Global menu

Our global pages


Coronavirus - FAQs for data centre providers – UK

  • United Kingdom
  • Coronavirus - Country overview
  • Coronavirus - Data and Cyber Security issues



COVID-19 legal FAQ for data centre providers


This legal FAQ addresses certain considerations for data centre providers following the spread of, and the UK government’s and public’s reaction to, COVID-19 and its impact on businesses and their contractual arrangements.

The COVID-19 situation continues to develop at pace and governmental advice is being updated on a daily basis. This briefing therefore reflects the position as at 18 March 2020 only.

Whilst this FAQ has been written to reflect the position under English law, a number of the principles discussed will have wider application outside of the laws of England.


Does COVID-19 constitute a force majeure event?

The applicability of force majeure depends on the wording of the relevant force majeure clause.

Data centre providers are most likely to be able to rely on force majeure if their contract refers to “disease” or “pandemic” or other similar language.

We do not however expect to see such language in typical contracts between data centre providers and their customers.

As the response and steps taken by governments to tackle COVID-19 intensify, it may become more likely that companies can rely on force majeure triggers that refer to “governmental intervention” or similar.

Seeking to rely on more common wording like “acts of God” or “circumstances beyond the party’s reasonable control” will be more of a challenge and will depend on the drafting of the clause.

There will also often be further hurdles to surmount, such as conditions in the force majeure clause itself and the requirement to show a causal link between COVID-19 and the delay or failure to perform.

Relying on force majeure will not be straightforward and, given the potential financial implications of not performing their contractual obligations, data centre providers should consider steps to mitigate the impact of COVID-19 such as resourcing considerations and business continuity planning.

What other contractual considerations are there due to COVID-19?

In addition to force majeure, it will be necessary for data centre providers to understand the position in other areas of their contracts, including:

Compliance with applicable law – do the obligations to comply with applicable law extend to regulatory / government guidance?

Change of law - does a change of law, that arises as a result of a public health emergency, mean additional costs or obligations?

Hardship - do any contracts include a hardship clause which allow a provider to protect itself if the contract becomes too onerous or expensive to perform?

Termination rights - are there any termination rights which need to be considered more closely in light of COVID-19?

Insurance - consider the insurance position and check insurance policies to see if they cover losses or liabilities relating to COVID-19.

Business Continuity Obligations – a careful review of the contractual business continuity position should be undertaken.

Supply chain/subcontractors - what controls are there over supply chain/subcontractors (for example, restrictions on use of alternative subcontractors)?

Governance and escalation - how often are the parties obliged to meet to discuss contract operation?

Can visitors to a site be asked questions about their potential exposure to COVID-19?

In collecting visitor personal data (whether related to possible exposure to COVID-19 or otherwise), a data centre provider will be subject to rules relating to such collection, including that the collection is necessary, justified and fair.

This would most likely be justified as necessary for legitimate interests in promoting the health, safety and welfare of employees and visitors to sites (though care should be taken in relation to explicit questions about an individual’s health which would require additional lawful grounds and policy documentation).

Can someone be denied access to a site based on information provided relating to potential exposure to COVID-19?

Given the seriousness of this pandemic and the latest governmental advice, we would expect parties to take a sensible approach to this and anyone who is deemed to be at risk of having contracted the virus should be refused entry and self-isolating.

From a privacy law perspective, whilst it is unlikely that a person would object to being denied access, even if this was the case, our view is that the negative impact on that person’s rights is outweighed by the need to protect the health of employees and other visitors and this reflects the latest approach being taken by the UK government.

How long can information be kept for?

A Legitimate Interest Assessment will need to be recorded and it should be considered how long the data should be retained, based on how long the information is needed for. This will likely depend on the most up to date governmental advice.

What about employment related considerations?

Data centre providers, like any other company, have a legal duty to ensure the health, safety and welfare at work of their employees and anyone else who may be affected by its business, including visitors and members of the public.

Employees infected with COVID-19 will normally be entitled to sick pay in the usual way. The same applies to employees who have self-isolated, in line with government guidance.

Employees who have to take time off work to care for their dependents may be entitled to pay depending on the terms of their employment contract. Note that employees have a statutory right to take a reasonable amount of unpaid time off work to deal with domestic emergencies affecting their dependants.

Further assistance and next steps

Guidelines are being updated rapidly and, as with all other businesses, data centre providers should actively follow and act in response to up-to-date governmental advice.

As the situation develops, please do contact us if we can assist with any of the topics set out in this FAQ.