Iranian drones hit two AWS data centers in the UAE, near-miss in Bahrain — Pure DC pauses Gulf builds, AWS waives $150M in March charges, and the trillion-dollar Middle East AI buildout reads differently now

A data center developer has paused all Middle East project investments after one of its facilities was damaged by an Iranian missile or drone attack, CNBC reported via Ars Technica. London-based Pure Data Centre Group — operating or developing 1+ GW of capacity across Europe, the Middle East, and Asia — confirmed shrapnel damage to its 16-acre Yas Island campus in Abu Dhabi (20 MW operational, designed for AI and cloud workloads, serving an unnamed hyperscale customer). CEO Gary Wojtaszek's quote sums up the moment: "no one's going to run into a burning building... no one's going to put in new additional capital at scale to do anything until everything settles down." The Pure DC pause is framed as one company's caution — but the same caution is reshaping a trillion-dollar Gulf AI buildout that includes Stargate-class projects, OpenAI's Oracle deal, and Saudi/UAE sovereign AI partnerships.

The hard data points are worse than the headline. After the February 28 US-Israeli strike on Iran, Iran retaliated by attacking shipping in the Strait of Hormuz, US military bases, and energy infrastructure across the Gulf — but also by directly striking two AWS data centers in the United Arab Emirates and a near-miss attack drone damaged a third AWS facility in Bahrain. AWS confirmed through its service dashboard on March 1 that the attacks caused structural damage, power disruption, and triggered fire-suppression systems that added water damage on top. Customer impact was real and immediate: banks, payment platforms, Dubai-based Careem, and data cloud provider Snowflake all hit cloud disruption from those facilities. AWS waived all customer charges in its Middle East cloud region for the entire month of March 2026 — roughly $150 million, not counting the damaged hardware.

The legal framework is the part that should focus builder attention. Existing civil law puts the financial burden on data center operators to absorb costs and refund clients in the event of military conflict, per Tech Policy Press analysis. Translation: war damage to data centers is uninsurable in the conventional sense. AWS ate the $150M of waivers because the contracts gave it no other option, and its hardware losses sit on its own balance sheet without recovery mechanism. For hyperscalers building sovereign AI capacity in the Gulf, this creates a non-trivial new risk: every data center built in a region that could be drawn into the Iran conflict becomes a balance-sheet exposure that grows with capacity. The trillion-dollar Gulf buildout was sold to investors on the basis of regional power costs, regulatory clarity, and proximity to capital partners — none of which factored in capital-loss scenarios at this scale. Iran's Revolutionary Guard Corps has explicitly threatened further retaliation against US companies it identifies as targets, which makes pause-not-cancel the rational decision for builders like Pure DC.

For builders, three takeaways. First, regional diversification of AI compute matters more now than it did a month ago. If you're building anything that depends on a specific cloud region, plan for multi-region failover that includes geopolitical risk, not just hardware failure — Middle East customers shifting workloads to European or Asian regions during the AWS outages have a procurement playbook now. Second, the insurance and legal frameworks for AI data centers are about to be rewritten, fast. Watch for new war-risk insurance products, force majeure contract revisions, and possibly federal indemnification for US-flagged hyperscalers operating in conflict-adjacent regions — the last of those would be a major policy shift if it happens. Third, the geographic premise of the trillion-dollar Gulf AI buildout has shifted. Saudi Arabia and the UAE pitched themselves as neutral, low-cost, abundant-power destinations for hyperscale capacity; Iran has now made every Gulf data center a target with documented kinetic risk. Some workloads will move (high-value training, sovereign data); others will stay (latency-sensitive Middle East customers, regulatory-required local processing). The split is now a real architectural decision, not a choice of where to deploy by default.