Why Data Centre Physical Security Matters Now

On 12 September 2024, the UK government formally designated data centres as Critical National Infrastructure (CNI), placing them in the same protected category as energy, water and emergency services. It was the first new CNI designation since space and defence in 2015, and it changes the conversation around physical security for every operator, designer and main contractor working on a UK data centre project.

The designation arrived alongside a wave of investment that has fundamentally reshaped the sector. Blackstone has committed £10 billion to a hyperscale AI campus at Blyth, AWS has pledged £8 billion through 2028, Microsoft £2.5 billion, Google £1 billion at Waltham Cross and DC01UK £3.75 billion in Hertfordshire. The UK now hosts more than 500 data centres, with around 80 percent of national stock concentrated in the London region and clusters expanding across Slough, Hertfordshire, Manchester, Cardiff, Edinburgh and Cambois.

This combination of CNI status, hyperscale AI infrastructure and an active threat landscape (from organised intrusion and ram-raid through to ideologically motivated activism and hostile reconnaissance) has made data centre physical security a board-level concern. Specifiers are now expected to demonstrate layered protection that meets NPSA guidance, Uptime Institute Tier III to Tier IV expectations, ISO 27001 Annex A.11 physical controls and EN 50600-2-5, all backed by independently certified products with traceable documentation under the Building Safety Act's Golden Thread.

The UK Data Centre Threat Model

UK data centre security planning works to NPSA's "Deter, Detect, Delay" framework, supported by the "Barriers, Access control, Detect" model for the building envelope. Premier's products sit firmly in the Barriers and Delay layers, where independently certified resistance to forced entry, ballistic attack, blast and fire is what slows or stops an adversary long enough for detection and response to take effect.

A modern UK data centre brief typically addresses five overlapping threat categories:

Forced entry and intruder attack

Theft of high-value hardware, sabotage, insider-assisted breach and opportunistic intrusion. Mitigated by LPS 1175 rated doors, windows, glazing, louvres, security curtain walling, gates and grilles, with ratings typically running from B3 (SR2) at the perimeter line through to E10 (SR5) at sensitive internal compartments.

Vehicle-borne attack

Vehicle-as-a-weapon, ram-raid and vehicle-borne improvised explosive device (VBIED) scenarios. Mitigated by PAS 68 and IWA 14-1 rated hostile vehicle mitigation including HVM bollards, sliding security gates, road blockers, PIPS HVM and crash-rated curtain walling at building entries and vehicle interfaces.

Ballistic attack

Targeted attack on personnel, control rooms, meet-me rooms and high-value plant. Mitigated by EN 1522 and EN 1523 rated ballistic doors and windows from FB1 to FB7, supported by EN 1063 BR1 to BR7 ballistic glazing in transaction screens, vision panels and full glazed assemblies.

Blast and explosion

Improvised devices, accidental industrial events (notably lithium-ion battery thermal runaway in UPS and BESS rooms) and proximity terror scenarios. Mitigated by EN 13123-2 and EN 13124-2 rated blast doors, EN 13541 ER1 to ER4 blast glazing and ISO 16933 air-blast classified assemblies, often integrated with the building envelope as blast-rated curtain walling.

Fire and dual-threat scenarios

Battery rooms, UPS and generator halls combine high fire load with security risk. Mitigated by EN 1634-1, EN 16034 and BS 476 Part 22 rated fire doors, with the strongest specifications coming from dual-certified assemblies that hold LPS 1175 forced entry resistance alongside EI 60 to EI 240 fire integrity and insulation ratings in a single tested product.

Standards That Shape Data Centre Specification

Premier products are tested and certified to the standards UK data centre specifiers reference in their NBS specifications and tender packs. The eight standards below cover the majority of building envelope and perimeter requirements on a typical hyperscale or colocation project.

Premier Products Mapped to Data Centre Zones

The table below maps Premier's product range to the zones of a typical UK hyperscale or colocation data centre. Most projects layer two or more threat ratings across the same envelope, which is where Premier's combined-rating manufacturing comes into its own.

Combined Ballistic, Blast, Fire and Forced Entry Protection

Most UK manufacturers specialise in one threat category. Premier is one of the very few that holds independent third-party certification across all four. Our flagship HVM glass curtain walling system, the first glass curtain wall to pass HVM crash testing, combines FB7 ballistic resistance, EXV10 blast resistance, LPS 1175 E10 forced entry resistance and a U-value of 0.5 in a single assembly. The same combined-certification approach runs through our doorsets and glazing.

Combined-rating products are typically specified at:

• Control rooms and meet-me rooms where ballistic and fire ratings are both required
• UPS and battery rooms where blast and fire ratings must be carried by the same door
• External envelope zones where ballistic, blast and LPS 1175 resistance are all in scope
• High-threat reception and visitor screening areas
• Government, defence-adjacent and intelligence-related compute environments

Explore Our Data Centre Security Solutions

Each pillar below covers a specific threat category in depth, with product ratings, application guidance and certification detail.