Cut Energy Use, Not Cyber Defences

The UK Cyber Security and Resilience Bill will make cyber compliance mandatory for data centres. At the same time, energy costs are pushing operators towards optimisation tools that rely on cloud connections and external APIs. That’s a problem, because every new external dependency widens the attack surface you’ll soon be assessed against. There’s a way to cut server power without creating a compliance liability.

The rules are changing

The UK Cyber Security and Resilience Bill is currently making its way through parliament and will bring data centres into scope as essential services for the first time. Standalone facilities above 1 MW and enterprise sites above 10 MW will face mandatory cyber security and operational resilience requirements, with Ofcom as the regulator. Penalties for non-compliance run up to £17 million or 4% of global turnover, plus daily fines of up to £100,000. If you operate in the EU, NIS2 and DORA are already in force. This isn’t coming over the horizon. It’s here.

The energy problem hasn’t gone away

At the same time, energy consumption is rising, regulation is tightening [1][3], and costs are soaring. It makes sense that data centre leaders are turning to tools to optimise energy management. Unfortunately, most of those tools need a cloud connection, an external API, or a hosted pipeline to work. In an environment where 74% of large UK businesses were hit by a cyber breach last year and supply-chain compromises have doubled [2], each new external dependency is something you’ll need to account for under the incoming regime.

SolarWinds showed us what happens when infrastructure tools with deep network access phone home. Privileged access to everything, and its outbound connection became the entry point for one of the worst supply-chain attacks on record.

Optimisation without the exposure

But what if the optimisation tool didn’t need an outbound connection at all? Design it to run entirely on-prem, by default, and you remove the attack surface rather than trying to manage it. Everything stays inside the data centre boundary: the telemetry collection, the AI that decides what to do, and the control actions themselves. The system monitors workload levels only, not what that workload is. Nothing leaves your network unless you choose it to.

For example, each instance of ServerOptix includes a local dashboard on the server where it’s deployed, so you can monitor savings without any external connection. If you’re running multiple instances, whether across servers in a single facility or across multiple data centres, an optional cloud-based dashboard lets you aggregate the data in one view rather than checking each instance individually. Either way, the control loop never depends on a cloud connection.

It works in air-gapped environments too. No internet connection required. And rather than a dashboard that tells you what to do and hopes someone acts on it, a closed-loop system senses workload, adjusts CPU power states, and rolls back if performance dips.

Real savings, independently tested

WWT independently measured 19 to 29% power reductions at the PDU, not from onboard telemetry, across Dell R650 and R750 servers. Exhaust temperatures dropped by over 9% [4]. Intel proof-of-concept testing showed up to 25% savings under representative workload and roughly 52% at idle [5]. Live customer deployments have recorded average savings above 29%.

At 2,000-server scale, that’s around 1.146 GWh off your energy bill. The associated carbon savings depend on local grid carbon intensity: in the US, that equates to over 410 tonnes of CO2 saved annually; in the UK, approximately 202 tonnes; and in a low-carbon grid like France, around 30 tonnes. Depending on local energy prices, typical payback periods fall within eight to twelve months.

Built for the compliance environment that’s hoving into view

The energy savings matter, but they only count if the tool can get deployed. That means passing muster with your security and compliance teams. On that front: no new external firewall rules required (depending on your network configuration, internal rules may need updating). No new external access paths unless you opt into optional dashboarding. It sits inside your current network segmentation and is designed to work within existing zero-trust architectures, not against them. All telemetry stays within your monitoring boundary by default. It can contribute to EU EED reporting by providing data on IT-specific power consumption across the servers where it’s deployed, though full reporting coverage would require deployment across all machines in scope [3]. And there’s no external vendor in the data path, which addresses supply-chain risk requirements under NIS2 and the UK Cyber Security and Resilience Bill.

Energy savings that don’t come with a compliance headache

You shouldn’t have to choose between cutting energy costs and staying on the right side of incoming regulation. A fully on-prem, air-gap-ready, closed-loop system lets you drive continuous power reduction without widening your attack surface. With the Cyber Security and Resilience Bill on its way, the smartest time to reduce your energy costs is before the compliance burden lands on top of them.

References 

[1] IEA (2025) Energy and AI, International Energy Agency. https://www.iea.org/reports/energy-and-ai

[2] DSIT/Home Office (2025) Cyber Security Breaches Survey 2025, UK Government. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025

[3] European Commission (2025) Energy performance of data centres, EU Energy Efficiency Directive. https://energy.ec.europa.eu/topics/energy-efficiency/energy-efficiency-targets-directive-and-rules/energy-efficiency-directive/energy-performance-data-centres_en

[4] WWT (2023) Using AI to reduce energy consumption, cost and carbon emissions in data centres, World Wide Technology. https://www.wwt.com/article/using-ai-to-reduce-energy-consumption-cost-and-carbon-emissions-in-data-centers

[5] Intel/QiO (2022) Power management: leveraging AI for smarter data centre power efficiency (solution brief), Intel Network Builders. https://builders.intel.com/docs/networkbuilders/power-management-leveraging-ai-for-smarter-data-center-power-efficiency-solution-brief-1664790296.pdf

[6] European Commission (2025) Assessment of next steps to promote the energy performance and sustainability of data centres in EU, including the establishment of an EU-wide rating scheme, October 2025.