--- title: "The compliance challenge inside AI infrastructure" id: "69618" type: "cpt_resources" slug: "the-compliance-challenge-inside-ai-infrastructure" published_at: "2026-03-10T15:39:47+00:00" modified_at: "2026-04-27T16:34:00+00:00" url: "https://www.enhesa.com/resources/article/the-compliance-challenge-inside-ai-infrastructure/" markdown_url: "https://www.enhesa.com/resources/article/the-compliance-challenge-inside-ai-infrastructure.md" excerpt: "Why EHS leaders at AI frontier companies need to pay attention to regulatory obligations in different jurisdictions." taxonomy_language: - "English" taxonomy_resources_type: - "Article" taxonomy_resources_topic: - "Artificial Intelligence" taxonomy_resources_industry: - "Big-tech" taxonomy_resources_region: - "Europe" - "North America" taxonomy_resources_category: - "EHS Intelligence" --- # The compliance challenge inside AI infrastructure As frontier AI companies race to build global infrastructure at unprecedented speed, **a regulatory debt is quietly accumulating**. Here is what EHS leaders need to understand and act on before it impacts growth. Alex Sadovsky, Chief AI Officer, Enhesa | With contributions from Enhesa’s EHS Intelligence team [Back to overview](https://www.enhesa.com/resources/) [https://twitter.com/share?url=http://https%3A%2F%2Fwww.enhesa.com%2Fresources%2Farticle%2Fthe-compliance-challenge-inside-ai-infrastructure%2F](https://twitter.com/share?url=http://https%3A%2F%2Fwww.enhesa.com%2Fresources%2Farticle%2Fthe-compliance-challenge-inside-ai-infrastructure%2F) [https://www.linkedin.com/shareArticle?mini=true&url=http://https%3A%2F%2Fwww.enhesa.com%2Fresources%2Farticle%2Fthe-compliance-challenge-inside-ai-infrastructure%2F](https://www.linkedin.com/shareArticle?mini=true&url=http://https%3A%2F%2Fwww.enhesa.com%2Fresources%2Farticle%2Fthe-compliance-challenge-inside-ai-infrastructure%2F) by Alex Sadovsky Chief AI Officer, Enhesa Published on 10 March 2026 ### Quick Summary - Frontier AI companies are building data centers at breakneck speed across dozens of jurisdictions, and the regulatory obligations around battery storage, chemical management, and construction safety are changing faster than most EHS teams can track. - Recent thermal incidents at large-scale battery storage facilities show what happens when compliance intelligence lags behind infrastructure growth — and the same risk now applies directly to AI data center projects worldwide. - EHS leaders at AI companies need jurisdiction-specific, continuously updated regulatory intelligence embedded in project governance from day one, not patched in after an incident or inspection forces the issue. In the past eighteen months, large-scale battery storage facilities across the United States have experienced a series of thermal events serious enough to trigger emergency evacuations, regulatory investigations, and urgent revision of fire codes at both state and federal level. These events occurred at modern, professionally managed installations of exactly the type now central to every major AI data centre project in the country. The regulatory frameworks governing large-scale battery storage had been in active development for years. The obligations were documented. **What was missing, in most cases, was a live, jurisdiction-specific view of how those obligations applied and when.** For EHS leaders at frontier AI companies, this is the operational reality of building infrastructure at a speed and scale the global regulatory environment was not designed to anticipate. 0% Growth in global regulatory requirements since 2021 0+ New regulatory announcements tracked by Enhesa annually 0+ Jurisdictions covered across Enhesa’s intelligence platform 0M+ Individual requirements in Enhesa’s global database ## A compliance challenge unlike any other Global data center electricity consumption is projected to approach 945 TWh by 2026, roughly double 2022 levels. Hyperscalers and frontier AI labs are committing hundreds of billions to new facility construction across multiple continents simultaneously. What receives far less attention is the regulatory surface area this creates. **Each new data center triggers layered EHS obligations spanning the full project lifecycle**, from site selection and environmental permitting through construction, operations, and decommissioning. These obligations apply at federal, state, provincial, and municipal levels, vary materially between jurisdictions, and**many of the most relevant frameworks — battery storage regulation, chemical management for cooling systems, AI-specific infrastructure requirements — are in active revision.** The practical challenge is not identifying the rules in any single location. It is maintaining a current, actionable picture across fifteen or twenty jurisdictions simultaneously, knowing when regulations change before an obligation is breached, not after. ## Battery energy storage: The regulation that caught up fast Large-scale AI data centers depend on battery energy storage systems (BESS) for uninterruptible power and grid resilience. As installations have grown (some now exceeding 100 MWh),they have attracted **accelerating regulatory attention**. In August 2025, the new EU Batteries Regulation fully replaced the previous Batteries Directive and introduced stricter requirements for industrial batteries used in energy storage systems. This includes tighter safety measures for stationary BESS and the obligation of all industrial batteries above certain capacity to be accompanied by a battery passport including, among others, carbon footprint information. Also in August 2025, the US EPA published its first federal guidance addressing the full BESS lifecycle. This followed the Monterey event and a broader pattern of thermal incidents that had already prompted New York’s Inter-Agency Fire Safety Working Group to produce revised fire code recommendations. In Australia, Queensland moved large-scale BESS applications to state-level determination — part of a global trend toward more stringent oversight. **NFPA 855 and UL 9540/9540A standards remain in active revision** and increasingly underpin local permitting requirements worldwide. ## What this means for your team **BESS installation that was compliant under last year’s guidance may require redesign**, additional environmental monitoring, or revised incident reporting procedures under regulations that took effect this year. If your regulatory intelligence is not updated continuously and mapped to your specific facility locations, **you will not know until an incident or inspection makes it unavoidable**. ## Chemical management: Complexity hidden in plain sight AI data center operations involve **a wider range of regulated substances than most people outside EHS appreciate**. Cooling systems use refrigerants subject to phase-down schedules under the EU F-Gas Regulation and the US AIM Act. Fire suppression systems involve chemical agents with jurisdiction-specific handling, recovery and destruction requirements. Battery systems involve lithium compounds and materials within hazardous substance frameworks in virtually every operating jurisdiction. The EU’s REACH regulation and the new EU Battery regulation continue generating new restrictions relevant to cooling and battery management. China’s updated chemical registration requirements have introduced advance registration obligations affecting global supply chains. In the US, the EPA’s TSCA program continues expanding its risk evaluation scope. On top of chemical substance restrictions, most countries set strict safety requirements to installations handling large amounts of chemicals. Storage quantity thresholds can trigger PSM requirements under OSHA, COMAH regulations in the UK, or Seveso III obligations in the EU — and **these thresholds can be crossed incrementally as facility capacity scales.** ## Construction safety and energy performance across a multi-jurisdiction build program Frontier AI companies are running simultaneous construction programs across dozens of jurisdictions. **Construction accounts for approximately 17% of all fatal workplace accidents globally** (ILO), and regulatory frameworks are as varied as the jurisdictions themselves. In the United States, sub-federal complexity warrants particular attention. Companies headquartered or operating in California face a layered set of city and county-level requirements — in San Francisco, for instance — that sit on top of state obligations and are not consistently captured in federal or state-level compliance reviews. For AI companies with heavy California footprints, this is **a gap with direct operational exposure**. For example, the Assembly Bill 1577, or the Data Center Accountability Act, was just proposed in California. This Bill would require California data centers to disclose their energy use to the California Energy Commission, following the same standards used by the European Union. The regulators are seeking more transparency regarding the energy consumption of datacenters to inform its future policy decisions. Another proposed Bill 6394 and Assembly Bill 9086 in New York are specifically asking those seeking to operate new data centers in New York to disclose their annual carbon dioxide emissions, waste heat emission, renewable energy use at least 180 days before the commencement of the construction. These datacenters built would also be required to meet data‑center energy‑efficiency goals adopted by New York Public Service Commission. In the EU, the new Energy Efficiency Directive (EED) sets out energy‑efficiency requirements for data centres. Facilities that exceed certain power‑capacity thresholds must make use of waste heat (or other heat‑recovery applications), and larger data centres are required to report defined operational information and energy‑performance indicators to the European database on data centres on an annual basis. In the UK, the Building Safety Act 2022 has introduced new principal designer and principal contractor duty-holder requirements with direct application to major construction projects. In Ireland, revised Safety, Health and Welfare at Work (Construction) Regulations have updated project supervisor obligations and site safety documentation requirements. Across the EU, implementation of the Temporary or Mobile Construction Sites Directive continues to evolve at member state level, with varying interpretations of supervisor obligations and competency standards. The risk of regulatory gaps is directly proportional to the number of active jurisdictions. The organizations managing it well have EHS and legal teams who built regulatory intelligence into project governance from mobilization, not added it retrospectively after an incident. ## The AI Act: A framework still taking shape Layered on top is AI-specific regulation with direct infrastructure implications. The EU AI Act’s obligations for high-risk AI systems — including those used in critical digital infrastructure —**reach full applicability in August 2026**, with additional implementing acts expected throughout the intervening period. The EU AI Act also establishes obligations for companies using AI systems at the workplace, such as the obligation to ensure that employees using such systems on their behalf have a sufficient level of AI literacy; and a ban on the use of AI systems to infer emotions of workers (except for strictly medical and safety reasons). For EHS and legal teams, this creates a new intelligence requirement: tracking the intersection of AI governance regulation and infrastructure operations. That intersection will develop unevenly across jurisdictions, and the organizations best positioned are those already **treating regulatory intelligence as a strategic function**. ## What intelligence-led compliance looks like in practice At Enhesa, our team of 160+ legal and regulatory experts supported by a dedicated team of 20+ in-house AI specialists monitors more than 15,000 regulatory announcements annually across 400+ jurisdictions in 40+ languages, from 4,000+ source formats. **The volume of regulatory change relevant to global EHS operations has grown by 42% since 2021**. No internal team, however talented, can maintain that coverage manually. What separates organizations that manage this well from those that do not is rarely the quality of their EHS professionals.**It is the quality of the intelligence infrastructure that those professionals are working with.** The distinction matters because regulatory intelligence is not just about knowing what the rules are today. It is about knowing what they will be in six months and having that foresight embedded in your project governance, your procurement decisions, and your facility design process before obligations crystallize into gaps. ## Enhesa's approach: Expert-led, AI enhanced Our platform combines purpose-built AI — trained on 30+ years of proprietary regulatory data with expert human oversight. Our **‘experts in control’** governance model means that AI accelerates the analysis; qualified legal and regulatory professionals verify and contextualize every requirement before it reaches your team. Organizations using Enhesa report **saving up to 60% of the time previously spent on regulatory research** time that can be reinvested in the higher-order compliance decisions that actually require human judgement. ## Enhesa is trusted by half of the Fortune Global 500 as their global compliance partner Why 5,000+ corporations choose Enhesa as their trusted global compliance partner Understanding all chemicals used in a new process is really important because we don’t want to… start using something that may not be regulated right now but is just as bad as what it is replacing. Chemistry Manager [Read the case study](https://www.enhesa.com/resources/success-stories/nike-innovates-safer-products-through-improved-rd-processes/) We rely on Enhesa to keep us up to date on regulatory compliance changes in real time. These updates from Enhesa automatically go into the Velocity system, streamlining the regulatory process. So, when we do our audits, we are confident our protocols are current, even with all the changes that are going on. Head of Health Management & EHS [Read the case study](https://www.enhesa.com/resources/success-stories/growing-a-strong-safety-compliance-program-with-siemens-usa/) Angelini Pharma takes pride in ensuring it meets the health, safety and environmental standards in every location and Catia Testa, EHS International Manager at Angelini Pharma, sought a partner that had a complete understanding of the different regulatory environments. International EHS Manager [Read the case study](https://www.enhesa.com/resources/success-stories/why-angelini-pharma-chose-enhesa-to-stay-fully-compliant-during-rapid-growth/) ## The questions EHS leaders at AI companies should be asking now Based on our work with global enterprises managing complex, multi-jurisdiction EHS programs including technology companies with infrastructure footprints comparable to those now being built by frontier AI labs, there are five questions that tend to separate proactive compliance programs from reactive ones: - **Do we have a current, jurisdiction-specific view of BESS regulatory requirements for every site where we are building or operating**, including sub-federal and municipal levels? Have we mapped our chemical inventory at each facility against threshold quantities for PSM, COMAH, and Seveso-equivalent obligations in the relevant jurisdiction — and do we have a process to re-check as operational capacity scales? - **Is regulatory intelligence embedded in our construction project governance from mobilization**, or are we reviewing compliance obligations after site establishment? - **Do we have a process for tracking how AI-specific regulatory frameworks** — the EU AI Act, emerging national AI governance rules — intersect with our infrastructure operations obligations? - **Can we demonstrate to regulators, insurers, and our own board that our regulatory intelligence is current, comprehensive, and independently verified** — rather than best-efforts internal research? ##### If the answer to any of these is uncertain, the regulatory environment of the next 24 months will make that uncertainty expensive. # Alex Sadovsky Alex Sadovsky is Chief AI Officer at Enhesa, leading the development of the company’s purpose-built AI platform which supports regulatory intelligence operations across 400+ jurisdictions. Enhesa’s EHS Intelligence team comprises 160+ legal and regulatory experts operating across more than 30 languages, providing standardized, expert-verified compliance intelligence to more than a third of the Fortune 100 and Nasdaq 100. ## An army of experts, backed by AI Enhesa provides standardized regulatory intelligence across 400+ jurisdictions, covering EHS, product and chemicals compliance obligations across the full facility lifecycle. To understand your current EHS regulatory exposure across your AI infrastructure portfolio, speak to one of our specialists or request a regulatory assessment at enhesa.com. [Schedule a call](https://www.enhesa.com/schedule-a-call/)