Managing EHS responsibility at co-location datacenters

How to ensure your EHS compliance is covered in a shared space.


by Elaine Ye

What happens to EHS responsibility when you’re sharing the space with another employer? Datacenter co-location is the practice of leasing datacenter space, including storage, networking, and computing resources, from a third-party provider. It has emerged as a popular solution for businesses and organizations seeking a reliable and cost-effective way to manage their digital infrastructure. However, it’s not always easy for employers to manage environmental health and safety (EHS) responsibility at co-location datacenters.

What is a co-location datacenter?

There are two common types of co-location datacenters: retail and wholesale. Retail co-location involves renting racks within the datacenter. Wholesale co-location is renting the entire datacenter. In both cases, the servers and equipment are the responsibility of the company renting the space. However, the facility is managed by a third party. In some cases, companies may send their own employees to co-location sites to carry out specialized tasks, such as security management.

Two of the main reasons for choosing co-location are cost savings and advantageous scalability. Building and maintaining a datacenter is expensive. By leasing space from a co-location provider, companies can avoid the upfront costs of building their own datacenter. Co-location also offers scalability, as businesses can easily expand their storage, networking, and computing resources as their needs grow. However, it also brings challenges, including in managing EHS responsibility at co-location datacenters.

Regulating employer EHS responsibility at co-location datacenters

At a co-location datacenter, multiple employers share the space. They therefore also share the responsibility for managing EHS issues. This situation can mean lack of clarity about who is responsible for particular issues. Employers may even be subject to liabilities of which they are unaware. To provide more clarity, some regulators have provided guidance on how employers in co-location datacenters should cooperate and work together to maintain a safe and healthy workplace.

For example, in the UK, Regulation 11 of the Management of Health and Safety at Work Regulations 1999 stipulates that employers: “shall cooperate with the other employers concerned so far as is necessary to enable them to comply with the requirements”. This essentially lays the burden on employers to work out the best way to communicate and coordinate on health and safety risk management. It does not set out a rigid framework.

In practice, co-location employers have to communicate and share information on any health and safety risks present on the premises or in activities carried out by employees, onsite contractors and employees of other site users. Employers also need to identify any overlapping activities or interrelated risks during day-to-day operations. They must develop a coordinating plan to avoid creating potential hazards. Employers may have to coordinate safety and emergency response training and make training and information available to all employees on site, including those employed by other companies or organizations.

The multi-employer doctrine for EHS responsibility at co-location datacenters

Some regulatory agencies tried to provide more clarity on responsibilities to help employers to understand their accountability and EHS responsibility at co-location datacenters. The U.S. Occupational Safety and Health Administration (OSHA) set forth the multi-employer doctrine. This doctrine was originally developed to cater for safety management issues at multi-employer construction sites. However, it has been practically applied across all industry sectors, including co-location datacenters. Under the doctrine, employers can be cited for hazardous conditions within their control, even if that employer did not directly create the hazard or expose its employees to the hazard.

The OSHA doctrine assigns responsibilities to four different types of employers at co-location sites. These four types of employers are citable for OSHA violations for hazards incurred onsite:

  1. Controlling employers: Controlling employers have overall responsibility for the worksite. They are required to ensure that all work is performed safely. This control can be established by contractual agreement or by the exercise of control in practice in the absence of explicit agreement. The controlling employer needs to ensure that all other employers on the worksite are complying with OSHA regulations, and that hazards are identified and addressed in a timely manner.
  2. Hazard-creating employers: These employers create a hazard on the worksite, for example, by operating equipment that emits air contaminants above the permissible exposure limits. A hazard-creating employer has a duty to implement measures to ensure that the hazard they create is eliminated or controlled. They must also notify the controlling employer about the hazard and the steps being taken to address it.
  3. Exposing employers: These employers have employees who are exposed to a hazard. When a citable hazard is created by another employer, an exposing employer is also citable if it 1) knew of the hazardous condition, and 2) failed to take steps consistent with its authority to protect its employees. An example of a potential exposing employer might be an employer of security personnel working onsite at a co-location datacenter.
  4. Hazard-correcting employers: These employers are responsible for correcting a hazard on the worksite, even if they have not created it. They include those who manage the installation and maintenance of particular health and safety equipment. For example, an employer might be contracted to erect and maintain fall prevention equipment such as guardrails. If the guardrails are damaged during work by another company in the area, the company contracted to maintain them is the hazard-correcting employer. They are responsible for correcting the hazard in a timely manner and notifying the controlling employer of the corrective steps being taken.

Learning from regulation about EHS responsibility at co-location datacenters

UK and US regulators therefore take a different approach to defining the scope of multi-employer EHS responsibility at co-location datacenters. However, their different regulation and enforcement practices highlight some important lessons for co-location employers.

First, it is important to collaborate with other employers to develop a risk management system and prevent and mitigate hazards present within datacenters. Secondly, employers need to review their role in the operation (e.g., whether they tend to be hazard-creating or exposing employers) to help determine their scope of responsibility. Third, it is important to clarify each employer’s EHS responsibility in writing, such as through a co-occupancy agreement. This will ensure a clear understanding among all parties. Last but not least, employers need effective communication mechanisms between them to ensure they are all informed of potential hazards and that all employees onsite are properly trained to prevent hazardous conditions.

Subscribe to stay on top of emerging EHS issues with our latest resources

Sign up to receive updates on what’s happening in environmental, health and safety regulations – and what to do about it, including: today’s risks and safeguarding against them, changing regulatory developments and your requirements, trends to get ahead of in your program…