Protecting digital infrastructure investments abroad: treaty considerations for Australian investors

From hyperscale data centres and fibre-optic cable systems to edge computing and cloud storage platforms, Australian institutional and private capital is increasingly shaping the global expansion of digital infrastructure. These investments are not only foundational to national economies and critical to global digital transformation - they are also becoming more vulnerable to sovereign risk.

As governments around the world begin to categorise digital infrastructure as strategic, investors are facing heightened regulatory, legal, and political scrutiny. For Australian investors in overseas digital infrastructure, understanding how to structure investments to benefit from treaty protections is now a vital component of both project planning and long-term asset preservation.

Amid the artificial intelligence (AI) boom, the need for investments in digital infrastructure will likely only increase and by staggering numbers. Some researchers estimate that by 2030, data centres worldwide will require almost US$7 trillion in capital expenditure to keep up with the demand of computer power, and most of that capital will be destined to data centres equipped to handle AI processing loads.

As noted by the International Energy Agency (IEA), these facilities require immense energy inputs. Reportedly, US data centres are already consuming over 4% of national electricity - a figure expected to triple by 2028. To meet sustainability goals, tech giants like Meta, Amazon, and Microsoft are securing long-term nuclear energy agreements, while startups like Oklo and TerraPower are developing small modular reactors to power AI-driven data centres. At the same time, governments are responding with incentives for renewable energy investments to power the expanding digital infrastructure needs but as history tells us, such incentives are vulnerable to political and regulatory shifts.

In this evolving environment, foreign investment protections under bilateral investment treaties (BITs) and free trade agreements (FTAs) are gaining new relevance. These instruments offer foreign investors a form of legal risk management - providing enforceable rights against unfair or discriminatory treatment, protection from expropriation, and access to international arbitration.

Sovereign risk in the digital age

Digital infrastructure assets are uniquely exposed to non-physical sovereign risks. These often arise not from direct seizure or nationalisation, but from incremental shifts in regulation, policy and enforcement that can alter the viability of a project or deprive it of its commercial value. This is due to the particular nature of assets related to digital infrastructure, which include not only traditional assets such as data centres (physical infrastructure which stores organisations' critical applications and data), but also 'data' itself (collections of useful information to be processed and analysed) and 'dataflows' (movement of data between data centres whether locally or across borders).

One of the clearest examples of non-physical sovereign risk is the growing use of data localisation requirements. In India - a market of considerable interest to Australian investors - regulators have mandated that all payment-related data be stored locally. This has compelled foreign payment processors and cloud providers to reconfigure their operations at significant cost. A broader framework for personal data localisation is now under review, and investors in India's data centre space must increasingly navigate this risk as part of long-term planning.

Similarly, in Indonesia, which is emerging as a regional digital services hub, evolving data regulations have created uncertainty around cross-border storage and access. Here, the absence of a harmonised digital regulatory framework, combined with discretionary permitting processes and sectoral foreign ownership restrictions, presents a volatile mix of legal and administrative risk. For infrastructure investors reliant on data centre licensing approvals, power allocation or zoning approvals, this environment presents a material challenge.

Sovereign risk can also manifest through security-driven regulation. Telecommunications operators and data centre operators may be required to grant access to data to security agencies. For foreign-owned operators, the compliance burden would not only be financially onerous but also incompatible with international privacy legislation.

Elsewhere, state control can take a different form - less through explicit restriction than regulatory favouritism towards national champions. Foreign data centre operators may be required to operate via joint ventures, while domestic players benefit from more flexible licensing and procurement arrangements. Foreign data centre operators may also be required to employ local executives and limit access by foreign personnel to data centres. This can result in systematic competitive disadvantages and compliance burdens, which - under some treaties - may amount to a breach of national treatment or most-favoured-nation obligations.

Even in developed markets, sovereign risk can emerge in less obvious ways. In the Netherlands, a proposed hyperscale data centre faced local opposition in relation to environment protection and network resilience concerns regarding data centre energy and water use. Although the project was successfully restructured, the initial permit revocation and public resistance underscored how political shifts, even in stable jurisdictions, can disrupt commercial certainty. Similarly, in the United States, national security review processes (e.g. CFIUS) have become more prominent, scrutinising foreign participation in data centres or fibre networks deemed critical infrastructure.

Then there is the financial dimension. In Argentina, for example, capital controls have periodically prevented foreign investors from repatriating profits or converting local currency - a scenario that, while not limited to digital infrastructure, illustrates the kind of macroeconomic sovereign risk that can affect long-horizon infrastructure investments.

Australia's treaty frameworks

Application to digital investments

Australia is a party to a network of BITs and FTAs. Many of these treaties include broad definitions of 'investment' that cover a range of tangible and intangible property rights associated with digital infrastructure. These may include physical assets, government-issued licenses, IP rights (which some IP chapters of FTAs also define to include data rights) and shares in local companies, even where the assets are embedded in joint ventures or complex ownership chains.

However, many of these investment treaties also require investments to be made 'in the territory' of the host State to be considered 'protected' investments under the treaty. In addition, protected investments may require an economic contribution to the host State (along with a certain duration and an element of risk). Complying with these requirements may prove challenging in cases of digital businesses that have not made direct economic contributions to the host State but nevertheless operate with data located in or flowing from/to that State.

Due to the novel nature of digital investments, the treatment of cross-border dataflows as protected investments is yet to be tested. Certain analogies can be drawn from other sectors - for example, some tribunals have considered financial instruments as investments even when the funds involved are not physically transferred to the territory of the beneficiary but are put at its disposal elsewhere (e.g. Fedax v Venezuela, Decision on Jurisdiction, 11 July 1997). However, other tribunals have taken a restrictive approach in cases of physical businesses that operate in State A but do business in or are affected by measures of State B, ruling that only investments made in the territory of another State (i.e. State B) constitute foreign investments that benefit from treaty protections (e.g. Canadian Cattlemen v United States, Award on Jurisdiction, 28 January 2008; and Bayview v Mexico, Award, 19 June 2007).

The uncertainty as to how tribunals may interpret the protection of digital infrastructure investments makes it even more important to legally and physically structure investments in a way that not only grants access to an investment treaty but that also favours their consideration as a protected investments under such treaty.

Substantive protections

The standards of protection available to Australian investors are commonly comprised of a range of guarantees, including:

• protection against direct and indirect expropriation;
  
• assurance that the investor will not be treated less favourably than local investors or other foreign investors in like circumstances;
  
• the obligation to accord fair and equitable treatment and protect the investor's legitimate expectations about the regulatory framework or any representations made at the time of the investment; and
  
• the guarantee that profits, dividends, capital and sale proceeds can be repatriated without arbitrary restrictions.

These protections can prove to be critically important, especially in capital-intensive digital infrastructure projects where returns are expected over long horizons. For example, foreign ownership limitations or restrictions on foreign technology in network infrastructure may give rise to a breach of an applicable investment treaty.

Similarly, an investor may have a claim:

• where an investment was launched under one set of data or telecoms regulations, but subsequent changes undermine its commercial viability; or
  
• where local providers of telecoms or data centre services benefit from preferential licensing or procurement terms compared to foreign investors.

Perhaps the most critical feature of investment treaties is that they may allow qualifying investors to enforce their protections by arbitration against the host state, which avoids the need to litigate before domestic courts. Where treaty protections are breached, the investor may be able to claim compensation for current and future economic loss caused by the breach. However, the availability of investor-state dispute settlement (ISDS) varies across Australia's treaty network. While some newer agreements - such as the Australia-UK FTA - exclude ISDS, many others retain it, including Australia's treaties with Singapore, Korea, Hong Kong and ASEAN partners.

The importance of treaty planning for Australian Investors

Australian investors are active across many jurisdictions. Whether via private equity funds, superannuation funds, or dedicated infrastructure vehicles, Australian capital is supporting digital infrastructure in India, Indonesia, Brazil, the United States and across the Gulf. In some of these markets, Australia's own treaty network is limited or lacks binding ISDS mechanisms.

In such cases, treaty protections can still be secured - but only through careful investment structuring. A common approach involves routing investments through an intermediate holding company incorporated in a treaty-friendly jurisdiction such as the Netherlands, the United Kingdom or Singapore. These countries have broad treaty coverage and are recognised by arbitral tribunals as offering an effective option for corporate nationality acquired for the purposes of treaty protection.

Given the differences between treaty regimes, understanding the criteria for and scope of protection available under various treaties is crucial when considering treaty-related structuring. For example, under some investment treaties, the investor must show not only formal ownership of the investment but also substantial control or a meaningful economic interest in the underlying asset. Passive, portfolio-style interests may not qualify for protection. This is particularly relevant to private equity investors, who often operate through layered fund structures and co-investment platforms.

Further, many treaties only apply to investments that are 'admitted' or 'approved' under host state laws. This means that Australian investors must ensure proper registration, licensing, and - where applicable - compliance with foreign investment rules. This procedural requirement is often overlooked but can be fatal to treaty claims.

The risk profile of digital infrastructure is changing. Where once concerns centred on latency, uptime and capex, investors must now factor in data sovereignty, regulatory nationalism and political volatility. For Australian investors deploying capital abroad, these developments demand a more rigorous approach to legal risk management.

Investment treaties offer one of the few legally enforceable safeguards available. But they are not automatic - and they cannot be added after the fact. Securing protection requires advance planning, careful structuring and ongoing compliance. For Australian funds operating in strategic digital sectors, integrating treaty analysis into the investment process is not just prudent - it is essential.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Lawyers Weekly Law firm of the year 2021	Employer of Choice for Gender Equality (WGEA)