By not focusing on national resilience, the CMA investigation risks cementing US dominance in the UK cloud market

October 2023 could mark a significant turning point in curtailing the influence and power of big tech in the UK cloud computing market. But equally, it could not.

In a move that has the potential to reshape the cloud services industry, UK regulator OFCOM has referred the public cloud infrastructure services market to the Competition and Markets Authority (CMA) for a comprehensive investigation into anti-competitive practices. The focus of the investigation will be on four groups of high-level hypotheses, also known as ‘theories of harm’. These include technical barriers to setting up multi-cloud architecture and switching providers, egress fees for data transfer, committed spend discounts, and software licensing practices that can hinder competition and entry.

The goal is to ultimately bring effective and strong competition into the cloud services market to unlock the maximum benefits for business, government, and the economy.

It’s a welcome step towards a more competitive market but there are rightfully concerns that the scope of the CMA’s investigation is too narrow and that it won’t go far enough without a more comprehensive remit.

The UK market

Big tech, essentially US-headquartered, owned, and regulated companies such as Amazon AWS, and Microsoft, dominates the cloud hosting market in the UK. These two companies collectively own a market share of between 60% and 70% in the UK cloud market, and considerably more in the UK public sector, where their share extends from 70% to 80%.

The UK public sector’s strong inclination towards hyper-scale cloud is apparent in its policy. The Cabinet Office’s “Cloud First” policy establishes the public cloud as the default choice, while the MoD’s “Cloud strategic roadmap for Defence”, which was released earlier this year, essentially outlines the migration of the UK’s defence data to the hyper-scale cloud, spanning all security classifications.

If there is any indication that there is currently no “strong competition” in the market it is that despite the ongoing investigation, recent reports confirm the UK government plans to renew its pricing deal with AWS and Microsoft, which relies on volume and commitment discounts. These are the very theories of harm that the CMA will be investigating.

It’s not altogether a surprise the UK finds itself in this position. If the primary goal has been to acquire cloud capability, then the US hyperscalers have been head and shoulders above the rest. We know that the public cloud is great. It’s easy to use, fast to consume, elastically scalable and has lots of shiny new features and offerings to keep up with modern-day demands, from processing large foundational AI models to storing extensive records and data. Hyperscale is required to achieve all of this.

We’re in this situation because the government can access the full power of the cloud at discounted rates, making more expensive and less capable services unnecessary.

Fighting back against US dominance

But we know it’s risky to rely on foreign companies, especially when it comes to safeguarding sensitive data.

In Europe, the cloud hosting market closely resembles the UK, where the dominant players—AWS, Microsoft, and Google—command a substantial 66% share. Among European providers, Germany’s Deutsche Telekom holds the largest stake at just 2%, followed closely by France’s OVHCloud and Orange.

However, Leonardo’s CEO said recently to Italy’s parliament that Europe should have state-controlled cloud services for safeguarding sensitive data, calling it “one of the key issues of the future” amid evolving private data center ownership dynamics. The EU also launched the Gaia-X ecosystem in 2021, an association that aims to establish sovereign data Infrastructure for Europe while standing for European values, digital sovereignty of the data owners, interoperability of different platforms, and open source.

In Australia, in 2022, Microsoft pulled out of negotiations with Defence to build a top-secret classified cloud after 18 months at the negotiation table, citing a lack of commercial feasibility. Two years on, Australia still doesn’t have an adequate replacement.

A focus on national resilience and indigenous capability

The potential remedies to the market dynamics that were outlined in the CMA’s Issues Statement highlight the possible conclusions the CMA will draw. There is a strong focus on making interoperability easier and cheaper to facilitate more multi-cloud environments, reducing egress fees, prohibiting specific discount structures, and making pricing more transparent.

While beneficial, the remedies don’t address a fundamental issue, which is the lack of indigenous cloud capability.

The investigation can’t be about creating strong competition between existing providers because that will predominantly benefit US technology companies such as Oracle and IBM. It must promote indigenous cloud growth with new entrants that can match the incumbent’s capabilities.

To bring maximum benefits to the UK across all of society, a thriving indigenous capability is needed. It is indeed the only option for building autonomy and self-determination in the long term.

This issue needs to be addressed and made a key focus of the investigation.

It can do this by calling for:

  • Investment in indigenous research, innovation, and skills development
  • Establishment of a multilateral association across government, academia, and industry to lead policy, establish regulation, and devise objectives and strategy for the UK cloud market
  • Segmentation of the market, so that areas where sensitive and sovereign data is being processed and stored are required to be managed by a variety of providers, including UK providers.

A failure of the CMA to address the long-term national capability of the UK cloud market will be a lost opportunity and a risk to the economy and resilience of the nation. In five years’ time, the fear is that we’ll find ourselves in a multi-cloud environment without a strong UK provider. That’s not where the UK wants to be.

Related articles