As data centers expand globally to meet surging digital demand, they face customs, trade, and regulatory issues. From managing the valuation of complex IT hardware to navigating origin rules, export controls, and tariff shifts, legal teams must develop proactive strategies to protect operations and reduce enforcement risk. This article explores five high-stakes areas where legal oversight is critical to maintaining compliance in an environment of rising tariff tensions and supply chain scrutiny.
Read also: Role of Data Security in Global Trade Compliance
(1) Managing customs valuation through a global policy
Customs valuation is a critical compliance area for data centers, where imports of high-value IT infrastructure often occur through intra-group transactions. One particularly complex issue is the treatment of “assists,” such as software, development tools or engineering services provided free of charge by the buyer for use in production of the IT equipment that is later imported into the destination country. These assists must be added to the customs value if not already included in the price paid or payable. Allocating the value of such intangible inputs across multiple units or jurisdictions can be technically challenging and, in some jurisdictions, there is a statutory requirement for proactive engagement with customs authorities to agree on an acceptable apportionment methodology.
To manage this complexity, legal counsel should lead the development of a global valuation strategy that integrates transfer pricing, procurement practices and customs reporting. This strategy should ensure a globally consistent treatment of assists, royalties and intercompany charges while minimizing the risk of value disputes at the border. Where valuation elements are not straightforward – particularly for software-heavy or co-developed components – authorities may require detailed substantiation or pre-approval through advance customs valuation rulings. A centralized, cross-functional approach is essential to ensure legal defensibility and reduce exposure in high-volume, multi-country data center operations.
(2) Decisions on sourcing – and the customs enforcement risk
Determining the country of origin for data center equipment is increasingly complex, particularly as components such as servers, storage arrays and networking devices are assembled using globally sourced parts. Origin rules vary across jurisdictions and impact tariff treatment, marking requirements and eligibility for trade agreement benefits. In addition, in some cases, the origin and source of an item may affect its eligibility for import. In non-preferential origin determinations, identifying the country of “last substantial transformation” is often nuanced, especially for modular or software-integrated hardware. Errors in origin declarations can lead to customs disputes, denied preferences or even allegations of misrepresentation.
In today’s trade war environment – characterized by escalating tariffs, sanctions and origin-based restrictions – the risk of origin circumvention is a key concern. Authorities are increasingly scrutinizing supply chains for signs of transshipment or artificial production shifts designed to avoid punitive duties. For legal teams managing data center procurement and logistics, this means proactively validating supplier origin declarations, mapping supply chains and assessing whether origin determinations can withstand audit or enforcement scrutiny. Implementing a defensible origin strategy globally, possibly supported by binding origin rulings in key jurisdictions, is essential to mitigate enforcement risks.
(3) Sanctions and import/export controls compliance
Sanctions and import/export controls compliance is of the essence because data centers operate at the intersection of global technology supply chains, cross-border data flows and sensitive end users – all areas heavily scrutinized by sanctions authorities. Servers, power modules and even software updates can be “dual-use,” triggering export-license requirements and re-export liabilities for operators and contractors. Many countries regulate the import of encryption items, often requiring licenses or permits, which can create a complex web of requirements that have a material impact on deployment schedules. Hardware, software and support services may originate from or be destined for jurisdictions subject to comprehensive or sectoral sanctions, such as Russia, Iran or North Korea, or involve sanctioned suppliers, including certain Chinese entities. Even indirect involvement – such as using a subcontractor that sources from a sanctioned supplier – can trigger liability and lead to significant operational disruptions. Moreover, U.S. sanctions often apply extraterritorially, meaning that non-U.S. entities may still face enforcement if they transact in U.S.-origin goods, engage in U.S. dollar-denominated transactions or serve restricted end users.
There are relevant precedents underscoring the risk. For example, a major Chinese telecommunications firm faced a multi-billion-dollar U.S. enforcement action for violating export controls and sanctions related to Iran and North Korea, including through indirect supply chain routes. Similarly, a European multinational settled with U.S. authorities in 2021 for exporting software and cloud services to Iranian users through third parties, despite being headquartered in Europe. These cases demonstrate that even inadvertent or indirect breaches – especially in the digital services and IT infrastructure context – can lead to severe penalties. Sanctions and import/export controls compliance is not a theoretical risk, but a concrete legal exposure that requires active oversight, supply chain transparency and strong internal controls.
(4) Customs complexity surrounding maintenance and repairs
Spare parts routinely cross international borders to support hot-swap maintenance and rapid repairs, ensuring minimal downtime for critical data center operations. Given the high value and specialized nature of this equipment, companies must carefully manage customs compliance not only at initial import but throughout the entire asset lifecycle. Tariff suspension and drawback programs offer valuable opportunities to recover import duties on equipment that is subsequently re-exported – such as leased hardware returned at the end of a contract – but these benefits are contingent on maintaining comprehensive, accurate and auditable documentation. This includes detailed records of import declarations, inventory movements, maintenance activities and export shipments, all of which must withstand scrutiny from customs authorities to avoid denial of duty recovery and potential penalties. Effective lifecycle management is therefore essential to maximize cost efficiency while ensuring regulatory compliance in complex, multi-jurisdictional data center environments.
(5) Tariff tensions
Data centers are impacted by ongoing trade wars, which introduce heightened tariffs and increased regulatory scrutiny on key technologies and components. Tariff escalations increase costs and create uncertainty in procurement. These disruptions can lead to delayed deployments, higher operational expenses and challenges in maintaining service-level commitments. Companies may need to reevaluate supplier relationships or underlying contracts, invest in alternative sourcing strategies or adapt infrastructure designs to mitigate risk. Legal teams must keep a close eye on shifting regulations and develop agile frameworks to respond quickly to changes, ensuring continuity and competitive advantage in an increasingly fragmented global trade environment.
Author Bio
Philippe Heeren is a partner in the International Trade & National Security group at global law firm Reed Smith in its Brussels office, focusing on customs, excise, and international trade matters.
Michael J. Lowell is a partner and chair of the firm’s Global Regulatory Enforcement Group in Washington, D.C., focusing on national security and foreign policy regulations and enforcement, including export controls, sanctions, and foreign direct investment.
Justin W. Power is an associate in the firm’s Global Regulatory Investigations and Enforcement Group in Tysons, Va., focusing on the legal regimes governing international trade.
Kirsten S. Lowell is an associate in the firm’s Global Regulatory Investigations and Enforcement Group in Tysons, Va., focusing on government and internal investigations, real estate, and regulatory compliance and enforcement matters.
