After weeks of stormy headlines, the announcement of tens of billions of pounds of US investment into the UK’s tech sector must have seemed like manna from heaven for the British government. Announced in conjunction with President Donald Trump’s second state visit to these shores, the list of commitments from tech giants including Microsoft, Google and Nvidia would, according to the Business Secretary Peter Kyle, “create thousands of high-quality jobs across the UK — from clean energy to advanced manufacturing.” What’s more, “[w]orking closely with the US strengthens our global position and delivers real results for British businesses.”

The sheer size of the commitments – several of which came with the wonderful word ‘billion’ at the end – made this argument seem especially persuasive. Google would invest £5bn, to be spent on capital investment, R&D and engineering tasks, helping to support over 8,000 jobs a year. Palantir, meanwhile, would create hundreds of new jobs with its £1.5bn investment in the defence technology sector, while a collective £22bn from Microsoft, Coreweave and Salesforce would support the expansion of the UK’s nascent AI infrastructure – with GPU giant Nvidia pouring £500m into UK-based AI firm Nscale to help create a British version of the US ‘Stargate’ program.

As a result, predicted Nvidia’s CEO Jensen Huang, “the UK is going to be an AI superpower,” with the latter deal finally combining much-needed GPU capacity with the country’s prodigious wellspring of AI talent.

Then came the caveats, first, ironically, from Huang himself, who pointed out that there probably wasn’t enough electricity on the grid yet to power all these new AI data centres. Others opined that Nscale, Nvidia’s ostensibly British partner in building out all this infrastructure, was not only functionally beholden to US investor interests over and above its potential UK customers, but ‘owned and operated by Australians,’ had only just opened a London office and operated only one data centre in Norway (in a statement to Tech Monitor, Nscale said that it is “UK-based”, “was officially incorporated in the UK in May 2024” and “has multiple data centres,” the number of which is not disclosed “due to security and client sensitivities.”)

Would, then, the UK’s future be shaped not by its own government and companies, but by US tech giants? For many critics, the answer was indisputably ‘yes,’ and at great cost to this country’s agency in controlling its tech stack, otherwise known as its ‘digital sovereignty.’ The deals announced in the wake of President Trump’s state visit, the Ada Lovelace Institute’s Gaia Marcus warned Politico, increased UK public and private sector reliance on US tech firms – already massive – to a sinister degree. “We mustn’t just focus on what the figures look like today, if the cost is technological lock-in tomorrow, limiting our ability to seek alternatives in the future,” said Marcus. Ex-Meta majordomo and former Lib-Dem deputy prime minister Nick Clegg went even further, arguing that British tech prowess was “defanged” by such arrangements, which were little more than Silicon Valley’s “sloppy seconds.”

Jensen Huang and Sam Altman in conversation at Windsor Castle, used to illustrate a feature about UK digital sovereignty.
Nvidia’s Jensen Huang in conversation with OpenAI’s Sam Altman at Windsor Castle, during US President Trump’s second state visit to the UK. Both men announced huge investments by their respective companies into the UK tech sector – sums which made some critics question whether that sector was now entirely in hock to US big tech companies. (Photo: Phil Noble-WPA Pool/Getty Images)

The CIO’s view of digital sovereignty

Is that fair? From the UK government’s point of view, after all, these are probably minor niggles in what constitutes a near-unprecedented slew of investment deals for this country’s economy. Heaven knows we need it. The UK not only lacks for AI infrastructure, but also the means and impetus to invest in such infrastructure itself. It’s not going to come from the government – spending commitments to repair the damage caused by decades of underinvestment in comparatively more important areas like transport, health, social care and defence have put paid to that – and British businesses have historically proven reluctant to match the commitments of their French, German or US counterparts to invest in themselves, much less the wider tech sector. 

If the money comes from foreign investment, then, what’s there to worry about? After all, it’s not going to make much functional difference for consumers used to using Google, ChatGPT or Microsoft Word. At the C-suite level, it gets a bit more complicated. Those companies for which data residency laws are actually something to worry about – usually those involved in delivering services considered economically sensitive – then the retrenchment of US tech power in the UK gets problematic. While plenty of hyperscalers offer ‘sovereign’ cloud solutions to such businesses, CIOs have to be very careful that their data isn’t transferable or accessible to individuals offshore, explains NTT Data’s Warren O’Driscoll. 

“Because of the way their platforms and solutions are actually built, they’re so complex in the many different layers of people that get access to different parts of their infrastructure at different places that they can’t really guarantee [sovereignty] without building an entirely new air-gapped solution in a particular place,” says O’Driscoll. This is further complicated, he adds, by redundancy and support needs for cloud products, which often necessitate moving or tinkering with the data offshore as the occasion demands. 

It’s something that UK CIOs appear to be worrying about. According to a January poll of British firms by the French cloud company OVHcloud, 51% consider data sovereignty to be crucial to their data management strategies, with a seemingly even breakdown between those motivated by compliance obligations and/or addressing concerns from their customers. A wider survey of 1,000 IT decision-makers from Civo in June found that 83% worried about how geopolitics was impacting data sovereignty, particularly in reference to the US CLOUD ACT that allows that country’s intelligence services to access data held by firms under that country’s jurisdiction, even if it’s stored abroad. 35% of respondents, meanwhile, don’t appear to know exactly how and in which legal jurisdiction their data was being stored.

Sins of procurement

Observers of the UK cloud market may not find this research surprising – Civo, after all, has railed for years against the sins of the hyperscalers, including in this publication. Their activism, however, highlights a curious problem: data sovereignty for large UK businesses would probably be easier if there were UK cloud companies able to effectively compete against the US hyperscalers (which, according to the provisional conclusions of the CMA’s investigation into the matter, there aren’t.)

It’d have been easier for the UK government, too. In evidence to the Public Accounts Committee, its chief commercial officer, Andrew Forzani, explained that the state had tried to favour British cloud companies in this respect, but had been hamstrung by the fact that the best-positioned player in this category, UKCloud, went bust in 2022, and the only functional alternatives were the US hyperscalers. That didn’t make the relationship between these companies and the government “unhealthy,” said Forzani, but it did mean that “we do not actually have as much leverage as we think we might.”

Mike Bracken disagrees. Former head of the Government Digital Service and now a partner at the tech consultancy Public Digital (PD), Bracken has spent much of his career advocating for and designing smart, efficient and, in his view, digitally sovereign online services for the British state. Though Forzani may be correct at a micro level, his peer at PD argues that the UK government can use its immense purchasing power and legislative authority to bend the tech markets to its needs. All it lacks, he says, is the will and a failure of imagination that Bracken likes to call ‘Treasury brain’ – the idea that select public services can be run by private enterprise without imposing useful rules of the road about ethics, interoperability or pricing.

“The system is so wired into buying some more software, to procuring, that the answer is always to procure a system,” says Bracken – which, he adds, is absurd. If you’re a minister seeking a digital solution to a knotty policy problem, you could, he explains, “adopt an open protocol and make a platform; you could create some reuse from different services; or you could create a syndicate of suppliers.”

It’s a mindset that dates back to the 1980s, argues Bracken, when Capita was first contracted by the Department for Work and Pensions to run parts of the welfare system. That sincere belief that the involvement of private contractors makes public services innately more efficient led, in time, to US-owned G4S running prisons, German-owned Stagecoach running bus routes and a long list of European- and Japanese-owned companies winning and losing rail franchises – all with decidedly mixed results. That extends to the government’s digital stack, with tech giants including Oracle, AWS, Microsoft, Palantir and Google regularly meeting with cabinet ministers and granted sizable contracts for cloud computing capacity and other services.

It’s a procurement process that’s regularly criticised for its opacity, with countless stories published over the previous decade about secret meetings in government departments and job-hopping between private tech companies and public sector departments. The fractious debate over Palantir’s contract to build most of the NHS’s Federated Data Platform (FDP) is a case in point. Not only did the US data analysis firm’s work with the service begin with a cosy, melon cocktail-fuelled meeting between Palantir’s UK boss Louis Mosley and NHS England’s chief David Prior and a £1 contract during the pandemic, but the firm’s subsequent bid for the FDP was widely criticised as lacking transparency and inappropriate in the first place given the belief of its co-founder Peter Thiel that the NHS actually makes people sick

Since Palantir won its bid, only a quarter of England’s 215 NHS trusts are using the FDP, with two stating that they were using better alternatives. Bracken is at pains to emphasise how little a fig he gives for the politics of all this. He’s more concerend about how the process itself has potentially ceded oversight of the healthcare data of almost 70m people to a single company – which wouldn’t be wise even if a rival firm won the bid. “The point of sovereignty is [that] you retain a degree of sovereignty and agency over your key health data,” says Bracken. “Do we have that with Palantir? I’m not sure.”

By mandating clear rules of the road, common standards and ethics and digging into its own software development expertise as much as possible, says Bracken, government can come up with digitally sovereign solutions to policy problems that are more affordable and, in the long term, less controversial. In so doing, he adds, “you’re not beholden to a certain provider who might want to double the license costs, or disagree with your politics, or be compromised because their actions, politically, are not suitable with the political situation in this country.”

Bracken lovingly cites the example of Notify, a government messaging platform (and one, he says, that was reassuringly non-controversial.) Bracken’s team at GDS created it after realising that there were hundreds of individual contracts across government to message members of the public about anything from a road closure to a change in hours for an outpatient clinic. Before Notify, the patchwork of messaging systems in place was complex for users to navigate, inefficient and wasted not only civil servants’ time but also those companies contracted out to message the public, who had to continually deal with small amounts of procurement minutiae across different departments. So, GDS built an alternative – a single, central platform that anyone in government could use, using an open standard that creates a level playing field for competitive tender.

“The charging model becomes a central one, so that the providers, the SMS providers and so on, they still get paid by government, but they get paid once, effectively and efficiently,” says Bracken. “They are incentivised to add better prices and more features to get more of the pie. So, you get a competitive flywheel. And the civil servants who are using it just get a simpler, easier life.”

President Macron of France with Deepmind founder Demis Hassabis and Mistral AI founder Arthur Mensch, used to illustrate a feature about UK digital sovereignty.
French President Emmanuel Macron with Google DeepMind CEO Demis Hassabis (C) and Mistral AI CEO Arthur Mensch (R). Considered a ‘national champion’ of France’s AI sector, Mensch regularly appears with Macron at technology-themed events. (Photo: Ludovic Marin / POOL / AFP / Getty Images)

Owning the stack

As well as being used by British hospitals and schools, Notify has also been adopted by public sector departments in Israel, Canada, Mexico, Australia and New Zealand. However boring its function might be, says Bracken, the beauty of the system is that the government retains control over a public messaging system and, in the end, shapes procurement to its advantage.

Not everyone agrees that this approach would be enough to guarantee true digital sovereignty for the UK. In June, Bracken faced off against his friend and fellow sovereignty advocate Professor Francesca Bria, who argued for a much more radical strategy from government. The stats, she said, were shocking enough: in Europe alone, 80% of digital services were derived from foreign companies, with 70% of its cloud infrastructure controlled by the big three hyperscalers and a whopping 90% of its public sector software made by Microsoft. That balance needed to change.

“We are regulating infrastructures that are controlled somewhere else, built according to laws we didn’t write, and underpinned by values we do not agree,” said Bria. “We are one executive order away – not from Brussels, but from Washington – from losing access to the technologies that power our society.”

Europe, Bria argued, must take back control – not of the entire tech stack, but the parts that really determine its supranational future, through a canny blend of adherence to open standards, public investment, democratic governance and running new, federated infrastructure. Where Bracken advocates for sovereignty by forcing the market to bend to government-defined rules and safeguards and a commitment to open standards, Bria said that the state must have the ability to achieve technological independence and autonomy without necessarily collaborating with industry. 

Does that mean sovereign clouds, sovereign LLMs, and sovereign cybersecurity vendors are needed? Perhaps. As far as mini-clouds are concerned, Bracken is in agreement: there may very well be cases where a ministerial department might require sensitive public data to be held in air-gapped facilities it runs without any participation by your friendly neighbourhood hyperscaler. Overall, however, he believes the impulse to control parts of the national stack outright is a “very natural first reaction” to today’s uncertain geopolitical moment – but not the right one.

What really pays for governments, says Bracken, is to be canny about where they actually need to maintain digital sovereignty to reduce national vulnerability to exogenous pressures. That varies from country to country: for Estonia, control over its defence stack while Russian warplanes skirt its airspace is a key priority, while for Kenya, the current preoccupation is wresting control over valuable health data. At a macro level, Bracken argues, the UK is in a relatively good position in this respect as a service economy, wherein the protocols running its hugely valuable financial sector – the BACs and CHAPS of the world – are not under immediate threat. 

That task is made even easier with so-called ‘national champions,’ promising, homegrown companies that governments lean on to provide sensitive services in the national interest. Europe has proven proactive in this regard: see, for example, the French state’s strengthening partnership with Mistral AI, or the German federal government’s sponsorship of defence tech startup Helsing. That hasn’t led to the exclusion of US hyperscalers from these markets but it has led, on occasion, to their dragooning into partnerships with national champions in sensitive application areas, such as in the case of Google’s partnership with Thales to create the ‘S3NS’ secure cloud

This ethos has not been replicated in the UK: see, for example, Google’s recent £400m deal to create a sovereign cloud for the Ministry of Defence. Then again, British national champions are few in number these days, with many of the leading contenders – Deepmind in AI, Arm in chip design – having long since passed into foreign ownership. But examples in other sectors, says Bracken, show that the UK is capable of making sovereign decisions about its economic future, and good ones. Just look at the expulsion of Huawei, a company with dubious connections to the Chinese government, from the British telecoms network. “We can still run our telecommunications network,” says Bracken, “but we decided not to put Chinese kit all over it.”

For the moment, many of the trade-offs involved in questions of digital sovereignty remain reassuringly abstract to the average consumer – even though the erratic foreign policy of the second Trump administration makes it easier to imagine, it doesn’t seem likely that the tangible impact of a US company flipping the kill switch on the UK tech sector because of a hypothetical executive order will be felt just yet. In cases of great exigency, however, private tech giants are now in positions to hobble and help national governments, as in the case of Microsoft’s expulsion of an Israeli intelligence unit from Azure after it used the cloud service to store millions of Palestinian phone calls, or its thwarting of Russian cyberattacks against Ukraine in the opening stages of the former’s invasion

Is the UK government’s thinking changing? During his testimony to the PAC, Forzani said it is seeking to do more to enhance competition within procurement, such as honing its understanding of pricing information across multiple contracts and unifying disparate deals into a cohesive whole. Public sector bargaining power, too, is set to be enhanced by the creation of a National Digital Exchange, while £500m has been allocated to a Sovereign AI Unit to ‘support high-potential start ups to start and scale their companies in the UK.’

For his part, Bracken suspects more needs to be done within government to persuade civil servants and ministers as to the merits of homegrown national champions. “We continue to throw away our sovereignty, and that choice is rooted deep in the thinking of [the] Treasury,” he says. Any lingering fear they may have in sponsoring duds like British Leyland, however, should be confronted, at least as it pertains to digital technology. “The truth of the matter is, these companies become the figureheads for entire national economies around the world. And we’re just not playing.”

Read more: Vibe coding is coming to the enterprise. Here’s how to do it without burning down your stack.