Emerging Risk

AI Data Centers May Put Your Cloud Contracts and Failover Protections at Risk

The force majeure clause in your cloud contract may undercut your BCP/DR plan and your business interruption insurance protections in the same event.

AI data center demand is accelerating faster than grid infrastructure can support it. When regional capacity constraints hit, many enterprises will discover that their cloud contracts, BCP/DR plans, and business interruption policies cascade unfavorably as each instrument's provisions and exclusions compound risks they're meant to protect against.

Three instruments that should be complementary instead create unrecognized, potentially costly gaps that undermine your team's efforts to restore business operations quickly and cost-effectively.

The Power Demand Problem

Global data center electricity consumption is projected to double by 2028, with AI workloads as the primary driver. A single large language model training run can consume more electricity than 100 US households use in a year.

Transmission and generation capacity takes years to permit and build. The demand curve isn't waiting.

The result is a growing mismatch between where compute capacity exists and where reliable power can be delivered. Some regions are already seeing constraints. The EIA forecasts that ERCOT and PJM will see the highest load growth between 2025 and 2027—averaging 10% and 3% annually, respectively. PJM's independent market monitor found that data center load growth was the primary driver of an 82% increase in capacity market revenues in the 2026/27 auction.

Your SLA may not guarantee cloud connectivity will continue working as needed.

The Cascade

The Cascade

1. Cloud Contract: AWS, Azure, and GCP all explicitly exclude liability for grid-related outages. The force majeure clauses typically cover "electrical or power outages," "utilities or other telecommunications failures," "acts of God," and "natural disasters." When the grid fails, your cloud provider invokes the exclusion. Credits—if any—are typically your sole remedy. Damages are generally excluded.
2. Business Continuity/Disaster Recovery Plan (BCP/DR): The failover regions specified in those contracts—and the BCP/DR plans derived from contract provisions—may also be in stressed markets, or route through one. None of the major providers contractually promise automatic cross-region failover when there's region-wide impact due to weather or grid stress. They provide building blocks and some platform-level failover, but the architecture burden sits with you. When your primary region fails, your backup may be competing for the same constrained power. The October 2025 AWS outage affecting US-East-1 disrupted over 3,500 companies across more than 60 countries. The July 2025 Azure East US outage was explicitly caused by demand outstripping available capacity.
3. Business Interruption Insurance Policy: Traditional BI coverage assumes physical damage to your property. Cloud outages typically don't trigger most policies. Even contingent business interruption coverage usually requires physical damage to a supplier's property—and a grid constraint isn't damage, it's capacity management. When the cloud provider's force majeure exclusion applies, the BI claim may be denied.

These three documents are rarely read against each other. That's where the exposure lives.

The Geography

This isn't abstract. Among the most stressed grid markets are PJM, MISO, and ERCOT—which means the cities at risk include New York, Boston, Philadelphia, Washington DC, Chicago, Minneapolis, Dallas-Fort Worth, San Antonio, and Houston.

PJM is home to the most data centers in the country, concentrated in Northern Virginia. Many of these data centers house cloud services for critical industries such as financial services, health services, utilities, and federal government agencies.

Starting in summer 2026, PJM will have just enough power to keep the grid reliable. Data centers are connecting faster than new generation can be built. The grid operator has initiated a Critical Issue Fast Path process to address reliability concerns, targeting implementation for the 2028/29 capacity auction—but that's two years away.

A heat dome, wildfire taking out transmission, or winter storm doesn't respect availability zone boundaries. The major cloud regions serving these markets share infrastructure dependencies.

The Timing Problem

This isn't a 2030 problem. Constraints are already emerging in key data center markets. Contract renewal cycles are typically annual. Insurance policies renew annually.

The window to address the gap before it materializes is closing. Most enterprises will discover this exposure when an outage occurs and they learn what their contracts actually say. The sophisticated ones are mapping the gap now, while they still have leverage to negotiate.

The window to negotiate is short—what remains of 2026 and early 2027.

What to Do About It

Audit your cloud contracts. Find the force majeure language. Understand exactly what triggers your SLA credits and what voids them. Most enterprises haven't read this section since they signed.

Review your BI policy with fresh eyes. Specifically ask your broker: "If our cloud provider experiences a multi-day outage due to grid constraints—no physical damage, just insufficient power—what's covered?" Get the answer in writing.

Stress-test your BCP/DR plan. Model a scenario where your primary and backup regions both face power constraints simultaneously. Where does that leave you? What's the actual recovery path?

Consider parametric coverage. Some insurers are developing products that trigger based on measurable events—grid frequency deviation, wholesale power prices—rather than traditional damage-based triggers. These may fill gaps that conventional BI can't reach.

Build the board case. This is an emerging risk that most boards haven't considered. The risk committee should understand the exposure before it materializes. Waiting until after an incident is too late to negotiate better terms.

The Bottom Line

The contracts, policies, and plans weren't written to work together—but they do work together, as a cascade that leaves you exposed. The cloud contract is the source document. The BCP/DR plan inherits its limitations. The BI policy may fail when the cloud exclusion triggers.

The question isn't whether grid constraints will affect enterprise operations. The question is whether you'll discover the cascade before or after it's tested.

The window to negotiate is short—what remains of 2026 and early 2027. After that, you're riding whatever coverage you have.

Map your exposure before it materializes

A focused engagement to audit your cloud contracts, BCP/DR plan, and BI policy for AI-era grid risk.

Start a Conversation