When the power fails in data centers, the consequences are often severe: Data loss and system failures can cause considerable financial damage to companies. Emergency power generators are therefore practically indispensable in data centers. Depending on the function and importance of the data center, there are also legal requirements that make the use of emergency power generators de facto necessary. These regulations have been continuously tightened since 2024. One of these is the EN 50600 standard. Anyone wishing to have a data center certified must not only have an emergency power generator; since September 2025, this must also meet even stricter requirements, as EN 50600 has been revised. It now places stricter requirements on redundancy and the maximum switching time between mains and emergency power supply.
According to the BSI Act (BSIG) and the BSI Criticality Ordinance (BSI-KritisV), operators of critical infrastructures (KRITIS) are obliged to ensure operation even in the event of a power failure. Here, too, the requirements for documentation and proof of maintenance and functional tests as well as for information security management systems were only tightened in 2024. The draft bill for the KRITIS umbrella law, which the Federal Cabinet passed in September 2025, provides for further precautionary measures by data center operators. In addition, the requirements of the NIS-2 Directive based on the German Implementation Act with extensive cybersecurity requirements may come into effect.
EN 50600 was amended in August 2025. Anyone wishing to be certified in accordance with EN 50600 or use the standard as a planning guideline must now not only technically ensure their emergency power supply, but also consistently prepare the processes, documentation and evidence. The standard now requires a significantly higher organizational effort.
In concrete terms, this means:
In addition to the technical standards, the legal requirements for data center operators are also becoming stricter in accordance with the BSI Criticality Ordinance. This applies in the area of critical infrastructure, for example telecommunications, energy, finance and healthcare. The size of a data center can also be decisive: From a contractually agreed IT capacity of at least 3.5 MW, providers of IT infrastructure are considered part of the critical infrastructure. These operators must demonstrate a high degree of technical and organizational resilience, including in the area of emergency power supply.
Data centers are increasingly considered part of the critical infrastructure because their failure can paralyze entire industries or public services.
The requirements have become noticeably stricter as a result of the adjustments in the :
The planned KRITIS Umbrella Act transposes the CER Directive (EU) 2022/2557 into German law and strengthens the physical and organizational resilience of critical facilities, including risk analyses, emergency and restart plans and reporting channels. It thus supplements the BSI Criticality Ordinance/BSIG (cyber-related obligations and plant-related thresholds). The Federal Cabinet approved a draft of the law in September 2025. These are the key points of the KRITIS umbrella law:
Data centers are increasingly relying on hybrid power supply solutions that combine conventional generators and energy storage systems with sustainable energy sources such as solar and wind power. This reduces fossil fuels and also significantly lowers operating costs and CO₂ emissions in the long term. The advantage is obvious: companies increase the proportion of renewable energy during operation and protect themselves with classic emergency power generators. Diesel or gas systems are then also available in the event of power outages or grid fluctuations.
However, the integration of renewable energies also poses challenges: the electricity demand in data centers is constant around the clock, while wind and solar systems fluctuate depending on the weather. This tension between constant consumption and volatile generation remains one of the biggest challenges of the energy transition in the IT infrastructure.
However, if integration is successful, operators can improve their carbon footprint and reduce their energy costs in the long term without having to compromise on supply and operational reliability. Power generators remain indispensable as backup systems and ensure maximum reliability when renewable sources are not available.
The use of waste heat, which is continuously generated in data centers, is also financially interesting. It can be fed into local or district heating networks, heat buildings or provide hot water. This allows companies to reduce operating costs and create new sources of income. At the same time, the use of waste heat helps to reduce CO₂ emissions. This is why it is set to become a legal requirement in the future: From mid-2026, data centers will be required to reuse at least 10 percent of their waste heat under the new Energy Efficiency Act, with a planned increase to 20 percent by 2028.
The requirements for emergency power generators in data centers have increased considerably in recent years. This development has been driven by new legal requirements, normative standards and the growing social and political interest in security of supply, resilience and sustainability. In particular, the revision of EN 50600 and the amended BSI Criticality Ordinance mark a paradigm shift in the understanding of operational security and emergency preparedness in the digital infrastructure.
Future regulations at EU level will further reinforce this trend and place greater focus on the physical and technical resilience of data centers in particular. Operators must be prepared not only to meet minimum technical requirements, but also to provide comprehensive evidence of maintenance, efficiency, environmental compatibility and security management.
The integration of hybrid systems consisting of traditional emergency power generators and, in future, battery storage systems is a future-proof solution that increases operational reliability and offers ecological and economic benefits. The use of waste heat, which is becoming mandatory for new data centers, could also be financially attractive for some companies.
Overall, data center operators are faced with the challenge of adapting their emergency power supply not only to increased legal requirements, but also to technological and sustainable standards. The modernization of emergency power solutions will therefore be a central component of any future-oriented data centre strategy, with the aim of reconciling reliability, energy efficiency and climate compatibility.
Partner
Tersteegenstraße 19-23
40474 Düsseldorf
Tel.: +49 211 4155597976
marcgoldberg@kpmg-law.de
Partner
Head of Technology Law
THE SQUAIRE Am Flughafen
60549 Frankfurt am Main
Tel.: +49-69-951195770
fheynike@kpmg-law.com
© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.
KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.