Britain’s public sector runs on US cloud, and that is now a billion-pound risk

Almost every UK government body depends on a handful of American hyperscalers, concentrating billions of pounds and critical services in systems Whitehall cannot fully see inside


Britain’s public sector runs on US cloud, and that is now a billion-pound risk

TL;DR

Almost all of the UK public sector (95%, or 99% counting software on cloud) depends on US hyperscalers, concentrating billions of pounds and critical services in Microsoft, Amazon, and Google systems. Analysts warn this is a strategic risk given outages, the US CLOUD Act, and “black box” gateways. The CMA found AWS and Microsoft hold entrenched market power but opted for voluntary commitments rather than binding rules.

Britain’s public sector has become deeply reliant on a small number of US cloud giants, and analysts warn the concentration is now a strategic risk. Nearly all UK government organisations spend on hyperscale cloud, with the dependency running into billions of pounds a year.

Some 95% of central and local public-sector bodies spent on hyperscale cloud in 2023/24, according to a Computer Weekly data dive. Counting software that runs on those platforms, the figure rises to 99% across more than 1,100 organisations.

The money is heavily concentrated. Of the £17.7bn spent with major tech suppliers, 55%, or £9.9bn, went directly to hyperscalers or their resellers.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The biggest spenders read like a roll-call of the state, led by the Ministry of Defence at £1.09bn and HM Revenue & Customs at £1.01bn. The Home Office, DWP, and NHS England follow, each committing hundreds of millions.

Three companies dominate the plumbing, with Microsoft, Google, and Amazon controlling the vast majority of connections mapped across surveyed departments and councils. That mirrors the wider picture, where US hyperscalers turn cloud dependency into a political risk, not just a technical one.

Why concentration frightens security officials

The worry is not that these services fail often, but what happens when they do, or when geopolitics intrudes. Some 39% of UK firms reported an outage originating with a US hyperscaler in the past year, and 77% of IT leaders say they are concerned about geopolitical exposure.

Supplier gateways can also be a “black box” to in-house teams, and the US CLOUD Act lets American authorities reach data held by US-owned providers even when it sits on British soil. Those anxieties have driven interest in European alternatives to AWS, Azure, and GCP.

The dependence is not unique to Britain, but the UK’s response has been softer than the continent’s. Brussels has advanced an EU tech sovereignty package that curbs US cloud for sensitive government data.

A regulator that blinked, and a hard exit

Britain’s competition watchdog spent three years examining the market. The CMA found that AWS and Microsoft hold “significant unilateral market power”, protected by high barriers and lock-in that make switching rare.

Yet it stopped short of binding rules, accepting voluntary commitments on egress fees and interoperability instead, while opening a separate probe into Microsoft’s software licensing. Vendors argue the dominance reflects genuine scale, security, and cost advantages, not just lock-in.

That is the crux of the bind, because the services are cheap, capable, and deeply embedded, which is exactly why unwinding them is so hard. Europe’s own experience shows the push to loosen Big Tech’s grip runs into internal divisions.

For now, Britain has bought efficiency and paid in exposure, and reclaiming the stack would be slow and costly. The billion-pound question is whether the risk stays theoretical, or whether an outage or a geopolitical shock forces the issue first.

Get the TNW newsletter

Get the most important tech news in your inbox each week.