The past few weeks have brought two seismic announcements for the UK tech sector. First, the Ministry of Defence’s £400 million deal with Google Cloud, promising a “sovereign” cloud for sensitive government workloads. Then, the UK-US Tech Prosperity Deal, a £150bn package of planned American investment in Britain, with Microsoft, Google, and others pledging billions.

On paper, these look like victories. Investment, infrastructure, new jobs, modernised systems – exactly what Britain needs to build economic and technological strength. 

But there’s a question we can’t ignore: how sovereign is a sovereign cloud when it’s being run by a US company?

This isn’t about questioning the capabilities of Google or Microsoft’s technology. The issue is what happens when you mix national security data with a company that sits under another country’s legal system. US law, through the CLOUD Act and FISA 702, allows American authorities to demand access to data from any US-headquartered provider, no matter where that data is stored. Even if the servers are in the UK, the ultimate decision-making power doesn’t sit here.

Sovereignty is not just about the geography of a data centre. It is about control, trust, and who can knock on the door and ask for access.

The Tech Prosperity Deal: Investment with Strings Attached

The Tech Prosperity Deal, just like the MOD contract, comes with big promises but few clear details. Microsoft alone has pledged £22bn but when you dig into the numbers, it’s hard to see where that money is really going. Even upper-end estimates of GPU deployments, new datacentres and job creation fall billions short of the headline figure. 

Timelines are also vague: Microsoft CEO Satya Nadella has suggested the investment would roll out ‘not in 10 years but maybe five’. The scale of promised jobs is equally unclear and there is no transparency around how much of the spend will remain in the UK economy. With GPUs neither designed nor built in Britain, and much of the intellectual property held overseas, it’s worth asking: does this really strengthen UK tech or simply expand America’s footprint on British soil?

A Chance to Back UK-Owned Cloud Providers

What makes this decision harder to swallow is that there are UK providers who can deliver genuinely sovereign cloud platforms, owned, operated, and governed entirely under British law. A £400 million MOD contract could have gone a long way to building long-term capability here at home. It would have kept taxpayer money in the UK economy, grown domestic expertise, and supported the government’s stated ambition to strengthen supply chain resilience.

Instead, we have deepened our reliance on one of the biggest hyperscalers on the planet. That dependence can have real consequences down the line.

The Lock-In Problem

Once you are in a hyperscaler’s ecosystem, it is difficult and costly to move away. Migrating workloads later can be slow, expensive, and politically complicated. This means these contracts often end up lasting far beyond their original term. It can reduce the government’s negotiating power in future and risks concentrating too much critical infrastructure in one place.

A better approach would be to diversify from the start. Spread workloads across multiple providers, use open standards, and make sure nothing is tied to a single vendor’s proprietary tech. That way, the UK keeps options open and can respond quickly to changing threats, policies, or technologies.

Instead, we’re running the risk of becoming what Tim Wu, Columbia law professor and former White House technology adviser, warned against in a recent FT article: the ‘Nebraska of Europe’ – a data centre location and consumption market for American technology, rather than a true centre of innovation in our own right.

What Needs to Happen Next

Though Starmer has put pen to paper, we should treat these deals as the beginning of a bigger conversation about what sovereignty really means. Here are a few steps I would like to see:

• Amend the UK’s procurement regulation to allow UK-owned and UK-operated providers to be prioritised for highly sensitive workloads.
  
• Commit to a multi-supplier strategy to avoid putting all of our eggs in one basket.
  
• Support homegrown providers so they can scale up to handle major government workloads in the future.
  
• Insist on open standards so workloads can be moved between providers without painful rewrites.
  
• Demanding transparency and detail from foreign investment pledges, so we know exactly what is being delivered, where, and by whom.
  

This is not about shutting out global players. They will always have a role. It is about giving UK buyers genuine choice and building an ecosystem that strengthens our long-term independence.

To help turn these ideas into concrete policy, we recently launched Civo’s Tech Sovereignty Agenda: Seven Principles to Reframe the UK’s Tech Strategy, a framework for government and industry to rethink how the UK approaches digital infrastructure, procurement, and innovation. It calls for a balanced, resilient strategy that builds homegrown capability, demands transparency from foreign investment, and ensures national data stays under UK legal control.

True Sovereignty Requires True Control

Both the MoD contract and the Tech Prosperity Deal reflect an ambition to modernise and grow the UK tech sector. But unless sovereignty is defined and enforced in legal, operational, and economic terms, these deals risk being more symbolic than substantive.

The UK now faces a choice: accept a future where critical infrastructure depends on a handful of foreign providers, or deliberately invest in building sovereign capability at home. Global partners will always have a role, but unless we also back UK innovators, Britain risks remaining a customer of other nations’ technology rather than developing and exporting its own.

Building National Digital Sovereignty the Right Way

At Civo, sovereignty is at the heart of everything we do. We know that data residency is not the same as data sovereignty. Every part of our UK Sovereign Cloud is designed, owned, and operated under British law, giving our customers real control over their data. That means no foreign jurisdiction, no hidden backdoors, and no compromises on compliance. 

The UK is full of brilliant tech and AI startups that are creating innovative solutions for public sector services. These companies cannot be allowed to fail because a few hyperscalers dominate the market. By supporting UK providers and giving them the space to compete, we strengthen the ecosystem and ensure critical services have resilient, sovereign infrastructure.

For me, this is about more than technology. It is about giving UK businesses and institutions the power to make their own choices, protect sensitive information, and compete on a level playing field. Sovereignty is not a nice-to-have. It is the foundation for a strong, independent, and resilient digital future, and that is exactly what we are building at Civo.