In 2023, the EU updated its Energy Efficiency Directive, requiring large data center operators to report energy and water consumption into a central European database the first serious attempt to create real sustainability accountability for an industry whose environmental footprint is accelerating alongside AI demand. Then, during the 2024 consultation process, Microsoft and DigitalEurope the lobby group representing Amazon, Google and Meta submitted near-identical proposals to classify all individual facility data as confidential and commercially sensitive. The Commission adopted the wording almost verbatim. The result: the EU now collects the data, then legally prohibits anyone from seeing it. Simultaneously, Europe’s first mandatory reporting cycle revealed that only about a third of qualifying data centers submitted metrics at all and entire countries failed to report anything. Thirty-five MEPs have since called the confidentiality clause unlawful, citing the Aarhus Convention. The Commission has signaled it intends to keep the clause largely intact.
The Architecture of Accountability And Who Designed It
The European Union’s sustainability transparency framework for data centers was built on a straightforward premise. As AI demand drives energy consumption at unprecedented scale, European citizens, researchers, and local governments deserve access to information about the environmental footprint of facilities operating in their communities.
That premise produced a reporting mandate. The 2023 revision of the EU Energy Efficiency Directive requires data center operators above 500 kilowatts of installed IT power demand to disclose energy consumption, water use, temperature set points, waste heat utilization, and renewable energy share into a centralized European database. The directive obliges facilities above specified power thresholds to report detailed operational metrics into an EU database, enabling the European Commission to derive sustainability performance indicators such as PUE, WUE, ERF and REF, and to assess whether minimum performance standards are needed after 2025. The framework, on paper, represents exactly the kind of mandatory, structured disclosure that independent sustainability researchers had argued the sector needed. What happened to that framework between the directive’s passage and its implementation is a case study in regulatory capture that Europe’s elected lawmakers are now describing as unlawful.
The Consultation That Rewrote the Rules
When the European Commission circulated a first draft of the implementing regulation in December 2023, it proposed that collected data be published in aggregated form. The standard consultative process then opened for stakeholder feedback. At the start of 2024, Microsoft and DigitalEurope gave feedback: both suggested an identical new article classifying all individual information on data centers as confidential, citing commercial interest. They wanted to go beyond the initial Commission proposal and ensure that the data could not even be accessed through freedom of information requests. When the Commission published the final text in March 2024, their proposed article had been added almost word-for-word.
The amendment to the 2024 legislation permitted the operators to classify the metrics as confidential and commercially sensitive, essentially blocking public access to the information. The consequence is precise and stark: the EU now legally collects sustainability data on hundreds of facilities across member states and legally prohibits the public from seeing it. Researchers cannot access it. Journalists cannot obtain it through freedom of information requests. Communities living adjacent to these facilities cannot review the energy and water consumption data of the infrastructure operating in their neighborhoods. Furthermore, in an email sent in early 2025 and shared with Investigate Europe, a senior Commission figure stressed to national authorities that they were obliged to keep confidential all information and key performance indicators for individual data centers. The Commission was not merely permitting confidentiality. It was actively enforcing it.
What Legal Scholars and Lawmakers Say
The legal assessment of the confidentiality clause is not ambiguous. Ten legal scholars told Investigate Europe it may violate the EU’s obligations under the Aarhus Convention, an international treaty guaranteeing public access to environmental information. Professor Jerzy Jendrośka, who spent 19 years on the compliance body overseeing the Aarhus Convention and teaches environmental law at Opole University, said: “In two decades, I cannot recall a comparable case. This clearly seems not to be in line with the convention.”
The political response followed the legal assessment. Thirty-five MEPs urged the EU Commission to scrap the confidentiality clause, calling it unlawful. Lawmakers called on EU Environment Commissioner Jessika Roswall to delete Microsoft’s amendment and ensure transparency regarding the environmental impact of data centers. German MEP Alexandra Geese told Investigate Europe: “Transparency around electricity and water consumption is the basis for a good data center strategy in Europe. Prohibiting citizens and local government from making informed decisions around data centers is the wrong way to go in a democracy.” The Commission’s response to that letter has been, according to reporting, to signal it intends to keep the secrecy clause largely intact as it updates the relevant legislation. One question the episode forces the industry to confront directly is how a secrecy clause was injected verbatim from an industry lobbying paper into European law and why the Commission went out there actively enforcing it after receiving multiple access requests, turning all of them down.
The Reporting Gap Underneath the Secrecy Debate
The confidentiality dispute has drawn significant and deserved attention. Beneath it lies a second, equally significant problem that the transparency framework was designed to solve and has so far failed to address. The first mandatory reporting cycle under the EU’s Energy Efficiency Directive produced an unclear picture of energy usage and efficiency, revealing a lack of available data. Only about a third of EU data centers submitted their metrics, with entire countries failing to report any information.
Europe’s attempt to make data center sustainability measurable has revealed a structural gap between the metrics required and the data that operators can actually access, according to Simon Hinterholzer, a researcher at the Borderstep Institute, who worked on the EU assessment. The first cycle didn’t produce a clear picture of energy use and efficiency. Instead, it highlighted how little of such data actually exists. This is not a story about operators concealing data they hold. For a significant portion of the sector, the data does not exist because operators have not historically measured it at the granularity that the EED’s reporting framework requires. The transparency problem, therefore, operates on two levels simultaneously: what the industry holds but will not disclose, and what the industry has not yet built the internal systems to measure in the first place.
What Genuine Accountability Requires
The Commission does plan to publish sustainability scores covering a handful of indicators for individual data centers. It is a step forward, but the vast majority of what operators report will remain confidential, shielded by the very clause that industry wrote for itself. Europe is simultaneously planning to triple its data center capacity within five years to support AI ambitions, while operating a sustainability accountability framework that produces confidential data from a third of the facilities it covers, enforced by a secrecy clause that 10 legal scholars argue violates international treaty obligations and 35 elected lawmakers describe as unlawful.
Those two facts cannot coexist indefinitely with the EU’s stated commitment to climate accountability and public transparency. Given that the Commission intends to triple its data center capacity within the next five years, it is extremely worrying that vital information regarding the environmental impact of data centers is being withheld from the public, the MEP signatories wrote directly to the Commission. The sustainability label the Commission planned as the next accountability instrument has since been delayed caught in a separate political dispute over whether nuclear energy qualifies as clean power. The reporting framework produces confidential data. The label is stalled. The capacity is tripling.
Europe’s data center sustainability accountability framework is, at this moment, a structure in which the most consequential information is either unavailable, confidential, or caught in political gridlock. The industry that lobbied to keep it that way is now the primary beneficiary of the gap. The Commission that permitted it is now defending the clause against its own elected lawmakers. What genuine accountability requires is not another consultation. It requires the Commission to answer, plainly, why a secrecy provision drafted by industry became EU law — and what it intends to do before that answer becomes a court ruling.
