Cloud lock‑in risk rises

Britain spent more than a decade telling public bodies to rent computing power instead of owning it, and now a single choice made in 2013 is colliding with a market dominated by a handful of American firms. The government’s own Cloud First policy says departments should evaluate cloud options before anything else. (gov.uk) That policy changed where government computers live. A February 2025 government technology blog said about 60% of United Kingdom government and public-sector information technology systems now run on cloud services. (technology.blog.gov.uk) The problem is that “the cloud” is not one big neutral utility. In practice, most public bodies end up buying from Amazon Web Services, Microsoft Azure, or Google Cloud, and Computer Weekly reported on April 10, 2026 that more than 90% of United Kingdom public-sector organisations depend on those three providers. (computerweekly.com) Once a department builds around one provider’s databases, identity tools, and billing rules, moving later can look like trying to lift a house without emptying it first. The United Kingdom’s public-sector cloud guide explicitly lists lock-in as a core issue in cloud strategy. (gov.uk) Britain’s competition watchdog has been warning that this is not just an information technology headache. In its cloud market investigation, the Competition and Markets Authority said the market is highly concentrated and that Amazon Web Services and Microsoft each had a 30% to 40% share of United Kingdom infrastructure cloud supply in 2024. (gov.uk, gov.uk) The same final decision said the watchdog wants to prioritize strategic market status investigations into Microsoft and Amazon Web Services under the Digital Markets framework. That is the regulator’s way of saying the market is concentrated enough that ordinary switching pressure is not doing the job. (gov.uk) Data sovereignty is the part that turns a procurement issue into a state issue. If a hospital, tax agency, or police system stores sensitive information in a foreign-owned platform, the questions are no longer just price and speed but which country’s laws, courts, and access rules can reach that data. (computerweekly.com) Britain already has a state-backed fallback for workloads that cannot or should not sit with a hyperscaler. Crown Hosting Data Centres is a joint venture between the Cabinet Office and Ark Data Centres, and its framework gives public bodies a route to buy physical data-centre space instead of defaulting to public cloud. (gov.uk, crownhostingdc.co.uk) That does not mean every service should move back into government-owned server rooms. It means every new contract now carries a deeper question: whether a department is buying flexible computing, or quietly accepting one supplier’s rules for where data sits, how systems connect, and how expensive it will be to leave later. (gov.uk, computerweekly.com) The latest shift is that regulators are no longer treating cloud concentration as a niche information technology concern. In April 2026, the Competition and Markets Authority said its package of cloud and business-software actions was meant to improve competition and resilience for United Kingdom businesses and the public sector. (gov.uk)