Your Cloud Infrastructure Runs on a Grid That Wasn’t Built for AI. Your Contracts Don’t Cover What Happens Next.

The Operational Stake

Trading systems, policy administration platforms, and claims processing engines sit at the operational core of investment managers and health and life insurers. The firms running these systems — in Boston, New York, Philadelphia, Hartford, Chicago, and Milwaukee — run them on cloud infrastructure in data centers concentrated in Northern Virginia, the Chicago corridor, and New England. Those data centers draw from three grid markets: PJM, MISO, and ISO New England.

Each market faces two compounding pressures the cloud contracts, business continuity plans, and insurance policies governing that dependency were not designed to address.

The first pressure is structural. AI data center buildout consumes grid capacity faster than transmission and generation can be built. Capacity auctions in PJM already show the gap: the 2026/27 auction produced an 82% increase in capacity market revenues, driven by data center load growth. The procurement is a signal, not a projection.

The second pressure compounds the first. Heat domes, winter storms, and wildfires stress the same grid markets that AI data centers already push toward their reliability ceilings. Failover does not escape the problem. The backup region may draw from the same stressed market as the primary.

When both pressures arrive together, the cloud infrastructure that investment managers and health and life insurers depend on faces a failure scenario their contracts, plans, and policies were not built to handle.

The Cascade

Three instruments that should protect operations in sequence instead produce a cascade of compounding exposure. Each one fails because of what the prior instrument assumed.

Cloud Contract

AWS, Azure, and Google Cloud all explicitly exclude liability for grid-related outages. Force majeure clauses cover electrical and power outages, utility and telecommunications failures, acts of God, and natural disasters. When the grid fails, the cloud provider invokes the exclusion. Credits are typically the sole remedy, and only where the service level agreement applies. Damages are excluded.

On February 7, 2026, an Azure datacenter lost utility power after an onsite transformer failure cascaded into a UPS and generator failure. Customer workloads were disrupted for hours. Microsoft’s own status report documented the sequence in detail. In October 2025, an AWS US-East-1 outage disrupted over 3,500 companies across 60 countries. In both cases the force majeure clause was written for exactly these scenarios, and credits, not damages, were the contractual remedy.

Business Continuity and Disaster Recovery Plan

Most business continuity and disaster recovery plans name a primary cloud region, backup cloud region, recovery time objective, and recovery point objective. Those four elements answer the question the plan was written to answer: where does the workload go when the primary region fails?

They do not answer the question the plan was not written to answer: whether the backup region draws from the same grid market as the primary.

That omission follows directly from how backup regions get designated. Cloud providers publish recommended multi-region architectures built around the same force majeure logic that excludes grid failures from their liability. AWS routes primary workloads through us-east-1 in Northern Virginia and backup workloads through us-east-2 in Ohio. Both sit in PJM. The plan looks geographically diversified. The grid exposure does not change.

The same logic applies across grid market boundaries. A firm routing primary workloads through MISO and failover through PJM holds two architecturally distinct regions. Under correlated grid stress — a heat dome spanning the Midwest or a winter storm crossing multiple ISO boundaries — both markets face simultaneous demand spikes. Geographic separation across grid markets does not produce operational independence when the weather system driving the failure crosses market boundaries.

When a primary region fails under grid stress, the BCP/DR plan executes as designed. Workloads route into the same constrained grid market from which the primary just failed. The plan fails not because it was ignored, but because it was followed.

Failover buys time while the clock runs. As downtime extends, operational backlog accumulates, revenue stops, and costs do not. RPO drift compounds all three: data accumulated during the outage window cannot be trusted at restoration. At some firm-specific point those pressures intersect. The organization cannot restore and resume. It has to determine which data state to trust before either environment returns to production.

Most BCP/DR plans close at restoration. In a sustained outage, restoration opens the second problem. Replication reversal from failover back to primary requires a pre-configured, tested reconciliation process. Most organizations have neither.

Business Interruption Insurance Policy

With the cloud contract exclusion triggered and the BCP/DR plan routed into the same failure, the business interruption policy carries the exposure alone — and the coverage trigger requires physical damage that a grid capacity shortfall never produces.

Business interruption insurance requires physical damage to the insured’s property. Cloud outages do not satisfy that requirement. Contingent business interruption coverage requires physical damage to a supplier’s property. A grid capacity shortfall produces no damage; a grid operator issues a dispatch decision managing competing load. The claim fails on the same grounds as the cloud exclusion, at the same moment, against the same event.

The Geography

PJM

PJM holds more data centers than any other grid market in the country. The concentration runs through Northern Virginia, where cloud infrastructure serves financial services, healthcare, federal agencies, and a significant share of investment management operational systems. PJM’s independent market monitor found that data center load growth drove an 82% increase in capacity market revenues in the 2026/27 auction.

Beginning summer 2026, PJM’s generation and demand will leave the system at its reliability ceiling. Data centers connect faster than new generation and transmission can be built. PJM has initiated a Critical Issue Fast Path process to address the gap, with implementation targeted for the 2028/29 capacity auction.

MISO

MISO serves Chicago, Minneapolis, and much of the Midwest. Northern Trust, Nuveen, Allstate, Zurich North America, Aon, and Gallagher all run operations from Chicago. The data centers carrying their cloud workloads sit in the same grid market absorbing AI infrastructure load.

ISO New England

ISO New England serves Boston and Hartford — home to Fidelity, State Street, Wellington, MFS, Travelers, and Hartford Financial. The grid depends on contracted power from Hydro-Québec. In January 2026, the New England Clean Energy Connect transmission line came online after nearly a decade of development, built to deliver 1,200 megawatts of hydroelectric power from Quebec. Eight days later, Winter Storm Fern hit. Quebec suspended exports to meet domestic demand. ISO New England ran on emergency oil generation under a U.S. Energy Secretary emergency order. The line built to provide reliability failed at the moment reliability was needed most. The grid held — that time.

What To Do

The window is the contract and policy renewal cycle: what remains of 2026 and early 2027.

Pull the force majeure language from each cloud contract — not the service level agreement headline — and map it against your order management systems, trading platforms, policy administration systems, and claims processing platforms. Most firms have not read this section since they signed.

Ask your broker directly: if your cloud provider experiences a multi-day outage from grid constraints — no physical damage, only insufficient power — what does the policy cover? Get the answer in writing. Then map the coverage trigger against the BCP/DR plan’s documented RTO by tier. Where the waiting period exceeds the RTO, the policy functions as a silent deductible.

Stress-test the BCP/DR plan against a scenario where primary and backup regions face power constraints simultaneously. Document the actual RTO, not the design assumption. Then test the failback sequence from a state of accumulated diverged data. Where the reconciliation process has no named owner and no tested procedure, the plan ends at failover and leaves the second problem unaddressed.

Some insurers now offer parametric coverage that triggers on measurable grid events — frequency deviation, wholesale power price thresholds — rather than physical damage. Where conventional business interruption coverage cannot reach the gap, parametric structures may.

Bring the exposure to the risk committee before it materializes in an outage. The intersection of cloud dependency, grid reliability, and insurance coverage gaps belongs on the board agenda while the negotiating window remains open.

The Bottom Line

The cloud contract defines what the provider owes when the grid fails: credits against fees, not compensation for losses. The BCP/DR plan inherits that limitation without knowing it, routing workloads into the same failure the contract excluded. The business interruption policy arrives last, with a coverage trigger the event was never going to satisfy.

Grid constraints in PJM, MISO, and ISO New England are not projections. Capacity auction results, reliability proceedings, and documented outages establish the exposure now. The question is whether your organization closes the gap in a contract review this year or discovers it in a claims denial next year.

The window to negotiate is what remains of 2026 and early 2027. After that, you carry whatever coverage you have.