Data centers in Norway an introduction
1 Current state of affairs
1.1 Introduction – global perspective
Data centers are the foundation of modern digital infrastructure, hosting vast networks of servers, storage systems, and telecommunication links that enable cloud computing, data analytics, internet-based services, and the ever-growing demand for big data applications.
Globally, data centers are experiencing rapid evolution driven by technological advancements and increasing data demands. On a global scale, data centers have become crucial for businesses and government entities alike, supporting e-commerce, remote working, and secure data management.
Data creation and storage is increasing exponentially, from around 2 zettabytes (ZB) in 2010 to an expected 175 ZB in 2025 (up from 45 ZB in 2019) 1. It has been projected that by end of 2028, global data creation will grow to more than 394 ZB 2. This has happened in spite of enormous efficiency gains in computing; performance per dollar improves around 30% each year, and the computational performance of machine learning hardware has doubled every 2.5 years 3. Despite the efficiency gains in both cost and energy, investments and usage have not come down, but increased significantly, as efficiency gains create new capabilities and consequently use cases.
Key trends include the rise of artificial intelligence (AI) and machine learning (ML), which require significant computational power and have led to the development of AI-specific data centers. The shift towards sustainability is another major trend, with operators focusing on energy efficiency and the use of renewable energy sources to mitigate environmental impacts.
Challenges such as high energy consumption, regulatory complexities, and geopolitical tensions also shape the landscape, as data centers strive to balance growth with sustainability and compliance.
1.2 Trends in the Norwegian market
1.2.1
Current state of affairs
In Norway, the data center market is witnessing significant growth. According to data provided by Statnett, there are currently 39 active reservation cases, where (future) data center operators have reserved 2,392 MW capacity in the current and future power grid in Norway, and another 4,450 MW are currently in queue.
Some of the key players in the Norwegian data center market include Green Mountain with a current reserved capacity of 644.5 MW, Bulk Infrastructure with 397 MW, WSC with 244 MW
1 According to International Data Corporation (IDC) as of May 2024 (Worldwide IDC Global DataSphere Forecast, 2024–2028).
From 2023-2028, IDC forecasts that the volume of data created each year will increase at a CAGR of 24.4%.
2 Statista, November 2024 (Amount of data created, consumed, and stored 2010-2023, with forecasts to 2028).
3 Epoch AI, 28 May 2025 (https://epoch.ai/data/machine-learning-hardware).
and Aaktik Digital with 230 MW.
1.2.2 Attractiveness of Norwegian market
As the global data center market continues to expand, Norway has emerged as an attractive location, predominantly for the following reasons:
Cheap power and green energy
Norway’s data center industry benefits significantly from the country’s large and cheap renewable energy resources and availability of long term PPAs. This reduces the operational costs, in addition to aligning with global sustainability goals, making Norway an attractive destination for companies seeking to minimize their carbon footprint.
Good infrastructure
Norway has a robust and efficient infrastructure that supports the data center industry. The well-developed power grid ensures reliable electrical supply, while advanced telecommunication and fibre networks offer high-speed connectivity essential for data center operations.
Naturally cool climate
The naturally cool Norwegian climate provides a significant advantage for data center operations, as it reduces the need for artificial cooling systems. This natural cooling capability translates into lower energy consumption and operational costs and more sustainable operations.
A stable political system
Norway is perceived to have a stable political environment and a political structure which often necessitates broad collaboration between political parties. This results in consensusdriven policies and less political polarisation, which ensure stability and continuity in political decisions, paving the way for long-term strategies.
Norway is GDPR and Schrems-compliant
Norway’s compliance with the General Data Protection Regulation (“GDPR”) and adherence to Schrems II requirements ensure that data protection standards are upheld to the highest level. This compliance is critical for companies handling sensitive data, as it guarantees that personal data is processed and stored in a manner that respects privacy rights. This positions Norway as a reliable location for data center operations.
1.3 Political climate and regulatory framework
Norway’s political climate towards data centers is shaped by a combination of strategic initiatives and regulatory adjustments. The Government aims to position the country as a leading data center nation, leveraging its abundant renewable energy resources and advanced digital infrastructure. This ambition was articulated in the national strategy of 2018, which sought to attract data center investments by offering tax incentives and improving connectivity.
However, the growth of the data center industry has recently sparked debates, particularly concerning the allocation and use of power resources. Critics, including far-left political parties, argue that the industry consumes a disproportionate amount of Norway’s power grid capacity and drives up power prices at the expense of established traditional onshore industry.
On 27 June 2025, the Government published an updated strategy, re-affirming Norway’s ambition to be the leading host for data centers. The updated strategy emphasizes data centers as critical infrastructure, and that the Government will foster and support data centers that are secure and sustainable. Furthermore, the strategy focuses on and clarifies:
• Requirements for security and national control,
• Better utilization of excess heat, mapping of energy use, and the possibility of energy labeling of data centers in collaboration with the industry,
• An assessment of a temporary ban on data centers primarily engaged in energyintensive cryptocurrency mining.
At the same time, efforts to streamline regulatory processes and enhance transparency are underway, creating a more predictable environment for data center operators. New regulatory frameworks provide Norwegian authorities with enhanced oversight, allowing for better supervision with data center operators, as they mandate registration requirements.
The political commitment to enhancing digital infrastructure and regulatory oversight provides a solid foundation for future growth, ensuring that data centers can thrive while adhering to the political climate and the legal frameworks.
2 Key legal considerations when establishing, constructing and operating data centers in Norway
2.1 Development phase
2.1.1 Introduction
As a broad generalisation, data centers may be divided into three main categories; enterprise data centers, co-location data centers, and hyperscale data centers.
Enterprise data centers; which are owned by the user of the data center, typically housed on a corporate campus and will typically not have any external investors.
Co-location data centers; where multiple tenants share a data center (i.e. there are multiple customers); these may be further divided into retail and wholesale tenants, where a retail tenant would enter into a service contract that includes e.g. connection, power and cooling etc., where a wholesale customer may have for instance power as a variable cost; wholesale leases are generally longer (five to 20 years).
Hyperscale data centers; high capacity data centers that are the most modern and are designed to meet the significantly higher technical and security requirements of the largest technology companies; they may be tailor made for one customer (sometimes with the ability to take on more customers) or more.
As stated, this is a broad generalisation, and the legal considerations prior to the operational phase are generally the same. We will therefore not distinguish between them in the sections on project development below.
2.1.2
Securing land
Land rights for data centers are usually secured in early phases of the project, either through purchase of land, or by entering into land-lease agreements. Both are viable options, but land purchases are most common.
Land-lease agreements are entered into with the relevant property owner. Duration of the land-lease is naturally a critical element to ensure access to the relevant property for the life span of the planned project. The land-lease would therefore typically include option or renewal rights for the lessee to allow for flexibility. Land-lease agreements are subject to the Norwegian Ground Lease Act (Nw tomtefesteloven), which includes mandatory legal provisions that need to be carefully considered when opting for this alternative.
Land purchases are more common and would as a first step typically be in the form of an option agreement or a conditional land purchase agreement to ensure that the necessary pre-requisites are in place for developing a data center. This could for example include conditions related to appropriate zoning and utilisation rate for the property, securing grid connection and necessary grid capacity reservation and fiber connectivity. These processes may take several years and the agreement between the landowner and the data center developer would typically have detailed provisions on how the parties will collaborate during this period as well as cost allocation between the parties. It is not unusual that the landowner receives some form of option premium or similar compensation for exclusively reserving the relevant property to the individual buyer during this period.
Before entering into a binding option or transaction agreement (or at least before a transaction is completed), the data center developer would normally complete a due diligence review to ensure that there are no existing factors, such as encumbrances, that may limit or hinder the planned project.
In order to establish a data center, an existing or future zoning plan for the property must permit such use. If the current zoning plan does not allow for a data center, it is important to assess whether there is political willingness to adopt a zoning plan allowing for development of data centers. Usually, the entity that is establishing the data center prepares the proposal for the new zoning plan, and the municipality processes and adopts it.
Until recently it was assumed that data centers could be established on properties zoned for "industry”. However, the views of the highest planning authorities have changed, and the view is now that data centers cannot be established on properties zoned for “industry”, and the correct zoning purpose will be "other commercial use". The view of the planning and building authorities is supported by a recent court decision (LB-2024-139780). If the property is zoned for, for example, “industrial” use, the municipality will likely have grounds to reject applications to establish a data center or require an application for exemption from the zoning designation. However, there may be specific aspects of the particular zoning plan that allow for the establishment of a data center on the property, even if it is not zoned for “other commercial use”, for example if the plan provisions specifically permit data centers.
Effective from 1 July 2025, "data center" will be a zoning purpose on its own. This means that for plans adopted after 1 July 2025, the property, as a starting point, must be zoned for "data center" for a data center to be established without requiring an exemption. As with plans adopted before 1 July 2025, there may still be specific circumstances that allow the plan to
permit for the establishment of a data center, but the safest approach would be for the property to be explicitly zoned as "data center".
2.1.3 Securing grid connection and power
Data centers require large amounts of power, and securing grid connection and capacity in the power grid is therefore a key pre-requisite for any data center project. Grid companies have a duty to connect electricity customers, including data centers, to the power grid, pursuant to Sections 3-3 and 3-4 of the Norwegian Energy Act (Nw. energiloven). Norway has previously experienced a surplus of capacity, but demand for capacity has increased significantly in recent years. As a result, there is now a waiting list to obtain grid connection and reserve capacity in most of the grid areas in Norway.
In order to establish power supply, the data center must first submit a request for grid connection to the relevant grid company. This request should be as precise and detailed as possible, and it must at least include the expected power demand, the planned location, and the date for commissioning.
Based on the request, the grid company evaluates whether a connection is operationally feasible given the current state of the network, with no additional measures taken in the grid. To prevent immature projects from reserving capacity and to foster an efficient connection process and utilisation of the grid, the grid company must also carry out a “maturity assessment” for projects requesting a connection of at least 1 MW, as required by the recently enacted Section 3-4 of the Regulation on Grid Regulation and the Energy Market (Nw. NEM-forskriften). This assessment evaluates how likely it is that the project will be realised, focusing on factors such as the project description, capacity needs, timeline, and the status of permits and agreements. The maturity criteria are intended to keep unrealistic projects from blocking capacity for other grid customers.
If it is operationally feasible to connect the project to the grid and the project is deemed sufficiently mature, the data center can be offered a capacity reservation. If there is available capacity in the existing grid, the reservation may be made immediately. If there is no capacity in the grid, the customer must enter a capacity queue. In the latter case, the customer is secured access to the designated capacity as soon as it becomes available.
However, it is important to maintain project progress to avoid losing either its place in the queue or its capacity reservation. While the data center has secured a capacity reservation obliging the grid company to provide capacity, the reservation often remains subject to certain conditions, such as adhering to a progress schedule. The grid company may periodically request reports on compliance with these criteria to ensure the data center retains its reserved capacity or queue position. If significant changes or deviations from the maturity criteria occur, the grid company may withdraw the reservation. The circumstances under which this could happen must be assessed concretely in each case. If a withdrawal occurs, the data center must restart the process by submitting a new application to the grid company.
If the grid company concludes that connection is not operationally feasible, the data center can either make necessary adjustments to prompt a new assessment or enter into an agreement with the grid company whereby the data center agrees to bear the costs of identifying the measures required to ensure operational feasibility. This is connected to the fact that the grid company must determine and collect a construction contribution (Nw. anleggsbidrag) from the customer to cover the costs of investments associated with the customer’s connection to the grid, pursuant to Section 16-1 of the Regulation for Electricity Trading Licensees (Nw. forskrift for omsetningskonsesjonærer).
Once the data center developer has secured grid capacity, a grid connection agreement will be concluded between the grid company and the developer. This agreement is a mutually binding contract that governs the relationship between the parties.
If it is considered appropriate that the developer connects to the grid under certain conditions, the grid company and the developer may voluntarily enter into a connection agreement with either temporary or permanent terms (so called grid connection on conditions). Some connection agreements include a condition allowing the grid company to disconnect the customer for a temporary period if there is insufficient capacity, without any compensation for the developer. In such situations, the developer will have to rely on backup generators.
Because data centers rely on large amounts of power, clarity and predictability are crucial when seeking capacity and grid connection. Particular emphasis should be placed on clear agreements with the grid company, so that the parties have well-defined and binding rules to follow. Realism in the project schedules presented are also of key importance, in order to avoid the risk of loosing the reservation due to project delays.
2.1.4 Regulatory considerations
The Electronic Communications Act (Nw. ekomloven) regulates the security of data centers related to the placement of equipment, power supply, cooling and internal networks. Servers that customers have placed in the data center, or the services and applications that use the servers, are not covered by the rules.
A data center operator is required to register with the National Communications Authority (Nw. Nasjonal kommunikasjonsmyndighet, NKOM) before the operation of the data center commences pursuant to the Electronic Communications Act and the recently enacted Data Center Regulation (Nw. datasenterforskriften). The obligation rests on any natural or legal person that offers data center services for a fee, as well as on operators of a data center with subscribed electrical power above 0.5 MW (for example data centers operated purely within a company). The registration must include descriptions of inter alia public customers and subscribed electrical power.
Furthermore, there are several requirements under the Data Center Regulation concerning security and (emergency) preparedness. These requirements detail what systems, plans and assessments that the operator must prepare and document. In general, the requirements relate to an obligation to establish systems and measures, while the required scope and detail of such systems and measures depend on the business’ identification of risks and vulnerabilities.
Before the building of a data center commences, there are also statutory requirements to complete a cost-benefit analysis of the possibility of utilizing excess/waste heat in the planning of data centers with more than 2 MW of total supplied electrical power (pursuant to the Regulation on cost-benefit analysis of the possibilities for utilizing surplus heat, Nw. forskrift om kost-nytteanalyse av mulighetene for å utnytte overskuddsvarme). The analysis must be approved by the Norwegian Water Resources and Energy Directorate (Nw. vassdrags- og energidirektoratet, NVE) before building commences. However, NVE does not have the authority to set as a requirement for approval that the data center must utilize excess heat.
It should be noted that current EU legislation includes stricter requirements for e.g. waste heat use than under Norwegian law. As a party to the EEA Agreement, Norway is required to implement such stricter EU legislation, however, due to political tensions, such implementation may take years.
Establishing and operating a data center is deemed a polluting activity that requires a permit under the Norwegian Pollution Control Act (Nw. forurensningsloven), administered by the Norwegian Environment Agency (Nw. Miljødirektoratet). Although the authorities are not obligated to grant such a permit, in practice it typically comes down to determining what requirements and conditions should be imposed to reduce pollution to an acceptable level.
2.1.5 VAT considerations
It is crucial to evaluate whether the customer contract of a data center is a service contract or a real estate lease contract for VAT purposes, as this may have impact on the data center owner’s right to deduct input VAT. If regarded as a service, it will be VAT-able and the data center owner will have the right to deduct the input VAT. If regarded as a real estate lease contract, the data center owner will only have the right to deduct the input VAT if the customer is a VAT-able business. Government services, health care and the financial business are examples of non-VAT-able users of data centers. For new built data centers, the VAT on construction cost will form significant amounts, and the classification of the contract may therefore be of essence. The classification must be made by a concrete assessment of what is the main delivery, the service and storage element or the access to the property. Most customer contracts will in our experience be deemed as service contracts for VAT purposes, but one may see exceptions where the real estate storage element is highlighted. In this context one should also note that a lease contract in some cases is exempted from public procurement regulations, while a service contract is not.
As mentioned, data center services are generally subject to VAT, meaning that data center operators must register for VAT once the data center becomes operational. A pre-registration scheme may allow deductions of input VAT on planning and building costs during the investment phase. However, to qualify for pre-registration, the project must have accrued costs exceeding NOK 250,000 and – most importantly – it must be “predominantly likely” that the data center will be established. According to current practice, the Tax Authorities may reject such pre-registration until all necessary concessions and permits have been granted. Once the company obtains VAT-registration, previously accrued input VAT can then be reclaimed retroactively.
Lease of real estate is in principle outside the scope of the VAT Act (Nw. skatteloven), but deductions may apply through a voluntary VAT registration scheme if the tenant is a VAT-able business. For example, if 50% of the data center premises are covered by a lease agreement with the government, and the other 50% by a lease agreement with a VAT-able business, the data center owner may only deduct 50% of the input VAT incurred in the project.
Green Mountain Data Centre in Rjukan, Norway.
Picture: Green Mountain
2.2 Construction phase
2.2.1 Key legal aspects when constructing a
data center
A building permit from the municipality is required for the construction of a data center. The building permit process can be carried out in several stages and for various phases of the project. As long as the data center complies with the zoning plan and the provisions of the Norwegian Planning and Building Act (Nw. plan- og bygningsloven), the municipality cannot reject the application. Among other requirements, sufficient access to the property must be ensured to obtain a building permit.
As data center development in Norway has accelerated in recent years, the Norwegian construction market has gained substantial experience in building such facilities. Currently, the construction market for data centers consists of both wholly owned Norwegian suppliers and international suppliers that have established Norwegian subsidiaries.
In our experience, the Norwegian standard form construction contracts – often referred to as the “NS contracts’ – are the preferred contractual terms for constructing data centers in Norway. These NS contracts are widely used and generally accepted as standard agreements in the Norwegian construction market.
Norwegian legislation contains multiple laws and regulations that apply to construction of data centers. For example, the Norwegian Technical Code (TEK 17) and the Norwegian Electrical Code (FEL) generally apply to most construction projects. In addition, there are more specific regulations for data centers set out in the aforementioned Electronic Communications Act and in the Norwegian Data Center Regulation. Under NS 8407 standard design and build terms – part of the NS-contract suite – the contractor is obliged to comply with all relevant legislation pertaining to the contract object, including the aforementioned regulations.
2.3 Operations phase
2.3.1 Customer contracts (co-location agreements)
The Electronic Communications Act regulates the security of data centers related to the placement of equipment, power supply, cooling, and internal networks. Servers that customers place in the data center, as well as the apps that run on them, are not yet covered by the new rules. However, to maintain consistent regulation, the data center operator should incorporate the Act’s requirements into its customer agreements so that the requirements imposed on the data center operator are also enforceable against its customers. For some customers, ensuring an adequate level of security is essential. In certain cases, they may want insight into which other customers occupy space in the data center. This can create conflicting interests for the data center operator, making it crucial for agreements to be compatible. Otherwise, there may be conflicts between duties of confidentiality and disclosure obligations.
In Norway, landlords do not have unrestricted rights to evict tenants. To evict a tenant, a landlord must have a legal basis for enforcement (Nw. tvangsgrunnlag) under the Enforcement Act (Nw. tvangsfullbyrdelsesloven). A written agreement may serve as this basis if it includes a clause stating that forced eviction may be demanded when rent is unpaid. Without such a clause, the landlord will have to rely on general enforcement grounds, which include judgments and court orders. In either situation, before any eviction can occur, the landlord must obtain an enforcement order from the enforcement authority (Nw. namsmannen). This process involves notifying the tenant and giving them an opportunity to remedy the breach or dispute the claim. If the tenant fails to comply or contests the eviction unsuccessfully, the enforcement authority can proceed with the eviction.
Unless the data center is willing to assume electricity market pricing risks, its customer contracts should pass all electricity costs on to the customers. These costs include electricity supply, grid tariff charges, levies, and overhead or administrative expenses. If the data center has entered hedging arrangements such as financial power agreements, these should also be addressed in the pass-through provisions.
Data centers require a high level of security for both the customer and the operator, making this a mutual concern. This is typically reflected in contract clauses addressing change of control in the contractor’s company and clauses concerning assignment of contractual rights. Both parties usually demand flexibility on their side (for example, allowing indirect changes in control), while also requiring strong assurances about the identity of the counterparty (for example, ensuring the beneficial owner is not “unsavoury”). As a result, these provisions typically become a focal point of negotiations.
2.3.2 Regulatory
There are several requirements under the Data Center Regulation concerning security and emergency preparedness. After the data center is established and constructed, these requirements must continue to be met during the operations phase. Additionally, during this phase, data center operators must monitor that suppliers, contractors, and others carrying out work on behalf of the operator comply with statutory security requirements.
The Data Center Regulation also details notification requirements for data center operators to the National Communications Authority and/or their customers if there is a threat or breach involving the availability, authenticity, integrity, or confidentiality of the data center or its services. Notably, in a crisis or emergency, the National Communications Authority may order data center operators to maintain service offerings with personnel and technical solutions located in Norway. In cases of disruption, and when necessary to safeguard the public interest, it may instruct operators to give priority to critical societal actors when restoring normal operations.
Under other statutory obligations, data center operators with an annual average energy consumption of at least 2.5 GWh in Norway over the past three years must carry out an energy audit every two years and submit it to Enova. The Regulation on Energy Audits (Nw. energikartleggingsforskriften) requires, among other things, an assessment of the technical and economic feasibility of connecting to existing or planned district heating or cooling networks, as well as identifying relevant energy-efficiency measures. Implementation plans must be prepared and published. However, there is no obligation to undertake the measures identified.
Where a data center operator participates in security-graded procurement and may gain access to information classified as CONFIDENTIAL as a supplier to the government, regulations under the National Security Act (Nw. sikkerhetsloven) will apply. The operator must apply for a facility security clearance and enter into a security agreement with the relevant public authority, which will outline the necessary security requirements.
Where a data center operator intends to bid on public contracts, or provide services to customers that bid for public contracts, it should be aware that contracting authorities may set minimum sustainability requirements beyond statutory obligations or use sustainability factors in evaluating bids. Such requirements or criteria might, for example, relate to using waste heat.
Data center operators should bear in mind that Norwegian law largely aligns with EU legislation in product control matters (pursuant to the Norwegian Product Control Act, Nw. produktkontrolloven), which includes restrictions on using fluorinated gases.
2.3.3 Tax and VAT considerations
2.3.3.1 VAT considerations – Norwegian customers
From a VAT perspective the services from a data center may either be defined as a data center service or as an agreement for lease of premises (lease agreement).
If the agreement requires the data center to provide a certain level of redundancy, to have data center certifications and special security arrangements the service would normally be defined as a data center service. If, however, the main purpose of the agreement is to provide the customer access to certain premises for power, cooling and fiber connectivity the agreement would normally be considered as a lease of real property. The customers right to have regular access and the price terms compared to terms for leases in nearby locations may also have an impact on the definition of the service.
The definition of the service may have a VAT impact on both the data center and the customer. Some customers (e.g. government, financial services, healthcare) may lack right to deduct input VAT and may opt to define the service as a VAT exempt lease to avoid VAT on their payments. For public procurement of real estate there are certain exceptions to the
requirements to call for tenders which may also motivate public customers to define the service as a lease agreement.
The data center should observe that defining the service as a lease agreement may have a negative VAT effect. Firstly the data center’s right to deduct input VAT may be affected directly if the customer is not registered for VAT. Secondly the data center may have to await further deduction on other premises as the VAT Authorities may be inclined to expect that also future agreements will be lease agreements and hence rule that VAT deductions for such new premises/agreements will first apply if and when a new contract is signed with a customer that is VAT liable.
2.3.3.2 VAT – Non-Norwegian customers
Data center customers will in general hold title to the servers and if applicable also other physical equipment that is placed in the data center.
Data center services have been considered as a “service capable of delivery from a remote location” also if the customer’s servers/equipment is placed in the Norwegian data center. Please note however that the data center is liable to report Norwegian VAT on the part of the fees that relates to the equipment that is present in Norway. We recommend making an analysis on the correct method for such split of the fees and to include a regulation on this in the customer contracts with non-Norwegian customers.
The foreign data center customer may under certain conditions and upon application to the Norwegian Tax Authorities receive a refund of Norwegian VAT charged by the data center for location bound services.
According to current statements from the Tax Administration (Nw. Skatteetaten), data centers may import the customers’ equipment and also be able to deduct the import VAT applicable on such import. However, there are strict terms for such deductions. According to current practice it is required that the equipment is either re-exported or fully demolished when it is no longer in use in the data center.
3 Data center transactions
3.1 Introduction
M&A activity within the data center sector is high and on the rise. According to statistics from Mergermarket, in 2024 there were 81 recorded data center deals with a combined value of US $46.4 billion, and the demand for data centers as an asset class and demand for additional services (new data centers) do not seem to abate. There are several key drivers for this, as outlined in the introduction above.
Demand for data centers is growing exponentially, while development and build-out of new data centers are challenging for several reasons and take time (see above). There also seems to be very little “speculative” building (i.e. building without a sufficient customer base prior to construction) of data centers, most likely as a result of the high capital intensity of each project. Data centers investors therefore have a strong fundamental outlook for data center as an asset class.
In this chapter we will aim to highlight certain deal-specific issues that an investor in data centers must consider before completing a transaction. We will thus not describe the transaction process as such; on the whole the transaction will follow the course of any M&A transaction.
As outlined above, there are different issues related to data centers depending on where in the development phase the project is. In the following we will focus on investments in fully operational data centers and will not dwell on issues that are specific to development projects.
As described in section 2.1.4, as a broad generalisation, data centers may be divided into three main categories; enterprise data centers, co-location data centers, and hyperscale data centers.
If an enterprise data center would be sold by the owner-user (a form of sale-leaseback), it would often fall into the hyperscale category; the transaction would normally also entail the outsourcing of the operation of the data center. We will not deal specifically with this type of transaction here.
Investors in data centers are typically not operators; an infrastructure investor would outsource the operation to an operator, although the investor may be an owner-operator of data centers 4. We will not cover issues that are particular to an owner-operator but will focus on issues of interest for a typical infrastructure 5 investor.
4 Some real estate/infrastructure investors have invested in data center platforms that contain operators.
5 One can debate whether an investment in a data center is an infrastructure or real estate investment. We do not believe this to have any impact on the discussion here.
3.2 Due diligence
As the issues that merit particular attention in a due diligence of a data center company have been dealt with in more detail above, we will only summarise the key issues here (and in no particular order):
Real estate: Ownership or other rights to land (ground lease (Nw. feste)), including options to expand (“land banks”); permits and zoning requirements (including proposed changes to existing regulations).
Power: As data center providers rely on sufficient supply of uninterrupted power, it is important to investigate the capacity (including any reserve) and electrical redundancy / back-up measures. It is also necessary to understand the regulatory environment for distribution of electric power (see above), as the electrical grid in Norway is a natural monopoly and therefore heavily regulated.
Depending on whether the lease is retail or wholesale, power supply contracts (power purchase agreements – PPAs) should be carefully considered; the sale of electric power is not a monopoly.
Source of power (i.e. renewable or not) is typically a consideration (due to requirements from customers and expectations of society in general), but less of a consideration in Norway considering the power source is generally “green”
Data (fibre) connectivity: As for power supply, sufficient capacity and redundancy (to avoid fall-outs) are critical for the operation of the data center, and consequently how the data center has secured connectivity, including through indefeasible right of use agreements, lease agreements or other means merits particular attention.
Security: both data and physical (i.e. physical access to the data center) security need to be carefully considered, also in light of requirements under the tenant contracts (see below).
Tenant contracts: Investors must make sure that the data center has the capability to satisfy the requirements under the tenant contracts (and whether there have been any breaches in the past), including SLAs, to avoid unexpected capex/opex. Duration is of course another key point, as are rent (adjustment) and termination provisions.
Environment, health, and safety (EHS): Ever stricter requirements may entail future investments; this is particularly important to map when acquiring an older data center
Data protection (GDPR): As data centers typically involve storing and transfer of personal data, restrictions and requirements may apply; it is important that the data center is able to satisfy existing requirements and to a certain extent also is “future proof” in case of additional requirements (also with regard to the ability to recover costs from tenants as a result of such additional requirements).
Regulatory, including national security: In countries that have implemented foreign direct investment (FDI) regulatory regimes, data centers are often subject to FDI approvals as they represent critical infrastructure. Regulatory changes may impact the business, for instance changes with regard to business categorisation may have an impact on zoning (see above) and with respect to power supply (grid access); the obligation to register the data center with the National Communications Authority from 1 January 2025 (existing data centers will need to register by 1 July 2025) and the corresponding obligations to provide data center services in times of crisis, as well as the requirements for security and preparedness and obligation to contribute a sector fee to the National Communications Authority are other examples of regulatory changes that impact the operations and economy of a data center.
Tax and VAT (see above).
3.3 Transaction documentation
The predominant form of transaction structure for operational data centers in Norway is a share purchase, i.e. the acquiror will acquire all or part of the shares in a limited liability company that holds all assets, rights and obligations pertaining to the data center. There are several reasons for this; key is tax considerations (due to the so-called exemption model in Norway, a sale of shares in a limited company from a corporation is as a rule not subject to capital gains tax) and simplicity, i.e. when purchasing a company, all of the assets, rights and obligations will automatically transfer to the buyer. In earlier stages of the project other considerations may however be relevant, and asset deals are not unheard of, but then the transactions will often be more akin to a real estate deal or land purchase deal. In the following we will only comment on the share purchase agreement (SPA).
As a general point, an SPA for a data center will not be materially different from any other SPA for purchasing shares in an operative company. Real estate transactions in Norway are as a rule based on the so called “agency standard” (Nw. meglerstandarden), which is a set of standard agreements developed by the association of Norwegian commercial real estate brokers. However, our clear impression is that the agency standard SPA for real estate companies is not used in data center transactions.
Naturally, but like in any other M&A deal, warranties should be tailored to cover the most prevalent risks associated with the business; please refer to section 3.2 above. Some may argue that given that the business operation is relatively simple and contains a limited combination of assets compared to many “regular” M&A deals, one should perhaps apply a shorter and more focused suite of warranties (and perhaps one that is focused on protecting the cashflow of the business). However, given the Norwegian drafting style, which favours broad/sweeping, but less specific warranties, apart from tailoring to business-specific risks as
mentioned, the warranty catalogue will resemble what you see on “regular” M&A deals.
3.4 Regulatory filings
In addition to a potential competition filing, which is based on meeting the relevant revenue thresholds 6, care should be taken to ascertain whether the transaction is subject to an FDI filing, see above.
In addition, as mentioned above, there is an obligation to register a data center operation with the National Communications Authority from 1 January 2025. However, in our view a share transaction does not require any additional filing, as it is the company that operates the data center which is registered. A parent company may register on behalf of subsidiaries, and in case the subsidiary is sold, a new registration needs to be made, either by the target company or the new holding entity (in the event it holds several data center companies).
6 NOK 100 million in Norway for each of the target and buyer and at least NOK 1,000 million combined (based on latest available annual accounts).
N01 Datasentercampus at Støleheia outside Kristiansand, Norway. Illustration: BULK Infrastructure
4
BAHR’s track record and team
BAHR boasts an extensive track record in advising data center developers, operators, and investors, offering strategic guidance on a wide range of transactions. Our deep industry knowledge equips us to deliver tailored solutions that address the unique demands and complexity of today’s data center market.
Recognising that data center operations involve numerous legal disciplines, BAHR has assembled a dedicated data center team drawing on expertise from across the firm’s practice groups. From real estate, regulatory, and environmental matters to commercial, tax, and financing considerations, we provide integrated services designed to ensure our clients receive comprehensive support throughout each stage of their data center initiatives.
Anne Sofie Ole Andreas Halvor Kristian Bjørkholt Dimmen Mathisen Gude
+47 97022193 +47 41438821
+47 91842451 +47 41226072 asb@bahr.no oadim@bahr.no halma@bahr.no krigu@bahr.no
Henrik
Stig Klausen Per Aksel Nils Flesland Bjørnebye Engelhart Hammer Krog Bull
+47 90640229 +47 47011112
+47 90946904 +47 95267683 heb@bahr.no skl@bahr.no peakr@bahr.no nfb@bahr.no
Eirik Basmo Hilde-Marie Jacob A. Lars Kristian Ellingsen Pettersen Møller Sande
PARTNER TECHNOLOGY AND IP
MANAGING ASSOCIATE TECHNOLOGY AND IP
+47 92088112 +47 91769962
PARTNER TRANSACTIONS
PARTNER TRANSACTIONS
+47 92880017 +47 90858464 eiell@bahr.no hipet@bahr.no jam@bahr.no lks@bahr.no
Arne Torsten Beret
Morten von H. Haakon Rønn Andersen Sundet Kristiansen Stensæth
PARTNER REGULATORY PARTNER REGULATORY
SENIOR ASSOCIATE REGULATORY
SENIOR ASSOCIATE REGULATORY
+47 97147338 +47 92881385 +47 92418004 +47 99778908 ata@bahr.no bsu@bahr.no mokri@bahr.no haste@bahr.no
Data centers in Norway – an introduction
June 2025
Disclaimer
This pamphlet contains information in summary form and is therefore intended for general guidance only. It is not intended to be relied upon as legal advice or be a substitute for detailed research or the exercise of professional judgement. Please refer to your advisors for specific advice. BAHR will not accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this pamphlet. ADVOKATFIRMAET
bahr.no
