A new report warns that the UK's heavy reliance on US tech giants for public sector infrastructure poses serious national security risks, with experts calling for urgent action to build digital sovereignty.
The UK's public sector has become dangerously dependent on US Big Tech companies, creating a national security vulnerability that could leave critical infrastructure exposed to foreign influence and sudden service withdrawal, according to a new report from the Open Rights Group (ORG).
Years of Entrenchment Creating Critical Vulnerabilities
The report, titled "Tech Giants and Giant Slayers," paints a stark picture of how American tech giants have systematically embedded themselves across Britain's digital infrastructure over the past decade. What began as convenient outsourcing has evolved into a situation where a handful of US corporations now effectively control key aspects of government operations, from cloud services to communication platforms.
"For years, a handful of Big Tech companies have used their power to gain control of the UK's digital infrastructure, locking the government into wasteful contracts and shaping tech policy in their favour," said Jim Killock, ORG's executive director. "This overreliance on foreign tech companies is now an urgent national security issue as well as an economic threat."
The ICC Incident: A Warning Shot
Perhaps the most alarming example cited in the report involves Microsoft's response to US sanctions against the International Criminal Court. When the ICC issued arrest warrants for Israeli officials, the US government imposed sanctions that Microsoft enforced by shutting down email and banking-related services for affected individuals.
This incident demonstrates what ORG calls "tech powers of sanction" – the ability of US-based companies to unilaterally cut off access to essential services based on American foreign policy decisions. The report warns this could have severe implications if UK-US relations deteriorate, potentially leaving British government operations and public services vulnerable to sudden disruption.
Economic Costs Running Into Hundreds of Millions
The financial implications are equally concerning. The Competition and Markets Authority estimates that UK public sector organizations are overspending by at least £500 million annually on cloud services alone. This figure doesn't account for project overruns, suppliers that become impossible to remove from systems, or the operational inefficiencies that come from being locked into proprietary platforms.
Beyond direct costs, the report highlights how this dependence stifles innovation and limits the UK's ability to develop domestic tech capabilities. When critical systems are controlled by foreign entities, local companies struggle to compete, creating a self-reinforcing cycle of dependency.
Legal Vulnerabilities and Data Sovereignty Concerns
Legal frameworks add another layer of risk. Laws like the US CLOUD Act can compel American companies to hand over data stored on their servers, regardless of where that data physically resides. Similarly, China's National Intelligence Law creates comparable obligations for Chinese tech firms. This means that even if the UK government is uncomfortable with these arrangements, it may have little recourse to protect sensitive data.
The report emphasizes that these aren't hypothetical concerns – they represent real vulnerabilities in the UK's digital infrastructure that could be exploited during times of international tension or conflict.
Political Consensus Emerges Across Party Lines
What makes this report particularly significant is the cross-party political support it has garnered. The Green Party's Sian Berry warned that the UK "must build much more resilience to protect our critical digital infrastructure from the potential threat of sanctions and service withdrawal."
Labour's Clive Lewis echoed these concerns, stating that Big Tech firms have "embedded themselves in our public services," leaving the country "dangerously vulnerable." This rare political consensus suggests the issue transcends typical partisan divides, recognizing it as a fundamental matter of national security and economic sovereignty.
Current Government Policy May Be Worsening the Problem
Ironically, the report suggests that current government policy may be exacerbating rather than addressing the problem. Contracts awarded to companies like Palantir Technologies are cited as evidence that the government is expanding rather than reducing its dependence on foreign tech giants.
This approach appears to contradict the growing recognition among policymakers that digital sovereignty – defined as control over infrastructure, data, and technology – is essential for national security in an increasingly digital world.
The Path Forward: Open Source and Domestic Capability
The proposed solution follows a familiar but increasingly urgent prescription: greater adoption of open source software, development of domestic tech capabilities, and a strategic push toward digital sovereignty. The report argues that public money should fund "public code that benefits us all, rather than lining the pockets of Big Tech's shareholders."
This approach would involve several key elements:
- Prioritizing open source solutions for government IT systems
- Investing in domestic tech talent and companies
- Creating procurement policies that favor local providers and open standards
- Developing contingency plans for service disruption
- Building technical expertise within government rather than relying on external vendors
Europe's Parallel Push for Digital Independence
The UK's concerns mirror broader European trends. The European Union is aggressively pursuing digital sovereignty through initiatives like the digital euro, which explicitly excludes US cloud giants from its infrastructure. European nations are also investing heavily in sovereign cloud infrastructure, with spending expected to triple as geopolitical tensions drive demand for independent digital capabilities.
This European push underscores that the UK's situation isn't unique but part of a larger global reassessment of the risks associated with foreign tech dependence.
The Reality Check: A Long Road Ahead
Despite growing awareness of the problem, the report acknowledges that the UK's digital estate remains firmly plugged into systems it doesn't own. Breaking this dependency will require significant investment, cultural change within government IT departments, and a willingness to challenge the convenience of established vendor relationships.
The ICC incident serves as a wake-up call, demonstrating that the risks of Big Tech dependence aren't theoretical but could manifest suddenly and severely. As international tensions continue to rise and technology becomes increasingly central to national security, the UK's ability to act independently in the digital realm may determine its strategic autonomy in the decades ahead.
For now, the question isn't whether the UK needs to address its Big Tech dependence, but whether it can move quickly enough to build the digital sovereignty that experts agree is essential for its future security and prosperity.
Comments
Please log in or register to join the discussion