UK Warned Its Big Tech Dependency Has Become a National Security Risk
Britain's reliance on a handful of American technology corporations for its critical digital infrastructure has become a national security vulnerability that could be exploited as geopolitical leverage, the Open Rights Group has warned in a landmark report calling for a fundamental shift in how the UK procures and manages its digital systems.
Background
The Open Rights Group (ORG), one of Britain's leading digital rights organisations, published its report — titled Tech Giants and Giant Slayers: The Case for Digital Sovereignty and the Digital Commons — in April 2026, but its findings have gained renewed urgency in the context of deteriorating US-UK relations and the ongoing conflict in the Strait of Hormuz. The report identifies Amazon Web Services, Microsoft, Google, and Palantir Technologies as the dominant suppliers of critical digital infrastructure to the British public sector.
The UK's dependence on these companies has grown steadily over the past two decades, driven by the convenience and scale of cloud computing services and the government's preference for large, established suppliers in public procurement. HMRC, the NHS, the Ministry of Defence, and dozens of other public bodies now rely on US-owned cloud infrastructure for their core operations. The Competition and Markets Authority estimates that the UK is overspending at least £500 million annually on cloud services due to limited competition in the market.
The report has attracted cross-party support, with forewords from Green Party MP Sian Berry, Labour MP Clive Lewis, and Liberal Democrat peer Lord Tim Clement-Jones — a rare display of political consensus on a technology policy issue.
Key Developments
The ORG report warns that US extra-territorial laws, including the CLOUD Act, can compel American technology companies to hand over data held on UK systems to US authorities, regardless of where that data is physically stored. The report cites the example of the International Criminal Court, which reportedly shifted away from Microsoft services after US sanctions were imposed, demonstrating how tech powers of sanction could be deployed against UK institutions.
The organisation also highlights the removal of Huawei equipment from UK telecoms networks under US pressure as evidence that Britain's digital infrastructure is already subject to geopolitical influence from Washington. Liberal Democrat MP Tim Clement-Jones has called for changes in procurement rules to favour UK providers and stronger support for open-source software and sovereign AI models.
The report recommends a shift towards open-source software and open standards, arguing that this approach would reduce vendor lock-in, increase competition, and create opportunities for more UK firms to bid for public sector contracts. It points to Germany, France, the Netherlands, and Denmark as European countries actively pursuing digital sovereignty strategies.
Why It Matters
This report lands at a moment of acute geopolitical sensitivity. The Trump administration's willingness to use economic and technological leverage against allies — demonstrated in trade disputes and the Huawei episode — has made the question of digital sovereignty more than an abstract policy debate. If the US were to impose sanctions on a UK institution, or if relations between Washington and London were to deteriorate sharply, the UK's dependence on American cloud infrastructure could become a genuine operational vulnerability.
For context, the UK government spends billions annually on technology contracts, much of it flowing to a small number of US corporations. Unlike France, which has invested heavily in domestic cloud infrastructure through initiatives like Sovereign Cloud, or Germany, which has mandated open-source software in certain public sector applications, the UK has no coherent digital sovereignty strategy. The Cybersecurity and Resilience Bill, currently progressing through Parliament, represents an opportunity to address this gap — but critics argue it does not go far enough.
Local Impact
The implications of digital dependency extend across the UK and Ireland. NHS trusts in England, Scotland, Wales, and Northern Ireland all rely on US-owned cloud infrastructure for patient data and clinical systems. A disruption to these services — whether through geopolitical action, a cyberattack, or a commercial dispute — would have immediate consequences for patient care. In Northern Ireland, the Health and Social Care system's digital infrastructure is particularly exposed, given the region's unique constitutional position and the complexity of cross-border data flows with the Republic of Ireland. Irish public bodies face similar vulnerabilities, with the HSE's digital systems having already suffered a catastrophic ransomware attack in 2021.
What's Next
The Cybersecurity and Resilience Bill is expected to progress through Parliament in the coming months, and the ORG report will be used by campaigners to push for stronger digital sovereignty provisions. The government has not yet formally responded to the report's recommendations. A parliamentary debate on digital sovereignty is expected to be sought by the cross-party group of MPs who contributed to the report. The Competition and Markets Authority's ongoing review of the cloud computing market is also expected to produce recommendations later this year.
Sources: The Register — UK told its Big Tech habit is now a national security risk; Open Rights Group — New report on digital sovereignty
