Why Your DCIM's AI Feature Is Probably Off-Limits for Your Team
Your DCIM vendor demoed the AI feature. It looked good. Natural-language capacity queries, anomaly correlation, automated recommendations. Then your risk function got involved, and the conversation stopped.
This isn't a procurement problem. It's an architecture problem. And it's affecting regulated infrastructure teams across Australia and New Zealand right now.
The quiet reason AI features go nowhere in regulated environments
Most DCIM platforms, including the major incumbents, route their AI capabilities through cloud-hosted inference endpoints. That means when you ask the system a question about your physical infrastructure, your asset data, telemetry, rack configurations, and power metrics leave your environment to reach a model running on someone else's compute.
For teams at banks, insurers, health systems, and government agencies, that's not a risk preference to weigh up. It's a structural incompatibility with the regulatory frameworks those teams operate under.
APRA CPS 230 came into full effect on 1 July 2025. Its contract uplift deadline for existing material service provider arrangements hit on 1 July 2026, which was literally last week. The standard requires APRA-regulated entities to manage material service provider risk end-to-end, including downstream data flows from operational tooling. An AI feature that sends infrastructure telemetry to a cloud model isn't a separate question from CPS 230 compliance. It sits squarely inside it.
APRA has signalled, through published information papers and industry engagement, that it expects boards to have oversight of AI strategies consistent with their entity's risk appetite, and that third-party dependencies — including those embedded in operational tooling — fall within the scope of that oversight. The regulator has also indicated that supplier concentration and opacity are areas of active supervisory interest. Readers should consult the APRA website directly for current publications and verify any regulatory guidance against source documents, as this area continues to develop.
CPS 234, which governs information security for APRA-regulated entities, adds another layer. It explicitly extends obligations to information assets managed by third parties. Your DCIM vendor's cloud inference endpoint is a third-party system handling your operational data. The obligation to evidence that vendor's controls doesn't disappear because the vendor calls the capability an "AI feature" rather than a service.
The RBNZ picture isn't different, it's analogous
For New Zealand's systemic banks, the RBNZ outsourcing policy (BS11) creates its own version of the same constraint. The policy requires large banks to have the legal and practical ability to control and execute outsourced functions. Where a DCIM platform's AI capability constitutes an outsourced function, routing inference through an offshore model creates exactly the kind of dependency the policy is designed to prevent.
The compliance cost of getting this wrong isn't theoretical. NZ's major banks invested substantially over several years achieving BS11 compliance. The framework exists precisely because operational dependencies on external providers, where control and visibility are limited, pose systemic risk. A cloud-attached AI layer in operational tooling is a new instance of a well-understood problem.
What actually happens on the ground
Here's the pattern most regulated DC teams recognise. The operations team evaluates a DCIM platform. The AI features are genuinely impressive. Capacity forecasting, incident correlation, natural-language queries against real infrastructure data. The pilot proceeds.
Then someone sends the architecture diagram to the CISO or the risk and compliance function. The question comes back: where does inference run? The vendor confirms: cloud-hosted. The risk function flags the data residency issue under CPS 230 or BS11. The AI feature gets blocked. The team is left running a DCIM platform with a checkbox AI capability they can't actually use.
The AI feature becomes shelfware. The team keeps running on spreadsheets and manual analysis for the work the AI was supposed to carry.
This isn't a failure of will. The regulated teams doing this are making the right call. The problem is that most DCIM platforms were never built to serve a regulated buyer who can't send data to the cloud.
The architecture distinction that actually matters
The fix isn't a different cloud vendor or a contractual workaround. Whether a data processing agreement combined with vendor security controls is sufficient to satisfy CPS 234 obligations is a nuanced legal question — APRA has not issued a categorical ruling on cloud-hosted AI inference specifically, and any organisation relying on this approach should seek independent legal advice. What is clear is that a DPA alone does not change where inference runs, and for many regulated buyers, that remains the operative concern. It doesn't give a NZ systemic bank the legal and practical ability to control the function.
The architecture most likely to satisfy regulated buyers is one where inference, models, and the data they learn from run inside the customer's own perimeter. Not as an optional configuration. Not as a professional services engagement. As the default, including air-gapped.
That's a fundamentally different design decision than what the incumbents have built. Based on publicly available product documentation and marketing materials as of mid-2026, platforms such as Nlyte and Sunbird appear to route AI capabilities through cloud-hosted infrastructure — but vendor architectures can change, and buyers should verify current deployment options directly with those vendors before drawing conclusions. For regulated buyers that require on-premises inference, those AI features may remain off-limits regardless of how good they look in a demo.
The core data-flow questions any regulated team should ask of any AI-enabled platform are straightforward: where does inference run, and is your data used to train shared models? Those two questions will tell you immediately whether a regulated team can use the feature or not.
What a compliant AI ops architecture looks like
An architecture that satisfies regulated buyers in ANZ has a few characteristics that aren't negotiable.
First, inference runs inside the customer's control boundary. That means the models, the compute, and the data they reason over stay inside the perimeter the customer controls. For some teams, that's an on-premises deployment on their own GPUs. For others, it's a dedicated private cloud with contractual SLAs. What it isn't is a shared inference endpoint hosted by the vendor.
Second, every AI recommendation carries an audit trail. CPS 230 requires entities to manage operational risk with effective internal controls. An AI that proposes actions without traceable, human-reviewed records doesn't produce the kind of continuous evidence the standard expects. The audit trail isn't a nice-to-have. It's what makes AI recommendations defensible to a regulator.
Third, the data foundation underneath the AI has to be credible. AI capacity forecasting and anomaly detection are only as good as the data model they reason over. An AI layer sitting on top of incomplete asset records or sparse telemetry doesn't produce useful recommendations. It produces noise. The foundation has to be mature before the AI layer adds real value.
Fourth, human approval stays in the loop. Agentic AI that proposes actions for human review is a very different compliance posture from autonomous AI that executes changes. For regulated environments, the distinction matters. The audit trail needs a human decision in it.
The window is now
The APRA CPS 230 contract uplift deadline passed on 1 July 2026. That means teams that haven't already reviewed their operational tooling for cloud-attached data flows are now in a non-compliant posture for existing service provider arrangements. This isn't an emerging obligation. It's a current one.
For teams that have been waiting to modernise their DCIM estate, the question of whether to include AI in scope for a new platform evaluation has a clearer answer now than it did 12 months ago. Evaluating a DCIM platform that can't deliver its AI features inside your boundary means evaluating a platform that will leave the operational intelligence gap open. That gap gets harder to justify as AI workloads drive higher rack densities and put greater pressure on capacity management practices — though the degree to which AI tooling is necessary, versus enhanced traditional processes, will depend on each organisation's specific environment and risk appetite.
Disclosure: This article is published by CenterOS, a commercial DCIM platform. The regulatory analysis above represents the author's interpretation and should not be treated as legal advice. Readers should consult qualified legal counsel regarding their specific compliance obligations. If your team is running this evaluation, or if you're building the business case to start one, CenterOS is a DCIM platform designed to deliver agentic AI inside a sovereign perimeter, including air-gapped deployments. The platform targets consistent capability across deployment models from multi-tenant SaaS to fully on-premises — though buyers should review current technical documentation and conduct independent evaluation to verify how capabilities compare across deployment configurations in practice. Take a look at how it works.
CenterOS
The AI-native DCIM that runs anywhere — including inside your perimeter
The AI-native DCIM that runs anywhere — including inside your perimeter
Learn more about CenterOS and get started today.
Visit CenterOS