Deutsche Welle's analysis of the new threat environment facing data center operators frames a shift that the insurance market is already pricing in. AI infrastructure that used to be treated as commercial real estate is now treated as critical national infrastructure. The reclassification happened the day Iranian drones struck three Amazon Web Services facilities in the UAE and Bahrain in March 2026. For the first time in modern conflict, commercial hyperscale data centers became explicit kinetic targets.
The attacks caused service disruptions across banking, payments, and consumer services in the region. Amazon reportedly paid out approximately $150 million in service credit refunds. The strikes did not just hit hardware. They hit the assumption that commercial AI infrastructure could be sited globally without factoring in physical conflict risk. That assumption was load-bearing for the last decade of hyperscaler expansion in geopolitically exposed regions.
Cooling infrastructure is among the most exposed components inside a data center campus. Cooling towers sit outside the secure envelope. Chilled water piping runs across roof decks and equipment yards. Heat rejection equipment cannot be hardened the way the white space can, because by design it has to exchange heat with the outside environment.
The DW framing is that most data center insurance policies explicitly exclude damage from military conflict. That exclusion lands differently on cooling assets than on compute. A hardened concrete white space is expensive to penetrate. A glass-fiber cooling tower is not. An operator that loses cooling capacity at a contested site loses the facility regardless of what survives in the server hall. The thermal flank is the kinetic flank, and the people designing reinforced perimeters now have to think about cooling redundancy as a security investment, not just a reliability one.
Hyperscalers had spent the last five years pursuing Gulf state expansion aggressively because power was cheap, land was abundant, and host governments were welcoming. The Iranian drone strikes broke that thesis in a single quarter. AWS facilities across the region are being reassessed. Future capacity decisions are explicitly factoring in proximity to active conflict zones.
The cooling implications track the geography. MENA region buildouts assumed water and power availability that may now be moot because the underlying site decisions are reversing. Markets that were sidelined as too cold, too remote, or too expensive on a power basis are getting a second look. The cooling vendor base has to recalibrate for facilities being sited in geographies that two years ago were marginal candidates.
DW's reporting pairs the kinetic threat with the cyber threat. The same survey data showing 94% of organizations identify AI as the dominant cybersecurity driver also shows 66% have modified their cybersecurity strategy specifically because of geopolitical instability. The attack surfaces have expanded. Building management systems, cooling controls, and HVAC integration points are now in the threat model alongside servers.
Cooling control systems running over OT networks were designed assuming physical access controls would deter adversaries. That assumption breaks once nation-state actors are in the threat model. A compromised cooling controller can take a data center offline as effectively as a compromised hypervisor. The reliability bar on cooling automation just got raised, and the vendors that ship hardened, air-gapped, or properly segmented control architectures are going to have an advantage in procurement that did not exist 18 months ago.
The cooling industry has not yet absorbed the implications. Most thermal architecture decisions today still assume the site exists in a low-physical-threat environment. The DW framing argues that assumption is no longer defensible for facilities serving AI workloads in any region where conflict probabilities are non-trivial. That includes the MENA region, parts of Eastern Europe, and arguably the entire Indo-Pacific.
Operators making thermal architecture decisions today are committing equipment that will be running through 2035 or longer. The geopolitical environment that equipment will operate in over that horizon is materially more contested than the environment that was assumed when the design package was specified. The cooling industry has to start pricing that into roadmap decisions now, because the lead times to redesign for a different threat model are measured in years, not quarters.