Banks have to comply with tough regulations on data security. And that affects how they procure the buildings

Data centre procurement hit the headlines recently because regulators imposed multimillion-pound fines on several high-street banks for failing to maintain adequate data storage and security.

Financial institutions are now setting up new data centre procurement programmes in order to comply with increasingly tough regulations.

Quality control and programme tend to be the main drivers when choosing a procurement route. Many clients adopt a two-stage route with a single main contractor.

Any two-stage process has to manage conversion risks, including being “held to ransom” by a high, stage-two lump-sum offer from an incumbent contractor. Although this risk can be mitigated by carefully drafted conversion triggers and termination rights, timing and commercial pressures often outweigh legal rights at this juncture. Contractors will be resistant to suggestions of third parties resolving pricing disagreements. So clients may need to be comfortable with fallback positions if a 100% lump-sum agreement cannot be obtained.

A stage one document will also need to be negotiated (typically known as a “preconstruction services agreement”). Careful drafting will be required to ensure that it tallies with the ultimate form of main contract and any supply agreements for items that have to be ordered early.

Typically, data centre programmes involve ordering large and expensive items, such as chillers and generators, before the main contract is signed. This raises legal issues including:

  • Transfer of orders to the contractor - questions arise regarding the timing and terms of any novation
  • Responsibility for storage and insurance of off-site items - construction is likely to involve extensive off-site prefabrication
  • Retention of title issues (particularly on insolvency) regarding equipment and materials, for example securing valuable components such as copper busbars. Vesting certificates are unlikely to resolve the risks and clients may require off-site materials bonds for higher value items.

Specialist packages such as chillers, generators, security and acoustic control are likely to be considered critical by the client, who may seek approval/control rights over selection.

Main contractors may have preferred solutions within their own supply chain, however, and may seek to reduce their liability if the client insists on a different company.

In our experience, it is sensible for a client to have “step in” rights in respect of important subcontract packages/supply agreements so it can take over in the event of a main contractor insolvency.

Most main contractors will seek to negotiate financial caps on liability and to exclude certain types of financial loss that may arise as a result of defects causing the data centre to malfunction or close. This is market practice in this sector as potential losses can dwarf other types of building use. The parties should ensure the drafting is precise and exclusions are subject to the usual “carve-outs” that the main contractor could fairly be expected to bear. Contractors may also insist on shorter warranty periods for certain equipment.

On most office or retail schemes, practical completion (at its most basic) is based on the judgment of the architect or engineer after a physical inspection of the works.

This approach is unlikely to be sufficient for a data centre, however. The use of advanced technology means a comprehensive milestone and testing regime will be required.

Some clients may wish to be able to terminate the building contract should a key subcontractor or supplier become insolvent before practical completion. This would be highly unusual in, say, an office project but may arise where lead-in times for replacing key items or equipment could jeopardise the whole project.

Banks and financial institutions clearly have increasing duties to maintain and protect financial data and customer information. The procurement route and construction documents for new data centres need to reflect the inherent differences in such projects as well as the client’s approach to construction risks.

David Metzger is a partner and Marianne Toghill is a director in the construction group at Clifford Chance in London