In an unprecedented series of attacks, Iran has targeted commercial data centers in Gulf countries in the context of the armed conflict initiated by the United States and Israel on Feb. 28. On March 1, it used Shahed 136 drones to strike two Amazon data centers in the United Arab Emirates (UAE), causing devastating fire, power outages, and further damage as firefighters fought the blazes. A strike on a third Amazon data center in Bahrain soon followed, although reports suggest the attack caused the damage indirectly when a drone hit nearby. It is unclear at this time whether the strike slightly missed the data center or merely caused collateral damage to the facility while attacking another target.
These attacks highlight the importance of data centers to civilian society and their growing operational significance in contemporary warfare. The increasing reliance on cloud computing and artificial intelligence (AI) also raises a number of intricate issues that have been at the heart of controversy over the application of rules governing the “conduct of hostilities,” which form part of the body of international law known as the law of armed conflict (LOAC). Do data centers qualify as lawful military objectives? If so, under what circumstances are they subject to attack? And what precautions must be taken before attacking those used for civilian purposes as well? We tackle these and related LOAC issues in this article.
In this regard, it is essential to note that the data center attacks occurred during an international armed conflict between Iran and both States – the UAE and Bahrain. Such conflicts are triggered when one State engages in hostilities with another (DoD Law of War Manual, § 3.3.1; Tadić, Jurisdiction, ¶ 70). On Feb. 28, following U.S. and Israeli attacks across Iran, Tehran launched hundreds of drones and missiles at targets in neighboring States, including the UAE and Bahrain. Some of Iran’s targets were U.S. military facilities, which might have raised questions regarding the exercise of belligerent rights in neutral territory against an enemy located there. Others were not, including the data centers attacked in the UAE and Bahrain, which means Iran’s bombardment of those countries undeniably initiated an international armed conflict between Iran and those two States. Accordingly, there is no question that the law of armed conflict governed the operations against the data centers.
We do not engage with the jus ad bellum, which concerns the overall lawfulness of Iranian strikes on the territories of the UAE and Bahrain. Whether a State is acting in violation of the prohibition on the use of force in Article 2(4) of the UN Charter or in individual or collective self-defense under Article 51 simply has no bearing on the law of armed conflict; its rules equally bind both the aggressor and the victim (ICRC 2015 Challenges Report, ¶ 76; DoD Law of War Manual, § 3.5.2.1). Our sole objective is to identify and explore issues under LOAC raised by attacks on data centers.
The Factual Context
The Iranian drone attacks on Amazon Web Services’ data centers damaged civilian data and affected services across the Gulf region. The Guardian, for instance, reported that people in the UAE were unable to access numerous applications that rely on Amazon’s cloud, including for banking and food-delivery services. And on its website, Amazon urged customers to back up their data to data centers in other regions to prevent further damage or loss. As of March 11, eleven days after the attacks, the functioning of the Amazon data centers in the UAE remains disrupted.
Iranian State television claimed that the Islamic Revolutionary Guard Corps (IRGC) launched the attacks “to identify the role of these centres in supporting the enemy’s military and intelligence activities” (here and here). It is unclear how it hoped to do so through kinetic attacks. Indeed, there is no publicly available information as to whether the attacks impacted U.S. military operations or the military capabilities of Bahrain, the UAE, or Israel. But there is no question that data centers can prove critical during military operations, especially when leveraging AI technologies. They can provide computing resources to (re)train and run AI models and to store intelligence for further algorithmic analysis.
Although there is no publicly available information on whether the United States (or other militaries) used these specific data centers, it is clear that it relies on Amazon cloud services. In 2023, Amazon (along with Microsoft, Google, and Oracle) won the contract for the Joint Warfighting Cloud Capability (JWCC), which involves developing “mission-critical cloud capabilities” (here and here). Amazon is also the primary cloud provider for Claude Code, which recently drew significant attention amid the falling out between the Trump administration and Anthropic. Despite the government’s decision to classify Anthropic as a “supply chain risk,” Secretary of Defense Pete Hegseth made clear at the time of his announcement that he intended to maintain Claude’s extensive deployment in U.S. military systems for up to six months. Indeed, reports suggest that Claude Code remained in use during Operation Epic Fury and, therefore, presumably relied on Amazon data centers.
There are no public reports on whether the United States (or any other State involved in the conflict) used data centers in the Gulf region for data storage or to sustain AI processing. As to data storage, the United States requires contracted cloud-computing service providers to store data within the United States. except when physically located on Department of Defense premises or authorized by the “appropriate official.” As the data centers were not on U.S. military bases overseas, moving such data to Amazon data centers in the Gulf region would require special authorization; we are unaware if that has been granted. And we speculate that there would be hesitancy to do so with classified data, except in the case of storage on a U.S. military base, although, again, we simply do not know. Likewise, we are unaware whether any other States involved in the conflict are storing their military-related data in the centers or otherwise using them for military purposes.
However, as a general matter, latency (the time it takes for data to be transmitted) is the key obstacle to the effective use of AI in highly time-sensitive operations. Therefore, militaries often seek to bring computing capabilities close to the point of use, or even directly onto AI-enabled systems (i.e., edge computing). In light of this distinction, the use of Amazon data centers, if any, is more likely to be in relation to sustaining AI use, rather than to store data. But to reiterate, it is not clear from public reporting whether any of the belligerents’ militaries used any of the targeted data centers for military purposes.
The relevance of data centers during armed conflict came into sharp relief when, in October 2025, Microsoft cut Israel Defense Forces (IDF) Unit 8200’s access to its Azure cloud services. The IDF reportedly used Azure cloud infrastructure in the Netherlands to store intelligence, such as intercepted Palestinian phone conversations, and to operate OpenAI’s language model. In addition to Microsoft’s Azure, Israel also relied on Amazon’s cloud computing services, as “their advanced capabilities in artificial intelligence” provided “significant operational effectiveness” compared to Israel’s government capabilities.
The fact that modern militaries rely on data centers to conduct operations raises a number of questions concerning the Iranian attacks on Amazon’s centers. Two are of particular significance. First, are data centers lawfully targetable under LOAC and, if so, under what circumstances? Second, what does LOAC require of militaries that store sensitive intelligence data alongside civilian data?
Targetable Objects Under IHL
Data centers are facilities that house multiple networked computer servers. Under LOAC, they are “objects.” As such, attacks that either target them or, if civilian, cause them “collateral damage” trigger the application of targeting rules, in particular the prohibition on attacking civilian objects, the proportionality rule, and the requirement to take feasible precautions in attack. As Iran (like Israel and the United States) is not Party to the 1977 Additional Protocol I to the Geneva Conventions, which sets forth these rules in treaty form, customary LOAC targeting rules govern the data center attacks. The ICRC has articulated them in its Customary International Humanitarian Law study (rules 7, 14, 15; see also DoD Law of War Manual, §§ 5.6, 5.11, 5.12).
The first step in assessing the lawfulness of an attack is to determine whether an object is civilian and therefore not subject to attack. As noted in Article 51(1) of Additional Protocol I, which reflects customary law, “civilian objects are all objects which are not military objectives.” Thus, the law is binary; an object is either a civilian object or a military objective. For the most part, LOAC’s protections extend only to the former (there are exceptions for certain military objectives, such as special protections for military medical facilities).
The universally accepted definition of “military objective” is set forth in Article 52(2) of Additional Protocol I (DoD Law of War Manual, § 5.6.3). By that definition, military objectives are “objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage.”
For this analysis, the “use” (current use) and “purpose” (future use) criteria are the determinative ones (DoD Law of War Manual, § 5.6.6.1). Thus, if the data centers were being or would be used by the armed forces of Iran’s enemies to execute or enhance military operations (an “effective contribution”) and attacking them would hinder their operations (a “definite military advantage”), they were targetable military objectives, subject to application of the proportionality rule and the requirement to take precautions in attack (see below).
In this regard, it is not any contractual relationship between Amazon and the military that matters. Instead, for the effective contribution requirement to be satisfied, the object attacked must itself be in the service of the military (or be expected to certainly be used in that way in the future). The Department of Defense’s Law of War Manual states that “this contribution need not be ‘direct’ or ‘proximate’” (§ 5.6.6.2). Still, as explained in the Harvard Manual on the International Law Applicable to Air and Missile Warfare, the contribution to military action “must be actual and discernible, not merely hypothetical or speculative” (page 121). And as noted in the International Law Association’s study group report on targeting, the effective contribution requirement “requires a proximate nexus between the object and the fighting” (page 329).
To illustrate the types of objects make an “effective contribution” to military action, consider data centers that store and process military intelligence, support operational planning, or power military AI applications and systems. Any such uses would self-evidently constitute an effective contribution to military action. Yet, a data center that merely stores human resources data on civilian government employees who are completely uninvolved in maintaining or enhancing military capabilities, even indirectly (such as U.S. Army Corps of Engineers park rangers), would not effectively contribute to military action.
We caution that the threshold for making an effective contribution to military action is relatively low. It is the second prong of the military objective test that is particularly significant in determining whether an object qualifies as a military objective in an ongoing conflict. That prong requires that its neutralization, damage, or destruction yield a “definite military advantage” for the attacker.
It is here that the attack’s specific context comes into play. Such assessments are made on a case-by-case basis (Galić, Trial Judgment, ¶ 58). The key is that the military advantage must be “definite” in the particular circumstance of the conflict. The ICRC’s Commentary to Additional Protocol I explains, “it is not legitimate to launch an attack which only offers potential or indeterminate advantages. Those ordering or executing the attack must have sufficient information available to take this requirement into account” (¶ 2024). Similarly, the DoD Law of War Manual provides, “‘Definite’ means a concrete and perceptible military advantage, rather than one that is merely hypothetical or speculative. The advantage need not be immediate” (§ 5.6.7.3). Clearly, any reliance on data centers in the UAE or Bahrain by U.S. or other forces for operations in the region satisfies this prong.
Accordingly, attacking data centers to damage military data or disrupt data access to it will usually offer a “definite military advantage.” This is the case even when data is backed up across several data centers, which is done to ensure that if one data center is hacked or physically damaged, there is no service disruption or permanent data loss, as it remains stored in another data center; the key is redundancy and operational continuity. But even if only one center is struck, and the data remains in the other data centers, an attack on that center will still provide a definitive military advantage. It is just that the military advantage of striking only that center will be limited because the data is still accessible on the others. This point is particularly relevant to the proportionality assessment, which requires consideration of the degree of anticipated military advantage in light of expected collateral damage (see below).
However, it should be emphasized that most States are reluctant to share government data with private actors, such as Amazon Web Services. As mentioned, the United States would generally restrict the hosting of government data to areas where the United States maintains control, such as those within the United States or potentially within U.S. military bases. This does not preclude the possibility that the centers were used by the other armed forces in this conflict to store their data.
The clear military advantage is even more evident when data centers are used for more than just data storage. For instance, data centers may be used to train, update, or partially run AI-enabled military applications and systems. The data center in question must be in current use or planned for future use for its destruction to offer a definite military advantage; it is not enough that the data center was used to train an AI application, such as a large language model, prior to its deployment in conflict. Thus, a data center supporting the use of military AI beyond storing data also evidently qualifies as a military objective, as its destruction would offer a definite military advantage by disrupting and undermining the enemy’s AI-based operations.
It must be cautioned that distinguishing between civilian objects and military objectives must be accomplished before the attack. An attack cannot be launched “to identify the role of these centres in supporting the enemy’s military and intelligence activities,” as the Iranian news media suggests happened (emphasis added).
It is more likely that Iran attacked them because the United States or other belligerents might have used them for military purposes. This raises the issue of doubt. In case of doubt as to whether an object qualifies as a military objective, the prevailing view is that it must be considered to be civilian. As noted in the DoD’s Law of War Manual, “Under the principle of distinction, commanders and other decision-makers must presume that persons or objects are protected from being made the object of attack unless the information available at the time indicates that the persons or objects are military objectives” (§ 5.4.3.2).
Of course, doubt lies along a continuum of certainty from mere speculation to absolute certainty. An attack with insufficient certainty is unlawful as an indiscriminate attack (Galić, Appeals Judgment, ¶ 132). This is always a contextual determination, one that takes account of such factors as, inter alia, the value of the desired effect, the probability of achieving that effect, the degree of uncertainty, and the extent of civilian harm in the event of misidentification (see Schmitt and Schauss). So, the question, assuming the Iranian attacks were launched in the face of uncertainty as to the qualification of the data centers as military objectives, is how much doubt did Iran have, and was that doubt enough to render the attacks indiscriminate?
But we want to reemphasize that it is not clear from the publicly available information whether the specific Amazon data centers targeted by the Iranian drones were supporting the AI-enabled applications and systems used by the U.S. armed forces. Moreover, as noted above, it is unlikely that the U.S. military would rely on servers not located within U.S. territory or on U.S. bases for its most sensitive operational uses. If the data centers were not being employed for military purposes, and would not almost certainly be so used in the future, the strikes violated the LOAC prohibition on attacking civilian objects.
The Challenges of Dual-Use Objects
For the sake of analysis, let us assume that U.S. and other armed forces involved in the conflict were using Amazon’s data centers in a way that effectively contributed to military action, and attacking them would result in a definite military advantage for Iran. Accordingly, they qualify as military objectives.
This presents the dilemma of how to treat a data center that simultaneously hosts military and civilian data. As so-called “dual-use objects,” there is no question that the building and the servers therein, which are likely affixed to the building and networked, constitute a military objective (DoD Law of War Manual, § 5.6.1.2). The International Law Association’s study group on targeting noted in this regard that “today’s prevailing understanding of the notion of military objective is that once an object is used in such a way as to fulfill the definition of military objective, the entire object becomes a lawful target” (page 336). But as the study group observed, there are different approaches to treating the civilian aspects of the data center (e.g., specific servers that do not store military data) in a proportionality calculation and in determining whether precautions to avoid harming civilian objects are feasible.
The proportionality rule provides that “launching an attack which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated, is prohibited” (ICRC Customary International Humanitarian Law study, r. 14). According to the precautions in attack rule, “all feasible precautions must be taken to avoid, and in any event to minimize, incidental loss of civilian life and damage to civilian objects” (id., r. 15).
There are two views on how to treat the civilian aspects of a dual-use object, such as a data center, in the context of these rules (see discussion here). By the first view, shared by the United States and Israel, even when an object consists of distinct parts, as in apartments in an apartment building, the object qualifies as a military objective in its entirety; the civilian components are not treated separately when determining whether the harm might be disproportionate (“excessive”) or whether there are alternative weapons, tactics, or targets that might reduce risk to them without sacrificing military advantage. This is the case, at least, for indivisible objects, where it is not possible to attack one part of the object without causing damage to the rest (as distinct from area targets, such as a military base with civilian buildings, regarding which there are differing views).
If the Amazon data centers hosted and processed data used by the United States or other States in military operations against Iran, an attack on them, by this view, would be lawful regardless of any damage to servers storing purely civilian data. This is the case with kinetic attacks, which are unlikely to damage a single server without affecting the others in the same building, especially given the high risk of fire, as in the attack on the UAE data center. Of course, any collateral damage to other civilian objects nearby or incidental injury to civilians in the facility or nearby would have to be considered in the proportionality and precautions assessments.
From a second widely accepted view, most prominently put forward by the ICRC (pages 37-38), an attacker must consider the civilian aspects of an object that otherwise qualifies as a military objective in the proportionality assessment and take feasible precautions to minimize civilian harm to it. This would include any servers the attacker could identify as solely dedicated to civilian use.
Under this approach, Iranian forces were required to consider whether the expected harm to civilian components was “excessive” relative to the anticipated military advantage. The collateral damage in such a strike would include physical damage to servers not used for military purposes. The collateral damage assessment would be complicated by the question of whether the data itself is an object such that the loss of civilian data would also have to be considered, a topic beyond the scope of this article (but see discussion here).
Military advantage in the proportionality calculation denotes hindering the enemy’s operations or enhancing one’s own. To illustrate, damaging a data center that provides highly advanced GPU processing for running, updating, and training AI applications may significantly disrupt an enemy’s military operations, offering a considerable military advantage. Yet, if military data is stored across multiple data centers, the expected military advantage from damaging a single center would likely be minimal, as data could easily be easily recovered.
By the second view, the attacker would also have to consider whether the sought-after military advantage could be acquired through more surgical means that would minimize damage to civilian-use servers and, by the contested view that data is an object, to civilian data. For instance, if feasible under the circumstances, cyber operations could be used to disable military access to intelligence data in the centers or to target specific servers rather than resort to a physical attack on the data center. Alternatively, if it were possible to attack only the area of the data center where servers hosting military data are located without destroying the entire center, the attacker would need to do so.
The full extent of the damage and disruption to civilian services caused by the Iranian attacks on Amazon data centers is not yet known. Nevertheless, it is likely to be extensive given that Amazon is one of the world’s biggest providers of cloud computing. Under both views, an attacker would have to factor indirect harm that causes the requisite consequences outlined in the proportionality and precautions rules (injury, death, damage) into the assessments in addition to the physical harm caused to civilians and nearby civilian objects as a result of the direct effects of the kinetic attack (e.g., blast, building collapse, fire) (ILA Report, § 1.1.1). For instance, if civilian applications and services powered by a data center caused the loss of critical medical services that affect health, that loss would have to be considered.
It is unsettled whether non-physical indirect consequences, such as a loss of system functionality, are ever considered harm in these assessments (Tallinn Manual 2.0, r. 113 commentary). There is consensus, however, that mere inconvenience, as such, does not count (DoD Law of War Manual, ¶ 5.12.1.2). For instance, the fact that civilians in Dubai had trouble accessing their banking data would not need to be considered in the proportionality or precautions analysis unless that inability eventually led to physical consequences, such as severe hunger.
Regarding indirect effects, we caution that attackers are obligated to assess only foreseeable direct and indirect effects. Foreseeing the indirect consequences of an attack on a data center can be challenging, for information regarding the services hosted by a particular data center is seldom readily available due to the data center’s sophisticated cybersecurity.
Even if the data centers attacked by Iran qualify as military objectives and Iran reasonably concluded as much before attacking, the nature of data centers makes it difficult to assess compliance with both the proportionality and precautions in attack rules. Such assessments are highly contextual, especially regarding indirect attacks. Given the lack of sufficient information in the public domain, it is impossible to render a definitive judgment regarding the lawfulness of the Amazon data center attacks, even if they qualified as military objectives.
The military use of Amazon data centers
There are numerous concerns about the military’s use of privately owned data centers. Key among the LOAC-relevant concerns is the requirement that parties to the conflict take so-called “passive precautions.” As noted in the ICRC’s Customary International Humanitarian Law study, “The parties to the conflict must take all feasible precautions to protect the civilian population and civilian objects under their control against the effects of attacks” (r. 22; see also DoD Law of War Manual, § 5.14). Highlighted in the Tallinn Manual 2.0, this obligation requires States to take appropriate precautions to separate, compartmentalise, or otherwise shield civilian data and systems from attacks (r. 121).
The obligation to take passive precautions is subject to feasibility. In other words, parties to an armed conflict need only take practicable steps to reduce the risks to civilians posed by their military operations. What is practicable depends on the circumstances at the time and includes considerations of “the success of military operations.”
We can distinguish at least three distinct passive precautionary measures for data centers. First, States can simply refrain from using data centers that host civilian data and provide civilian services, including those used by non-military governmental agencies. Using them to support military operations heightens the risk to civilians and civilian objects. Some States have adopted this approach. For instance, South Korea established the Defense Integrated Data Center, “a centralized hub for sensitive defense documents and strategic operational plans.” As a result, the North Korean attacks on the data center in 2017 did not affect civilian data and services. But on the other hand, some States, like Israel, argue that access to big tech companies’ cloud computing provides them with capabilities (e.g., the previously-mentioned highly advanced GPUs) and storage that they otherwise would not be able to obtain through State-owned data centers alone.
Second, in cases where States decide it is necessary to rely on privately owned data centers to deliver military capabilities, they can take precautions regarding the storage of that data. For instance, States could, to the extent feasible, ensure that classified military data is stored in centers physically separated from centers that host civilian data. The best example is Amazon’s modular data centers for the Department of Defense, which are “self-contained data centers” that can be deployed to locations with limited infrastructure. Such data centers are used in a manner that isolates them from civilian data and services. We are unaware as to whether the Amazon data centers in the UAE or Bahrain were organized to isolate modules used for military purposes, if any, from those serving civilian purposes.
Third, if the military use of data centers cannot be separated, compartmentalized, or isolated from civilian uses, then States could take passive precautions regarding the kinds of data that are commingled. For instance, this might mean hosting military data and military AI applications only in data centers that do not support critical civilian data, such as health-related or banking data.
Whether the U.S. or other armed forces have taken feasible precautionary measures to comply with their obligations to protect civilians from the effects of attack would rest on a contextual analysis of whether and under what circumstances they used the Amazon data centers. There is insufficient information in the public domain at this time to make a definitive assessment in this regard.
Conclusion
Iran’s kinetic strikes on Amazon data centers represent an unprecedented, perhaps even first, attack on commercial data centers by a party to an armed conflict. They illustrate how the “cloud,” often perceived as an intangible digital domain, can be affected through conventional kinetic force. Such attacks not only affect the military’s access to and storage of data, but also signal the coming centrality of kinetic operations to counter AI-enabled operations, some of which rely on cloud computing infrastructure for algorithmic data processing. And they underscore the proximity of military activities and civilian life in spaces that sustain their digital activities.
But at the end of the day, the lawfulness of such attacks turns on familiar LOAC issues: whether the data centers qualified as military objectives and how uncertainty regarding their use should be treated. The strikes also highlight the challenges posed by dual-use digital infrastructure to the application of LOAC. Data centers supporting military intelligence processing, AI-enabled applications, or operational planning may become lawful targets if their destruction provides a definite military advantage. Yet their simultaneous support for extensive civilian services—from banking to health systems—makes assessing the expected collateral damage and the need for, and feasibility of, precautions in attack particularly difficult. The interconnected, opaque nature of cloud infrastructure further complicates these assessments, especially regarding foreseeable indirect effects.
Finally, the events underscore broader legal concerns regarding the military use of privately owned cloud infrastructure. Storing operational data or running AI-enabled capabilities on commercial systems that also support civilian activity risks significant disruption of civilian life when the enemy attacks them. Measures such as segregating military data, relying on dedicated infrastructure, or compartmentalizing sensitive systems may therefore become increasingly important.
In short, the Iranian attacks demonstrate that data centers have become operationally relevant infrastructure in modern conflict. As militaries increasingly rely on cloud computing and AI-enabled systems, the intersection of civilian digital infrastructure and military operations will continue to raise complex questions under LOAC’s conduct of hostilities rules.
– Klaudia Klonowska and Michael Schmitt, Published courtesy of Just Security.
