An Open Rights Group report warns that the UK’s heavy reliance on US tech giants for critical digital systems is becoming a national security risk, prompting renewed calls for open standards, open-source software, and sovereign cloud and AI investments.
A fresh push for open-source sovereign infrastructure is gaining momentum in the UK after the Open Rights Group (ORG) warned that the country’s dependence on a small number of US big tech companies for critical datacentres, cloud infrastructure, software, and public-sector digital systems has become a national security vulnerability.
The report argues that worsening geopolitical tensions between the UK and the US could expose Britain’s critical infrastructure to sanctions, service disruption, or strategic pressure through corporate dominance. It cites the US sanctions episode involving the International Criminal Court, where Microsoft blocked the chief prosecutor’s email account, as an example of how critical digital access can be affected.
As a strategic response, the ORG has urged the UK government to follow Germany, France, the Netherlands, and Denmark by backing technology built on open standards and publicly available open-source software, positioning it as the strongest route to resilience, innovation, competition, and digital sovereignty.
The report also highlights the structural risk of big tech lock-in, arguing that government departments remain tied to major IT suppliers and consultancies, creating supplier dependency, reduced interoperability, and cost overruns. A Competition and Markets Authority estimate suggests the UK may be paying up to £500m more annually for cloud services due to limited competition.
Liberal Democrat MP Tim Clement-Jones said, “We need to change our procurement rules to actually discriminate in favour of UK providers,” while also calling for stronger support for open-source software providers and sovereign AI models.
Labour MP Clive Lewis said digital sovereignty “must be a priority”, while Green Party MP Sian Berry called for greater resilience against sanctions and service withdrawal risks.
