UK told its Big Tech habit is now a national security risk
- Reference: 1776248115
- News link: https://www.theregister.co.uk/2026/04/15/uk_big_tech_dependence/
- Source link:
The warning comes from Open Rights Group, whose [1]latest report , "Tech Giants and Giant Slayers," argues that the UK has let a small group of American megacorps entrench themselves across critical infrastructure, shaping not just systems but policy itself. The result is a mix of economic drag, security exposure, and a growing inability to act independently when it matters.
The risk shows up when politics is involved. The report points to US sanctions against the International Criminal Court (ICC) for issuing arrest warrants for Benjamin Netanyahu, and claims Microsoft shut down email and banking-related services for affected individuals. The report says this shows how "tech powers of sanction" can cut off access entirely, and what that might look like if UK-US relations soured.
[2]
"For years, a handful of Big Tech companies have used their power to gain control of the UK's digital infrastructure, locking the government into wasteful contracts and shaping tech policy in their favour," said Jim Killock, ORG's executive director. "This overreliance on foreign tech companies is now an urgent national security issue as well as an economic threat."
[3]
[4]
The report goes further than the usual vendor lock-in grumbling, arguing that Big Tech has actively controlled markets, limited innovation, and lobbied government, including pressing to halt AI regulation, weaken data protection, and blunt competition law – effectively helping to write the rules that keep it embedded.
The Competition and Markets Authority says at least £500 million a year is being overspent on cloud services, and that's before you add in projects that overrun, suppliers that never quite leave, and systems everyone avoids touching.
[5]Digital sovereignty isn't just a buzzword – it's the future
[6]Digital euro goes full sovereignty mode, US cloud giants not on guest list
[7]Worried Europeans can now cut Azure's phone cord completely
[8]Europe's sovereign cloud spend set to triple as geopolitics bite
It's not just a money problem. The report points to the legal side of all this, where laws like the US CLOUD Act and China's National Intelligence Law can force companies to hand over data or open the door to systems. Whether the UK is happy about that doesn't really come into it.
Politicians from across the spectrum have lined up behind the findings. The Green Party's Sian Berry warned the UK "must build much more resilience to protect our critical digital infrastructure from the potential threat of sanctions and service withdrawal," while Labour's Clive Lewis said Big Tech firms have "embedded themselves in our public services," leaving the country "dangerously vulnerable."
[9]
The report also takes a swipe at current policy, arguing the government is doing all it can to "reinforce dependency," pointing to contracts awarded to Palantir Technologies as evidence the problem isn't being solved so much as expanded.
The proposed fix is familiar: more open source software, more domestic capability, and a deliberate push toward "digital sovereignty," defined as control over infrastructure, data, and technology. Or as Killock put it: "Public money should be spent on public code that benefits us all, rather than lining the pockets of Big Tech's shareholders."
For now, though, the UK's digital estate remains firmly plugged into systems it doesn't own – and, [10]as the ICC episode allegedly showed , might not always be able to rely on. ®
Get our [11]Tech Resources
[1] https://www.openrightsgroup.org/press-releases/new-report-uk-needs-digital-sovereignty-strategy-to-address-threats-from-reliance-on-big-tech/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ad-2Ioudaw8Nou0yH2-B_AAAAtY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad-2Ioudaw8Nou0yH2-B_AAAAtY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ad-2Ioudaw8Nou0yH2-B_AAAAtY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/04/13/digital_sovereignty/
[6] https://www.theregister.com/2026/03/26/digital_euro_sovereignty/
[7] https://www.theregister.com/2026/02/25/microsoft_azure_local/
[8] https://www.theregister.com/2026/02/09/europe_sovereign_cloud_spend/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad-2Ioudaw8Nou0yH2-B_AAAAtY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2026/02/18/microsoft_asks_uk_parliament_to_correct_record/
[11] https://whitepapers.theregister.com/
Re: Slight correction of tense
Indeed!
I echo your thoughts Doctor Syntax.
We have been riding the coat tails of everyone else for far too long in the UK.
The UK, and others, should start to look at the next decade's worth of investment and think where it truly needs to be.
No "Sovereign" Cloud will cut it I'm afraid.
We need to support the minnows and help them, where applicable, get a fair market share.
Also, we need to wean ourselves off all this US centric software that we don't truly need.
Just my opinion of course, or do we need to get a manumission to be free?
Re: Slight correction of tense
If, by "Sovereign" Cloud you mean the usual Greeks bearing gifts, I agree. What's needed is actual sovereign not-quite-cloud, i.e. services not run on somebody else's computers.
Re: Slight correction of tense
Love the analogy Watch out for those Greeks.
There's an opportunity, IMHO, that the UK and other could workout what the new world order technology requirements are and start investing, researching and developing, as required.
Re: Slight correction of tense
It is very easy to stop thinking over a wine and steak.
It's a shame that folks working at NCA or SFO think that their job is to draw salary and look away.
Re: Slight correction of tense
As far as I can make out sometime about last October you missed out on a free meal with a very unimaginative menu. Or perhaps that's when you heard you'd missed out. Or somebody told you you'd missed out to wind you up.
Palantir in Parliament
There is a debate in Westmister tomorrow about the Palantir NHS contract. Write to your MP, correction: the MP in your constituency.
M$ and gmail send my email to spam: I wrote on Mathstodon about this and have just passed 1000 boosts and 1000 favorities, so join the club!
Re: Palantir in Parliament
Palantir => Mordor => Sauron
Re: Palantir in Parliament
Do you think MP will cancel wine and steak dinner because unwashed pleb doesn't like their data being misused? You have to wait until around the elections, when MPs wake up from the freebie coma and realise they need votes to continue sitting in the gravy train.
Conflict?
I work with the UK branch of a US multinational supporting a system that fall into the remit of GDPR-UK and the Official Secrets Act..
I really have issues with things like the US Cloud Act, and how it relates to GDPR-UK and the Official Secrets act.
If an instruction comes from the US holding company to leak data, it is not just the UK subsidiary that would be breaking UK law, it is everybody involved in the extraction in the UK who support the systems who would also be breaking the law at a personal level.
I have actually asked my management chain about this, and I've been told that the situation would never arise, but I've made it clear that if I was asked to break UK law in order to knowingly provide information to the US parent in breach of data protection, I would walk, but I don't think that everyone around me would take the same decision.
In this case, there is a bit of a get-out, as the actual systems are owned and air-gapped in local data centres operated by this UK organisation we run them for, and we are just the maintainers and administrators. There is an approval process involving the client that should/would stop large scale export of data, which would make it clear if something is being asked for under the covers, as it would have to avoid the change process.
Re: Conflict?
, as the actual systems are owned and air-gapped in local data centres operated by this UK organisation we run them for,
This is just a coping mechanism. If request comes they need to make it available. You cannot evade a control-based legal regime by playing dress-up with ownership. A UK badge on the bonnet does not help if the steering wheel is still in California.
Re: Conflict?
And that is why I would walk.
It's an interesting conflict though. No matter what the US laws say, the data is domiciled in the UK, run on systems owned by the UK client, by a UK limited company (albeit owned by a US one), and run by people who have been vetted and also signed the acknowledgement that they understand that they are covered by the Official Secrets Act (as is everyone in the UK, whether they've signed it or not).
UK law should be the prevailing law, no matter what the US thinks.
Nobody from outside specific UK sites is allowed any access, especially remote access from abroad, and nobody gets access to these sites without either being escorted, or signing the aforementioned acknowledgement. This makes it a personal offence, punishable by prison in the UK, to export the data to the US.
So the US government can fine or otherwise penalise the US company, but they should have no way short of cyber warfare to get access to the data without someone in the UK risking arrest. This is not a US run Cloud operation where data can be duplicated or moved within the Cloud infrastructure out of the UK at the click of a button.
Having flicked through the report it does seem extremely over-wordy but the executive summary is a bit lightweight. Politically they should have promoted the Labour MP's foreword over the the Green's.
No sh*t
Sherlock. See title.
Lock-in, pay-out
I was reminded recently of the financial crisis of 2008 onwards. One of the features then was the intertwined nature of investment banking with retail banking. Everybody was happy with this in rising markets when the investment gains were cross-subsidising retail. Not so much when the investments went bad on such a scale that Govts had to step in to prop the banks up.
I can see a scenario now where some (all?) of the US tech giants get burnt on AI investments and need to cover their losses by squeezing their "retail" customers - in this case those rather badly advised public bodies over here that are locked in. So the UK (local or national) taxpayer will end up paying that bill for them.
Re: Lock-in, pay-out
There's a further point of comparison.
Back then there was an assumption that an economy could exist which was able to ignore the inflationary effects of rising house prices to maintain low interest rates.
Nor there's an assumption that an economy can exist which is able to ignore the amount of money already burnt on AI data centres to provide a return on investment.
UK burned by Brexit again
Tech independence and data sovereignty would have been much easier to achieve if the UK could have joined the EU in developing solutions which each European nation could deploy domestically. Scale matters.
But someone just loved their ring a little too much, and one of the ironically-named results is Palantir, which just happens to report back to an aggressively interventionist dark lord in a foreign land.
There's a lesson about unity in there, brought to us by one of the greatest British writers of all time.
Slight correction of tense
"could quickly become a national security headache"
The only way it could become a headache if to start thinking about it which obviously HMG so far hasn't. For anyone who has thought about it it already is a headache.