The 2023 Federal Data Center Enhancement Act set baseline security, sustainability, and resilience standards for federal agency compute facilities, also called federal datacenters.
The Federal Data Center Enhancement Act of 2023 set the only codified federal standards for security, sustainability, uptime, and physical resilience in the datacenters that run core government services. On September 30, 2026, that law sunsets. As of mid-June, neither the US Congress nor the Trump administration has moved to extend it or put a replacement on the table, according to Wired reporting cited by The Register.
A "federal datacenter," for readers outside the IT beat, is a compute facility wholly or partially owned, operated, or maintained by a federal agency. That covers everything from small server rooms supporting regional agency operations to the large dedicated facilities that host core federal systems, including the systems behind tax processing, veterans' benefits, and disaster response. FDCEA applied to all of them.
The 2023 law consolidated and updated standards that had been scattered across Office of Management and Budget guidance and uneven agency practice. Its five core requirements were availability and uptime, sustainable energy use, power-failure protection, physical-intrusion and natural-disaster protection, and IT security. Before FDCEA, agencies interpreted those requirements inconsistently in procurement. After it, those rules had the force of statute.
A sunset does not erase every standard. Agencies can still follow OMB guidance, and many will. But the regulatory floor disappears, and procurement officers lose a single federal reference point for what "secure and highly available computing infrastructure" is supposed to mean in contracts. The result is agency-by-agency drift: each department reverts to its own interpretation of adequate security, sustainability, power resilience, and physical hardening.
That drift has real downstream consequences. Security protections lose a statutory floor across hundreds of federal sites. Sustainability and energy reporting become voluntary again, complicating any cross-agency accounting of federal compute power consumption, an awkward omission as the government scales up AI-era workloads. Power-failure and physical-intrusion protections lose their codified baseline, leaving individual agencies to weigh cost against resilience case by case.
The Register published its story on Monday, June 15, 2026, pointing to Wired as the source for the no-move claim. That assertion is currently single-sourced, and a congressional schedule check or a CRS write-up would settle whether any reauthorization activity is in fact off the table.
What a modernized successor could rationally address is worth naming, briefly. Federal compute has changed substantially since 2023. AI training and inference workloads have shifted the federal power-consumption profile. Hyperscale cloud contracts have changed what counts as a "federal datacenter." Power-grid interconnection queues now constrain new buildouts in ways the 2023 law did not anticipate. A reauthorization could update security baselines for AI-adjacent workloads, codify sustainability reporting that matches current scale, and clarify whether commercial-cloud tenants of federal data fall under the same standards as on-premises facilities. None of that is in motion. The September 30 sunset is.