From Power Procurement to Power Security

PPAs are necessary but not sufficient; 2026 underwriting needs layered power risk management

Why Power Risk is Now a Core Data Centre Risk

For many years, large electricity users, including data centres and industrial sites, relied on long-term Power Purchase Agreements (PPAs) to manage power risk.

The logic was simple: secure a long-term price, reduce exposure to volatile wholesale markets, and support the financing of new generation.

But projects today face a widening set of power-related uncertainties: delayed grid connections, congestion that limits deliverability, curtailment during peak hours, tightening capacity margins, and growing political scrutiny over who pays for system upgrades. These risks increasingly determine whether a data-centre project can be financed, permitted, built, and operated as planned.

 What has changed is not just the cost of electricity, but the reliability of access to it. Power can be contracted and still arrive late. It can be paid for and still be curtailed. It can be cheap on paper and expensive at the point of use.

This shift marks a structural change in how power risk should be understood.

Mitigating Risks: Hyperscalers Are Moving Upstream To Secure Power

As power systems become more constrained, large AI developers are changing how they secure electricity.

Instead of relying only on PPAs, hyperscalers are increasingly taking control of power supply itself. The goal is straightforward: reduce uncertainty around delivery, timing, and availability.

This shift reflects a simple insight. In tight power systems, being a passive buyer is risky. Owning or controlling supply gives developers more certainty than contracts alone.

For example:

• Alphabet: Intersect Power acquisition: Alphabet agreed to buy Intersect Power (developer of renewables and co-located energy solutions) to secure deliverable energy for data-centre scale growth. (reported coverage).

• Microsoft: dedicated nuclear supply / restart PPA with Constellation: Microsoft’s 20-year arrangement to secure nuclear generation via the restart / rebrand of Three Mile Island Unit 1 (Crane Clean Energy Center) shows the scale and type of generation projects hyperscalers will lock into to guarantee firm, low-carbon supply.

• Amazon & others: owning/financing large renewable portfolios and project stakes: Amazon has become (and reports being) one of the world’s largest corporate owners/contractors of renewable capacity and finance for new projects, frequently going beyond simple off-take to sponsor or develop projects in system-constrained regions.

These three together illustrate that more formal approaches to power risk management are emerging.

Additional Ways to Mitigate Power Risk

Modern power procurement works best when it starts with a simple question: What can go wrong, and how do we protect against it?

In practice, power risk can be grouped into four clear buckets.

The four power risk buckets

1. Interconnection and timing risk

   Will the project actually connect to the grid, and will it happen on time?

   Delays in permitting, queue backlogs, and unfunded upgrades can leave projects waiting years for power that is already contracted.

   
   

2. Congestion and basis risk

   Will the price paid at the data-centre location match the price used in the contract?

   In congested systems, nodal prices can diverge sharply from hub prices, exposing buyers even when PPAs perform as expected.

   
   

3. Curtailment and congestion management risk

   Can contracted generation deliver power when it is needed?

   Transmission limits, curtailment rules, and system balancing can prevent power from flowing during critical hours.

   
   

4. Adequacy and availability risk

   Will power be available during system stress?

Tight capacity margins, emergency load shedding, and capacity-market exposure all affect whether data centres can operate reliably.

From Risks to Solutions

No single contract or asset addresses all four risks. Instead, developers use different layers, each aimed at a specific failure mode. Some layers reduce timing risk. Others reduce congestion, curtailment, or scarcity exposure.

Importantly:

• Each layer solves one problem well

• Each layer has limits

• The framework only works when layers are combined deliberately

The table below maps common power-strategy layers to the four risk buckets, shows what each layer does and does not hedge, and highlights what must be true for it to work in practice, including where Community-First AI plays a role

So What Now?

Overarching priority: move from “contracting power” to “architecting energy resilience.” Actions below are practical, sequenced, and suitable for an IC/GC checklist.

Core strategic moves:

1. Start with the risks, not with the contracts

   Power procurement should be treated as a risk mitigation exercise, not a contracting exercise. For each site, developers should explicitly different risks they are exposed to elements that may mitigate those risks.

   
   

   The objective is not to minimise headline power price, but to control downside outcomes under stress.

   
   

2. Prioritise deliverability over price certainty

   The critical underwriting question is no longer “what is the contracted price?” but “how many megawatts are deliverable, when, and under which system conditions?”

   
   

   Developers should require explicit disclosure of curtailment risk, congestion exposure, and connection timing in all power contracts and treat these as first-order investment risks rather than operational footnotes.

   
   

3. Build flexibility into the strategy

   Given the pace of change in AI workloads, grid constraints, and policy, flexibility has real option value.

   
   

   Power strategies should include step-in rights, resale and re-routing clauses, modular storage or firming capacity, and the ability to rebalance the stack if assumptions on load growth, carbon rules, or grid access shift faster than expected.

   
   

4. Use flexibility to reduce costs not just risks

   Flexibility assets should not be viewed only as insurance. In many markets, storage, load shifting, and interruptibility can:

   - Generate ancillary service revenues

   - Earn demand-response payments

   - Reduce exposure to peak prices and penalties

   
   

   Developers that actively engage with power markets can offset part of the cost of resilience, while also supporting system stability

   
   

5. Stress-test the risk framework

   Each project should be evaluated across a small set of adverse scenarios: high prices, high congestion, tight carbon constraints, and severe curtailment.

   
   

   The purpose is not model sophistication but clarity: understanding which layer fails first, how much downside is exposed, and whether that exposure is acceptable for the project’s cost of capital.

Conclusion

Power Purchase Agreements remain important, but they mainly manage price and carbon exposure. They do not guarantee that power will be delivered when it is needed. For AI infrastructure, the biggest risks now relate to delivery: getting connected on time, avoiding congestion and curtailment, and securing power during system stress.

As grids tighten, relying on the shared system has become riskier. Power strategies that stop at a PPA leave too much uncertainty with the project.

Leading hyperscalers are responding by treating power as core infrastructure, not a procurement afterthought, and by designing strategies that explicitly manage delivery risk. A credible power strategy now requires a layered power risk framework that addresses interconnection, congestion, curtailment, and availability, and makes clear what fails under stress.

Projects that demonstrate resilience across these risks will attract capital faster and at lower risk premia. Those that do not will face higher costs, longer timelines, and greater uncertainty.

For policymakers, regions that offer timely grid connections, clear locational signals, and workable flexibility rules will be best placed to attract both AI infrastructure and clean-generation investment.

Key References

The Washington Post (2024–2025): U.S. governors push data centers to pay for their own power infrastructure

Utility Dive (2024–2025): PJM capacity auction hits price cap as supply tightens

Federal Energy Regulatory Commission (FERC): PJM capacity market rules and price cap determinations

Alphabet / Google (2024): Alphabet agrees to acquire Intersect Power to secure clean energy for data centers

Intersect Power (2024): Intersect Power clean energy and co-located infrastructure platform

Microsoft & Constellation Energy (2024–2025): Microsoft backs restart of Three Mile Island nuclear plant for AI power needs

Microsoft (2026): Building Community First AI Infrastructure

Amazon (2024–2025): Amazon becomes the world’s largest corporate purchaser of renewable energy

OpenAI (2024): Stargate: Community Framework

Microsoft (2024–2025): Microsoft commitment to community-first data center development

PJM Interconnection (2024–2025): PJM capacity market (Reliability Pricing Model)