The Open Rights Group (ORG) is calling on the UK government to implement a digital sovereignty strategy, arguing there is a pressing need to reduce the country’s dependence on technological infrastructure from US companies that may be subject to foreign interference.
The digital rights campaigner warned that while various digital infrastructures may be technically secure, they could become “strategically fragile” if they depend on a small number of foreign-controlled suppliers or proprietary systems that cannot be easily replaced.
They also warned that widespread dependence on hyperscale cloud services such as Microsoft and Amazon Web Services (AWS) also poses risks, as these entities are subject to laws that could be used by the US government to compel them to provide UK-stored data to American authorities, effectively bypassing local laws.
To alleviate the risks associated with this kind of over-reliance on US-controlled infrastructure, ORG said a digital sovereignty strategy should be made a requirement in the UK’s forthcoming Cybersecurity and Resilience Bill.
Such a strategy should specifically consider whether services can continue if a supplier withdraws; whether data access can be restricted by foreign law; whether sanctions, trade disputes or political pressure could disrupt systems; and whether the UK has meaningful alternatives if relationships with foreign states change.
“Just as relying on one country for the UK’s energy needs would be risky and irresponsible, so is over-reliance on US companies to supply the bulk of our digital infrastructure,” said James Baker, the platform power programme manager at ORG.
“Now more than ever, the UK needs to build and protect sovereignty over its digital infrastructure, and not leave itself vulnerable to the policies and actions of foreign powers such as the US and China. Although the US is a historical ally, its assertion that it will use hard power to achieve its political, economic and military goals should raise concerns among parliamentarians in the UK. The Cybersecurity and Resilience Bill is an opportunity to improve the UK’s control over its infrastructure.”
ORG added that the strategy should also prioritise the use of interoperable, open source systems, which would increase the ability of UK firms to bid for and maintain government systems.
A question of sovereignty
The call for a digital sovereignty strategy follows the US government’s illegal abduction of Venezuelan president Niolás Maduro, and subsequent threats made by US president Donald Trump and other high-ranking US government officials that similar unilateral military interventions could be staged in Cuba, Colombia and Greenland.
It also comes on the heels of controversial software provider Palantir landing a £240m contract with the Ministry of Defence (MoD) in mid-December 2025 – awarded without a competitive process – which represents the largest ever UK defence deal.
The contract will see Palantir provide “data analytics capabilities supporting critical strategic, tactical and live operational decision making across classifications” over the next three years, and has been criticised by a range of actors from across the political spectrum for increasing the UK’s reliance on US firms at the expense of British counterparts.
ORG added that there have been a number of examples in recent years of states using digital infrastructure to wield political and military power.
This includes Microsoft blocking the email account of the International Criminal Court’s (ICC’s) chief prosecutor, Karim Khan, after Trump imposed sanctions on the institution for issuing an arrest warrant against Israeli prime minister Benjamin Netanyahu.
While Microsoft has denied this – claiming it remained in contact with the ICC while “disconnecting Khan’s Outlook account – the ICC stopped using Microsoft services in October 2025 and switched to OpenDesk, an open source European software platform.
ORG also pointed to John Deere’s remote disabling of tractors stolen by Russian forces in Ukraine, saying it indicates that if political pressure was brought to bear on the firm, it could apply the kill switch to farm vehicles around the world.
As it stands, however, the UK government is attempting to make the UK an artificial intelligence superpower, with plans to rapidly expand the country’s sovereign compute capacity and create AI growth zones to facilitate the building of new datacentres, and massive investments for the underlying cloud infrastructure coming from Microsoft, Google and AWS thus far.
Previously, senior Microsoft employees admitted to the French senate in June 2025 that the company cannot guarantee the sovereignty of European data stored and processed in its services, while revelations published by Computer Weekly show that UK public sector data hosted in Microsoft’s hyperscale cloud infrastructure could be processed in more than 100 countries.