Ecosystem: datacenters.pt·centrosdedados.com·centrosdedados.pt
HomeServicesRegulatory Due Diligence

Regulatory Compliance Due Diligence for Investment

Structured five-phase methodology for regulatory assessment of investment projects in the Portuguese data center market. Designed for private equity and infrastructure funds, REITs, hyperscalers and corporate development teams. Three service tiers (Light, Full, Extended) calibrated to project complexity and timeline. Delivered in English with Portuguese source references preserved and explained.

The Portuguese data center sector will attract more than EUR 12 billion of committed investment by 2030, with 80% earmarked for AI-intensive capacity. Each project — greenfield, expansion or acquisition — requires a thorough assessment of the applicable regulatory framework before capital is committed. Our Regulatory Due Diligence complements conventional financial and technical diligence with a dedicated regulatory workstream calibrated to the Portuguese National Plan, the fast-track licensing regime, the AICEP single point of contact and the full EU regulatory stack.

Five-Phase Methodology

  1. Scoping & Initial Framing

    Project perimeter definition, investor entity characterisation, agreement on timeline and deliverables. Preliminary identification of applicable PNCD pre-approved zones.

  2. Document Collection & Interviews

    Regulatory data room set-up, interviews with project team, interface with external counsel, engineers, licensing authorities (APA, CCDR, municipalities) and AICEP.

  3. Multi-Dimensional Analysis

    Application of the integrated matrix to all convergent regimes, national licensing (DL 80/2023), PNCD interface, sector-specific requirements (financial for DORA, AI for AI Act), sanction exposure, operational and temporal adequacy.

  4. Report Drafting

    Structured report (40-80 pages) with prioritised gap identification, risk matrix with probability and impact, mitigation plan with responsibilities and deadlines, recommendations for regulatory structuring of the project.

  5. Presentation & Follow-up

    Executive presentation to the investment committee. Q&A, action-plan refinement, transition to continuous support or CoaaS if the investment proceeds.

Three Service Tiers

Light

EUR 8,000 – 12,000
  • 2 to 3 weeks
  • Concise report (20-30 pp)
  • Risk map
  • Regime matrix
  • Remote presentation
Request

Full

EUR 15,000 – 25,000
  • 4 to 6 weeks
  • Structured report (40-60 pp)
  • Multi-dimensional analysis
  • Mitigation plan
  • Stakeholder interviews
  • On-site presentation
Request

Extended

EUR 25,000 – 45,000
  • 2 to 4 months
  • In-depth report (60-80 pp)
  • Licensing follow-up
  • Interface with AICEP, APA, CCDR
  • Transition to CoaaS
  • Monthly retainer (EUR 2,000 – 5,000)
Request

Comprehensive regulatory coverage

DIRECTIVE (EU) 2022/2555

NIS2 (PT: DL 125/2025)

  • Technical and organisational measures
  • Notification procedures
  • Supply chain management
DIRECTIVE (EU) 2023/1791

EED — Energy Efficiency

  • Article 12 — 18 KPIs
  • 15 May annual deadline
  • EU database
REGULATION (EU) 2022/2554

DORA — Digital Resilience

  • Critical ICT providers
  • Immutable segregated backups
  • 2-hour data recovery
REGULATION (EU) 2024/1689

AI Act

  • AI workload classification
  • Transparency, monitoring
  • High-risk rules from 2 Aug 2026
DIRECTIVE (EU) 2022/2464

CSRD — Sustainability

  • ESRS indicators
  • Post-Omnibus I thresholds
  • Impacts, opportunities, risks
PORTUGAL

DL 80/2023 + PNCD

  • Exceptional licensing regime
  • 15 initiatives in 4 axes
  • Pre-approved zones
Full Regulation Matrix

Investor-specific enquiry form

All information is handled in strict confidence.