In this second part article, where we review the issues around employees engaging in personal activities on company-issued devices, we look deeper into the legal and compliance implications and provide real-world case studies of security breaches. We also examine how businesses can protect themselves against these growing threats.

Last Week 

In the previous article, with the help of an ESET study, we explored the risks of employees using their work laptops for personal activities and the potential consequences for both the employee and the business. Continuing along those lines, legal and compliance issues are the next area for serious consideration for businesses whose laptops may be used by employees for risky purposes.

Legal and Compliance Implications 

The legal implications of employees engaging in risky behaviour on work laptops can be severe for businesses, particularly in industries where sensitive data is routinely handled. For instance, companies operating in sectors such as finance or healthcare must comply with stringent data protection regulations, such as the UK General Data Protection Regulation (GDPR). Under GDPR, businesses are responsible for protecting personal data, and failure to do so can result in penalties of up to £17.5 million or 4 per cent of global turnover, whichever is higher.

Also, businesses can face legal liability if company devices are used for illegal activities. This includes accessing pirated content, illegal gambling, or visiting the dark web. If such activities are traced back to a business’s network or devices, it could suffer reputational damage or face legal action. This is particularly concerning for companies with distributed or remote workforces, where personal and professional activities on work devices are harder to monitor.

In highly regulated industries, such as finance, companies must also ensure compliance with sector-specific guidelines. For example, the Financial Conduct Authority (FCA) in the UK has strict rules governing data protection, and failure to meet these standards can lead to fines and sanctions. Recent cases have shown that even seemingly innocuous personal activities on work devices can have far-reaching consequences.

Examples of High-Profile Security Breaches Involving Work Laptops 

Several high-profile security breaches in recent years have highlighted the risks associated with employee misuse of work laptops. For example:

– Back in 2016, Tesco Bank faced a £16.4 million fine from the Financial Conduct Authority after cybercriminals exploited weaknesses in the bank’s systems, partly due to poor endpoint security on employee devices. This breach affected thousands of customers and highlighted the importance of robust security protocols on corporate devices.

– In 2018, British Airways suffered a £20 million fine after a data breach exposed the personal data of over 400,000 customers. The attack was traced back to weak endpoint security, underscoring the risks of inadequate protection on work devices.

– In 2020, Travelex, a global currency exchange company, experienced a significant ransomware attack, forcing it offline for several weeks! The attack was caused by an employee’s unsafe behaviour, leading to a ransom demand of £20 million and significant financial losses.

– More recently, in 2021, Colonial Pipeline, the Colonial Pipeline attack in the US disrupted fuel supplies across the eastern states after a single compromised employee password was exploited. This incident demonstrated the catastrophic potential of weak endpoint security on employee devices.

As well as illustrating the devastating consequences of poor endpoint security, these examples may also serve as cautionary tales for businesses, especially as hybrid work and employee mobility continue to grow.

Benefits of Managed Corporate Devices 

Despite the risks, there are clear benefits to allowing employees to use company-provided laptops, particularly in remote and hybrid work settings. Flexible work environments contribute to higher employee morale and productivity. However, businesses must ensure that security is not compromised in pursuit of these benefits.

Mobile Device Management

Many companies have successfully implemented Mobile Device Management (MDM) systems, which allow IT departments to manage, monitor, and secure corporate devices remotely. These systems enable businesses to enforce security policies, such as encryption and regular software updates, while providing IT teams with visibility over potential threats. Companies like IBM and Google, for example, have adopted stringent MDM solutions, ensuring that employees can work flexibly without putting the business at risk.

What Does This Mean for Your Business? 

The growing risks associated with employees using work laptops for personal activities demand that businesses take a more proactive approach to cybersecurity. The rise of hybrid and remote work appears to have blurred the lines between personal and professional device use, creating new vulnerabilities that need to be addressed.

To mitigate these risks, businesses need to establish clear guidelines for acceptable use of work devices. This includes not only educating employees about the dangers of risky behaviour but also ensuring they understand the legal and compliance implications of their actions. Regular cybersecurity training, particularly on topics like phishing, malware, and safe browsing practices, could, therefore, be crucial.

In addition to clear policies, businesses may also benefit from investing in robust endpoint security solutions that can detect and block threats in real-time. Popular solutions, such as Microsoft Defender for Endpoint (there are, of course, many others), can provide the necessary protection while allowing IT teams to monitor threats without invading employees’ privacy.

Ultimately, businesses that implement a comprehensive cybersecurity strategy, invest in cutting-edge security solutions, and foster a culture of awareness and responsibility among their employees will be better positioned to thrive in today’s increasingly flexible work environment. Ensuring that company devices are secure and that employees are well-informed about their responsibilities is not just a technical issue but is critical for long-term business success.

The UK government says the new Property (Digital Assets etc) Bill’ will, for the first time in British history, give protection to digital holdings, including cryptocurrency, non-fungible tokens such as digital art, and carbon credits by considering them as “personal property” under the law.

What’s Been Happening Up Until Now? 

At the moment, UK law doesn’t clearly recognise digital assets (like cryptocurrencies and NFTs) as “personal property”, i.e. they’re not included in the scope of English and Welsh property law. Currently, there are only two categories of property, namely “things in possession” (e.g. gold, money, cars) and “things in action” (e.g. debts, shares).

This means that digital assets don’t receive the same legal protections as traditional assets like cash or shares. This creates uncertainty in legal cases involving digital assets, such as theft, inheritance, or bankruptcy, making it harder for courts to enforce rights or resolve disputes.  This grey area / lack of clarity around ownership and protection of digital assets is the key issue the new bill aims to address, ensuring they are treated more like other recognised assets in legal contexts.

The new bill addresses this issue by introducing a third category of “thing” which will mean that (certain) digital assets will attract personal property rights.

Also, More Fraud & Scam Protection For Businesses 

The government says the new bill (when it becomes law) will also “give legal protection to owners and companies against fraud and scams, while helping judges deal with complex cases where digital holdings are disputed or form part of settlements, for example in divorce cases”. 

Pole Position 

The announcement from the UK government about the bill says it will also help Britain to maintain what it says is “its pole position in the emerging global crypto race” because Britain will be one of the first countries to recognise these assets in law.

Which Digital Assets Will It Protect? 

Since ‘digital asset’ is a broad term that encompasses a range of things such as digital files, digital records, email accounts, digital carbon credits, cryptoassets and non-fungible tokens (NFTs), the Law Commission’s recommendations will only apply to a “subset of digital assets”. The government says, “the main one” that the Bill applies to (and the subsequent law will apply to) is “cryptotokens” (digital assets created and managed on a blockchain). The term “cryptotokens” can refer to a variety of digital assets, including cryptocurrencies like Bitcoin, or digital items like non-fungible tokens (NFTs), which are unique and can’t be exchanged on a one-to-one basis (because they represent ownership of a specific item, like digital art, music, or virtual collectibles).

A Better Response To New Technologies 

The Bill should also mean the UK legal sector will be better equipped to respond to new technologies, attracting more business and investment to the UK’s legal services industry (which is currently worth £34 billion a year to the economy).

It is estimated that English law governs £250 billion of global mergers and acquisitions, and 40 per cent of global corporate arbitrations. The UK government, therefore, takes the view that keeping the law up to date using this new bill is likely to be vital if the UK is to remain “the law of choice internationally”. 

Essential To Maintaining Global Cryptoassets Leadership Position 

Justice Minister Heidi Alexander said of the new Bill: “Our world-leading legal services form a vital part of our economy, helping to drive forward growth and keep Britain at the heart of the international legal industry. 

“It is essential that the law keeps pace with evolving technologies and this legislation will mean that the sector can maintain its position as a global leader in cryptoassets and bring clarity to complex property cases”. 

Downsides? 

There have, however, been some criticisms of the ‘Property (Digital Assets etc) Bill’ and some downsides that have been highlighted. These include:

– The legal uncertainty. For example, there is some ambiguity over exactly what qualifies as a “digital asset,” leaving courts to decide perhaps on a case-by-case basis, potentially causing confusion.

– The broad definitions. Even though there is an initial recommendation about what it could cover, in reality, the bill’s wide scope may cover not just cryptocurrencies and NFTs but also email accounts and in-game items, complicating enforcement.

– The regulatory complexity it will create. By adding a third property category legal processes may become more complex, particularly for cross-border transactions.

– Challenges in enforcement. Freezing or tracking decentralised digital assets, like cryptocurrencies, could be quite difficult in practice.

What Does This Mean For Your Business? 

The introduction of the ‘Property (Digital Assets etc) Bill’ (which may, of course, be altered before it becomes law), marks a significant step forward for businesses dealing in digital assets like cryptocurrencies and NFTs. By recognising these assets as personal property, the UK is paving the way for stronger legal protections and clearer regulations in a rapidly evolving sector.

This new (as yet unset) legislation should offer businesses greater certainty in managing digital holdings, reducing risks related to fraud and disputes, and enhancing the security of investments in the digital realm.

Another benefit could be that as the UK aims to maintain its leadership in the global crypto race, the introduction of the bill could send a signal to investors and entrepreneurs that the UK legal system is prepared to adapt and respond to emerging technologies. However, businesses should be mindful of the potential complexities the bill introduces, such as ambiguities around what qualifies as a digital asset and challenges in enforcing decentralised assets like cryptocurrencies.

Despite these hurdles, the bill promises to strengthen the legal framework surrounding digital assets and, as such, it could encourage innovation while protecting owners and help businesses to more confidently navigate the digital economy.

Prompted by the effects of the global IT outage caused by CrowdStrike, the UK has moved to protect UK data-centres by classing them as ‘Critical National Infrastructure’ (CNI).

CrowdStrike 

Back in July, a global IT outage caused by a faulty update (impacting Windows systems) from the cybersecurity firm CrowdStrike significantly affected multiple sectors in the UK, including data-centres, the NHS, and the financial industry. It led to widespread disruptions and, although it was not a cyberattack, it does appear to be a motivating factor for the UK government’s announcement of a change classification of UK data-centres.

Not Just Protection Against Cyber Criminals 

Although the CrowdStrike effects may have been a major catalyst for the new classification of data centres, their classification as CNI should also help create provision to give them more protection from major environmental disasters and other IT blackouts.  This new classification is part of a wider movement to give them the special protection they merit. As highlighted in the government’s announcement, much of the data housed and processed in UK data-centres, such as photos taken on smartphones to patients’ NHS records and sensitive financial investment information, could be considered as “powering the economy”.

How Does The New Classification Compare? 

The idea to now classify UK data-centres as ‘Critical National Infrastructure (CNI)’ will mean that in terms of added protection, they have been put on an equal footing to water, energy and emergency services systems. This means that they can, as the government says: “now expect greater government support in recovering from and anticipating critical incidents, giving the industry greater reassurance when setting up business in UK and helping generate economic growth for all.” 

Also, as Technology Secretary Peter Kyle says: “Bringing data-centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.” 

More specifically, the government says this “support” will mean:

– The setting up of a dedicated CNI data infrastructure team of senior government officials who will “monitor and anticipate potential threats, provide prioritised access to security agencies including the National Cyber Security Centre, and coordinate access to emergency services should an incident occur”. 

– The government intervening in the event of (for example) an attack on a data-centre hosting critical NHS patients’ data. In this event, with the new classification of data-centres, the government says it will “ensure contingencies are in place to mitigate the risk of damage or to essential services, including on patients’ appointments or operations.” 

– The UK is already home to the highest number of data-centres in Western Europe. Giving CNI status to data-centres in the UK could increase business confidence in investing in data-centres in the UK, an industry which already generates an estimated £4.6 billion in revenues a year.

Deterrent? 

It appears that the government believes that the status will also deter cyber criminals from targeting data-centres that may house vital health and financial data, minimising disruption to people’s lives, the NHS, and the economy. Presumably, this deterrent effect would come from increased penalties, greater cybersecurity investment, and enhanced monitoring / better threat detection efforts.

Just In Time 

With the UK government recently welcoming a proposed £3.75 billion investment in Europe’s largest data centre (for DC01UK in Hertfordshire) and with it expected to create over 700+ local jobs and support 13,740 data and tech jobs across the country, the new CNI status for data-centres appears to have been given just in time.

The Cyber Security and Resilience Bill Too

As an additional measure, earlier this summer (during the King’s Speech), the government’s Department for Science, Innovation and Technology (DSIT) also announced it will be introducing the Cyber Security and Resilience Bill. It’s thought this will strengthen the country’s cyber defences by enhancing incident reporting requirements, helping safeguard vital sectors such as healthcare and finance, ensuring stronger protections against cyber threats like ransomware, and “mandating that providers of essential infrastructure protect their supply chains from attacks”. 

Support 

Support for the re-classifying of data-centres as CNI has come from several key data-centre industry players. For example, Bruce Owen, UK Managing Director of digital infrastructure provider Equinix, said: “We welcome today’s announcement by the government which recognises the critical nature of data centres and digital infrastructure to the economy and society.” 

What Does This Mean For Your Business? 

The reclassification of UK data-centres as Critical National Infrastructure (CNI) is a strategic response to immediate threats (like the CrowdStrike outage) and a forward-looking move to secure the country’s digital infrastructure. By placing data-centres on par with essential services like energy and emergency systems, the government appears to be trying to recognise their pivotal role in supporting the digital economy and vital public services such as the NHS.

As CNI, data-centres now gain access to increased government resources, including the support of the National Cyber Security Centre (NCSC), and a dedicated CNI data infrastructure team to monitor and anticipate threats. This could ensure quicker responses to vulnerabilities and a stronger defence against cyberattacks, particularly for centres hosting critical data, such as health and financial information. The new classification also aims to protect against broader risks, such as natural disasters or IT blackouts, which could severely impact businesses and public services alike, thereby trying to provide protection that takes account of any serious eventuality.

The government’s commitment to boosting this sector is clear, as evidenced by the approval of a £3.75 billion investment in Europe’s largest data-centre project in Hertfordshire. The new status, could, therefore encourage further investments, reinforcing business confidence and supporting sustainable growth in the tech industry. The Cyber Security and Resilience Bill, expected to be introduced soon, may also further strengthen these protections e.g., by enforcing stricter incident reporting and ensuring supply chain security for essential services.

Support from industry leaders reflects the importance of securing the country’s digital infrastructure, as more businesses rely on data-centres to manage sensitive information. This reclassification is not just a reactive measure, but many would argue it is a necessary step in ensuring the continuity of services that millions rely on daily.

By classifying data-centres as CNI, the UK is laying the groundwork for a more secure and resilient digital future. With increased investment, enhanced government support, and forthcoming legislative measures, this decision may help position the UK as a leader in digital infrastructure protection, helping to safeguard its economy, public services, and reputation as a global hub for technological innovation.

As highlighted recently by the Wall Street Journal, the range of AI-driven features in Apple’s latest iPhones could transform how enterprises operate, provided company data is protected and businesses understand how best to use these new features.

Unveiled in their new iPhone 16 and iPhone 15 Pro models, the new “Apple Intelligence” tools offer improved capabilities like enhanced voice assistance and sophisticated text and photo editing. While these innovations may appeal to consumers, they may hold particular promise for UK businesses looking to harness the power of generative AI to streamline processes and boost efficiency.

A key selling point of these new Apple devices is their on-device AI functionality, allowing tasks to be run locally without the need for a cloud server which could offer a new way to boost innovation within the workplace. However, some businesses may be concerned about how this will ensure sensitive company data remains secure and may need reassurance that adopting these tools won’t put their information at risk, particularly with new AI technologies.

That said, Apple has addressed these concerns with its Private Cloud Compute system, designed to handle AI tasks securely when not processed on the device itself. They’ve also introduced transparency logs, which allow businesses to see exactly when AI apps are running locally versus in the cloud. However, the lack of clarity over exactly how and when data might be exposed to external servers continues to raise questions, particularly as Apple incorporates third-party AI tools like ChatGPT (though this feature will remain off by default).

Despite the challenges, many enterprise leaders may be optimistic about the potential for Apple’s AI tools and the benefits the technology could deliver once data security is fully addressed. With AI becoming an increasingly vital tool for productivity, businesses (rather than consumers) will likely be the driving force behind widespread adoption.

A 17-year-old male has been arrested on suspicion of Computer Misuse Act offences in relation to a cyber attack on Transport for London (TfL) on the 1st September.

Although TfL reported on its website on September 5th that “there is no evidence that any customer data has been compromised”, it has since been reported that a further investigation has revealed that this may not be the case.

It’s been reported that Shashi Verma, TfL’s chief technology officer has said that investigations have now revealed that “certain customer data has been accessed” which could include “some customer names and contact details” (which may include some email and physical addresses). Also, it’s been reported that some customer Oyster card refund data may also have been accessed which may include “bank account numbers and sort codes”. The teenage suspect (believed to be from Walsall) was arrested on September 5th, questioned, and bailed.

TfL has now referred itself to the Information Commissioner’s Office (ICO), says it is working with its partners to progress the investigation, and says it will be contacting customers directly about the matter. TfL also says it has implemented new IT security measures add extra protection to all its safety-critical systems and processes.

Information recently obtained (by the Financial Times) has revealed that a huge spike in water consumption by dozens of facilities in Virginia’s “data-centre alley” likely means new initiatives to replenish or conserve water resources are urgently needed.

Usage Up By Two-Thirds 

The county authority figures show that water consumption at the data-centres of hyperscalers which surround Ashburn, VA (which host a staggering 70 per cent of the world’s internet traffic daily) was up by nearly two-thirds between 2019 and 2023 – from 5 billion litres to 7 billion litres!

Hyperscalers

So-called hyperscalers are large-scale cloud service providers that offer massive computing resources and include companies like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), IBM Cloud, Oracle, and Facebook. These companies play a major role in the technology landscape, providing cloud infrastructure that supports a wide range of services and applications globally. However, due to the expansion of power and water-cooling-hungry AI-driven infrastructure and data-centres, the water consumption of these hyperscalers has significantly increased in recent years.

For example, water usage at Microsoft data-centres rose by 34 per cent between 2021 and 2022, driven by the need to cool denser AI server racks and, similarly, Google reported a 20 per cent increase in water consumption, using 19.5 million cubic metres of water in 2022.

Why Water? 

AI workloads require highly efficient cooling systems to prevent overheating of servers, which run continuously and generate significant heat. The traditional cooling methods, therefore, often involve evaporative cooling, where water evaporates to absorb heat, lowering the temperature of data centre-equipment. This results in heavy water usage, especially those data-centres operating in warmer regions.

Water Demand Fuelled by AI Infrastructure Growth 

As cloud computing and AI have expanded, the need for more water (and more efficient water usage) has grown, i.e. AI infrastructure growth has fuelled the spike in demand for water.

Issues 

In addition to the sharp increase in water demand, there are in fact many other issues that need to be taken into account when looking at trying to tackle water usage. For Example:

– Water scarcity. Many data-centres are located in regions already facing water shortages or droughts. For example, in The Dalles, Oregon, a Google data-centre was criticised for using one-third of the city’s water supply in a drought-prone area. It’s easy to see how this places additional stress on freshwater supplies in regions where water is a finite resource.

– The environmental impact. The use of water for cooling in such large quantities, particularly in arid or drought-prone areas, can negatively affect local ecosystems and water availability for communities.

– An apparent lack of transparency. It seems that many companies are not transparent about their water usage, making it difficult to gauge the full impact on local water resources. Public reporting on water use, similar to energy use, remains inconsistent across the industry.

The Type of Water Used In Data Centres 

One key issue that deserves special attention is what type of water is used for data centre cooling. For example:

– Freshwater. Most data centres rely on freshwater sources, which are used in cooling towers for evaporative cooling. However, freshwater is a limited resource, and overuse can stress local supplies.

– Recycled water. It is worth noting here, however, that some hyperscalers are now beginning to use recycled or reclaimed water to mitigate their environmental impact. For example, Amazon Web Services (AWS) uses recycled wastewater in its Virginia data-centres, helping conserve high-quality water for community use.

Research 

Research by the British Standards Institution (BSI) and Waterwise’s “Thirst for Change” also makes some key points and recommendations that need to be considered when looking at the subject of data-centre use of massive amounts of water. It highlights the critical issues related to freshwater resource management, focusing on the growing urgency of water security in the context of global environmental challenges. Some of the key relevant points and conclusions from the research include:

– There is now a water security crisis. The research makes the point that freshwater is a finite resource, and the global water security crisis is just as urgent as climate change. Both population growth and increased demand for water, particularly in industrial sectors, are straining water supplies.

– The tech sector is still highly water-intensive, especially data-centres. With the rise of cloud computing, AI, and data-centres, the demand for water has skyrocketed, adding to the strain on limited freshwater resources.

– Water management and responsible water usage are now critical. The research emphasises the need for large-scale industries, including tech companies, to recognise their role in contributing to water scarcity and to adopt more sustainable water practices.

– There is a need for a circular economy in water usage, i.e. water recycling. One of the primary recommendations from the report is the need to transition towards a circular economy mindset in water use, particularly in sectors like tech. This involves recycling and reusing water wherever possible, reducing excessive freshwater extraction.

– Innovation in water efficiency is needed, i.e. water-efficient technologies, especially in data-centres. The research suggests that the wider tech sector needs to adopt innovative systems that support water reuse and reduce reliance on freshwater for cooling and other processes.

– Companies need to push beyond the environmental net gain of merely becoming water-efficient and to strive for a net positive environmental impact by replenishing water resources and engaging in water conservation initiatives.

Alternative Cooling Technologies 

The recognition of the need for action in meeting the cooling requirements of a data-centre boom fuelled by the growth of AI, and for data-centres to reduce their reliance on water-based cooling systems has led to experimenting with several alternative technologies. The hope is that one or more of them could be viable ways to address both efficiency and environmental concerns. Examples of such innovations:

– Liquid cooling. This is increasingly being adopted to handle high heat loads generated by AI and high-performance computing. It includes two main methods, namely direct-to-chip cooling, e.g. circulating liquid directly over a system’s heat-generating components (e.g. CPUs and GPUs) using cold plates, and immersion cooling. This involves fully submerging servers in a dielectric (non-conductive) liquid that absorbs and dissipates heat. This technology can eliminate the need for air cooling entirely, offering higher efficiency, especially for dense computing environments.).

– Refrigerant-based cooling. This method involves using refrigerants instead of water. Refrigerant-based systems have excellent thermal conductivity, making them more efficient at transferring heat away from components. They are becoming popular for high-density racks and can be scaled to handle increasing workloads.

– Chilled water systems. Some data-centres continue to use chilled water, but advancements like rear door heat exchangers (RDHx) are improving efficiency. These systems use chilled water to cool the air before it enters the data-centre, but now take up less space and offer “room-neutral” cooling, meaning the air exiting the system is at near-ambient room temperature.

– Air-based free cooling. This method uses external ambient air, particularly in cooler climates, to reduce the need for mechanical cooling. This approach works best in regions with cold climates, and it’s already being used in data-centres in places like Sweden and Finland.

– AI-optimised cooling. Ironically, the AI that’s creating more heat can also be used to optimise cooling efficiency by predicting heat loads and managing energy use dynamically. AI can help balance the use of cooling resources more effectively, ensuring that the cooling system is only used when necessary.

Water Replenishment Programmes 

It should be noted that one thing tech companies are increasingly investing in to help the situation is water replenishment programs. These are being used to offset their water usage, especially as data centres require significant cooling resources. As well as helping the tech companies to meet their sustainability goals and reduce water consumption, as the name suggests, these programmes are also designed to replenish water in communities, particularly in areas impacted by drought or water scarcity. Examples include:

– Amazon Web Services (AWS) which has implemented a range of water replenishment projects globally. For example, in 2023, its efforts returned 3.5 billion litres of water to local communities. AWS plans to expand this to over 7 billion litres annually across 21 projects, with initiatives in countries like the US, Brazil, Chile, and China. For instance, in Chile’s Maipo Basin, AWS is partnering with local farmers and using AI to improve irrigation efficiency, saving around 200 million litres of water annually. Similar AI-driven projects in Brazil are helping monitor water usage and soil quality.

– Microsoft is working towards becoming water-positive by 2030, aiming to replenish more water than it consumes. It has invested in over 49 replenishment projects worldwide, focusing on areas of high-water stress. These projects include restoring wetlands and repairing irrigation systems to improve water supply reliability. For example, in Mexico City, Microsoft is reviving traditional wetland agriculture, expected to replenish 3.8 million cubic metres of water over a decade.

– Google has committed to replenishing 120 per cent of the water it consumes by 2030. In 2023, its water stewardship projects have replenished over 1 billion gallons of water, addressing 18 per cent of its freshwater consumption. These projects focus on improving water quality and enhancing water efficiency across regions with high water scarcity.

All that said, critics might argue that water replenishment programmes often focus on offsetting usage rather than reducing consumption, making them more of a band-aid solution than a long-term fix for the growing water scarcity problem.

Energy-Hungry 

In addition to their massive water demand for cooling, it should be acknowledged that data-centres are also known for their huge energy requirements, a situation that is also getting worse with the growing demand for AI infrastructure. For example, investment firm Carbon Collective estimates that the electricity currently used by data-centres could power around 6.5 million average (U.S.) homes!

What Does This Mean For Your Organisation? 

As data-centres continue to expand and support the growing demand for cloud computing and AI infrastructure, their immense consumption of water presents a critical challenge that can no longer be overlooked. The surge in water usage, particularly in hyperscale facilities, means there’s now an urgent need for the tech industry to rethink its approach to sustainability. Relying heavily on water-intensive cooling systems is becoming increasingly untenable, especially as regions like Virginia and Oregon experience the strain of limited freshwater resources.

For businesses in the data-centre space, therefore, this trend highlights the necessity of embracing innovative cooling technologies, such as liquid cooling and AI-optimised systems, that reduce reliance on water while maintaining operational efficiency. Simultaneously, the shift toward using recycled water and investing in water replenishment programmes, as seen with Amazon, Microsoft, and Google, represents an important step toward more responsible resource management.

Ultimately, this evolving landscape presents an opportunity for tech companies to lead the way in sustainable water practices. By innovating and adopting circular water-use models, these businesses can mitigate their environmental impact, meet regulatory expectations, and build a more sustainable future for the industry. However, failure to act on this issue could not only jeopardise environmental sustainability but also risk operational and reputational challenges as resource scarcity intensifies.