In January 2026, 45 UK MPs submitted an Early Day Motion entitled “UK digital sovereignty strategy”. The motion pointed to the dependency of government services, democratic functions and critical infrastructure on a small number of digital providers.
Those providers are US-based hyperscaler cloud providers AWS, Azure and Google Cloud, also known as the Big Three, who between them provide cloud services to more than 90% of UK public sector organisations.
Meanwhile, in October 2025, the European People’s Party group in the European Parliament adopted a position paper calling for, “a permanent EU Tech Forum to guide digital strategy [and] build sovereign European digital infrastructure for cloud, AI and data – free from foreign control”.
This came ahead of a summit on European digital sovereignty that took place in November in Berlin and gathered more than 900 policymakers, industry leaders, investors, researchers and civil society representatives from 27 EU member states.
At the event, German chancellor Friedrich Merz said: “For Europe, digital sovereignty means the ability to shape technology across the entire value chain in line with European interests and needs. We seek competition on equal terms.”
These are just some examples of initiatives aimed at wresting back some control and data sovereignty in the UK and Europe against a backdrop of overwhelming dominance by US hyperscalers of public and private sector infrastructure.
In this article, we look at European lawmakers’ attempts to drive towards greater digital sovereignty, how that overlaps with opposition to anti-competitive practices in the market, and why governments need to think about encouraging home grown tech – or else risk losing it.
Digital sovereignty: Taking back control
The UK digital sovereignty strategy Early Day Motion was sponsored by MPs from parties that included the Greens, Labour, Liberal Democrats, Plaid Cymru and numerous independents.
The first part of the motion read: “That this house notes that government services, democratic functions and critical infrastructure increasingly depend on a small number of external digital suppliers; further notes that excessive concentration and inadequate exit or substitution planning expose the public sector to risks including service withdrawal, sanctions, commercial failure, geopolitical disruption and unilateral changes in service terms.”
It went on to say it believed “long-term resilience, continuity of public services and value for money require the government to retain effective control over digital systems it funds or relies on” and to “support UK technology firms and SMEs, and increase the proportion of public digital expenditure retained in the UK economy”.
It capped this with a call to, “publish a comprehensive UK digital sovereignty strategy with binding effect across central government, arm’s-length bodies and the wider public sector”.
A lack of digital sovereignty? The UK public sector example
As we saw in the previous article in this series, US hyperscaler clouds are deeply embedded in the UK public sector.
In the financial year 2023/2024, 95% of central and local public sector organisations in the UK spent budget on hyperscale cloud services. When it comes to spending on services such as software as a service (SaaS) that rely on hyperscaler cloud, that percentage expands to 99%.
This is taken from data gathered by Tussell and Computer Weekly that covers more than 1,100 central and local government organisations that range from ministries to councils and a wide variety of other agencies.
Out of 22 government departments in the data, 21 spent budget on hyperscale cloud in some form in that year, and 13 spent 50% or more of their tech budget on hyperscale cloud directly or via cloud resellers.
The top five public sector spenders on hyperscale cloud were: Ministry of Defence (£1.09bn), HM Revenue & Customs (£1.01bn), the Home Office (£775m), Department for Work and Pensions (£622m), and NHS England (£442m).
Digital sovereignty: UK government lacks a definition
Meanwhile, at ministry level – namely the Department for Science, Innovation and Technology (DSIT) – the UK lacks a clear definition of data sovereignty from which to work.
It told Computer Weekly in a request for comment in February 2026: “This is a complex and evolving policy area, rather than a specific project. It requires engaging with departments across government – a process which is ongoing.”
The DSIT could not give a timescale for the process, but said: “Work continues across government to ensure a consistent approach, and we will have more to say in due course. There is no single, globally agreed definition of digital sovereignty. International approaches vary and are shaped by domestic policy objectives.
“However, UK public sector technology buyers already operate inside a strong framework of safeguards, for example: data protection law, UK security standards, the Cloud First policy and established commercial rules. These combine to help effectively protect public services.”
Liberal Democrat spokesperson for science, innovation and technology Tim Clement-Jones believes this lack of definition serves a purpose – namely, that the DSIT doesn’t have to grapple effectively with regulation around the issue.
“They’re very good at lacking definitions, because it means that they don’t have to regulate them. That’s the whole idea,” he says. “When we did our AI and defence paper, they didn’t have a definition of a lethal autonomous weapon. And we thought, ‘This is peculiar. These things are dangerous; there’s high risk’, but they couldn’t come up with one. And they said, ‘NATO doesn’t have a definition either’.”
Where data sovereignty meets anti-trust
Nicky Stewart, senior adviser with the Open Cloud Coalition, believes UK public sector procurement is held in a stranglehold by AWS and Microsoft, and that this is anti-competitive and to the detriment of UK companies. The cost to those organisations that procure cloud services, and by extension the UK taxpayer, is up to £500m per year, she says.
She believes UK public sector procurement has moved from a “public cloud first” policy to one of “hyperscaler cloud first” and that direct awards resulting from this have tended to lock public sector bodies into the US giants.
Stewart says: “They came up with the G-Cloud framework, where essentially cloud providers who aspired to provide to government could showcase their wares. It operated as a catalogue. The buyer went in with a list of their requirements and it would spit out a list of providers and their services. They put that down to a short list and then they directly awarded it. There was no competitive process, no negotiation around prices, nothing.”
Initially, she says, that involved relatively small direct award contracts: “But when they started moving to hyperscale public cloud, the size of those direct awards got bigger and bigger. Some of those contracts were hundreds of millions in direct award even though the Crown Commercial Services’ own guidance says they should be for low value or urgent transactions.”
Some contracts were hundreds of millions in direct award even though the Crown Commercial Services’ own guidance says they should be for low value or urgent transactions Nicky Stewart, Open Cloud Coalition
Then, says Stewart, came “committed spend” agreements – such as with AWS for multiple millions of pounds – and into which government departments became even more tightly locked. Meanwhile, she says, UK suppliers are shut out by high entry requirements to frameworks such as G-Cloud.
“The public sector has got itself locked in into the two dominant cloud providers,” says Stewart. “And once you’re locked in, there’s a whole chain of things you need to think about. It’s not just a case of ‘I want to switch cloud providers’ or ‘I want to diversify my cloud providers’. You need to think about the skills to switch or diversify and the uncertainty about how much it will cost.”
All of this hasn’t escaped the notice of the UK government’s Competition and Markets Authority (CMA), which was set to report at the end of March on possible measures against AWS and Microsoft. In a report published in July 2025, it found those companies to be the two largest providers in a “highly concentrated” market and that this had adverse effects on competition.
The CMA is set to decide whether to apply strategic market status (SMS) in relation to AWS and Microsoft’s activities in cloud services. SMS would allow the CMA to “impose targeted and bespoke interventions to address … concerns … identified”.
It is yet to be seen what the effect of those measures will be.
European responses to risks around data sovereignty
Europe has been a little more forward in formulating responses to concerns over data sovereignty, and in particular with regard to the overwhelming market dominance of the US hyperscalers. There have been initiatives to build some degree of home grown cloud tech. Europe is a little less dependent on US hyperscalers than the UK, so it’s possible it has made a dent.
Initiatives include:
The European Gaia-X project to develop a secure European data infrastructure, although this appears largely stalled.
France’s SecNumCloud, a high-level security certification for cloud service providers aimed at provision of trusted, sovereign hosting by protecting against non-EU legal, technical and cyber security risks.
France’s Cloud de confiance, a government-backed initiative to provide secure, sovereign cloud computing services that protect sensitive data from foreign surveillance.
The industrial-focussed IPCEI-CIS, in which around 100 companies and institutes from 12 EU countries are cooperating on developing new data and cloud solutions.
What do campaigners call for: Axel’s axis in Europe
Axel Voss MEP of the European People’s Party has been a vocal advocate of building European digital sovereignty. He wants to cut red tape and create a preferential environment for European suppliers. Voss believes European sovereign digital capability means strengthening European suppliers and making it easier for European public and private sector organisations to use them.
He says: “It’s not autarky or protectionism, it’s Europe being able to take independent decisions about the parameters of digital technologies, backed by real European options in cloud, AI and data; open standards and interoperability; and procurement that builds a resilient European supplier base.
“Practically, that means pilots that combine European compute and data spaces, ‘EU-by-default’ tools in institutions, and funding and scale mechanisms to make European providers competitive.”
For Voss, a key matter is also to remove obstacles to European digital innovation: “Our main obstacles are fragmentation and slow, bureaucratic decision-making. That’s why I push measures like cutting real red tape, strengthening investment/VC and strategic capabilities (cloud/AI/edge/cyber/chips), and using procurement and open standards to break lock-ins.”
Grow native capability or die?
Nicky Stewart of the Open Cloud Coalition wants to lower barriers to UK cloud providers, after years of them being sidelined while UK public sector procurement resulted in the hyperscalers becoming entrenched.
“There are more UK cloud providers than I can count on my hands and feet,” she says. “Some of them can operate at scale – not necessarily the same scale as the hyperscale cloud providers, but they have different offerings. There’s always going to be a place for hyperscale and there are certain workloads that are suited to that sort of scale.
“But there are other workloads with different requirements. Maybe they’re more stable, for example, not peaking and spiking. Or they may have really high security requirements, or sovereign solutions, or can offer better value for money, or much more personal customer service.
“The point here is that if the UK public sector government doesn’t give the right signals to its own cloud hosting industry, how on earth does it expect to grow any native capability?”
Sign Up For Daily Newsletter
Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
