New Delhi: India’s AI ambitions are running into a problem the government has not publicly quantified: The country’s data centres currently consume 1,020 megawatts of power, that figure is expected to double within two years, and there is so far no plan in place for sourcing that much electricity.
The admission came from the Secretary of the Ministry of Electronics and Information Technology, in a deposition before the Standing Committee on Communications and Information Technology. His testimony is recorded in “Impact of Emergence of Artificial Intelligence and Related Issues”, the 27th report of the committee tabled in Parliament Monday.
“Currently, data centres are using approximately 1,020 megawatts,” the Secretary told the committee. “In two years that will double. It may go above 2,000 megawatts. It is possible that in four to five years, four to five gigawatts of power will be needed. Planning for this is happening now.”
Four to five gigawatts is roughly the output of four full-scale thermal power plants, or the current total power consumption of a mid-size Indian state.
To place the numbers in context: Himachal Pradesh, a state of 7.5 million people, consumed 11,354 gigawatt-hours of electricity in 2023-24, according to data from the Central Electricity Authority—the equivalent of roughly 1,300 megawatts of continuous demand. India’s data centres, at 1,020 megawatts today, are already within that range. At the projected 4,000 to 5,000 megawatts in four to five years, the demand would exceed the current consumption of Jharkhand—a state of 38 million people whose total utility consumption was 26,408 gigawatt-hours in 2022-23, or approximately 3,000 megawatts continuous.
The Secretary acknowledged that distribution network planning was also underway, noting that data centres need to be located close to 400-kilowatt substations.
Chinese equipment in the grid
The committee asked the Ministry of Power a pointed question: “Is it true that contractors were using Chinese smart meters in the power sector, and that these were vulnerable to cyber intrusion?”
The ministry did not deny the premise. Its response confirmed that a directive issued in July 2020, and amended as recently as August 2025, now requires mandatory testing within India of all equipment imported for use in the power system. The stated objective is to “identify and eliminate any embedded malware, trojans, or other cyber vulnerabilities”.
Imports from what the ministry called “prior reference countries”—a term the report does not define but which in government usage refers to countries identified as national security risks, including China—now require prior approval from the Government of India before use in the power sector. All testing must be conducted in laboratories designated by the Ministry of Power.
From 1 January 2026, all IT equipment used in the power sector must be cleared through the Trusted Telecom Portal operated by the National Security Council Secretariat before supply.
The regulations covering this are still being finalised. The Central Electricity Authority’s Cybersecurity in Power Sector Regulations are described in the report as a draft.
Rooftop solar plants at risk?
The committee asked a question that has not previously appeared in any public document on India’s power sector security: “If an individual solar plant on someone’s terrace is used for a cyberattack, what mechanisms are in place to protect the national grid?”
The ministry’s answer was that the Central Electricity Authority regulations, once finalised, “will ensure that control and operation of power system elements including solar inverters, as well as the exchange of related information, including real-time data, remain within national boundaries”.
The regulations are not yet in force. There is currently no specific framework governing the cybersecurity of rooftop solar installations and their connection to the grid, beyond the general directions on trusted equipment procurement.
India had installed 4.38 crore smart meters across consumers, distribution transformers and feeders until September 2025. Each is a potential network entry point.
‘Cloud data must stay in India’
The Ministry of Power told the committee that cloud systems hosted outside India “may pose risks to data sovereignty and jurisdictional control”. The draft power sector cybersecurity regulations propose to mandate that all power sector data, including data hosted on cloud platforms, “must be stored in an encrypted, secured and protected environment and must reside within India only”.
This applies to AI model training data, grid management analytics, and consumer metering data. The ministry said it was mitigating current risks by mandating use of MeitY-empanelled cloud services, which are subject to national security compliance requirements.
However, MeitY also told the committee that discussions on setting up “data embassies” have been initiated with relevant ministries, including the Ministry of Commerce and Industry, particularly to examine issues of security and international collaboration.
It explained that a data embassy refers to the practice of storing copies of a nation’s critical and sensitive data in secure locations outside its borders as a safeguard against disruptions. These function as cloud-based virtual storage systems that serve as backups for essential digital assets and critical infrastructure.
Although hosted in foreign jurisdictions, they are designed to remain under the sovereignty and legal framework of the home country, with protections akin to those afforded to physical embassies, effectively acting as offsite repositories for key public data.
No Edge data centres
When the committee asked about plans to develop Edge data centres—smaller facilities located closer to where data is generated, which reduce latency (time between sending an input—prompt/request—and receiving the reply) for AI applications—the ministry said: “As of now there is no proposal under consideration for setting up Edge data centres. Further, the decision for setting up a data centre at a particular location is taken by data centre developers depending upon their business viability and client requirements.”
This is at odds with the government’s stated ambition of deploying AI at scale across rural areas, smart grids, and real-time surveillance infrastructure, all of which generate data that benefits from local processing.
The government has published a request for proposal (RFP) for a sovereign compute facility at the National Informatics Data Centre in Shastri Park, Delhi, with a compute power of 1.1 ExaFlops. That RFP, issued in October 2025, is still under evaluation, according to the report.
(Edited by Viny Mishra)