Great piece. People need to get real -what ever Trump does or doesn't do next, whoever is the next President it should be clear by now that the transatlantic alliance is over -the US can no longer be trusted and Europe has to do all it can to decouple -and fast. Sadly, De Gaulle was right.
I agree that major procurement decisions should always take risk into account. That said, the argument here relies on a large number of nested “what ifs”, many of which pull in different directions.
Achieving genuine independence from US technology and hosting would likely take a decade or more. Over that timeframe, political and economic conditions could change significantly. For example, a change in control of Congress could materially reduce the perceived risk within a year. Equally, a major correction in US tech valuations, whether driven by current politics or an AI-related bubble would itself have political consequences that make some of these scenarios less likely to persist.
International responses also matter. Coordinated action by the EU and UK would be very different from unilateral action, while future UK governments could take markedly different approaches to both the US and the EU. Beyond that, global risks such as a potential conflict over Taiwan would have implications for all world trade, not just US-linked supply chains. Perhaps a Farage government pivots to the US and puts tariffs on EU trade.
All of these are legitimate procurement risks and should be weighted accordingly in long-term decisions. One possible mitigation would be large-scale public investment, tens of billions over several years building domestic capability, though that comes with its own costs and uncertainties. In practice, there are more nuanced and flexible ways to manage risk than assuming a single worst-case trajectory and optimising solely for that.
Thank you for this nuanced and thoughtful response. I agree that we should not - and indeed could not - simply cut ourselves off from US tech. But that doesn’t mean we shouldn’t at least adopt a more sceptical approach - eg when assessing US takeovers of UK tech companies.
A more sceptical approach and questioning assumptions is called for. Stafford-Fraser article and your post will stimulate a debate. However there are other factors to consider such as the urgent need to drive productivity in the NHS. That won't be achieved by cut ourselves off from world class technology. The NHS app is not (yet) world class. However as I understand it does not have a high dependency on US Tech. Perhaps some civil servants are ahead of us on this though this might be the reason it is not yet world class!
I think nail on the head is your point about civil servants being ahead of us - not something I had found in my work across various professional groupings - here lies a significant problem
“One possible mitigation would be large-scale public investment, tens of billions over several years building domestic capability…” this! It is often the case that the magnitude of the task leads to a “convenience over consciousness” approach.
Build the foundations - and perhaps even - they will come to us!
“Build the foundations - and perhaps even - they will come to us!” Perhaps … over the fullness of time. The basic building blocks would be chips from Taiwan (until we had our own Fab plants). China invading Taiwan is of course a global risk so it is likely a mitigation is multinational not UK. Software would really need to be open source or built from ground up. All this is doable either using private equity or government spending (or a mix) on a strategic program of perhaps 10 years plus. So my question is… what are the UK examples in the last 50 years we can point to that were a 10 year strategic initiative that was executed to time and budget. They would have survived 3 plus parliaments and the civil service and Brexit (this century). This could be the first one but we are talking culture change, politics and not software, hardware and cloud services.
Build local, and appropriate infrastructure, with robust data guardrails. We didn’t build hospitals, schools, etc for no reason - we built them because they are safe and appropriate environments in which to do our public services work. To keep our publics safe.
Public services should never have been built on and into commercial products or outside of our jurisdiction - the risks associated with the lack of control are too high - for people - those that are persistently reporting unease. And to date, controls and governance, like guardrails, has not been well thought through and out.
UK Gov public attitudes to AI wave 4 findings seem too to have passed those involved in procurement by.
So much tech potential, so little local expertise to lead, and think beyond the shiny and new!
As my country stumbles into a more and more desperate state, I applaud any planning for the rest of the world to be prepared to step as far back as you need from us/USA. I hope it won’t come to that day, but better to be prepared.
If you really want to frighten yourself, consider how dependent we are on US-provided payment services. Since Visa Europe was bought by Visa Inc a decade ago, pretty much all card traffic in the UK is dependent on US hosting. When Russia invaded Ukraine, the payments industry switched off merchants in the occupied territory very quickly. The payments landscape could be similarly weaponised in the event of a US/Europe falling out and the UK is uniquely vulnerable - we no longer have a native domestic payments infrastructure. At a stroke, Visa and Mastercard, if compelled, could switch off the UK High Street.
It's for this reason that you are now seeing political will in the EU behind the WERO/EPI initiative - a wholly European pan-region payment scheme.
In June last year the French Senate’s Commission of Inquiry on public procurement questioned the head of legal for Microsoft France.
Under oath Anton Carniaux admitted that he could not guarantee that data on French citizens hosted on Microsoft’s EU infrastructure would never be transmitted to US authorities without explicit authorization from French authorities. Apparently it’s all down to the US CLOUD Act which takes precedence over local contracts and which allows US federal authorities to require US firms to provide such information even on citizens of other sovereign countries.
Although Carniaux said that Microsoft would vigorously oppose any such request, at the end of the day they would have to comply.
Apparently this is not specific to France, or Microsoft - any country, any US-based company - so I guess Oracle, AWS, Palentir
France/EU now working on European/national alternatives to US cloud providers. Canada is also concerned. Should we be ?
Great piece. People need to get real -what ever Trump does or doesn't do next, whoever is the next President it should be clear by now that the transatlantic alliance is over -the US can no longer be trusted and Europe has to do all it can to decouple -and fast. Sadly, De Gaulle was right.
Decouple 👌
I agree that major procurement decisions should always take risk into account. That said, the argument here relies on a large number of nested “what ifs”, many of which pull in different directions.
Achieving genuine independence from US technology and hosting would likely take a decade or more. Over that timeframe, political and economic conditions could change significantly. For example, a change in control of Congress could materially reduce the perceived risk within a year. Equally, a major correction in US tech valuations, whether driven by current politics or an AI-related bubble would itself have political consequences that make some of these scenarios less likely to persist.
International responses also matter. Coordinated action by the EU and UK would be very different from unilateral action, while future UK governments could take markedly different approaches to both the US and the EU. Beyond that, global risks such as a potential conflict over Taiwan would have implications for all world trade, not just US-linked supply chains. Perhaps a Farage government pivots to the US and puts tariffs on EU trade.
All of these are legitimate procurement risks and should be weighted accordingly in long-term decisions. One possible mitigation would be large-scale public investment, tens of billions over several years building domestic capability, though that comes with its own costs and uncertainties. In practice, there are more nuanced and flexible ways to manage risk than assuming a single worst-case trajectory and optimising solely for that.
Thank you for this nuanced and thoughtful response. I agree that we should not - and indeed could not - simply cut ourselves off from US tech. But that doesn’t mean we shouldn’t at least adopt a more sceptical approach - eg when assessing US takeovers of UK tech companies.
A more sceptical approach and questioning assumptions is called for. Stafford-Fraser article and your post will stimulate a debate. However there are other factors to consider such as the urgent need to drive productivity in the NHS. That won't be achieved by cut ourselves off from world class technology. The NHS app is not (yet) world class. However as I understand it does not have a high dependency on US Tech. Perhaps some civil servants are ahead of us on this though this might be the reason it is not yet world class!
I think nail on the head is your point about civil servants being ahead of us - not something I had found in my work across various professional groupings - here lies a significant problem
“One possible mitigation would be large-scale public investment, tens of billions over several years building domestic capability…” this! It is often the case that the magnitude of the task leads to a “convenience over consciousness” approach.
Build the foundations - and perhaps even - they will come to us!
“Build the foundations - and perhaps even - they will come to us!” Perhaps … over the fullness of time. The basic building blocks would be chips from Taiwan (until we had our own Fab plants). China invading Taiwan is of course a global risk so it is likely a mitigation is multinational not UK. Software would really need to be open source or built from ground up. All this is doable either using private equity or government spending (or a mix) on a strategic program of perhaps 10 years plus. So my question is… what are the UK examples in the last 50 years we can point to that were a 10 year strategic initiative that was executed to time and budget. They would have survived 3 plus parliaments and the civil service and Brexit (this century). This could be the first one but we are talking culture change, politics and not software, hardware and cloud services.
Build local, and appropriate infrastructure, with robust data guardrails. We didn’t build hospitals, schools, etc for no reason - we built them because they are safe and appropriate environments in which to do our public services work. To keep our publics safe.
Public services should never have been built on and into commercial products or outside of our jurisdiction - the risks associated with the lack of control are too high - for people - those that are persistently reporting unease. And to date, controls and governance, like guardrails, has not been well thought through and out.
UK Gov public attitudes to AI wave 4 findings seem too to have passed those involved in procurement by.
So much tech potential, so little local expertise to lead, and think beyond the shiny and new!
We had better get on with weaning ourselves off this dependency on Silicon Valley monopolies and develop some emergency work arounds.
As my country stumbles into a more and more desperate state, I applaud any planning for the rest of the world to be prepared to step as far back as you need from us/USA. I hope it won’t come to that day, but better to be prepared.
If you really want to frighten yourself, consider how dependent we are on US-provided payment services. Since Visa Europe was bought by Visa Inc a decade ago, pretty much all card traffic in the UK is dependent on US hosting. When Russia invaded Ukraine, the payments industry switched off merchants in the occupied territory very quickly. The payments landscape could be similarly weaponised in the event of a US/Europe falling out and the UK is uniquely vulnerable - we no longer have a native domestic payments infrastructure. At a stroke, Visa and Mastercard, if compelled, could switch off the UK High Street.
It's for this reason that you are now seeing political will in the EU behind the WERO/EPI initiative - a wholly European pan-region payment scheme.
Great post, Rory.
In June last year the French Senate’s Commission of Inquiry on public procurement questioned the head of legal for Microsoft France.
Under oath Anton Carniaux admitted that he could not guarantee that data on French citizens hosted on Microsoft’s EU infrastructure would never be transmitted to US authorities without explicit authorization from French authorities. Apparently it’s all down to the US CLOUD Act which takes precedence over local contracts and which allows US federal authorities to require US firms to provide such information even on citizens of other sovereign countries.
Although Carniaux said that Microsoft would vigorously oppose any such request, at the end of the day they would have to comply.
Apparently this is not specific to France, or Microsoft - any country, any US-based company - so I guess Oracle, AWS, Palentir
France/EU now working on European/national alternatives to US cloud providers. Canada is also concerned. Should we be ?
References
https://www.senat.fr/compte-rendu-commissions/20250609/ce_commande_publique.html
https://www.digitaljournal.com/tech-science/microsoft-says-u-s-law-takes-precedence-over-canadian-data-sovereignty/article