UK Reliance on US Big Tech Flagged as National Security Risk in MP-Backed Report

TL;DR: A new Open Rights Group report, backed by MPs from three parties, argues the UK’s dependence on US hyperscalers for cloud, software and datacentres exposes critical infrastructure to US sanctions risk. It urges procurement reform and investment in open-source and sovereign cloud capacity.

The report draws a direct line between current US foreign-policy volatility and UK infrastructure risk, citing the precedent of Microsoft blocking the International Criminal Court chief prosecutor’s email account after US sanctions over ICC warrants against Israeli prime minister Benjamin Netanyahu.

Context and Background

The UK government already had a pending question on this topic. The Competition and Markets Authority estimated last year that UK customers may be paying up to £500 million a year more for cloud services than they would in a more competitive market, and the CMA is separately considering whether Microsoft should receive strategic market status under the new Digital Markets regime.

The ORG report widens the lens from competition to sovereignty, pointing out that the US Cloud Act gives US agencies access to data held by US cloud providers regardless of where it is stored, while Chinese national intelligence laws impose analogous obligations on Chinese vendors. Its policy prescription mirrors moves in Germany, France, the Netherlands and Denmark, where governments are directing procurement toward open-standards and open-source software — citing EU research that every £1 invested in open source returns roughly £4 in economic activity.

MPs backing the report are drawn from across the House. Liberal Democrat peer Tim Clement-Jones called for procurement rules that “discriminate in favour of UK providers” and support for sovereign AI model development. Labour MP Clive Lewis named Palantir as a specific dependency, while Green MP Sian Berry argued digital sovereignty should be a top government priority.

Looking Forward

For UK businesses running workloads on AWS, Azure or Google Cloud, the report marks a shift in framing: sovereignty concerns that were previously an EU-regulator issue are now being raised by UK parliamentarians citing specific geopolitical scenarios. Procurement teams at regulated organisations — particularly in defence, financial services and public sector — should expect supplier due-diligence questions to broaden from data-residency to full jurisdictional-risk assessment over the coming year.