MPs on the Science, Industry and Technology Committee have called for a “period of over-correction” to break the cycle of supplier lock-in and foster a domestic UK cloud ecosystem through mandatory re-competition and open source standards.
One notable measure recommended in the report – Rewiring the state: Delivering digital government – is that the UK government should exercise the break clause with Palantir and the Federated Data Platform (FDP) in the NHS and publish a fully costed exit plan by the end of 2026.
Elsewhere, the report highlights a “lack of competition” in government cloud spending, which totals about £10bn per year. It cites the March 2026 HM Revenue & Customs (HMRC) contract with Amazon Web Services (AWS) as a primary example of market failure. AWS was the sole bidder for the 10-year, £472m deal, despite concerns over restrictive licensing practices.
Meanwhile, the report recommends the establishment of a unit to monitor and disseminate digital government best practices from the European Union (EU), including how member states encourage the development of sovereign alternatives to incumbent providers.
Dangerous levels of lock-in
The report warns that the UK public sector’s heavy reliance on a small group of US-based technology providers – specifically Microsoft, AWS and Palantir – creates dangerous levels of supplier lock-in and systemic fragility.
The committee’s report argues that these dependencies, often driven by proprietary software and complex, opaque contracts, undermine competition, hinder innovation by small and medium-sized enterprises (SMEs), and expose the government to significant operational risks, including potential data access by the US under the Cloud Act.
To address such vulnerabilities, the committee recommends a comprehensive strategy to achieve “technology sovereignty” and that the government should prioritise open source alternatives and mandate that a defined percentage of procurement budgets go to UK-based startups.
Key interventions include exercising the break clause for the NHS FDP, implementing a rigorous cloud consumption dashboard to monitor supplier power, and legally requiring public bodies to favour open standards over proprietary systems to ensure the government retains the ability to make strategic choices independent of dominant incumbents.
Key recommendations in the report
Federated Data Platform: The government should commit to exercising the February 2027 break clause in the Palantir FDP contract and develop an in-house replacement or seek an alternative from UK-owned and UK-based providers, with a fully costed exit plan for the FDP published by the end of 2026.
Data access and transparency: The government must confirm the nature of Palantir’s access to patient data, the statutory basis for this authorisation, when and by whom it was authorised, and whether the information commissioner was consulted.
NHS single patient record: The government should prioritise using UK-owned and UK-based suppliers to develop and implement this and award all contracts through open and transparent procurement processes.
Ministry of Defence and Palantir: The government must set out the reasons for awarding a £240m Ministry of Defence contract to Palantir without a competitive tender process.
Procurement and SMEs: Central departments and public bodies should be required to spend a defined minimum percentage of their technology procurement budgets on products from UK-based and UK-owned startups and SMEs, with quarterly progress updates published.
Ending supplier lock-in: The Government Digital Service (GDS) should produce a strategy to end supplier lock-in, including targets for supplier diversification across departments and public bodies, with quarterly reporting.
Cloud consumption dashboard: The government’s promised cloud dashboard should include a breakdown of contract awards by company, their value, details of break clauses, specific licensing terms, and a value-for-money assessment.
All of Government cloud contract: The government should detail how this contract will prevent supplier lock-in, including its engagement with the Competition and Markets Authority (CMA) and how it will embed a pro-competition approach.
Technology sovereignty strategy: The government should define technology sovereignty. The definition should be reviewed annually, and it should set out how the government intends to support sovereign alternatives to incumbent providers.
Open source in the Procurement Act 2023: The government should use the update to this act to require public sector bodies to prioritise open source tools and technology over proprietary offerings.
Data access contingencies: The government should detail its contingencies for safeguarding citizens’ data should the US trigger data access provisions under the Cloud Act 2018, and share relevant impact assessments.
Monitor EU digital government initiatives: As part of the government’s “wider reset” in relations with the EU, DSIT should establish a unit to monitor and disseminate digital government best practice from, with a remit to engage with European Commission and member state-level bodies, in particular to focus on how the EU and member states develop sovereign alternative providers.
