"must provide secure and highly available computing infrastructure to enable reliable access to Federal information and information systems." — Office of Management and Budget
FDCEA of 2023 is set to lapse on September 30, 2026
The Federal Data Center Enhancement Act (FDCEA) of 2023, which governs standards for facilities wholly or partially owned, operated, or maintained by federal agencies, will sunset on September 30, 2026. According to reporting in Wired, neither Congress nor the Trump administration appears to be taking steps to extend the law or to put alternate federal legislation in place. The reporting raises the prospect that, absent renewal or replacement, federal datacenter procurement and operations could proceed without the statutory guardrails set out in the FDCEA.
FDCEA provisions that could fall away
The FDCEA enshrines a range of requirements for covered federal facilities. Those include standards for:
- availability and uptime of the facility;
- the use of sustainable energy sources;
- protection against power failure;
- protections against physical intrusion and natural disasters;
- IT security protections.
The Register report warns that if the FDCEA is not renewed or superseded by similar legislation, "federal agencies across the US may cease to follow the requirements and simply act as they see fit when procuring new datacenter infrastructure."
Office of Management and Budget guidance and operational expectations
Implementation guidance issued by the Office of Management and Budget (OMB) under the previous administration provides the operational rationale behind the FDCEA's standards. The OMB guidance states that agency datacenters “must provide secure and highly available computing infrastructure to enable reliable access to Federal information and information systems.”
The guidance notes that needs have evolved since 2014, when the Federal Data Center Consolidation Initiative (FDCCI) was established, and that the FDCCA replaced the FDCCI because the earlier initiative was not renewed. OMB directs agencies to incorporate automated tools into the management of all new facilities, including tools that monitor metrics such as electrical consumption, and it emphasizes that effective operation requires regular monitoring and optimization of resources by operators.
OMB also frames resource constraints as part of the statutory imperative: "the cost, scarcity, and environmental impact of energy and water consumption necessitates that agencies evaluate datacenters against resource consumption metrics and best practices when making their decisions" about new builds. Finally, the guidance insists that facilities "must be able to meet the reliability and resiliency needs of their hosted information and information systems through implementation of the appropriate information security and physical security protections."
Trump administration permitting policy and the EPA position
The broader policy context matters. The Register notes that the Trump administration has prioritized fast-tracking the federal permitting process for datacenters, particularly facilities dedicated to training and developing AI models, and that it "does not look kindly on regulations, especially those relating to environmental protection." Politico reporting echoed that the administration is not inclined to set nationwide environmental requirements or recommendations for the datacenter industry.
Environmental Protection Agency Administrator Lee Zeldin was quoted as saying that, while technologies and practices exist that reduce air pollution and water usage, "individual states and communities know what works best for them." That stance aligns with the administration's emphasis on state and local discretion rather than federal environmental mandates for datacenter construction and operation.
What this means for federal agencies, technologists, and communities
- Federal agencies: With the FDCEA set to lapse, agencies may have less statutory direction when selecting and operating datacenter facilities; OMB guidance remains a reference point but the legal obligations tied to the FDCEA could disappear if not renewed.
- Technologists and security teams: The OMB-directed practices — automated monitoring, electrical-consumption metrics, and mandated physical and information security protections — are at risk of being de-emphasized if statutory requirements lapse, potentially changing procurement specifications for new sites.
- Communities and local governments: Opposition to datacenter construction is growing, driven by concerns about air pollution, water usage, and rising energy costs. A recent survey found more than 70 percent of respondents said that they would be against the construction of an AI datacenter in their neighborhood, an indicator that local resistance could shape projects regardless of federal permissiveness.
Reporters for The Register say they "asked the White House and Congress for comment." The immediate factual takeaway is simple: unless Congress or the administration acts, the FDCEA will expire on September 30, 2026, removing a federal statutory framework that links availability, energy use, resilience, and security in federal datacenter procurement. Whether those priorities survive through other policy instruments, state rules, or agency practice remains an open question.
