The Two-Front Squeeze: AI's Energy Appetite Meets Its Own Regulation
The regulatory squeeze and the energy squeeze are the same squeeze — and the industry has been running two separate playbooks as if they exist in different universes. They don't.
Two regulatory forces are closing on the AI industry from opposite directions, and almost nobody is looking at both at once.
On one side, the EU's AI Act is weeks from its first real enforcement powers — and has simultaneously admitted it isn't ready for its own deadlines. On the other, communities across the United States are turning off the lights before new data centres can switch them on, passing local moratoriums at a pace that no Silicon Valley lobbying shop predicted two years ago.
These aren't separate stories. They're the same story: the physical and legal infrastructure that AI depends on is buckling under the weight of an industry that has treated energy and regulatory risk as externalities. I'd bet this squeeze costs the sector more than any model-training capex overrun ever will.
What just happened in Brussels
On 7 May 2026, EU legislative bodies reached a political agreement on proposed amendments to the AI Act — the so-called "AI Act Omnibus" — as part of the EU's broader Omnibus legislative package aimed at simplifying digital regulation.
The headline change is straightforward.
The provisional agreement introduces a fixed timeline for the delayed application of high-risk rules: the new application dates would be 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products.
That's a 16-month punt for stand-alone systems. Why?
The proposal was prompted by the fact that the Act's timely implementation has faced significant delays, particularly around the designation of national competent authorities and the finalisation of harmonised standards and compliance tools needed for high-risk AI system requirements.
As of March 2026,
the Commission's list comprised eight single contact points out of 27 member states.
Eight of twenty-seven. The regulation exists on paper; the enforcement apparatus is a construction site.
But here's where it gets uncomfortable.
The Commission's supervision and enforcement powers against GPAI model providers will come into force on 2 August 2026, including the power to request documentation and information, the power to conduct evaluations, and the power to request measures — and the power to impose fines.
So: high-risk systems get a reprieve, but transparency obligations for general-purpose AI models do not.
All other transparency obligations, including those that apply to deployers, will continue to apply from August 2, 2026.
Providers of generative AI systems launched before that date get a slender grace period —
compliance with watermarking and transparency solutions is due by 2 December 2026.
If I were on a board that sells AI systems into Europe, I would not treat the Omnibus as breathing room. I would treat it as a warning. The Commission has conceded it couldn't get its own house in order; that is not a signal that enforcement, when it arrives, will be gentle. It's a signal that penalties will need to justify the delay. The EU Council press release makes the stakes explicit —
violations may result in fines of up to €15 million or 3% of total annual worldwide turnover, whichever is higher.
The American front: towns saying no
While Brussels fiddles with timelines, something more visceral is happening across the United States.
In 2026, more than 300 state data centre legislation bills have been filed across 30+ states in just six weeks, marking a shift from incentive-focused policies to regulatory oversight as energy demands become clearer.
Maine became the test case.
Lawmakers gave final approval to a moratorium on data centres larger than 20 megawatts — the first statewide ban of its kind in the country. The bill, LD 307, banned data centres larger than 20 megawatts until November 2027.
The governor vetoed it on 24 April.
Mills vetoed the legislation due to her concerns over a lack of carve-out for a planned $550 million project in the town of Jay.
The legislature failed to override on 29 April.
But the veto did not kill the momentum — it decentralised it. Three days ago,
the Sanford City Council voted to institute a 91-day pause on data centre development, stalling a proposal for a 1,000-acre project along the Mousam River, while both Westbrook and Brunswick advanced proposed data centre moratoriums.
A McGuireWoods analysis put it bluntly:
lawmakers in major markets including Virginia, Illinois and New York are weighing similar moratoriums or restrictive guardrails, and the Maine precedent — veto notwithstanding — gives those efforts a concrete legislative template.
The numbers from Good Jobs First are worth sitting with.
They are now tracking at least 12 in-session states with filed data centre moratorium bills this cycle, in addition to other states considering executive action and many cities and counties considering local measures.
At least 63 local data-centre moratorium actions have been introduced, considered, or adopted across dozens of towns and counties.
Seattle announced plans for a 365-day emergency moratorium. Denver held a second reading on 18 May. Ohio is collecting signatures for a ballot measure that could put a statewide ban to voters in November.
The energy reality underneath
This backlash didn't materialise from nowhere. It grew from the numbers.
The global electricity demand of data centres grew by 17% in 2025, in line with IEA projections; electricity consumption from AI-focused data centres grew even faster, surging 50% in 2025.
The IEA's April 2026 Key Questions on Energy and AI report found that
the capital expenditure of five large technology companies surged to more than $400 billion in 2025 and is set to increase by a further 75% in 2026 — capital expenditure of just five technology companies is now larger than global investment in oil and natural gas production.
In the United States specifically,
data centres accounted for around 50% of all electricity demand growth last year, far surpassing the rise in electricity usage in the residential, industrial, and transport sectors.
The US Congressional Research Service updated its data centre energy FAQ on 12 May 2026, noting that
US data centre annual energy use in 2023 was approximately 176 TWh, approximately 4.4% of US annual electricity consumption, according to a report by Lawrence Berkeley National Laboratory.
Some projections show that data centre energy consumption could double or triple by 2028.
Globally, the IEA's base case is stark:
global electricity consumption for data centres is projected to double to reach around 945 TWh by 2030, with data centre electricity consumption growing by around 15% per year — more than four times faster than the growth of total electricity consumption from all other sectors.
The catch:
natural gas and coal together are expected to meet over 40% of the additional electricity demand from data centres until 2030.
All those net-zero pledges from hyperscalers are, for the near term, running into the physics of grid capacity.
Local opposition blocked or delayed at least 16 data centres last year, worth a combined total of $64 billion.
That is not a rounding error.
So what?
The industry has been running two separate playbooks — a compliance playbook for Brussels and an infrastructure playbook for the American grid — as if they exist in different universes. They don't.
A company that builds a 200 MW campus in Virginia will need to comply with the AI Act if it serves European customers. A company that races to meet EU transparency obligations by August will need that campus to actually have power. The regulatory squeeze and the energy squeeze are the same squeeze.
I'd push for three things if I sat on any of these boards:
First, stop treating the Omnibus delay as free time. The transparency and GPAI-model obligations are live this August. Article 50 watermarking is live by December. Build the technical stack now.
Second, model energy access as a first-order strategic risk, not an ops problem.
The IEA estimates that unless grid risks are addressed, around 20% of planned data centre projects could be at risk of delays.
A project delayed 18 months by a local moratorium or interconnection queue is a project that misses the compliance window and the revenue window.
Third, engage communities before the moratorium vote, not after the veto. The Maine episode showed that even a governor sympathetic to the industry couldn't protect a bill from democratic backlash.
More than 300 data centre bills were filed in state legislatures in the first six weeks of 2026 alone.
That is the sound of a political consensus forming against you.
The AI industry has spent three years talking about superintelligence. It might want to spend the next three talking about substations, water tables, and Article 50 compliance. Those are the constraints that will actually determine who ships and who stalls.
Tarry Singh is the founder and CEO of Real AI (realai.eu), an enterprise AI advisory and deployment firm working with global enterprises on production agent systems, model risk, and AI sovereignty strategy. He also leads Earthscan (earthscan.io) for Energy AI, and is a founding contributor to the EU-funded HCAIM and PANORAIMA programmes for responsible AI education across European universities. He writes at tarrysingh.com.