Data Centre Business Interruption Underwriting in India: 2026 Wordings Pressure

Indian commercial data centre capacity crossed 1,500 MW of installed IT load by the start of 2026, with operational capacity concentrated in Mumbai (Powai, Airoli, Mahape, Chandivali), Chennai (Siruseri, Ambattur, Maraimalai Nagar), Hyderabad (HITEC City, Mamidipally), NCR (Greater Noida, Manesar, Faridabad), and Bengaluru (Whitefield, Devanahalli). The build-out pipeline through 2028 adds another 2,200 to 2,800 MW with capex commitments above INR 1.6 lakh crore across the major operators (Yotta, NTT Global Data Centers, Sify, CtrlS, STT, Adani Connex, Reliance Industries Data Centers, Iron Mountain, Equinix, ESDS, AdaniConneX, and the upcoming Princeton Digital Group and Web Werks expansions).

The insurance programme on a major Indian data centre site looks similar in headline structure to other industrial property risks: a fire and allied perils policy with business interruption, machinery breakdown for chillers and switchgear, electronic equipment cover for IT, terrorism cover, and a liability stack. The premium spend is material but proportionate to TIV. The underwriting attention in 2026, however, is concentrated on a single coverage area where the standard wording is producing claims dispute and reinsurance treaty pushback: business interruption and the related contingent and supply chain extensions.

Three drivers are forcing the wording reconsideration in 2026. First, the SLA-credit pass-through exposure to colocation tenants has scaled materially as hyperscaler customers (AWS, Azure, Google Cloud, Oracle, Meta, and the Indian internet platforms) have grown their Indian footprint. Single-tenant SLA credit exposure on a power or cooling outage can run to multiples of monthly colocation revenue per affected rack, with cumulative exposure on a multi-tenant site reaching INR 30 to 80 crore for a single 4-hour event. Second, cooling system dependency in tropical Indian conditions has become a material loss driver, with chiller failure or thermal runaway producing data centre shutdown that exceeds traditional named-perils policy response. Third, the reinsurance treaty cyber exclusion programme flowing through GIC Re and international reinsurance markets has tightened the boundary between cyber-triggered and physical BI losses, with several recent disputes on whether a software-triggered outage falls within or outside the BI policy response.

Indian non-life insurers writing data centre placements in 2026 are responding to these pressures by adjusting indemnity periods, deductibles, named-perils triggers, and contingent BI sub-limits in their renewal terms. The conversation between insurer, broker, and operator on these wording features is now the substantive part of the renewal cycle, displacing the earlier focus on simple limit adequacy and premium negotiation.

Colocation operators sell rack space, power capacity, and connectivity to tenants under master services agreements that include service level commitments on power availability, cooling availability, and network availability. Power SLA commitments at Tier III sites are typically 99.982 percent annual availability (95 minutes of permitted unavailability per year), while Tier IV commitments reach 99.995 percent (26 minutes). Cooling SLA commitments mirror or sit just below the power commitments. Network SLA commitments depend on the connectivity provider and are typically commitments by the operator on cross-connect availability rather than upstream internet availability.

The SLA credit structure in Indian colocation contracts has tightened materially through 2023 to 2025 as hyperscaler tenants negotiated more aggressive credit formulas. Standard credit terms in 2026 contracts include: 25 percent of monthly recurring charge credit for each hour or fraction of an hour of unavailability beyond the SLA threshold; 100 percent of monthly recurring charge credit for any unavailability event lasting more than 4 hours; and at Tier IV sites, certain hyperscaler agreements include termination rights at three SLA breaches within a 12-month period.

For a colocation operator with a large tenant occupying 5 MW of contracted capacity at a 5,000 INR per kW per month price point, the monthly recurring charge is INR 2.5 crore. A 4-hour outage triggering 100 percent credit costs the operator INR 2.5 crore in credit obligation to that single tenant. A multi-tenant facility with 30 MW of tenant capacity at similar pricing has exposed monthly recurring charges of INR 15 crore, with full-facility outage producing INR 15 crore in single-event SLA credit obligations. This SLA credit is the operator's actual BI loss in addition to the lost revenue during the outage period.

The BI policy must respond to this SLA credit exposure in addition to the operator's direct lost margin. The standard Indian BI wording addresses gross profit loss following an insured property damage event. The SLA credit obligation is a contractual liability to the tenant rather than a gross profit loss in the traditional accounting sense. The wording question is whether the BI policy treats the SLA credit as an additional cost incurred to maintain customer relationships (which can fall under additional increased cost of working) or as a contractual penalty (which may be specifically excluded or sub-limited).

The 2026 placement practice on major Indian data centre placements is to negotiate an explicit SLA credit extension to the BI policy with a stated sub-limit. The sub-limit is typically calibrated to the operator's contractual SLA credit obligations across all tenants under reasonable outage scenarios, with the calculation methodology agreed at placement. Sub-limits in the 2026 market run INR 75 to 250 crore per site depending on tenant mix and contractual structure. Premium for the SLA credit extension typically runs 0.25 to 0.55 percent of the sub-limit per annum, layered on top of the base BI premium.

Indian data centre cooling system design in 2026 reflects the climatic challenge. Mumbai, Chennai, and NCR sites operate ambient design wet-bulb temperatures of 28 to 31 degrees Celsius for chiller sizing, with peak summer wet-bulb spikes reaching 32 to 33 degrees Celsius in extreme conditions. Chiller redundancy is typically N+1 at Tier III sites and 2N at Tier IV sites, with thermal storage (chilled water tanks providing 5 to 15 minutes of ride-through during chiller restart sequences) standard at most premium facilities.

Despite the redundancy, cooling failure is the most common data centre operational incident in India in 2024 to 2026. Documented incidents include: a chiller plant failure at a Mumbai facility in August 2024 producing 3.5 hours of IT load reduction; a cooling tower plume drift incident in Chennai in September 2024 affecting an adjacent facility; multiple thermal runaway events at NCR facilities during peak summer 2025; and a chilled water distribution failure at a Hyderabad facility in February 2026 producing localised cooling loss in two data halls.

The BI policy response to these events depends on the named-perils trigger language. Indian fire and allied perils policies typically include machinery breakdown as a separately rated extension that triggers BI cover when the machinery breakdown event affects production. However, the boundary between covered machinery breakdown and excluded gradual deterioration or maintenance failure is contested. A chiller compressor failure due to a manufacturing defect is generally covered. A chiller failure due to refrigerant migration over time is generally excluded. A chiller failure due to fouled condenser tubes from poor water treatment is typically excluded. A thermal runaway caused by chiller controls system software malfunction may fall in a gap between covered machinery breakdown and excluded operational failure.

The 2026 underwriting response to cooling failure exposure includes three tightening directions. First, explicit cooling system extension wording that clarifies the boundary between covered and excluded cooling events, with operators required to demonstrate appropriate maintenance regime documentation. Second, separate cooling deductible structures that apply higher deductibles to cooling-triggered events than to fire-triggered events, reflecting the higher frequency of cooling events. Third, scheduled equipment specification requirements where the BI cover is conditional on the operator maintaining the specific chiller, cooling tower, and CRAC unit configuration declared at placement.

The chilled water distribution within a multi-data-hall facility is another wording boundary that 2026 placements address explicitly. A chilled water pipe rupture or valve failure can produce localised cooling loss in some data halls while other halls continue operating. The BI loss is real but may not constitute a covered event under wordings that require facility-wide cooling failure. Specific wording addressing localised cooling loss with partial BI response (proportional to affected IT load) is increasingly standard in 2026 placements.

The HVAC controls system is the final cooling exposure that wordings now address. Modern data centre cooling is BMS-controlled with sophisticated demand-response and dynamic operation. A BMS failure or a controls software error can produce cooling system shutdown without any physical equipment damage. Standard BI policies typically require physical loss or damage as a trigger, leaving controls-failure-triggered outages outside the response. Some 2026 placements include specific controls system extension language, though insurers are cautious on this exposure due to the difficulty of demonstrating the boundary between covered software failure and excluded operator error.

Indian data centre BI placements historically defaulted to 12-month indemnity periods, consistent with general industrial BI practice. The 2026 underwriting and broker conversation is increasingly moving toward longer indemnity periods, with 18-month and 24-month elections becoming common on larger placements.

The driver is the restoration timeline for a major data centre loss. A major fire or explosion event at a data centre requires not only physical restoration (which can run 6 to 12 months for a large facility) but also full IT load restoration, customer migration back from temporary capacity, customer trust rebuilding, and SLA-related contract negotiation. The actual revenue recovery timeline can extend well beyond 12 months even after physical restoration is complete.

The 2023 fire at the Indian Bank data centre site in Chennai and the 2022 incident at a major NCR colocation facility both demonstrated that the recovery timeline for major data centre events extends well beyond the standard 12-month indemnity period. Both events involved customer migration to alternative facilities during restoration, with customers either declining to migrate back or negotiating reduced commitments on return. The lost revenue beyond 12 months in both cases was material.

The chiller lead time for major equipment replacement is another driver. A 1,500 to 2,000 ton chiller from leading vendors (Carrier, Trane, Daikin, Mitsubishi, Stulz, Vertiv) carries a typical lead time of 8 to 14 months from order to commissioning, with extended lead times during periods of high demand. A major event that requires multiple chiller replacement can push restoration timelines well beyond 12 months even if structural repairs are faster.

Switchgear lead times are similar. Medium-voltage switchgear from ABB, Schneider Electric, Siemens, and Eaton carries 9 to 16 month lead times for large data centre configurations. Standby diesel generators from Caterpillar, Cummins, MTU, and Kohler carry 6 to 12 month lead times for the 2 to 3.5 MW units typical of major Indian data centre installations.

The 2026 placement practice on premium data centre programmes is to elect 18 or 24 month indemnity periods as the base, with optional extension to 30 months on facilities serving large hyperscaler tenants where SLA-related customer contract renegotiation requires extended recovery time. Premium implications are material: extending from 12 to 24 month indemnity periods typically adds 35 to 65 percent to the BI premium, reflecting the longer exposure window.

Deductible periods (waiting periods) are typically structured at 12 to 24 hours for premium data centre placements, reflecting that minor events should not trigger BI cover. The waiting period interacts with the SLA credit exposure: a 6-hour outage triggering 100 percent SLA credit may not trigger BI cover under a 24-hour waiting period, leaving the operator exposed for the full SLA credit obligation. Operators should map the waiting period against the SLA credit trigger thresholds and negotiate alignment where the gap is material.

Data centre BI exposure extends beyond the facility itself to the upstream dependencies that support facility operation. The two material upstream dependencies are grid power supply and network connectivity through the carrier hotel and submarine cable landing point chain.

Grid power supply to Indian data centres comes from the state electricity distribution licensee (Tata Power Mumbai, Adani Electricity Mumbai, BESCOM Bengaluru, BSES NCR, Tamil Nadu Generation and Distribution Corporation, Telangana State Southern Power Distribution, and others). Premium data centres are supplied through dedicated 33 kV or 66 kV feeders with N+1 redundancy from separate substations where the grid topology supports it. Standby power is provided by diesel generators with on-site fuel reserves typically supporting 24 to 72 hours of full IT load without refuelling.

A major grid outage in 2024 to 2026 has demonstrated several patterns relevant to BI underwriting. First, grid outages affecting major Indian cities (Mumbai October 2020, Chennai October 2021, NCR multiple events) can extend well beyond the 24 to 72 hour generator fuel reserve, requiring emergency fuel resupply during conditions that may be challenging for delivery (cyclone aftermath, civil disruption). Second, the diesel fuel supply chain during regional grid events is itself stressed, with multiple data centres competing for limited tanker capacity. Third, generator failure rates rise sharply during extended runtime, with sustained generator operation beyond 48 to 72 hours producing increased failure probability that operators must plan for.

Contingent BI cover for grid outage extends the BI policy to respond to outages caused by upstream grid events rather than only physical damage to the data centre itself. The cover is sub-limited (typically INR 100 to 400 crore per site) and conditional on the operator maintaining specified standby power capacity, fuel reserves, and grid redundancy configuration. The wording boundary between covered grid outage and excluded routine grid unavailability is calibrated through the trigger language, typically requiring an outage duration exceeding the operator's documented ride-through capacity.

Network connectivity through carrier hotels and submarine cable landing points is the second contingent BI exposure. Indian internet traffic relies on submarine cable landings at Mumbai (the largest concentration globally outside major hubs), Chennai, and Tuticorin, with capacity from cables including SEA-ME-WE-5, SEA-ME-WE-6, IMEWE, MIST, India-Singapore Cable, IndoNet, 2Africa, and several private cables operated by hyperscalers and content delivery networks. Carrier hotel facilities aggregating cross-connects between data centres and submarine landings are concentrated at a small number of buildings in each market.

A major outage at a carrier hotel or a submarine cable landing point can disrupt connectivity for downstream data centres without any direct event at the data centre itself. The 2024 carrier hotel power event at a major Mumbai facility affected connectivity for several Mumbai-area data centres during the four-hour event, despite none of the data centres themselves having any direct outage. The BI loss to the downstream data centres was real but fell into a coverage gap on most policies, which required physical damage at the insured location to trigger BI.

The 2026 placement practice on major Indian data centre programmes is to include specific contingent BI extensions for grid and connectivity exposure with stated sub-limits and explicit upstream dependency identification. The contingent BI exposure is mapped at placement through dependency analysis covering the grid supply path, the carrier hotel and connectivity path, and the upstream cooling water supply where applicable. The dependency map becomes part of the placement file and is updated annually at renewal.

The reinsurance treaty cyber exclusion programme that international reinsurers and GIC Re have progressively tightened from 2022 onwards has implications for data centre BI placements that are now becoming material in 2026.

The standard property reinsurance treaty cyber exclusion removes from treaty response any property or BI loss arising from a cyber event. The exclusion definitions vary across treaty wordings but generally cover ransomware, malware, denial of service attack, unauthorised access, and use of computer systems to cause physical damage. For data centres, the practical question is what counts as a cyber event for the purpose of the exclusion.

A direct ransomware attack on a data centre operator's IT systems disabling the building management system or the power monitoring system is clearly a cyber event. A controls software bug producing a chiller shutdown is less clearly a cyber event under most definitions. A configuration error during a software update producing power monitoring failure that triggers a controls cascade is in a grey zone. Several recent disputes in the Indian and international market have centred on this boundary.

The 2024 incident at a Mumbai data centre involving an unintended response from the BMS during a software update produced approximately 90 minutes of cooling system disruption with measurable IT load impact at affected tenants. The insurer disputed coverage on the basis that the BMS software event fell within the cyber exclusion. The operator argued that an internal configuration error during planned maintenance is not a cyber event in the policy sense. The dispute settled commercially without judicial determination, leaving the underlying wording question unresolved.

The 2026 underwriting response includes three patterns. First, more specific cyber exclusion definitions in BI policies that distinguish between malicious cyber events (clearly excluded), system bug events (covered), and configuration error events (covered with conditions). Second, affirmative cyber BI cover as a separate add-on policy that responds to cyber-triggered outages, with coordination clauses ensuring no double recovery and no coverage gap with the property BI policy. Third, scheduled software event extension that covers planned software change events where damage results despite reasonable change management procedures.

The silent cyber boundary for data centre property is the further wrinkle. A property policy that is silent on cyber may face dispute on whether cyber-caused property damage falls within its response. Indian non-life insurers are progressively moving to affirmative cyber language in property and BI policies through 2024 to 2026, eliminating the silent cyber ambiguity. Data centre operators reviewing 2026 renewals should verify the cyber position in their property and BI placements explicitly, with either affirmative inclusion (typically with premium adjustment and sub-limit) or affirmative exclusion with a complementary standalone cyber policy.

IRDAI's Information and Cyber Security Guidelines 2023 apply to insurers writing cyber-relevant covers but do not directly mandate wording on the silent cyber boundary. The market is self-regulating toward affirmative wording through reinsurance treaty pressure rather than through IRDAI direction. Operators with international parent insurance programmes (where the operator is owned by a global parent that places programmes at corporate level) should also verify alignment between the India-placed and the global-placed cover on cyber treatment.

Indian non-life insurers writing data centre placements in 2026 have escalated their submission expectations materially. The renewal submission package for a major data centre placement now typically includes the items listed below.

For the property and BI placement, the submission should include the facility's IT load capacity (installed, contracted, and active), the power and cooling infrastructure specification with redundancy configuration, the chiller and switchgear vendor identity and model, the standby power configuration including fuel reserve capacity, the BMS and controls system architecture, the physical security configuration, the construction details of the data hall enclosures (typically two-hour fire-rated separation between halls is required for credit on the wording), and the documented maintenance regime with last 12 months of maintenance records.

For the BI sum insured calibration, the submission should include the tenant mix by industry sector with rack counts and contracted capacity per tenant, the SLA structure across the tenant contract portfolio with credit calculation methodology, the revenue and gross margin by tenant tier, the operator's ramp-up profile for any phased capacity build, and the operator's documented business continuity arrangements including any alternative-site arrangements for tenants under disaster recovery contracts.

For the contingent BI extensions, the submission should include the grid supply configuration with substation source identification, the carrier hotel and connectivity provider dependencies, the upstream cooling water source where applicable, and the documented dependency analysis with risk assessment for each upstream dependency.

For the cyber and silent cyber boundary, the submission should include the operator's cyber security framework with reference to ISO 27001 or equivalent certification, the segmentation between IT and OT systems, the change management procedures for BMS and controls software updates, and any cyber incident history with remediation documentation.

Engineering surveys at data centre sites in 2026 are typically conducted by specialist surveyors with data centre operational experience. The cost per site survey runs INR 8 to 35 lakh depending on facility scale. Survey content covers the power and cooling redundancy verification, the standby power readiness testing observation, the BMS and controls walkthrough, the maintenance regime review, the change management procedures audit, and the documented incident review for the prior 24 months. Insurer engineering teams now include data centre specialists either in-house or through external consultancy arrangements.

The 2026 renewal calendar for major Indian data centre placements is materially compressed compared to earlier years. Operators should engage their broker at least 16 weeks before policy expiry to allow adequate submission preparation, market sounding, engineering survey scheduling, and wording negotiation. The placement cycle for the largest data centre programmes can run 20 to 28 weeks given the multi-insurer panel structure and the international reinsurance market engagement required.

Broker selection for data centre placements in 2026 should evaluate the broker's specific data centre track record, not just their general commercial property credentials. The leading brokers (Marsh India, Aon India, WTW India, Howden India, JB Boda, Anand Rathi Insurance Brokers, and several specialty boutique houses) have built dedicated data centre and technology practice teams through 2023 to 2026. Operators with multi-site portfolios should consider broker capability across all their geographies and the broker's relationships with the relevant international reinsurance markets.