OpenAI pauses UK build, flags security issue

OpenAI has put its biggest planned data-centre build in Britain on hold, even though the project had been presented in September 2025 as a major piece of the country’s artificial-intelligence push with Nvidia and Nscale. The paused project, called Stargate UK, was supposed to start with up to 8,000 graphics processing units in early 2026 and potentially grow to 31,000 over time. Those chips are the specialized processors that train and run large artificial-intelligence systems, the way industrial turbines power a factory. OpenAI said it will move ahead only when Britain offers the “right conditions” for long-term infrastructure investment, and it pointed to two concrete problems: regulation and the price of electricity. That matters because a modern artificial-intelligence data centre is basically a warehouse full of power-hungry chips, and Britain’s industrial electricity prices are among the highest in the world. CNBC also reported that delays in getting connected to the national power grid have become a separate bottleneck for new projects. The regulatory piece is not just about generic red tape. British lawmakers have been reworking rules on how artificial-intelligence models use copyrighted books, news, music, and other media after a backlash from creative industries, and the government said in March 2026 that most consultation responses rejected its earlier proposal for a broad copyright exception. That leaves Britain in an awkward spot because the country signed a memorandum of understanding with OpenAI in July 2025, and Stargate UK was later tied to an “AI Growth Zone” plan in northeast England. A project that was meant to signal “build here” is now signaling “not yet.” At almost the same time, OpenAI disclosed a separate security problem that came from a third-party developer tool called Axios, which was compromised on March 31, 2026 in a broader software supply-chain attack. A software supply-chain attack is when hackers tamper with a trusted component so the bad code rides in through a normal update path, like slipping a fake part into a sealed box before it reaches the factory. OpenAI said one of its GitHub Actions workflows for signing macOS apps downloaded the malicious Axios version 1.14.1, and that workflow had access to certificate material used to sign ChatGPT Desktop, Codex, Codex command-line interface, and Atlas for Apple computers. The company said it found no evidence that user data was accessed, that its systems or intellectual property were compromised, or that its software was altered. It is still revoking and rotating the affected signing certificate, which is the digital stamp that tells a Mac an app really came from OpenAI. OpenAI said older Mac app versions signed with the old certificate will stop receiving updates or support on May 8, 2026, and some may stop functioning, so users have to update to newer releases signed with the replacement certificate. All of this is landing as Europe is tightening the screws on artificial-intelligence companies from two directions at once. OpenAI said in July 2025 that it would sign the European Union’s Code of Practice under the Artificial Intelligence Act, and Reuters reported on April 10, 2026 that European officials are also considering bringing ChatGPT under stricter Digital Services Act oversight as a very large search engine. Put together, the message from this week is simple: OpenAI still wants European business, but building physical infrastructure now looks harder, and even a contained security incident now arrives in a market where regulators are watching every layer of the stack, from data centres to app certificates.