By RJ Colwell, Patrick Datz, and Rachel Nixon
Data center projects increasingly include on-site power generation that transforms their risk profile from a technology asset into a hybrid energy-and-technology facility. Standard insurance products were not designed for this configuration, and the legal documents that govern these projects frequently allocate risks in ways that do not align with the insurance actually in place. This alert illustrates those gaps through four scenarios drawn from transactions we are seeing in the market and outlines the coordination that sponsors, lenders, and operators need to close them.
The Scale of What Is Being Built
The artificial intelligence boom is driving one of the largest infrastructure buildouts in American history. U.S. data center construction spending reached $41 billion in 2025 – up 344% from 2020 – with more than 565 large-scale facilities operating and nearly as many in the planning or construction pipeline. Five major technology companies alone have announced roughly $700 billion in combined capital expenditure plans for 2026, the vast majority directed toward AI-related infrastructure. Private equity and infrastructure funds are deploying capital at comparable scale, with firms such as Blackstone, KKR, and Brookfield building or acquiring multi-gigawatt data center platforms that carry project-finance-style risk profiles regardless of how they are capitalized.
For developers, operators, investors, and lenders, those numbers signal enormous opportunity. They also signal a shift in the risk profile of these projects that deserves careful attention – and, in our experience, is not yet receiving it in many deal rooms.
A New Kind of Asset, a New Kind of Risk
Until recently, most data centers drew their power from the electrical grid. Their risk profile was largely that of a technology asset: expensive equipment, high uptime requirements, and exposure to outages and cyberattacks. Standard commercial property, business interruption, and cyber insurance policies, while imperfect, were reasonably well suited to those risks.
That picture has changed. Grid interconnection delays – now commonly exceeding three to five years in many ISO/RTO queue regions – have driven developers to build their own on-site power generation, often structured as behind-the-meter (BTM) facilities to avoid triggering FERC jurisdictional obligations under the Federal Power Act. These BTM installations can include fleets of reciprocating engines, combustion turbines, or fuel cells running on natural gas, sometimes generating hundreds of megawatts on a single campus.
The result is that a modern data center campus is no longer just a technology asset. It is a hybrid energy-and-technology facility, with a risk profile that straddles both industries. On-site power generation introduces exposures that are familiar in the oil and gas and power generation sectors but new to many data center developers: air quality permitting requirements, fuel supply and commodity price volatility, thermal and mechanical risks from generation equipment, and environmental liabilities related to emissions, noise, and cooling water discharge. These are risks that standard technology-sector insurance programs were never designed to address.
From an underwriting standpoint – and this is a point that developers and their counsel frequently underestimate – this shift moves the risk from a single-class technology occupancy into a combined energy-and-technology classification. Property carriers writing pure data center risk often will not accept the on-site generation exposure, and power generation underwriters are not equipped to evaluate the IT load. The result is that the program frequently needs to be placed across multiple carriers or through a specialty facility that can accommodate both classes on one form. Equipment breakdown coverage (sometimes still referenced by its legacy name, boiler and machinery) becomes a central rather than incidental coverage element, since reciprocating engines, combustion turbines, transformers, switchgear, and chillers are all rotating or pressure-containing equipment with breakdown exposure that the all-risk property form does not respond to.
The valuation basis matters as well: data center hardware depreciates aggressively under tax accounting but is almost always replaced new, so replacement cost coverage with appropriate margin clauses and obsolete-equipment endorsements should be confirmed line by line. For lenders, this is not an academic exercise: inadequate valuation language in the insurance program can create a gap between the collateral value assumed in the credit agreement and the recovery available after a loss, which is precisely the scenario that triggers covenant defaults and impairs recovery.
It is worth noting that these exposures vary depending on the commercial model. A developer building a single-tenant, build-to-suit campus faces a different risk allocation than a colocation operator hosting multiple tenants, each of whom may carry its own insurance program. In the colocation context, the gaps are frequently found not in the operator’s own policies but in the interplay between the operator’s coverage, the tenant’s coverage, and the lease provisions that allocate responsibility between them. Developers and operators at sufficient scale may also evaluate self-insurance or captive insurance structures as part of their overall risk management strategy. The threshold question in every case is the same: Have the legal documents and the insurance program been designed together, or have they been assembled independently?
The question has a regulatory dimension as well. In states where the public utility commission asserts jurisdiction over entities that sell electricity to third parties, a colocation operator that provides power to tenants under a bundled services model may face rate regulation arguments that the operator’s insurance program was never designed to address. Understanding the interaction between the commercial structure, the regulatory classification, and the insurance program is essential.
Captive and self-insurance structures merit a closer look in this context, particularly for developers operating at platform scale. A single-parent captive domiciled in Vermont, Bermuda, or the Cayman Islands can sit in the middle of the program to retain the predictable layers of risk (deductible buy-down, equipment breakdown frequency layers, cyber retention), with a fronting carrier issuing the policy of record to satisfy lender and lease requirements. The critical caution is that lender credit agreements often specify minimum carrier ratings (typically A- or better by AM Best) and prohibit deductibles above stated thresholds; a captive structure that has not been pre-approved by the lender can trip the same covenants the program is meant to support. Tax treatment under IRC 831(b) and the related material risk provisions should be confirmed with counsel before the structure is finalized.
The good news is that the insurance market is evolving to meet the moment. Specialized programs now offer integrated coverage spanning construction, operations, cyber, cargo, and delay-in-start-up – bringing together risk classes that were traditionally placed separately. These programs represent a meaningful step forward for developers who know to ask for them and who engage their insurance advisors early enough in the project timeline to structure coverage properly.
The challenge is one of coordination. The legal documents that govern the project – the engineering, procurement, and construction contract (commonly called the EPC contract), the lease, the generation services agreement, the power purchase arrangement – allocate risk among the parties. The insurance program is supposed to backstop those allocations. When the two are built in parallel, the result is a well-integrated structure. When they are built in sequence – or in isolation – gaps emerge. Those gaps are where the nine-figure surprises live.
Where the Gaps Are: Four Practical Scenarios
The most effective way to understand the emerging risk gap is to walk through the scenarios where legal structuring and insurance placement either reinforce each other or leave the project exposed.
Fire and thermal runaway. Lithium-ion batteries are increasingly used in server racks and on-site energy storage systems. These batteries carry a well-documented risk of thermal runaway – a self-reinforcing overheating cycle that can cause fire and explosion.
If a thermal event destroys server racks and causes an extended outage, the insurance and legal questions arise simultaneously. On the insurance side: Does the property policy cover the full replacement value of the specialized equipment, or do sublimits apply? Does it cover the loss of electronic data stored on the destroyed servers? Many standard property policies exclude data loss entirely, which is a critical gap for facilities whose core function is storing and processing data. Does the business interruption coverage reflect the actual revenue at stake when tenants are running high-value AI training workloads?
On the legal side, the questions are equally urgent. Who bears liability under the lease, the services agreement, or the EPC contract – the operator, the equipment vendor, or the general contractor? These questions need to be answered in concert, before the loss occurs, not after.
The insurance market’s response to this exposure is evolving rapidly, and several specifics are worth flagging for developers and their counsel. Property carriers have been narrowing their appetite for battery energy storage systems and high-density lithium-ion server rack deployments throughout the 2025 and 2026 renewal cycles, and many programs now carry sublimits in the $10 million to $25 million range for BESS losses on facilities where the total insured value is in the hundreds of millions or billions. Some carriers have introduced outright exclusions tied to non-compliance with NFPA 855 (the standard for the installation of stationary energy storage systems), UL 9540 (the safety standard for energy storage systems), and UL 9540A (the cell-level propagation test). Underwriters increasingly want to see fire detection and suppression that meets or exceeds these standards, spacing and compartmentalization of battery enclosures, and documented commissioning records.
On the data side, electronic data and media coverage is almost always sublimited on a standard property form, and the cost of recreating training datasets or model weights after a destructive event can be orders of magnitude larger than the sublimit. The obsolescence dimension compounds the problem: AI accelerator hardware may cycle through multiple generations during a single policy period, and a replacement cost provision that reimburses the cost of like-kind-and-quality equipment may not deliver equivalent compute capacity if the destroyed hardware is no longer manufactured. A separate technology errors and omissions or cyber policy may pick up some of this exposure, but only if the coverage trigger and the property trigger are deliberately coordinated. Cause-of-loss disputes between the property and cyber markets are the most common reason a covered loss ends up partially paid. For in-house counsel managing a claim in the aftermath of a thermal event, the time to resolve this coordination question is at placement, not at the point of loss.
Permitting delays. A developer plans a multi-phase campus expansion. Local residents raise concerns about noise, water consumption, or air emissions. The permitting process stalls. Construction slips by six months or more, and the developer misses contractual deadlines with anchor tenants. Delay-in-start-up exposure – the financial cost of the delay itself, measured in lost revenue and contractual penalties (often abbreviated “DSU” in insurance terminology) – can exceed a billion dollars on a single large campus. The question for the development team is whether the builders risk policy (a specialized form of property insurance that covers loss or damage during the construction phase) includes DSU coverage and whether the sublimit is adequate. In most cases, it is not – unless the coverage has been specifically negotiated at the outset. On the contract side, the allocation of permitting delay risk between the developer and the EPC contractor must be addressed with precision. Generic force majeure provisions rarely suffice.
The distinction matters for lenders as well. Credit agreements for data center projects typically require the borrower to maintain insurance at specified levels and to provide evidence that the permitting timeline assumed in the financing model remains on track. When a permitting delay arises and the insurance coverage does not respond – because the DSU sublimit is exhausted, or because the cause of the delay falls within a policy exclusion – the borrower may find itself in technical default of its insurance covenants at the same moment it most needs its lender’s flexibility.
Several distinctions inside the delay coverages are worth making explicit, because they interact directly with the credit agreement provisions that lenders and their counsel negotiate. Builders risk DSU and operating-phase business interruption are not the same coverage; they sit on different policies, are triggered by different events, and use different valuation methodologies. The builders risk DSU indemnity period typically runs from the originally scheduled commercial operation date to the actual commercial operation date, capped at a stated number of months. The operating-phase business interruption indemnity period runs from the date of the physical damage event to the date the facility is restored to operating condition, also capped. Between the two policies, there is often a gap at the handover from construction to operations that needs to be specifically negotiated.
Soft costs coverage (interest carry, additional financing costs, real estate taxes, leasing commissions) is a separate line that lenders increasingly require, and it is typically sublimited well below the DSU limit. Lender-required endorsements that should be confirmed on every placement include the lender’s loss payable endorsement (438 BFU or equivalent), waiver of subrogation in favor of the lender, severability of interests, primary and non-contributory language, and at least 30 days’ notice of cancellation or material change (often 60 to 90 days’ notice on syndicated facilities). Developers should also be aware that permitting delays tied to air quality or environmental review under state implementation plans may implicate federal regulatory timelines that cannot be accelerated by commercial negotiation alone, a dimension that the force majeure analysis in the EPC contract and the DSU coverage in the insurance program must both account for.
Equipment loss in transit. A critical shipment of servers or power generation equipment is damaged during transport. With multiple developers competing for the same specialized equipment, replacement lead times are growing – and so is the DSU exposure triggered by the delay. A single cargo loss on a hyperscale project can produce a DSU claim that far exceeds the replacement value of the equipment itself. The relevant insurance policies – cargo, builders risk, and DSU – often overlap in theory but leave gaps in practice. The generation services agreement may allocate the risk differently than the insurance program assumes. Identifying and closing these gaps requires coordination between legal counsel and the insurance placement team.
Marine cargo placement for hyperscale projects has its own discipline, and the details matter for lenders and sponsors who are relying on equipment delivery timelines to support their financial models. Coverage should be written on Institute Cargo Clauses A (the broadest all-risk form available in the London market) with extensions for war and strikes, general average and salvage, and contingent and seller’s interest where the project takes title at different stages of the supply chain. The accumulation limit, which caps the carrier’s exposure at any single location at any single time, is often the binding constraint on a large project rather than the per-conveyance limit; equipment staged at a port of discharge or at an intermediate warehouse can sit there in quantities that exceed standard accumulation terms. Delay-in-start-up triggered by a cargo loss is a separate coverage decision: many marine cargo policies exclude delay as a covered cause, and the DSU section of the builders risk policy may not respond unless the cargo loss is also a covered cause under the builders risk form. A difference-in-conditions endorsement or a marine DSU extension may be needed to close that seam. Project cargo and stock throughput placements written by specialty marine markets handle these issues more cleanly than a transactional cargo policy bought on a per-shipment basis.
Fuel supply disruption. A behind-the-meter gas fleet depends on a reliable natural gas supply. A pipeline constraint, a severe weather event, or a spike in commodity prices disrupts fuel delivery or makes continued operation uneconomic. Who bears this risk? Under the generation services agreement or the power purchase arrangement, the answer depends on how the fuel supply provisions and force majeure definitions are drafted. Whether business interruption insurance responds to a fuel supply disruption – as distinct from a mechanical failure of the generation equipment itself – depends on the specific policy language. This scenario sits at the intersection of energy law and insurance placement, and it is one where clients with experience structuring oil and gas transactions have a meaningful advantage.
This scenario exposes one of the most consequential limitations in standard business interruption forms, and it is where the data center sector’s relative unfamiliarity with energy-sector risk allocation is most visible. A pipeline constraint, a regulatory curtailment, or a commodity price spike that interrupts fuel delivery without any physical damage to insured property will not trigger standard business interruption coverage. The coverages that respond to this exposure sit in different parts of the program: contingent business interruption (covering income loss from physical damage to a named supplier’s property), supply chain or trade disruption coverage (a non-damage business interruption form that pays on a defined trigger such as a denial of access, supplier insolvency, or regulatory action), and weather or parametric coverage that pays on a measured index rather than on demonstrated damage. Each has its own trigger, exclusions, and valuation methodology, and each must be sized against the specific fuel supply structure in the generation services agreement. The pricing for these coverages has firmed considerably as carriers have absorbed losses from supply chain disruptions, but capacity is generally available for well-engineered risks. Commodity price risk itself is typically hedged in the financial markets rather than insured. Water supply risk presents a parallel exposure in water-stressed jurisdictions, particularly in Western states governed by prior appropriation doctrines, groundwater management areas, or active management frameworks such as Arizona’s, where cooling water demand may be subject to curtailment or reallocation. Standard property and business interruption forms do not address this exposure, and whether standalone or parametric coverage is available for water curtailment risk remains an evolving question. At a minimum, the site lease and generation services agreement should address water supply continuity, curtailment allocation, and the right to secure alternative sources.
For developers and sponsors who have structured oil and gas midstream or downstream transactions, the analytical framework here will be familiar: the generation services agreement is functionally a gas processing or tolling agreement, and the insurance and hedging program should be designed with the same rigor. For those coming from a pure technology or real estate background, this is an area where experienced energy counsel and insurance advisors add the most value.
Practical Considerations
The core insight is structural. Every risk allocation decision in the project documents has an insurance counterpart. A force majeure clause that shifts permitting delay risk to the developer is typically matched by adequate DSU coverage in the builders risk policy. An environmental indemnity in the lease is often backstopped by environmental impairment liability coverage. A fuel supply agreement that is silent on commodity price escalation creates an exposure that will surface in the business interruption analysis if the risk materializes.
From a placement standpoint, a coordinated program for a hyperscale or BTM-powered project will typically include the following coverage lines, each with project-specific endorsements that should be reviewed alongside the transaction documents. Builders risk should be placed on an all-risk form with LEG 3 defects coverage, testing and commissioning extensions, soft costs, and DSU sized to the financing model. Operational property and equipment breakdown should sit on a combined form covering both IT and generation equipment, with data restoration and dependent property extensions. General liability with completed operations coverage should be extended to match the statute of repose in the project jurisdiction, supported by an excess and umbrella tower commonly in the $200 million to $500 million range for hyperscale risks. Environmental impairment liability should address emissions, cooling water discharge, and historical site conditions, with coverage periods extending past the policy term to address long-tail claims. Cyber and technology errors and omissions coverage should include operational technology and industrial control system extensions, contingent business interruption, and the broadest available silent-cyber and war exclusion language. Project-specific professional liability should ideally be carried by the architects, engineers, and design-build contractors, with completed operations tail extending past project delivery. Marine cargo and stock throughput should be placed as discussed above. Finally, in most cases workers compensation and the contractor’s liability program should be structured either as separate placements or, on larger projects, through an owner-controlled or contractor-controlled insurance program (OCIP or CCIP) that consolidates coverage across the entire job site. The common thread across all of these lines is that the coverage in well-structured programs must be designed against the specific risk allocations in the project documents, not layered on after the documents are signed. The most expensive insurance failures we see are not coverage gaps in the abstract; they are mismatches between what the contract says and what the policy actually covers.
The developers and operators who are navigating this landscape most effectively are the ones who bring their legal counsel and their insurance advisors into alignment early – before the letter of intent is signed, not after construction is underway and the gaps have already been baked into the deal structure. For sponsors, lenders, and in-house teams evaluating new platforms or expanding existing ones, the threshold question remains: Have the legal documents and the insurance program been designed together?
This alert is intended to provide a general overview of the risk management considerations relevant to data center development and on-site power generation. It does not constitute legal or insurance advice, and the appropriate coverage structure and contractual approach will depend on the specific facts, commercial model, jurisdiction, and risk profile applicable to each project.
RJ Colwell is a senior associate in the Energy & Mining Group at Davis Graham & Stubbs LLP, where he advises data center developers, power generation companies, private equity and infrastructure sponsors, and their lenders on the regulatory, transactional, and permitting dimensions of AI power infrastructure. His practice spans energy M&A, FERC regulatory compliance, behind-the-meter generation structuring, and data center power supply arrangements. RJ can be reached at rj.colwell@davisgraham.com.
Patrick Datz is an Executive Vice President at IMA Financial Group, where he specializes in insurance program design for energy, power generation, and large-scale infrastructure assets. He advises developers, sponsors, and lenders on property and equipment breakdown placement, builders risk and delay-in-start-up structuring, and the use of captive and self-insurance strategies for capital-intensive projects. Patrick can be reached at patrick.datz@imacorp.com.
Rachel Nixon is a Senior Vice President at IMA Financial Group, where she advises technology, data center, and hybrid energy-technology companies on risk architecture and insurance strategy. Her work focuses on AI-driven and emerging exposures, including cyber and technology errors and omissions, supply chain and cargo risk, and the coordination of coverage across complex, multi-carrier programs. Rachel can be reached at rachel.nixon@imacorp.com.