The Definitive Guide toAI Data Centers
Ask the Guide

Chapter 4.3

Substation & Transmission Ownership, Operations & NERC Compliance

When your load is large enough to touch the transmission system, you stop being a customer of the grid and become a participant in it — and the decision of who owns the substation, who throws the switches, and whether you register as a NERC entity is the line between a facility the operator controls and one the utility and the regulator control for you.

POWER-BOUNDGOODPUT

What you'll decide here

  1. Whether the on-site substation and the line into it are utility-owned (rate-based, slower, capital-light to you, control surrendered) or customer-owned (capex-heavy, faster, fully controlled, and dragging NERC and O&M obligations with it).
  2. Who operates and maintains the HV yard after energization, and how switching across the point of interconnection (POI) is coordinated under a switching-and-tagging agreement so a customer breaker operation never surprises the transmission operator.
  3. Where the protection boundary sits, who sets the relays on each side of the POI, and how protection coordination is jointly studied so a fault clears at the right device without tripping the whole interconnection.
  4. Whether your facility meets the bright-line that pulls it into NERC registration as a Computational Load Entity (and into the CIP-002 → CIP-015 cluster), and if so, what a defensible compliance program actually has to produce.
  5. Which reliability-standard deliverables — TPL/PRC ride-through and protection, MOD-032/026/027 model and data submittals, EOP-004/PRC-004 event and disturbance reporting — your interconnection agreement and registration obligate you to, and on what cadence.

There is a voltage threshold above which a data center stops behaving like a building that consumes electricity and starts behaving like an element of the bulk power system. Below it, you are a load on a distribution feeder: the utility owns everything past your meter, your obligations are commercial, and the worst you can do to the grid is trip a recloser. Above it — connected at transmission voltage, drawing hundreds of megawatts that can move in milliseconds — you are a node the rest of the interconnection has to plan around. Chapter 4.2 got you the interconnection and the substation as a physical asset. This chapter is about the second set of consequences that asset triggers: who owns it, who runs it, who is liable when it misbehaves, and the compliance regime that, as of 2026, the North American regulator has decided large computational loads can no longer escape.

The forks in 4.3 are unusually expensive to re-decide because most of them are written into a thirty-year interconnection agreement (the LGIA/GIA) and a registration with the regulator, not into a procurement order you can re-cut next quarter. Get ownership wrong and you have either surrendered control of your own front door or signed up for an HV-operations competency you did not want to build. Get the compliance posture wrong and you discover, after energization, that you are an unregistered entity operating a Bulk Electric System asset — a finding no AI operator wants in front of a regional entity auditor.

The first fork: who owns the substation

The customer substation that steps transmission voltage (115 / 138 / 230 / 345 kV) down to your medium-voltage distribution can be owned by the utility, by you, or split at a defined ownership boundary inside the yard. This is the single decision in 4.3 that propagates into capex, schedule, control, and — critically — into whether NERC obligations land on the utility's balance sheet or yours. It is rarely a free choice: the host utility's tariff, the state commission, and the ISO interconnection rules constrain what is even on the menu. But where there is latitude, the tradeoff is sharp.

Utility-owned keeps the substation capital off your books and inside the utility's rate base, hands the HV-operations competency and the lion's share of the NERC exposure to an entity that already has it, and — its real cost — surrenders control of the schedule and the asset. You are now in a queue behind every other interconnection the utility is building, your energization date moves when their transformer order slips, and any change to the yard runs at utility speed and utility process. In a market where the power transformer is already the schedule-dominating long pole (≈128 weeks standard, ≈144 weeks for a GSU, and up to ~60 months in constrained markets), handing the procurement to a utility that batches and prioritizes across a portfolio can cost you the very months your time-to-power thesis depends on.

Customer-owned inverts every term. You carry the capex (a transmission-class substation is tens of millions of dollars before the line), you own the procurement and can place the long-lead transformer order the day the design basis freezes, and you control the asset and its schedule outright. The price is that you have just become — or must contract for — a transmission operator and owner. The HV yard is now your switching, your maintenance, your relay settings, your spares, your qualified-worker program (Chapter 6.9), and, above the bright-line, your NERC registration. Most large self-build operators land on customer-owned for speed and control, then immediately sub-contract the O&M to a specialist because the competency is real, regulated, and unforgiving. The hybrid — utility owns up to a defined fence inside the yard, customer owns downstream — is common precisely because it lets each side hold the assets it is best equipped to operate and be registered for.

Substation ownership: utility vs customer vs split
DimensionUtility-ownedCustomer-ownedSplit / hybrid
Capex to operatorLowest — rate-based by utility; often a CIAC contributionHighest — full transmission-class build on your balance sheetShared at the ownership fence; you fund your side
Schedule controlUtility-paced; you queue behind their portfolioYours — order the long-lead transformer on design freezeYour side is yours; utility side still gates energization
Operational control of the yardUtility operates and switchesYou operate (usually via an O&M contractor)Each owner operates to the fence; joint switching plan
NERC registration exposureLargely the utility's (TO/TOP)Yours if above the bright-line (CLE / TO / GO)Allocated by which assets sit on which side of the fence
Spares, relays, maintenance burdenUtility's programYours — spare transformer strategy, relay settings, testingSplit by ownership; interfaces must be jointly maintained
Best fitCapital-light operators; jurisdictions that mandate itSpeed-and-control self-builds at scaleWhere the utility owns the line and you own the yard
Directional tradeoffs for a transmission-connected AI campus. Exact menu is set by the host utility tariff, the state commission, and ISO/RTO interconnection rules; not all options exist in all jurisdictions.

Operations across the point of interconnection

Whoever owns the yard, the POI is a seam two organizations operate across, and seams are where coordination failures live. The governing instrument is a switching-and-tagging (S&T) coordination agreement bolted onto the interconnection agreement: it names which party may operate which device, the notification and authorization sequence before any breaker or disconnect is moved, the clearance/hold-off (lockout-tagout) protocol that protects crews on either side, and the single point of contact (typically the Transmission Operator's control center) that authorizes operations affecting the bulk system. The consequence of skipping it is not theoretical — an uncoordinated customer-side switching operation can back-feed a line a utility crew believes is dead, or drop hundreds of megawatts the balancing authority did not see coming.

That second failure mode is the one 2026 made famous. When an AI campus's protection or controls trip the whole load offline on a remote disturbance, the balancing authority experiences an instantaneous, multi-hundred-megawatt loss it could not anticipate. Coordinated operations — telemetry to the TOP's control center, agreed switching sequences, and ride-through settings that keep the load connected through faults it should ride (Chapter 4.10) — are what turn an unpredictable lump of load into a node the operator can actually dispatch around. The O&M model has to make this explicit: 24/7 HV operations coverage, an on-call switching authority, and a documented interface with the utility's control room, whether you staff it or contract it.

Protection coordination across the boundary

Protection is where the ownership seam becomes an engineering problem with milliseconds of margin. A fault anywhere near the POI has to be cleared by the right device — the one closest to the fault — without cascading trips that take out the interconnection or strand the load. That requires a single, jointly-owned protection study that spans both sides of the boundary: relay coordination curves that selectively grade from the customer's MV feeders up through the main transformers to the utility's transmission line protection, with the customer's settings explicitly coordinated against the utility's so that selectivity holds and neither side trips for a fault the other should clear.

The fork is who sets and owns the relays on each side, and the answer follows ownership — but the coordination never does. Even with a clean ownership fence, the relay settings are coupled: the customer cannot change a main-transformer differential or a feeder overcurrent setting without re-checking coordination with the utility's line relays, and the utility cannot retune its line protection without confirming the customer still grades selectively beneath it. Modern practice runs this as a controlled, jointly-reviewed settings database with change-management on both sides; the discipline matters because a mis-graded setting does not announce itself until a fault arrives, and then it announces itself as either a needless wide-area trip or a failure to clear. This is also where the protection-and-ride-through standards bite (PRC-024/PRC-027 and the load-side analogues), and where a transmission-connected entity's relay program becomes auditable. → reactive/voltage and frequency behavior toward the POI in Chapter 4.10; grounding and the protection earthing basis in Chapter 4.11.

NERC registration: the bright-line that pulls you in

For most of the cloud era, large data centers escaped NERC's functional registry because they were loads, and NERC's mandatory standards were written around generators, transmission owners, and balancing authorities — the entities that operate the Bulk Electric System (BES). In 2026 that gap closed. NERC opened Project 2026-02 (Computational Loads), issued draft registry criteria for a new functional class — the Computational Load Entity (CLE) — and backed it with a rare Level 3 Essential Actions Alert, the first time it has used its highest alert tier to address load. The proposed bright-line is specific: an entity hosting ≥1 MW of IT-equipment load as part of an aggregate connected load of ≥20 MW at a single point of interconnection at ≥60 kV becomes a registered CLE. Essentially every transmission-connected AI campus clears it.

Registration is the trigger, not the obligation. Once you are a registered entity touching the BES, the door opens to the standards that apply to your functions — and if you own transmission assets (the customer-owned-substation fork above), you may also carry Transmission Owner/Operator obligations, and if you run on-site generation that can serve the grid, Generator Owner/Operator ones (Chapter 4.8). The cybersecurity weight lands through the CIP-002 → CIP-015 cluster: CIP-002 (now CIP-002-8, FERC-approved in 2026) is the gateway — it makes you categorize your BES Cyber Systems as high/medium/low impact against the bright-line criteria in its Attachment 1 — and that categorization determines how much of the rest of the family (CIP-003 through CIP-013 governance, access, ports, patching, recovery, supply chain; CIP-014 physical security of critical substations; and the newest, CIP-015 internal network security monitoring) applies and at what depth. This is the canonical home for the CIP cluster as it applies to large loads; the broader security architecture lives in Part 11 (Chapter 11.11).

The CIP-002 → CIP-015 cluster as it lands on a transmission-connected AI campus
StandardWhat it governsWhy it reaches an AI campus2026 status / note
CIP-002Categorize BES Cyber Systems (high/medium/low)The gateway — sets how much of the rest appliesCIP-002-8 FERC-approved 2026; Attachment 1 bright-lines
CIP-003 → 011Security mgmt, personnel, access, ports, patching, recovery, info protectionStandard controls on the cyber assets that operate BES-facing equipmentMature; depth scales with impact rating
CIP-013Supply-chain risk management for BES Cyber SystemsProcurement controls on the OT/control stackIn force; ties to hardware provenance (Ch. 11.3)
CIP-014Physical security of critical transmission substationsYour HV yard can be a critical substationRisk-assessment + protection plan if in scope
CIP-015Internal network security monitoring (INSM) inside the ESPDetect lateral movement past the perimeterEffective Sep 2, 2025; phased compliance to 2028/2030
Applicability and depth scale with the CIP-002 impact categorization. CIP-015 compliance dates are phased from its Sept 2, 2025 effective date. Not legal advice — confirm scope with your regional entity and counsel.
≥1 MW + ≥20 MW
proposed CLE bright-line: ≥1 MW IT load within ≥20 MW aggregate at a single POI ≥60 kV
2026NERC draft registry criteria (Appendix 5B); Steptoe analysis
~1,500 MW
data-center load tripped on a single 230 kV fault — the synchronized-loss problem
2026NERC Level 3 Alert / Utility Dive
~1.5 GW / 82 s
load dropped in a single Virginia disturbance window; basis for ride-through mandates
2024 event, 2026 reportingNERC Large Loads work / provenance
Level 3
NERC's highest (Essential Actions) alert tier — first used for load, on computational loads
2026NERC / Davis Wright Tremaine
Sep 2, 2025
CIP-015 (INSM) effective date; phased compliance Sep 2, 2028 / 2030
2025FERC Order No. 907; Federal Register
Project 2026-02
NERC standards-development project defining the CLE functional class and obligations
2026NERC / Climate Solutions Legal Digest
~128–144 wk
power-transformer / GSU lead time — the schedule lever the ownership fork controls
2025-Q2Wood Mackenzie / pv magazine
3–7+ yr
large-load grid interconnection lead time end-to-end; up to ~10 yr in worst queues
2025ERCOT / PJM filings synthesis

The reliability obligations of a transmission-connected entity

Cyber (CIP) is one half of the registration weight; the operations-and-planning (O&P) standards are the other, and for a load they are newer and less settled. The pattern is that a transmission-connected entity has to feed the grid's planning and operating processes the data those processes need, behave the way the planners assumed it would, and report it when it doesn't. Named explicitly, the deliverables cluster into three families.

Ride-through and protection (TPL / PRC). TPL-001 is the transmission planning standard the planner runs to prove the system survives credible contingencies — and your facility is now a contingency in their case, which is exactly why your ride-through and trip settings became their business. The PRC family governs protection: PRC-024-class ride-through envelopes (voltage and frequency the equipment must tolerate without disconnecting), PRC-027 protection-coordination, and PRC-004 misoperation analysis. For an AI campus the practical obligation is to engineer the facility so it stays connected through the disturbances the planning case assumes it rides, and to coordinate its protection so it neither trips needlessly nor fails to clear. → the engineering of ride-through, reactive support, and frequency response toward the POI is built out in Chapter 4.10.

Model and data submittals (MOD-032 / MOD-026 / MOD-027). The planner and coordinator cannot study a facility they cannot model. MOD-032 is the umbrella that obligates you to submit steady-state, dynamics, and short-circuit modeling data to your Transmission Planner and Planning Coordinator on their schedule and in their format; MOD-026 and MOD-027 govern the verification of dynamic models for the reactive-control and active-power/frequency-control behavior of your equipment where applicable. The consequence of treating these as a formality is that a bad or missing model means the planner studies the wrong machine — and the first time anyone discovers the mismatch is during an event your model said couldn't happen.

Event and disturbance reporting (EOP-004 / PRC-004). When something does happen, you report it. EOP-004 mandates reporting of qualifying events (load loss above thresholds, equipment damage, system events) to NERC and the relevant authorities on a defined timeline; PRC-004 obligates analysis and correction of protection-system misoperations. For a CLE whose failure mode is exactly the synchronized multi-hundred-megawatt trip, these are not paperwork — they are the feedback loop by which the regulator learns whether your facility is a reliable grid actor or a recurring disturbance source. The large-load interconnection study deliverables that feed all of this — the steady-state, dynamic, and short-circuit studies the ISO runs before granting service — are the front end of the same obligation set, treated as a siting/queue problem in Chapter 3.2.

Deep dive: building the compliance program a CLE registration actually requires

Registration is a status; a compliance program is the machinery that keeps the status from becoming a liability. For a newly-registered CLE, the program has to produce, on an ongoing and auditable basis, several things that did not exist when the facility was "just a load." First, a registered-functions matrix: an honest mapping of which NERC functions you actually perform (CLE; possibly TO/TOP if you own transmission assets; possibly GO/GOP if your on-site generation can serve the grid) and therefore which standards apply — over-registering buys needless audit surface, under-registering is a finding.

Second, the CIP-002 categorization and its evidence: a defensible identification of BES Cyber Systems and their high/medium/low impact rating, because every downstream CIP requirement inherits its depth from that single judgment, and the categorization is the first thing an auditor tests. Third, an O&P evidence pipeline: the recurring MOD-032 data submittals, the verified MOD-026/027 dynamic models, the TPL/PRC ride-through and protection-coordination studies, and the EOP-004/PRC-004 reporting and misoperation-analysis workflow — each with a named owner, a cadence, and retained evidence, because NERC compliance is proven by records, not assertions.

Fourth, a switching, tagging, and operations interface with the Transmission Operator that is documented and exercised, not improvised. Fifth, the self-report and mitigation discipline: the regional entity expects you to find and report your own gaps and mitigate them, and a mature self-reporting posture is, counterintuitively, the cheapest way to stay out of serious enforcement. The recurring mistake is to treat all of this as a post-energization afterthought; by then the LGIA is signed, the ownership fence is fixed, and the obligations are already running. The cheap time to build the program is while the interconnection agreement is still being negotiated — because that is when the ownership and operating boundaries that determine the entire scope are still on the table.

Putting the forks together

The three forks in this chapter are not independent — they chain. The ownership decision sets where the assets sit; where the assets sit sets the operations and protection seam you have to coordinate across; and the assets you own plus the load you draw set whether you clear the bright-line into registration and which functional obligations follow. An operator who chooses customer-owned for speed has, in the same stroke, chosen to own the HV-operations interface and to register as a CLE (and likely a TO) — and should price all three together, not discover them sequentially. An operator who lets the utility own the yard has bought down the obligation but bought into the utility's schedule and lost the ability to fix protection or operations interfaces on its own timeline.

The through-line back to the rest of Part 4 is that 4.3 is the institutional layer over the physical one. The substation, transformer, and MV distribution are engineered in Chapter 4.2 and Chapter 4.4; the grid-interactive behavior those institutions now mandate is engineered in Chapter 4.10; the protection earthing and grounding basis in Chapter 4.11; and the metering and electrical-operations layer that produces the evidence in Chapter 4.12. What 4.3 adds is the recognition that, above the bright-line, none of that engineering is purely yours to decide — you share it, by agreement and by regulation, with the grid you have joined.

The physical substation, transformer sizing, and MV distribution this chapter governs are engineered in Chapter 4.2; transformer harmonics and the non-linear-load problem in Chapter 4.4. The grid-interactive engineering the reliability standards mandate — ride-through, reactive/voltage support, frequency response toward the POI — is the canonical subject of Chapter 4.10; the grounding, bonding, and protection-earthing basis is in Chapter 4.11; and the metering and electrical-operations layer that produces compliance evidence is in Chapter 4.12. On-site generation that can pull you into GO/GOP obligations is in Chapter 4.8. The HV-yard EHS and qualified-worker interface is in Chapter 6.9. The interconnection queue and large-load study front end is treated as a siting problem in Chapter 3.2. The CIP cluster cross-references the broader security architecture and certification regime in Chapter 11.11 and supply-chain provenance in Chapter 11.3.