The UK government's 2024 designation of datacentres as critical national infrastructure aims to bolster its digital economy, yet issues of policy uncertainty and dependence on foreign cloud providers complicate this ambition. The push for data sovereignty in Europe and Asia-Pacific is driving demands for private clouds. Analysts voice concerns that the UK's data sovereignty initiatives may not adequately protect government data from being stored overseas, particularly concerning the Data Use and Access Bill's lenient standards for international data transfers, which could undermine the desired independence.
But the promise of "protected infrastructure" rings hollow when hyperscalers openly admit they cannot guarantee that UK government data stored in cloud services such as Microsoft 365 and Azure will remain within national borders.
Woo points out that countries in the European Union (EU) and Asia-Pacific (APAC) have been attempting to more heavily leverage non-US-based cloud providers, create sovereign clouds, or leave workloads on-premise.
Looking at the UK's approach to data sovereignty, law firm Kennedys Law describes the Data Use and Access (DUA) Bill, which was published in October 2024, as "a more flexible risk-based approach for international data transfers."
According to Kennedys, this standard is less rigid than the EU's "essential equivalence" requirement but raises questions about how "materially lower" will be interpreted in practice.
Collection
[
|
...
]