Much of the internet was rendered inaccessible on Friday morning following a disruption connected with US giant Cloudflare, prompting calls for tougher scrutiny.
The outage is the latest in an ongoing trend that has become a tiresome and persistent feature of 2025, a year which has seen one the most hostile cybersecurity environments in history.
With the latest outage once again serving as a reminder of the vulnerability of the internet, calls have been made for significantly tougher scrutiny on the handful of firms responsible for hosting the more than one billion websites in the world.
“Cloudflare’s latest outage is another reminder that much of the internet runs through just a few hands. Businesses betting on “always-on” cloud resilience are discovering its single points of failure,” said Tim Wright, technology partner at the law firm Fladgate.
“Repeated disruptions will draw tougher scrutiny from regulators given DORA, NIS2, and the UK’s emerging operational resilience regimes. Dependence on a small set of intermediaries may be efficient but poses a structural risk the digital economy cannot ignore. We can expect regulators to probe the concentration of critical functions in the cloud and edge layers — while businesses rethink whether convenience has quietly outpaced control.”
Research from the Internet Society has found that market concentration among content delivery networks (CDNs), like AWS and Cloudflare, has steadily decreased over the past five years.
“CDNs offer clear advantages: they improve reliability, reduce latency, and lower transit demand. However, when too much Internet traffic is concentrated within a few providers, these networks can become single points of failure that disrupt access to large parts of the Internet,” said Ryan Polk, director of policy, the Internet Society.
“Organisations should assess the resilience of the services they rely on and examine their supply chains. Which systems and providers are critical to their operations? Where do single points of failure exist? Companies should explore ways to diversify—such as using multiple cloud, CDN, or authentication providers—to reduce risk and improve overall resilience.”
