Summary

  • Qu is a new operating platform built from old legacy: nine Rogers Business data centre client facilities acquired for CAD 184 million, while Rogers kept its corporate facilities and continues to sell connectivity and data centre services in the portfolio.
  • The inherited footprint is commercially useful because it is operational now, but Qu’s own disclosures juggle 17 MW “available today”, over 38 MW of utility power, and 49 MW of capacity. Most disclosed rack limits are 5–15 kW; only Markham reaches 30 kW, well below the roughly 120 kW required by a current NVIDIA GB200 NVL72 rack.
  • Canadian incorporation, management and operations can reduce some foreign-jurisdiction exposures, especially for client-owned colocation equipment. They do not make data categorically unreachable by foreign legal process, eliminate foreign technology dependencies, or replace workload-level control of encryption, administrators and subcontractors.
  • Qu’s strongest near-term proposition is continuity for regulated and mid-market clients that need Canadian space, remote hands, connectivity and disaster recovery. Its hardest test is whether InfraRed’s expansion capital can secure utility capacity, modernise cooling and disentangle service dependencies faster than legacy leases, network identifiers and contractual switching costs constrain the platform.

CAD 184 million changed control, not electrons

The clearest way to understand Qu is to start with what did not happen. Nine greenfield campuses were not suddenly built in December 2025. Power feeds were not newly secured, fibre was not freshly dug, and more than 750 clients did not migrate in a weekend. The same rooms that had run under Rogers kept running while the economic owner and operating identity changed.

Rogers announced in August 2025 that it had agreed to sell nine Rogers Business data centre client facilities to funds managed by InfraRed Capital Partners. It explicitly excluded the corporate data centres supporting Rogers’ own network and information technology, and stated that it would continue to sell data centre and network connectivity services to clients in the divested facilities. Rogers’ 2025 annual report then recorded a December closing for gross proceeds of CAD 184 million and a gain of CAD 69 million. These documents are more useful than launch rhetoric because they define the perimeter: this was the sale of a commercial hosting portfolio, not the separation of Rogers’ underlying telecommunications network or every building that ever carried a Rogers data centre label. (Rogers sale announcement;Rogers 2025 Annual Report)

Qu launched publicly on 8 December under the nameQu Data Centres Limited Partnership. Its announcement described 374,000 square feet of total space, 187,840 square feet of white-floor IT space, nine locations in Calgary, Edmonton, London, Ottawa and Toronto, and “up to 49 MW” of capacity. It also promised continuity of services and said Rogers would remain a sales and connectivity partner. (Qu launch announcement;Data Centre Dynamics transaction report) This is a credible opening inventory, not proof that 49 MW are simultaneously constructed, commissioned, uncontracted and deliverable at the rack densities a new buyer wants.

The transaction therefore created two distinct products. The first is continuity: clients could keep their equipment in known rooms, retain familiar support staff, and buy connectivity through an established channel. The second is a reinvestment option: an infrastructure fund can spend behind a portfolio that might have competed for capital inside a much larger telecommunications company. Qu’s value depends on converting that option into measured, site-specific delivery.

A renamed cage is not new capacity; a right of use is not a commissioned data hall; and a megawatt of conventional rack load is not interchangeable with a megawatt designed for liquid-cooled AI.

The purchase price also puts scale in perspective. CAD 184 million for nine operational sites is not a nine-hyperscale-campus valuation. It bought a heterogeneous collection of enterprise facilities with different ages, densities, certifications and expansion paths. The apparent low price per site cannot be read without an asset schedule showing property ownership, leases, customer obligations, deferred maintenance and contracted electricity. None of these details are disclosed in Rogers’ public sale disclosure.

An acquirer can create value by filling unused capacity, increasing utilisation, bundling managed services and investing selectively. A client should not assume that the financial sponsor’s return case requires the same investments or time horizon as the client’s ten-year infrastructure plan.

The legal entity behind the Q

The operational boundary matters because Qu’s marketing often compresses several layers into “100% Canadian ownership”. The Canadian legal platform is real. A Legal Entity Identifier registration namesQU Data Centres Limited Partnership, an Ontario limited partnership created on 30 June 2025, with Ontario registration number 1001283832. The same registration showed the entity as legally active while its LEI registration expired on 2 July 2026; an expired LEI means the identifier was not renewed, not that the enterprise ceased. It does not disclose a consolidating parent. (Bloomberg LEI registration)

Canadian trademark records reinforce the boundary. Qu Data Centres Limited Partnership filed the QU DATA CENTRES trademark on 30 June 2025. The register also notes a March 2026 security agreement in favour of Bank of Nova Scotia acting for secured parties. This is evidence of a financial security interest, not enough to establish the amount of debt, the covenant package, or which particular assets are pledged. It nonetheless reminds a procurement team that “backed by” equity and “unlevered” are not synonyms. (Canadian trademark register)

Above Qu sits InfraRed Capital Partners, the infrastructure investment manager that acquired the Rogers portfolio as part of its value-add strategy. InfraRed itself is part of SLC Management, Sun Life’s institutional asset management business. Sun Life finalised its purchase of the remaining 20% of InfraRed in 2024, having bought a majority in 2020, making InfraRed fully owned at the manager level. InfraRed says it manages approximately USD 13 billion in equity. (Sun Life 2024 finalisation notice;InfraRed corporate profile) However, funds managed by a Canadian-owned manager may have both Canadian and international limited partners. Qu CEO James Beer acknowledged “Canadian and international investors” when he testified before a House of Commons committee in April 2026. The exact formulation is therefore narrower than the slogan: Qu is an operating platform organised and managed in Canada, controlled by a Canadian-owned investment manager; public evidence does not show that every ultimate source of fund capital is Canadian.

Naming is less tidy than it should be. The launch and brand identify the limited partnership, but Qu’s master service agreement and privacy notice use “Qu Data Centres Ltd.” in places, while other product terms identify the limited partnership. The federal lobbying register also names “Qu Data Centres Ltd.” and lists Beer as responsible officer. (Qu service agreement;Federal lobbying registration) This could be harmless drafting shorthand or reflect another entity in the group. A client should still require the exact legal name and number of the contracting party, the facility operator, the owner or lessor, the insurance holder and the entity granting service credits. These roles should not be inferred from a logo.

Public evidence also does not establish that Qu holds freehold title to every property. The company consistently says it operates nine facilities. A February 2026 service list in an Alberta property receivership identifies Qu Data Centres Limited Partnership as tenant of one building, showing at least one landlord relationship in the portfolio. (MNP receivership service list) The document does not justify extending that conclusion to all nine sites. Facility diligence must distinguish owned land, owned improvements, long-term leases and operating rights site by site, then match lease duration, renewal options, mortgagee rights and quiet enjoyment protection to the client contract.

Nine legacy rooms and three capacity figures

Qu’s portfolio is not a standardised platform. It is nine facilities in five metropolitan markets, accumulated over years and now presented under a single brand. The four formal Uptime Institute Tier III certifications are legacy achievements attached to specific sites: Calgary CGY3 in Airdrie, Edmonton EDM2, Ottawa OTT3 in Kanata and Toronto TOR3 in Markham appear on the institute’s Canadian awards register with Tier III design and constructed-install certifications. (Uptime Institute Canada awards) The other five may use redundant components and audited controls, but they should not be described as Uptime-certified simply because they are in the same portfolio.

The following inventory consolidates Qu’s current location pages. All dimensions, utility figures, cooling descriptions and rack limits are company assertions unless otherwise noted in the certification column.

SitePublicly stated physical and power envelopeStated rack density and coolingIndependently visible tier status
CGY1, Calgary25,649 sq ft; 2.6 MW utility power5–10 kW per rack; 510 tons, N+1No Uptime award found for this site
CGY2, downtown Calgary39,470 sq ft; 32,000 sq ft white space; 1.8 MW, described as scalable to 6 MW5–10 kW per rack; 960 tons, N+1No Uptime award found
CGY3, Airdrie80,000 sq ft; 42,600 sq ft raised floor; 9 MW at full design5–10 kW per rack; 1,450 tons, N+1Tier III design and construction award
EDM1, Edmonton18,000 sq ft; 15,712 sq ft raised floor; 2.5 MW5–10 kW per rack; 248 tons, N+1No Uptime award found
EDM2, Edmonton35,000 sq ft; two floor surfaces indicated; 2.5 MW Tier II and 3 MW Tier III configurations5–10 kW per rack; 1,450 tons, N+1Tier III design and construction award
OTT2, Nepean16,500 sq ft; 8,800 sq ft raised floor; 1,600 kVA described as scalableAt least 5 kW per rack; 280 tons, N+2No Uptime award found
OTT3, Kanata28,000 sq ft; 6,500 sq ft raised plus 5,400 sq ft slab; 2 MW described as scalable to 10 MW5–15 kW per rack; 570 tons, N+1Tier III design and construction award
TOR3, Markham50,000 sq ft; 30,000 sq ft raised floor; 10 MW utility powerUp to 30 kW per rack; free-air/EconoPhase coolingTier III design and construction award; Qu also indicates LEED Silver
LDN1, London51,796 sq ft; 5 MW described as scalable to 20 MW5–10 kW per rack; 580 tons, N+2No Uptime award found

(Calgary facilities;Edmonton facilities;Ottawa facilities;Toronto facility;London facility)

This table exposes the central analytical problem in Qu’s capacity story. Its launch says “up to 49 MW”. The locations page calls 49 MW “capacity”, then, in another sentence, says it has “49 MW of available capacity and 38+ MW of utility power”. The colocation page meanwhile advertises 17 MW “available today”. (Qu locations;Qu colocation) These numbers can all be reconcilable if they respectively mean full design potential, total utility service, and currently commissioned sellable load. Qu does not publish this reconciliation. The sum of facility figures is also sensitive to whether the “scalable” numbers replace or supplement current supply, and whether utility power means raw service, critical IT load, or usable capacity after redundancy and mechanical overhead.

For procurement, megawatts need verbs and dates. Is a quoted megawatt powered at the switchboard, commissioned via the full electrical and cooling path, reserved by another client, or conditional on a utility study and capital project? What is the critical IT load after target redundancy? At what rack density is it deliverable, with what floor loading and what chilled-water conditions? A signed proposal should state these answers for the chosen hall, not refer to a national portfolio headline.

There are smaller disclosure errors worth treating as process indicators rather than trivia. Qu’s Ottawa location material presents two facilities, OTT2 and OTT3, but its colocation page says it operates three facilities in the national capital region. A legacy Rogers wholesale brochure once described a 12-site Canadian portfolio, including Hamilton and Halifax; the Qu transaction covered nine and public disclosures do not explain each exclusion. (Legacy Rogers wholesale brochure) None of this proves an operational defect. It shows why a current facility schedule, not a website aggregation, should govern a request for proposals.

Continuity was the first product

Qu’s primary client workflow is legacy enterprise colocation. A buyer chooses a cabinet, cage, private suite or hall; ships and installs equipment; orders redundant power and interconnects; arranges carriers or Qu-managed internet; and uses on-site staff for access, reboots, cable swaps and media management. Around this physical core, Qu sells private cloud, virtual private cloud, managed Windows or Red Hat servers, managed firewalls, backup, object storage and disaster recovery. It also offers cloud gateways via Megaport to AWS, Microsoft Azure and Google Cloud. (Qu solutions;Qu interconnection)

This breadth explains why keeping Rogers as a channel matters. A Canadian multi-site enterprise can keep buying a WAN or internet circuit from Rogers while its equipment sits in a room now operated by Qu. The client avoids an emergency migration, Qu starts with revenue and commercial reach, and Rogers preserves connectivity revenue without tying up capital in facilities. The arrangement is rational for all three parties.

It also complicates the claim that Qu is a “pure-play” neutral alternative to a telecom-owned data centre. Facility ownership has separated, but commercial and technical dependence may persist. A client provisioned by Rogers may have a Rogers contract, a Qu contract, or an embedded order where liability flows across both. An interconnect may land on a non-Rogers carrier while managed internet still uses legacy Rogers routing assets. A cloud connection may be provisioned via Megaport while the managed virtual environment, backup repository and remote hands remain with Qu.

Neutrality is a menu of choices at each layer, not a property that automatically flows from the building to every service.

The transition also creates a practical test of operational continuity. Qu says it has more than 130 Canadian employees and two decades of operating history. The history belongs to the staff and acquired facilities; the Qu legal platform is new. This is not misleading if personnel, operating procedures and maintenance records genuinely transferred, but buyers should verify staff retention by function and site.

Useful questions are not whether “the team” moved in the abstract, but who holds high-voltage switching authority, who manages change control, which OEM contracts were transferred, who owns the configuration management database, and whether escalation paths still pass through Rogers.

One contract, multiple technical dependencies

Qu’s service stack spans very different control boundaries. In basic colocation, the client owns the servers, storage, operating systems, applications, encryption keys and most cybersecurity controls. Qu supplies the room, power, cooling, physical access and contracted hands. In managed hosting, Qu’s administrators may operate the server or firewall. In virtual private cloud, the client consumes compute built on Qu’s shared infrastructure. Disaster recovery adds Zerto replication; backup adds Veeam; cloud interconnection adds Megaport and a hyperscaler.

The same Canadian address can therefore contain workloads with radically different legal, operational and failure dependencies.

Qu describes its private cloud as single-tenant and its virtual private cloud as multi-tenant, with VPC availability in CGY3, TOR3 and OTT3. It states these services are operated in its own facilities rather than resold public cloud. (Qu virtual and private cloud) This claim should be tested at the component level: hypervisor and orchestration providers, storage replication, identity provider, support telemetry, licensing calls, administrator location, backup target and disaster recovery pair. “Hosted in Canada” answers where the primary hardware sits. It does not answer who can administer it, which vendor receives diagnostic data, or whether a foreign parent controls a critical software supplier.

The published product terms are more precise than the marketing. Qu’s disaster recovery service uses Zerto, requires a separate statement of work for professional services and includes limited annual testing time. The terms warn that replication is not a backup and make the client responsible for its broader business continuity plan. Standard connectivity is shared, and recovery objectives remain dependent on bandwidth, change rate, application consistency and tested playbook. (Qu DRaaS product terms) The dedicated backup terms state a standard retention period of 15 days, which may be too short for late ransomware discovery or regulated retention unless an order modifies it. (Qu dedicated backup terms)

Availability also changes by service. The colocation schedule offers 100% SLAs for redundant power and high-availability connectivity, while non-redundant power and other connectivity have lower targets. The current online product index describes 99.99% availability for private cloud but 99.5% for virtual private cloud virtual servers. (Qu product terms index) A site’s Tier III design does not elevate every application to the same service level. Application availability is the product of the power path, network, virtualisation layer, storage, recovery design and client architecture — and each layer has its own exclusions.

Implementation therefore starts with a responsibility matrix. It should identify who installs equipment, supplies A/B power cords, configures edge routing, applies firmware patches, monitors environmental alarms, approves emergency changes, rotates keys, tests restore and declares a disaster. The matrix should include named subcontractors and tools, not just Qu and “client”. For a migration, it should specify staging space, delivery windows, chain of custody, rollback conditions and the point from which billing starts.

For a managed service, it should show which privileged accounts Qu staff hold, how sessions are logged, where logs reside and how access is revoked upon exit.

Rogers left the title but not every network path

The transaction deliberately preserved Rogers connectivity. That is an advantage for clients who want it and a concentration risk for clients who mistake multiple logos for independent routes. Qu advertises carrier-neutral facilities, meet-me rooms, Megaport gateways and high-availability managed internet with multiple upstream providers. Its high-availability page says the managed network uses three or four Tier 1 providers, BGP and dual links, and is designed to survive two simultaneous failures. (Qu high-availability connectivity) These are design claims. A client still needs the route diagram and failure-domain test for its own ports.

Public routing data shows why. Autonomous system 29988 was still registered under Rogers Communications Canada Inc. in 2026, while registry-derived contact information and prefix descriptions retain a mix of Rogers history, Pivot Data Centres and RDC. BGP observers show upstream relationships including Rogers, Bell, TELUS, Zayo and legacy Canadian networks. (IPinfo AS29988;bgp.tools AS29988) This is not proof that every Qu circuit traverses Rogers, nor that the registry is perfectly up to date. It is proof that a new brand does not itself establish a new routing control plane.

The due diligence questions are concrete. Who is the legal registrant of the client’s IP addresses and autonomous system resources? Who can modify route objects and resource public-key infrastructure authorisations? Are the two “diverse” circuits on different building entries, conduits, metro rings, routers, upstream autonomous systems and commercial contracts? Does Qu’s network operations team control the routers, or do a Rogers team implement changes? What happens to the client’s IP addresses upon termination? Is IPv6 native and redundant? Which provider absorbs a distributed denial-of-service attack, and where is traffic scrubbed?

A legacy Rogers outage should not be mislabelled as a Qu data centre incident. The July 2022 national outage predated Qu and was attributed by Rogers to a core network maintenance upgrade; the Canadian Radio-television and Telecommunications Commission said it disrupted millions of people, 9-1-1 access and critical services. (CRTC letter on July 2022 outage) The relevant lesson is narrower: telecom control-plane concentration can defeat apparent physical redundancy. A Qu buyer using independent carriers can reduce this exposure. A buyer whose primary, backup and operational communications all depend on a single Rogers failure domain can reproduce it inside a nominally carrier-neutral site.

AI readiness ends where the rack busbar begins

Qu is right that an operational megawatt has option value in a power-constrained market. It also markets four sites — CGY3, EDM2, OTT3 and TOR3 — for AI and high-performance computing. The problem is that “AI-ready” has no stable technical meaning. It could describe a few air-cooled GPU servers, a moderate inference cluster, or a rack-scale training system whose electrical and thermal demands are several times higher.

Qu’s site specifications make the distinction visible. CGY3 and EDM2 indicate 5–10 kW per rack. OTT3 indicates 5–15 kW. TOR3 alone advertises up to 30 kW. The colocation page generally references air-cooled and liquid-cooled environments, but the facility pages do not publish deployed direct-to-chip cooling loops, coolant distribution units, water temperatures, heat-rejection capacity under AI design conditions, rack floor loading, or liquid-ready position counts. A custom engineering solution may exist; it is not demonstrated by the public specifications.

Current rack-scale hardware provides a difficult comparison. The NVIDIA DGX GB200 NVL72 documentation describes a rack with liquid manifolds and cold plates for CPUs and GPUs, air cooling for other components, and roughly 120 kW of rack power. (NVIDIA DGX GB rack hardware guide) Such a rack therefore consumes about four times TOR3’s advertised maximum and eight to 24 times the limits stated on Qu’s other named AI sites. CBRE’s 2025 Toronto market profile similarly reports emerging high-density requirements of 60–132 kW per rack and says this pressure is accelerating liquid cooling adoption. (CBRE Toronto data centre trends)

This comparison doesnotmean Qu cannot host AI. Most enterprise AI is not an NVL72. Inference nodes, older GPUs, CPU-heavy analytics and clusters distributed across multiple lower-density racks can fit in conventional halls. TOR3’s 30 kW offering is materially more useful than a 5 kW cabinet. The point is economic: spreading a tightly coupled GPU system across more racks consumes floor space, longer cables, more network ports and potentially more power distribution equipment. It may hurt performance or make the vendor’s reference architecture impossible. Retrofitting direct liquid cooling may require new piping, heat exchangers, controls, leak detection, pumps and heat-rejection equipment while preserving live client operations.

Qu should therefore sell AI capacity as a configuration, not an adjective. A credible offer identifies the compute hardware, sustained rather than nameplate power, power factor, redundancy level, rack weight, supply water temperature, allowable temperature rise, flow rate, water chemistry, leak liability, network fabric and commissioning test. It then states how many contiguous racks can be delivered, by what date, at which site, without counting an unbuilt utility upgrade.

Until Qu publishes or contractually provides these facts, its portfolio appears better suited to enterprise colocation and moderate-density AI than to the latest rack-scale training systems.

Electricity is a queue, not a brochure number

Qu’s legacy power feeds are strategically valuable because Canadian utilities no longer treat large data centre demand as routine load. In Alberta, the system operator said in June 2025 it had received 29 large-load connection requests totalling over 16 GW and imposed an interim allocation of 1.2 GW by 2028. The current allocation page shows that 1.2 GW has been awarded to two projects. (AESO interim large load approach;AESO large load allocations) An existing 2.5 or 9 MW service may therefore be worth far more than a much larger paper project awaiting interconnection.

Ontario is less visibly capped but not without constraints. The Independent Electricity System Operator planning outlook projects long-term demand growth fuelled in part by data centres and other large loads, while transmission and generation additions take years. (IESO 2026 annual planning outlook notice) CBRE reports Toronto developers paying for electricity studies and applying for 50–400 MW projects years before delivery. Qu’s 17 MW marketed as live capacity is valuable in this context, but the company’s expansion paths — to 6 MW at CGY2, 10 MW at OTT3 and 20 MW at London — should be treated as options until utility commitments, substation scope, construction budgets and in-service dates are shown.

Beer’s April 2026 parliamentary testimony adds a revealing commercial angle. He argued that foreign-backed projects were clogging electricity queues and asked governments to define sovereign AI, direct demand from strategic sectors to sovereign facilities and offer tax or funding incentives. (House of Commons committee testimony) The testimony is a corporate political position, not independent evidence of unfair queue behaviour. It nonetheless shows Qu’s expansion thesis: existing Canadian facilities could become more valuable if public procurement favours Canadian control and if subsidies help fund modernisation. Buyers and policy makers should separate this national-interest argument from site engineering and the fund manager’s private return.

Electricity due diligence should include the utility account holder, firm versus interruptible service, current peak and committed load, transformer and generator characteristics, fuel contracts, emissions permits, curtailment rights and planned maintenance. It should also show the energy-use efficiency methodology and scope. Qu says the Canadian climate, telemetry and automation improve cooling efficiency, but publishes no site-level annual PUE, water-use efficiency, or audited energy series.

A cold location may reduce compressor hours; it does not reveal total efficiency or the cost of supporting much higher supply water temperatures and rack loads.

A Canadian flag narrows jurisdiction; it does not erase it

Qu’s sovereignty proposition is commercially sharper than the usual data residency marketing. It says its Canadian ownership, Canadian workforce and Canadian facilities keep client data outside the US CLOUD Act and foreign legal authority. The first half of that proposition can be significant. The second is too absolute.

The CLOUD Act provision codified at 18 U.S.C. §2713 requires a communications service provider subject to US jurisdiction to preserve or disclose data in its possession, custody or control regardless of whether the data is stored inside or outside the United States. (18 U.S.C. §2713) The US Department of Justice has also explained that the law did not newly subject every foreign business to US jurisdiction or give US authorities direct, unmediated access to foreign servers. (DOJ CLOUD Act white paper notice) A Canadian limited partnership with Canadian directors is not automatically a US provider simply because its facility uses US hardware. This may remove one direct-compulsion path that exists when a US-controlled cloud provider holds the client’s data.

But jurisdiction follows facts, not only a flag. In pure colocation, Qu’s service agreement says the company does not access or control client data. If the client owns the server and keys, that separation matters. In Qu-managed cloud or backup, Qu or a technology provider may have administrative capability, and the analysis changes. A US parent of theclient, a US SaaS provider in the workload, a foreign identity service, or a support process that can recover content may create a different possession or control path even if the rack stays in Canada. Canadian authorities can also obtain data under Canadian law, and foreign authorities can request assistance through Canadian treaties and court processes.

The Government of Canada’s own data sovereignty analysis rejects the idea that residency alone eliminates foreign law risk. It treats sovereignty as a set of controls spanning legal jurisdiction, operational control, supply chain, resilience, encryption and ability to sustain service. It also acknowledges that legitimate cross-border requests can go through mutual legal assistance. (GC data sovereignty white paper;GC digital sovereignty framework) Qu can improve one structural variable — operator control — without solving the entire system.

Nor is there a general Canadian rule that all sensitive information must sit with a Canadian-owned data centre company. Federal directives make Canadian facilities a primary option for some Protected B, Protected C and classified workloads, while processing depends on classification and accreditation. (GC digital service guideline) The Privacy Commissioner has long said PIPEDA does not prohibit outsourcing; the organisation remains accountable and must use contractual and security safeguards. (OPC outsourcing guide) OSFI Guideline B-10 also emphasises governance, subcontractors, concentration, data location, portability and tested exit for federally regulated financial institutions. It does not certify a provider simply because it is Canadian. (OSFI Guideline B-10)

Qu’s sovereignty offer is strongest when translated into verifiable control: Canadian contracting entity; Canadian operations staff; Canadian primary and recovery sites; client-held encryption keys; no remote foreign administrators; disclosed subcontractor list; locally controlled identity and logging; contractual rights to notice and challenge for legal demands; and a tested exit that does not require a foreign cloud. It is weakest when “Canadian-owned” is used to imply immunity from any foreign order or to mask US software, network and client dependencies.

A serious sovereignty design asks who can do what to which data, under which law, not who printed the flag on the building.

Certifications need perimeters, not a wall of logos

Qu lists SOC 1, SOC 2, ISO 27001, PCI DSS, CSAE 3416, ISAE 3402 and HIPAA-related assurances, plus four Uptime Institute Tier III facilities. These can reduce diligence work, but the website sometimes blurs certification, attestation, compliance and architectural classification. A buyer should ask for the document, issuing body, legal entity, sites, services, control period, exceptions and bridge letter for each badge.

Uptime’s own definition is specific: Tier III is a site infrastructure topology that is concurrently maintainable with redundant components and a distribution path that allows planned maintenance without shutting down IT. (Uptime Institute tier definitions) It is not a guarantee that an application will achieve 99.982% availability, that no single point of failure exists anywhere in the service, or that cybersecurity controls are effective. Qu’s claim that Tier III “guarantees” that percentage overstates what a topology certification does. The independent register’s site-by-site awards are better evidence than a portfolio banner.

The same discipline applies to SOC and ISO. A SOC 1 report addresses controls relevant to clients’ financial reporting; a SOC 2 report evaluates selected trust services criteria against a system over a given period. ISO 27001 certifies an information security management system within a scope. None automatically covers every newly acquired site, every managed product, or the client’s own controls. Qu says all facilities carry certain assurances; procurement should verify that the report schedule names each of the nine sites and Qu’s current legal entity, rather than relying on a legacy Rogers report or a broad marketing statement.

“HIPAA certified” deserves particular scrutiny. The US Department of Health and Human Services says it does not recognise private-organisation HIPAA certifications as relieving a regulated entity of its obligations. (HHS HIPAA certification FAQ) A Canadian provider can implement controls and sign a business associate agreement if applicable, but this is not a government certification. For Ontario health information, the relevant analysis includes PHIPA, the client’s role, contractual safeguards and actual administrative access — not a single HIPAA badge.

The acquisition creates an additional due diligence question: audit continuity. Reports issued before the close may name Rogers entities and systems; reports issued shortly after may have exclusions for transition services. Buyers should ask for the latest report, the prior period report, the auditor’s treatment of the ownership transition, qualified findings and management’s remediation. Refusing to share a full report under non-disclosure agreement is different from producing only a certificate image.

Price is inside the electricity bill

Qu does not publish pricing for cabinets, interconnects, remote hands, cloud or power. This is normal for enterprise colocation, where site, density, term, redundancy and volume matter. The absence of a rate card means its business model must be reconstructed from the purchase order and general terms: recurring rent for space and reserved power; overage or consumption charges; installation and interconnection fees; remote hands; connectivity margin; and higher-value managed cloud, security, backup and recovery services.

Its default service agreement has a 12-month initial term and 12-month automatic renewals unless notice is given at least 60 days before expiry. Renewal uses Qu’s then-current pricing. Early termination by the client typically accelerates remaining charges. Qu can pass through increases in electricity, software licences, leases, taxes and government levies, and may apply consumer price index adjustments. These clauses transfer several inflation and supplier risks to the client. The purchase order may negotiate them, but procurement should not model the first-year quote as a fixed multi-year total cost.

Electricity pricing requires particular review. A reserved kilowatt may be billed by breaker size, committed consumption or actual consumption, with different treatment for A and B feeds and redundancy. A 30 kW redundant cabinet may reserve significantly more upstream capacity than it consumes. The contract should specify the measurement interval, loss factor, utility tariff, demand charges, carbon costs and audit right. It should also say whether unused commitment can be reallocated between racks or sites, and whether a promised high-density block survives lower actual demand during deployment.

Service credits are not insurance. Qu’s colocation terms make credits the sole SLA remedy and cap cumulative credits, typically at a portion of monthly recurring charges. Claims must be made under the specified process, and exclusions cover client equipment, carrier outages, planned work and other conditions. (Qu colocation product terms) The service agreement excludes consequential damages such as loss of profit and data, and caps Qu’s aggregate liability at the lower of three times monthly recurring charges or USD 100,000, subject to stated exceptions. A one-hour outage may cost a client far more than a month of rack rent. Architecture, cyber insurance and business continuity planning must bear the residual risk.

InfraRed’s value-add strategy provides the investor lens. The manager describes this strategy as building and scaling mid-market infrastructure businesses, then realising value. (InfraRed value-add strategy) Qu can grow revenue through occupancy, pricing, new capacity and managed service attachment rates. Clients benefit if that funds better facilities and support. They bear risk if return pressure produces aggressive renewals, underinvestment in low-growth sites, financial leverage or eventual sale to a buyer with a different sovereignty profile. Change-of-control, assignment and price-protection clauses are therefore part of technical procurement, not legal boilerplate.

Exit is a moving truck plus a routing plan

Qu says carrier neutrality means clients are not locked in. Hardware ownership does preserve more exit freedom than a proprietary cloud service. Physical colocation nonetheless creates substantial switching costs. Servers must be shut down or replicated, racked down, packed, insured, transported, re-installed and re-cabled. IP addresses may need to change. Interconnects, firewall policies, monitoring and disaster recovery relationships must be rebuilt. A regulated client must validate the new site and preserve chain of custody.

The general terms reinforce this reality. After termination, the client must retrieve its data and equipment at its own cost. Holdover space may be billed at 150% of monthly recurring charges, and equipment left behind may eventually be treated as abandoned and disposed of. Client assignment requires consent, while Qu retains defined termination and assignment rights. The service agreement also provides for deletion of client data after end of service. An exit plan must therefore start before the 60-day non-renewal window, not after.

Managed layers increase stickiness. A client using Qu VPC, managed firewall, Zerto recovery, Veeam repositories, Qu address space and Rogers circuits has multiple simultaneous migrations. Export fees and formats, egress bandwidth, backup restore, licence portability and administrator transfer must be priced upfront. A strong contract reserves enough continued service to validate the destination, requires timely export of configuration and prohibits deletion until acceptance criteria are met.

Site tenure can constrain exit in the other direction. If Qu leases a building, the client needs cure and continuity rights if the head lease ends, the landlord exercises a security interest, or a receiver sells the property. A non-disturbance agreement may be warranted for a significant deployment. For owned sites, the analogous question is what a secured creditor can enforce. The Bank of Nova Scotia security notice on the public trademark register makes lender diligence more than theoretical, while revealing too little to assess real exposure.

The incident register is thinner than the risk surface

No credible public source consulted for this report documents a facility-level outage or security breach at Qu under its new name. This is not evidence that none has occurred; Qu had only been operating for a few months, and private enterprise incidents often do not become public. The legacy Rogers facilities have a longer history, but public network outages cannot be attributed to a data hall without causal evidence. The responsible conclusion is that the open record is limited public evidence to calculate facility reliability.

The general terms reveal expected failure boundaries. Qu disclaims responsibility for uninterrupted or completely secure service, places client system security and backups largely on the client, excludes many carrier and force majeure events from SLAs, and makes credits the primary remedy. The force majeure language in its service agreement includes utility and fibre outages, supply chain disruptions and other events beyond its reasonable control. This is commercially familiar, but it means a headline availability figure does not cover every way the client can be offline.

Operational evidence should replace inference. Buyers should ask for 36 months of site-specific utility interruptions, generator starts, UPS events, cooling alarms, water leaks, network incidents, failed changes and severity one tickets — including the pre-Qu period when contractually available. Each record should show client impact, duration, root cause and corrective action. They should examine generator load tests and black building tests, fuel delivery under regional emergency conditions, battery maintenance, thermography, protection relay coordination and incident notification performance.

Cyber diligence differs by service. For a locked cage, Qu’s primary responsibilities are perimeter security, access control, visitor logs, video surveillance, personnel vetting and management systems controlling facilities and doors. For cloud and managed services, the scope expands to hypervisor hardening, tenant isolation, privileged access, vulnerability management, endpoint security, backup immutability and response. The client should inspect penetration test scope and remediation, not just ask whether a test happened.

It should also establish whether Qu’s operational technology is remotely accessible through Rogers or another third party and how that access is segmented and logged.

Incident communication is part of resilience. The 2022 Rogers experience showed that a provider can struggle to communicate when its own network is impaired. Qu needs out-of-band contact methods, an externally hosted status channel and staff-independent communications. A buyer should test notification during onboarding and include named escalation paths that do not depend on the affected service. The absence of public incident at Qu should lead to more direct evidence requests, not complacency or allegation.

Competitors attack from both ends of the rack

Qu occupies an uncomfortable but potentially valuable middle. At one end, large global colocation operators offer deeper interconnection ecosystems, more metros and standardised multinational contracts. At the other end, Canadian telcos, managed service providers and regional data centres can bundle facilities with networks, cloud operations or specialised sovereign services. Public clouds compete for workloads that do not require client-owned hardware; on-premises rooms and purpose-built sites remain substitutes for organisations demanding maximum control.

Qu’s differentiators are operational Canadian capacity, a Canadian-controlled manager, five useful enterprise markets and a service stack that can take a client from a cabinet to managed recovery. Its presence in Airdrie, Edmonton, London and Ottawa can serve organisations whose latency, disaster recovery or public-sector needs are not met by downtown Toronto or Montreal. The four Uptime-certified sites and the legacy customer base lower execution risk versus a start-up with only a brochure.

Its gaps are equally clear. There is no Qu site in Montreal or Vancouver, two major connectivity and cloud markets in Canada, and the divested footprint no longer advertises the former Rogers portfolio’s Halifax or Hamilton locations. A multinational client may prefer an operator with broader global platform. A hyperscale or neo-cloud buyer seeking tens of contiguous megawatts at 60–132 kW per rack may prefer a dedicated campus. A small enterprise may prefer a managed provider that owns the full application stack. A client prioritising network density may choose the busiest telecom hotel over a suburban site with a handful of listed carriers.

Toronto demand helps Qu but raises the bar. CBRE reported roughly 52 MW of pre-leasing by CoreWeave in early 2025 — more than Qu’s announced 49 MW national total — and immediately deliverable 3–6 MW blocks scarce. This does not make CoreWeave a comparable competitor; it shows the scale and density at which “AI infrastructure” is now understood. Qu can avoid a losing comparison with hyperscalers by focusing on deployable enterprise blocks, regulated clients, regional disaster recovery and upgrades it can actually commission.

Sovereignty can win contracts only if it is made operational. Canadian-controlled alternatives can contest the ownership story; foreign rivals can offer client-managed keys, Canadian regions, robust legal controls and far larger ecosystems. The procurement competition will depend on the client’s threat model. If the decisive requirement is to avoid direct US provider control, Qu has an advantage. If it is application portability, global interconnection or very-high-density supply, ownership alone may not decide.

A Qu procurement test should be painfully specific

A credible evaluation starts at the facility and service level, not with a national average. The following tests convert Qu’s strongest claims into evidence a buyer can compare.

Claim to testEvidence to require before signature
Exact provider identityCertificate and registration number of contracting entity; group structure chart; facility operator; asset owner or lessor; insurance certificates; lender and change-of-control implications
Capacity available nowSite, room and rack schedule; currently commissioned critical IT load; contracted and reserved load; utility contract; electrical single-line diagram; commissioning delivery date and acceptance test
Scalable capacityUtility study and queue status; substation and feeder scope; permits; capital approval; dependencies; binding milestone and remedy if expansion slips
AI/HPC readySustained kW per rack; A/B feed design; floor loading; busway and breaker rating; liquid loop architecture; water temperatures, flow and quality; CDU ownership; leak detection; network fabric paths; a test using the intended hardware
Carrier neutralityCurrent carrier list per site; entry and conduit plans; meet-room separation; interconnection pricing and lead time; who controls ASNs, IP addresses, route objects and RPKI; named upstream providers for managed internet
Sovereign operationExact administrator locations and citizenship/clearance requirements; subcontractor and software list; client key control design; legal demand process; data flow map; support telemetry; recovery site location
CertificationsFull reports or certificates under NDA; issuing body; Qu legal entity; service and site scope; audit period; findings, exceptions and bridge letter; treatment of transition from Rogers
AvailabilityComponent-specific SLA; measurement point; exclusions; credit cap; 36-month incident history; maintenance log; generator and failover test results; application architecture assumptions
SecuritySOC 2 detail; ISO scope; physical access sampling; personnel vetting; penetration test executive report; vulnerability remediation proof; privileged session logging; operational technology segmentation
Migration and supportNamed transition manager; rack and install responsibilities; staging and loading access; change windows; remote hands lead time and rates; escalation tree; rollback and acceptance plan
Pricing and escalationSchedules for space, committed and metered power, interconnection, installation, hands, licensing and egress traffic; CPI and utility pass-through; minimums; renewal notice; early termination amount; audit right
ExitEquipment and data retrieval plan; IP and licence portability; configuration export; deletion timeline; holdover; migration assistance; assignment and change-of-control rights; head lease protection

These requests are not an attempt to force a mid-size provider to disclose trade secrets. They are the minimum needed to distinguish five different things that marketing often combines: an operational facility, a certified topology, commissioned electricity, a managed service and a sovereign workload. Qu may have satisfactory private evidence for several of them. The absence of public detail should trigger controlled disclosure under non-disclosure agreement, not a presumption of failure.

Site visits should be chosen by workload, not convenience. At TOR3, inspect the path that supports 30 kW and ask how many such racks can run simultaneously. At CGY3, reconcile a 9 MW full-design figure with 5–10 kW racks and the actual available block. At EDM2, clarify the boundary between Tier II and Tier III power. At Ottawa, resolve whether the portfolio contains two or three facilities in the national capital region and which one hosts each cloud or recovery service. At London, test the basis and timeline for the advertised 20 MW upgrade and clarify why Hydro One appears in a list displayed alongside connectivity carriers.

Multi-site proof should deliberately traverse failure domains. Replicate a representative application, cut the primary carrier, fail a power path, invoke remote hands, restore from an older backup and measure the outcome. Confirm monitoring and staff communication continue when Rogers connectivity is unavailable. Then test exit by exporting configurations and retrieving a meaningful data set. A sales demonstration shows that a service works; a procurement test shows who is responsible when it does not.

What Qu must prove after the name change

The Rogers separation gave Qu a rare starting position. It has operational Canadian rooms, identifiable tier certifications, staff, clients, a national telecom channel and an infrastructure manager able to raise capital. These assets make it more credible than a developer whose only product is a future utility application. They also make gradual improvement of the portfolio possible while revenue continues.

The next proofs should be operational. First, Qu needs a reconciled capacity schedule that distinguishes utility service, commissioned critical IT load, contracted load, live sellable load and expansion headroom at each facility. Second, it needs reference designs for moderate- and high-density AI, including how many racks are actually supported and the liquid cooling boundary. Third, it should publish a current certification matrix and correct the Ottawa count, the capacity terminology and statements that turn conditional legal or topological advantages into categorical guarantees.

Fourth, the company must show that “carrier neutral” remains true below the logo layer as it migrates legacy routing registrations and operates alongside Rogers. Fifth, it needs transparent treatment of site tenure, transition service dependencies and change of control. Sixth, it should provide site-level energy and water performance rather than relying on Canadian climate as a proxy. Finally, any public funding or procurement preference it pursues should be tied to measurable Canadian control, capacity delivery, workforce and resilience outcomes — not merely ownership labels.

The ownership change materially alters something. A client can now contract with a Canada-focused platform whose facilities are not a secondary capital call at Rogers, and whose management has a reason to grow data centre revenue. This can reduce a particular foreign-supplier risk and improve investment concentration. It does not cut Rogers out of the service chain, transform international fund capital into purely domestic ownership, upgrade every rack, guarantee utility expansion or make foreign legal process impossible.

Qu’s best business case is therefore not the most extravagant version of its story. It is the practical version: nine legacy facilities can give Canadian enterprises deployable space, local hands, regional recovery and a path out of ageing server rooms while new campuses wait for electricity. If Qu converts its claimed 17 MW of live availability into documented configurations for clients and upgrades selected sites without disrupting the installed base, the inherited portfolio can be an advantage. If it treats 49 MW, Canadian sovereignty and AI readiness as self-proving headlines, the same legacy becomes a ceiling.

The decisive change is not the Q on the door; it is whether the new owner can make the old electrical rooms carry new obligations.