- UK government criticised for delayed cloud oversight, despite growing reliance on hyperscalers
- Experts call for more immediate action to prevent systemic risk, competition concerns, and resilience challenges
What happened: Pressure mounts for quicker UK cloud regulation after AWS outage
The UK is facing mounting pressure to speed up its regulation of hyperscale cloud providers like Amazon Web Services (AWS) and Microsoft. Critics argue that regulators are moving too slowly in addressing growing risks related to market concentration and operational resilience. Despite the government’s new powers under the Financial Services and Markets Act 2023, which allow for the designation of “critical third parties” in the financial sector, no cloud provider has yet been formally designated for oversight.
In late 2025, an AWS outage affected government services and financial institutions, sparking further calls for faster regulatory action. The incident highlighted vulnerabilities in the UK’s increasingly cloud-dependent infrastructure, with public-sector systems and critical financial services heavily reliant on AWS and Microsoft. Industry experts have warned that the government is being too cautious, and some argue that the UK cannot afford to be reactive to such risks.
Also Read: Taiwan puts Huawei and SMIC on export control list
Also Read: Trump tariffs hit Apple and Samsung as Huawei grows
Why it’s important
The UK’s dependence on a small number of cloud providers raises significant concerns over operational resilience and competition. Less than 1% of UK cloud customers switch providers annually, a statistic that suggests limited competition and market flexibility. The Competition and Markets Authority (CMA) is investigating these issues, focusing on barriers to switching providers, high egress fees, and other contractual limitations that tie customers to their current providers.
In addition to these concerns, the rise of AI-driven workloads, coupled with the ongoing shift towards multi-cloud and edge computing strategies, adds further urgency to the need for regulatory action. The UK’s cloud market is also becoming increasingly intertwined with international discussions, including the European Union’s digital sovereignty initiatives and the US’s cloud regulations for government use.
If the UK fails to implement timely regulations, analysts warn that the nation could face greater risks to its digital economy and infrastructure resilience. The question now is not whether action is needed but how quickly the UK can act to address these growing concerns.
