Close up images of the British and EU flags in the wind

Digital sovereignty, the ability to govern how data is collected, stored and used free from foreign entities or external legal systems, is an increasingly salient issue in today’s world. Here at Register Dynamics we have extensive experience working within and around the UK government and its digital ecosystems, and we’ll be taking a look at how and why digital sovereignty is something that is seeing increasing concern in the UK.

Why is digital sovereignty under scrutiny now?

In the last few decades five US tech firms have come to dominate the digital ecosystem. Meta/Facebook, Apple, Microsoft, Amazon and Alphabet/Google (together known by the acronym MAMAA), collectively own much of the digital infrastructure that we and our governments rely on, be it social media (Facebook), digital marketplaces (Amazon), Computer OS (Apple & Microsoft), smartphone provision (Apple & Google, through iPhone and Android respectively) and cloud computing (Amazon Web Servers, Google Cloud and Microsoft Azure).

The UK government is increasingly dependent on these firms for its digital services. Many UK government services are hosted on Azure or AWS servers. Even the UK’s security services (FCDO, GCHQ, MI5 and MI6) are heavily reliant on AWS. And it’s not just cloud hosting, when it comes to collaboration, the dominant tools are Microsoft’s: Outlook, Teams and Sharepoint, and the only other tools with any competitive share are Google’s. This dependence was recognised in the 2025 National Cyber Security Strategy, which considers major cloud providers (such as AWS and Azure) as critical parts of national security. Some people are starting to think that having so much of our digital infrastructure reliant on US firms is a cause for concern, but why should it be? The US is a long-standing ally, as embodied in the ‘special relationship’, right?

Why is this a cause for concern?

Given the increasing assertiveness of the US, to put it mildly, questions have arisen around whether it is wise to be so dependent on firms based in a country that seems increasingly willing to use them as tools of power projection. Especially over the recent issue of Greenland, where the US’s NATO allies were threatened with tariffs and economic sanctions.

In 2018 US Congress passed the CLOUD Act, which allows federal law enforcement to compel US based tech firms to hand over data in their servers, regardless of whether those servers are within domestic or foreign jurisdiction. This would be in direct conflict with domestic data protection legislation (such as GDPR). Whilst the EU and UK have sought to blunt this threat by increasing data protections, it is unclear if the US could still compel its firms to hand over data; thus it is still questionable if our data is safe in their hands. This may be particularly relevant to the upcoming rollout of Palantir tech (another US firm, named after the far seeing communication orbs in Lord of the Rings, which were extensively utilised by the forces of evil to further their goals) to handle NHS data (following them winning a contract in late-2023). This is especially concerning given Palantir have handed Medicaid data over to ICE to help in their activities. Who’s to say what NHS data held by Palantir could be used for? Could NHS data be examined as part of the US’s increased background checks on people entering the country, potentially identifying personal details that the Trump regime considers undesirable (for example, people who have received gender affirming care, outing them as trans to hostile US authorities)?

Sanctions are a tool often used by the US, typically against hostile powers such as Iran, Russia and North Korea, but in recent years the US has increasingly used sanctions, or the threat of them against people and governments in the west. In 2025, Judge Kimberly Prost, of the ICC, was sanctioned for her involvement in investigations of American and Israeli officials for war crimes. Prost has detailed the wide ranging threats of her sanctions: “You immediately lose your credit cards – it doesn’t matter where they were issued or by what bank … Online shopping becomes excruciatingly difficult, if not impossible. But there’s other things, everyday things, like ordering an Uber or ordering tickets for something, or booking a hotel … If you have assets in the United States, then they’re frozen, if you have family or family who works there, visits there, there’s a real danger. One of my colleagues, her daughter’s visa was revoked.”

There have also been threats to apply sanctions to both Prime Minister Sir Keir Starmer and Britain as a whole. In early 2026, over threats by the UK to ban X unless it stopped its AI from generating child pornography (X did eventually fix this issue), US Congresswoman Anna Paulina Luna threatened she would “move forward with legislation that is currently being drafted to sanction not only Starmer, but Britain as a whole”. Whilst the situation was resolved and the threats came to nothing, the implication that such legislation existed in draft form is certainly cause for concern. Trump has already threatened renewed tariffs over UK opposition to his plans to ‘acquire’ Greenland – could sanctions also be on the table if things go south?

What would said sanctions mean for the extensive US based cloud provision that is considered a critical part of national security? Would significant parts of the UK government, including its security services, be crippled? It’s difficult to determine the exact impacts, but maybe hitching so much of our digital infrastructure to companies based in a hostile power that seems increasingly willing to yank it away maybe isn’t a good idea.

The response

Policymakers in both the UK and the EU are starting to become aware of the risks of overreliance on US big tech. In the last few days, an Early Day Motion has been tabled in the UK Parliament on UK Digital Sovereignty Strategy. It notes the extensive dependency of government services and critical infrastructure on a ‘small number of external suppliers’ and called on the government to bolster protections against the risks (such as service withdrawal). It also called to increase moves to reduce supplier concentration through interoperable systems, to strengthen competition and bolster UK tech firms, and to produce a UK digital sovereignty strategy. Across the channel, the EU is also waking up to the risks of reliance on US big tech. Acts such as the Digital Services Act (DSA) and the Digital Marketplaces Act (DMA) have already sought to restrict the worst excesses of US big tech activity, the EU is developing an Open Digital Ecosystem Strategy and producing research into digital sovereignty, and there is growing interest in moving away from US-based cloud providers. Meanwhile, France is developing its own sovereign cloud.

Ultimately the big question is how do we wean ourselves off US big tech? Ideally we develop and bolster our own tech sector and businesses. Here, interoperability is a crucial factor. One of the ways in which big tech secures its dominance is by user lock-in, making it impossible to use third party components or tech support in its products (for example, HP inkjet printers forcing you to only use HP ink, which is much more expensive than regular brands) and imposing high switching costs on anyone seeking to move away (for example, if you want to leave Twitter/X for Bluesky, you can’t just get a list of everyone you follow, and everyone who follows you, and port it over – you have to start the process from scratch). Interoperability aims to blunt these methods of dominance by forcing everything to be interoperable with everything else, making it easier to use third party components and to switch to rival services (for example, recent EU legislation which forced Apple to use standardised USB-C charging ports for its iPhones, rather than locking users in to Apple specific chargers). Interoperability is just one method by which we can start to blunt the dominance of US big tech and help boost domestic firms, which in turn would enhance digital sovereignty.

Other methods could include increasing the use of and investment in open-source technologies, i.e. technologies developed by a community through an open and collaborative process (e.g. Linux OS or MySQL). Such technologies are not owned by any one big corporation and as such are less prone to interruptions of service in the case of tariffs or sanctions. We already touched on boosting homegrown technology companies. Government procurement could be a lever to boost this. The current government has already indicated it prefers to ‘buy British’ in other areas, and it could start to do this in tech as well. To boost domestic tech we should also develop people’s capacities and skills in tech, thus increasing the talent pool available to these domestic companies. Working with partners across the channel in Europe, who are also seeking to boost their digital sovereignty and learning from each other, would also be beneficial. These are just some of the ways that we can begin to reduce our dependency on US tech and bolster our digital sovereignty and resilience.

Summary

Digital sovereignty, defined as the capacity of a nation to autonomously govern its data and digital infrastructure without external coercion, has become an issue of increasing salience in the UK and Europe due to their deep dependency on a handful of U.S. technology giants. These firms provide essential services, from cloud computing and operating systems to social media, hosting even sensitive government and security agency data on platforms like AWS and Azure. There is a growing realisation that this could be a strategic vulnerability, despite the longstanding US-UK ‘special relationship’, due to both the risk of seizure of data by US legal authorities and the risk of service disruption as a result of tariffs or sanctions (both of which the US seems increasingly willing to use against European countries, even its NATO allies).

In response to these risks, some UK and EU policymakers are actively seeking to reduce this dependency and bolster digital sovereignty. The EU is advancing regulations like the Digital Markets Act and exploring sovereign cloud initiatives to counter the lock-in effects and market dominance of U.S. big tech. The core challenge lies in weaning off these platforms without disrupting critical services. A promising path involves mandating interoperability—forcing systems to work with third-party components—to lower switching costs, break user lock-in, and ultimately foster a more competitive, resilient, and sovereign digital ecosystem.

Author

Featured

Owain Jones

Owain is a senior technologist with considerable experience in how to both generate and use data in a way that provides meaningful insights in a range of situations.