:

• Extended verification and reporting obligations: Operators should carry out risk analyses, define resilience measures and report faults.
• Mandatory resilience management: The draft of the KRITIS umbrella law stipulates, among other things, emergency and restart plans as well as organizational responsibilities for maintaining operations in the event of failures.
• Dovetailing with European goals: The draft law also takes into account overarching EU goals such as climate protection, sustainability and energy efficiency. Although neither the CER Directive nor the Umbrella Act specify concrete efficiency values for emergency power generators, they do expect operators to use appropriate and sustainable technical solutions. These include, for example:

• • Testing of alternative or lower-emission fuels,
  • Combination of classic diesel units with battery or hybrid solutions,
  • Measures to reduce emissions and energy losses.

• Digitalization and remote monitoring: In future, operators will be able to digitally record, monitor and document the status of their energy supply systems – especially emergency power generators. Automated monitoring and remote control are considered state of the art and are increasingly expected as proof of resilience and responsiveness.

Security of supply and sustainability: focus on hybrid solutions

Data centers are increasingly relying on hybrid power supply solutions that combine conventional generators and energy storage systems with sustainable energy sources such as solar and wind power. This reduces fossil fuels and also significantly lowers operating costs and CO₂ emissions in the long term. The advantage is obvious: companies increase the proportion of renewable energy during operation and protect themselves with classic emergency power generators. Diesel or gas systems are then also available in the event of power outages or grid fluctuations.

However, the integration of renewable energies also poses challenges: the electricity demand in data centers is constant around the clock, while wind and solar systems fluctuate depending on the weather. This tension between constant consumption and volatile generation remains one of the biggest challenges of the energy transition in the IT infrastructure.

However, if integration is successful, operators can improve their carbon footprint and reduce their energy costs in the long term without having to compromise on supply and operational reliability. Power generators remain indispensable as backup systems and ensure maximum reliability when renewable sources are not available.

Waste heat recovery: clever use of energy

The use of waste heat, which is continuously generated in data centers, is also financially interesting. It can be fed into local or district heating networks, heat buildings or provide hot water. This allows companies to reduce operating costs and create new sources of income. At the same time, the use of waste heat helps to reduce CO₂ emissions. This is why it is set to become a legal requirement in the future: From mid-2026, data centers will be required to reuse at least 10 percent of their waste heat under the new Energy Efficiency Act, with a planned increase to 20 percent by 2028.

Conclusion

The requirements for emergency power generators in data centers have increased considerably in recent years. This development has been driven by new legal requirements, normative standards and the growing social and political interest in security of supply, resilience and sustainability. In particular, the revision of EN 50600 and the amended BSI Criticality Ordinance mark a paradigm shift in the understanding of operational security and emergency preparedness in the digital infrastructure.

Future regulations at EU level will further reinforce this trend and place greater focus on the physical and technical resilience of data centers in particular. Operators must be prepared not only to meet minimum technical requirements, but also to provide comprehensive evidence of maintenance, efficiency, environmental compatibility and security management.

The integration of hybrid systems consisting of traditional emergency power generators and, in future, battery storage systems is a future-proof solution that increases operational reliability and offers ecological and economic benefits. The use of waste heat, which is becoming mandatory for new data centers, could also be financially attractive for some companies.

Overall, data center operators are faced with the challenge of adapting their emergency power supply not only to increased legal requirements, but also to technological and sustainable standards. The modernization of emergency power solutions will therefore be a central component of any future-oriented data centre strategy, with the aim of reconciling reliability, energy efficiency and climate compatibility.