UKGovCamp 2026: Threat models, procurement, and hope

Andy Bennett
Written By N

Last Saturday (17th January), I made my way to Birmingham for UKGovCamp 2026. Despite major train disruptions at Euston, I still made it in time to hear Simon introduce us on stage as Diamond sponsors.

What is UKGovCamp?

UKGovCamp is an annual, one-day unconference, which means that the agenda is decided by the attendees immediately after the welcome speeches. Attendees who have an idea for a session line up for 30 seconds to pitch to everyone and then the organisers find a space for it on the session grid.

Session Highlights

Similar to my reflections on OpenDataCamp11 last year, I'll describe some of the sessions that I attended here. The conference was conducted under Chatham House Rules.

Threat models and ethical dissent

Session 1 was provocatively pitched as Is your boss in your threat model and should they be? I'm not sure whether Betteridge's Law Of Headlines applies here or whether it’s a rare exception, but the conversation was topical and timely as we watch the world respond to The Department of Government Efficiency (DOGE) and ICE. Where is the line between bureaucratic compliance and defensible ethical dissent? The session concluded with the observation that, as technologists, we are uniquely positioned to understand and gatekeep the technologies that can be used to promote equality or enforce oppression, and we should take that responsibility seriously. Unfortunately, there was no concrete agreement or code of practice. There was also no move to build communities around this to support each other and concentrate our collective efforts on the most important issues.

From this, and other sessions throughout the day, I got the strong impression that almost everyone agrees that something needs to be done. But many are struggling with the idea that the balance of power is changing and the threat model is significantly different to how it's been for their entire lives. After all, there were only a few of us in the room who remembered the large scale, rapid shifts that happened at the end of the Cold War.

Procurement and suppliers

After an intense and stimulating hour, I made my way to something more mundane Getting suppliers into conversations and procurement]. As a supplier who bids on tenders from lots of Government procurement frameworks, this is a subject dear to my heart. Over the past year, we've come 2nd place in tenders where we've had the best domain experience twice. Although you still have to do all the legwork, there's no prize for coming 2nd place! Both times we lost out to cheaper alternatives who had very little domain experience, if any, and we later heard that both projects failed within 6 months. So why does "price per quality point" always seem to pitch the best positioned but more expensive bid against the lowest priced offer? Why does this seem to so often fail to work out for both buyer and seller and why do we only hear about subsequent failures through informal channels? (If you know, please give me shout!) I had many questions and I hoped this session would contain much I could learn from.

In the end the conversation was mostly about local government procurement, a market we don't serve (see who we do work with here), but it was interesting none-the-less and I learnt a lot. Local government is a market where customers often like to reprocure what they've already got rather than take a chance on something different, especially something new and innovative. There's a variety of drivers behind this that range, from long integration times to a lack of strategic expertise. There's also a lack of alignment between buyers and sellers in terms of expectations. Buyers may need bespoke solutions but often feel they can only buy from the big players due to concerns around risk. These big players are incentivised to deliver something as generic as possible that they can sell to as many customers as possible. On the other hand, a small supplier would be incentivised to give each customer more attention and are generally better equipped at delivering to the Government Service Standard, especially when it comes to accessibility.

Lunch

After two interesting sessions it was time for lunch. Register Dynamics sponsored lunch which consisted of a selection of sandwiches, including some good gluten free options, and a couple of delicious soups: vine tomato and butternut squash. There were also crisps and cakes for the adventurous.

Tiny tools and corporate IT

After lunch (and hunting around for 15 minutes to find the right room), I joined a session that combined three pitches: Tiny tools, Good people deserve good tech, and Undifferentiated heavy lifting. It was a large, diverse session with many attendees from a range of backgrounds and disciplines. The scope of discussion was quite large and tried to explore why IT, especially "corporate IT" as practiced in many organisations, largely (and consistently) fails to meet user's expectations. For example, the idea that there’s a big gulf between the needs of the IT department and the needs of users came up several times: "shadow IT" and users being able to pick their own tools was described as "IT's worst nightmare". 

Most of the discussion reinforced Bert Hubert's recent article that corporate and governments like to buy from "blame absorbers", especially ones where risk and blame can be turned into billing lines on a pay-as-you-go basis. IT is still seen as an "extra" that represents a large amount of risk to an organisation and needs to be aggressively managed, rather than as an extension of their employee's abilities that, when managed correctly, can give the whole organisation disproportionate leverage in those areas of operation. 

One technical example of this leverage that now springs to mind as I write this is how things like DevOps and Site Reliability Engineering developed. They were pioneered by companies like Google, where the goal was to allow regular sized sysadmin teams to manage literally 10s or 100s or thousands of machines, where previously they'd only been able to manage a handful. When these practices moved into organisations where employees were trusted less and IT was seen as a risk, rather than an enabling lever, these new practices where used to manage a similar number of machines as before, perhaps double at most. Significantly more machines still meant significantly more staff were hired. The focus was on managing the tools and the risk of the tools, rather than using IT to help end users be more effective.

Digital Sovereignty

The last technical session of the day was about Digital Sovereignty and was co-run by our very own Alaric Snell-Pym. This was quite a different session from the earlier one about threat models, despite treading on similar ground.

The session was large and possibly the most emotional of the day. Many people had strong opinions on both sides of the debate and ended up falling into one of two camps: those who thought the US administration was something to worry about and those who didn't. For me, the session showed me that the digital sovereignty issue is way more vague in peoples' minds than I realised. Even technical people struggle to separate the ideas of who writes software, who runs it, where it runs and how the legal rules that each of those parties are bound by affects risk in different ways. 

I reflected later on and got some clarity on my thoughts. Digital Sovereignty isn't really about "The Americans" or "The Chinese" or "The Russians" at all. It's about us. What are we trying to do? Who do we need permission from to do it? Who should we depend on to continue doing it? What are the costs associated with those decisions in terms of ongoing operational costs for things we've already built or time-to-market for things we want to build? What skill sets do we need to do those things? And how do we make the cost, risks and benefits balance out in the end? It's often embarrassing or difficult to talk about things we're not very good at or to admit when we're unsure how to do something. With Digital Sovereignty specifically, it's hard to even crisply articulate the problem we're trying to solve, especially without the scope rapidly expanding to include "everything". It's much easier to just have a debate about whether the Americans or the Russians are more friendly.

We will be writing more about Digital Sovereignty and spent our last Blogathon exploring an article for it, so keep an eye on our blog. It’ll be published soon!

Hope Camp

The final session of the day was more whimsical. "Hope Camp" was an opportunity to unwind, reflect on things we're grateful for and articulate things we’re hopeful for in the future. It's hard to really convey what happened there, but it involved paper planes, artistic drawings, collaboration and creative interpretation. If you're at an unconference that has a Hope Camp session then maybe give it a go!

Closing Thoughts

As usual, all the attendees were absolutely wonderful, I had a thoroughly enjoyable day, we're proud to have been a sponsor, and we gave away all the post-it note swag that I’d hauled in my bag from London.

Hopefully see you at UKGovCamp2027!

Author

Featured
Andy Bennett
Andy Bennett

Andy trained as an Electronic and Electrical Engineer and has a background in consumer electronics, FPGAs, operating systems and device drivers. For the last 10 years he has been building companies around distributed database technology.

Read More →

Tags:

N
Next

How open data communities are like polycules