Britain's reliance on US cloud services has now become a billion-pound risk.
TL;DR Almost the entire UK public sector (95%, or 99% including cloud software) relies on US hyperscalers, concentrating billions of pounds and essential services within Microsoft, Amazon, and Google systems. Analysts caution that this presents a strategic risk due to potential outages, the US CLOUD Act, and opaque gateways. The CMA identified AWS and Microsoft as having substantial market power but chose to pursue voluntary commitments rather than enforce binding regulations.
The British public sector has grown heavily dependent on a handful of US cloud companies, and analysts express concerns that this concentration poses a strategic risk. Nearly all UK governmental organizations invest in hyperscale cloud services, leading to annual expenditures in the billions.
According to a Computer Weekly investigation, about 95% of central and local public sector entities allocated budget for hyperscale cloud in 2023/24; this figure rises to 99% when including software operating on these platforms, encompassing over 1,100 organizations.
Funding is heavily skewed, with £17.7 billion spent on major technology suppliers, of which 55%, or £9.9 billion, went directly to hyperscalers or their resellers. The largest expenditures come from significant government departments, such as the Ministry of Defence at £1.09 billion and HM Revenue & Customs at £1.01 billion, followed closely by the Home Office, DWP, and NHS England, each investing hundreds of millions.
Three firms dominate the infrastructure: Microsoft, Google, and Amazon control the majority of connections across surveyed departments and councils. This reflects a broader trend where reliance on US hyperscalers transforms cloud dependency into a political risk, not merely a technical one.
Concerns about concentration and security
The concern is not primarily about frequent service failures, but rather the implications when they do occur or when geopolitical factors come into play. Approximately 39% of UK companies reported outages linked to US hyperscalers in the previous year, and 77% of IT leaders express worries about geopolitical vulnerabilities.
Supplier gateways can often operate as “black boxes” for internal teams, and the US CLOUD Act allows American authorities to access data stored by US-owned providers, even when it's on British soil. Such worries have spurred interest in European alternatives to AWS, Azure, and GCP.
This level of dependence is not unique to the UK, but the country's response has been more lenient compared to Europe. Brussels is advancing an EU tech sovereignty initiative that restricts US cloud access for sensitive government data.
A cautious regulator and a difficult exit
Britain's competition authority conducted a three-year assessment of the market. The CMA discovered that AWS and Microsoft possess “significant unilateral market power,” backed by high entry barriers and lock-in effects that make switching providers uncommon.
However, the CMA opted against imposing binding regulations, instead agreeing to voluntary commitments regarding egress fees and interoperability, while launching a separate investigation into Microsoft’s software licensing. Vendors maintain that this dominance is due to true scale, security, and cost benefits, rather than solely lock-in.
This dilemma is critical because the services are affordable, highly functional, and deeply integrated, complicating any attempts to disentangle them. Europe’s experience indicates that efforts to diminish Big Tech’s influence often meet with internal conflicts.
At present, the UK has prioritized efficiency but has also increased its exposure, making any recovery of the technology stack a slow and expensive process. The pressing question remains whether the risk remains hypothetical or if an outage or geopolitical event will force the situation into the forefront.
Other articles
Britain's reliance on US cloud services has now become a billion-pound risk.
Almost all public organizations in the UK rely on US hyperscalers, which centralize billions of pounds and essential services within systems that Whitehall cannot completely oversee.
