MPs are calling on the government to reduce the UK’s dependency on big technology companies amid concerns that the state is over-reliant on overseas suppliers, posing national security and economic risks.
An amendment to the Cyber Security and Resilience Bill (CSRB), backed by 20 MPs, calls for the government to publish a digital security strategy to assess the risks of relying on overseas technology in critical infrastructure.
The move comes as the European Commission sets out plans for a programme to build sovereign IT capabilities, including European datacentres and a move to open source software to reduce dependency on US technology suppliers.
The amendment, proposed by Liberal Democrat MP Victoria Collins, which will be debated today, calls on the British government to publish a “digital sovereignty strategy” that will commit to building technology capabilities in the UK and to reduce dependency on overseas suppliers.
The amendment, which covers critical digital and managed service providers, would require the government to set out a strategy to mitigate the risks of foreign interference and the UK’s reliance on foreign suppliers. It also calls for an assessment of the risks associated with hardware, software, supply chains and procurement processes.
The MPs argue that a digital sovereignty strategy is necessary to ensure that government departments do not get “locked in” to proprietary technology from big tech companies, making it difficult or impossible for them to change suppliers.
The strategy would also support UK jobs, skills and innovation by encouraging investment in UK technology companies and making it easier for them to win government contracts.
UK ‘at mercy’ of a handful of US tech companies
The amendment follows warnings from a cross-party group of MPs that the UK public sector is becoming increasingly reliant on a small number of US technology suppliers, including Microsoft, Amazon Web Services and Palantir.
The Science, Innovation and Technology Committee said the UK’s dependence on a small number of providers represented a “clear vulnerability” and left ambitions to digitally transform public services potentially “at the mercy” of foreign actors.
Collins has previously raised concerns over the lack of published information in the UK’s National Risk Register on the risks posed by foreign states using legal powers, such as sanctions, to disrupt or discontinue critical digital services used by the UK.
She was among four MPs to write to the Chancellor of the Duchy of Lancaster and the chairs of two influential parliamentary committees in April, urging the government to take steps to ensure the UK’s digital systems would remain resilient in the event of threats or interference by a foreign government.
The MPs pressed the government to publish a currently secret analysis of “chronic risks”, including “concentration of risk through dominance of global tech”, the UK’s “reliance on digital platforms and digital services”, and “impacts from the use and capability of artificial intelligence (AI)”.
“The UK public debate on digital sovereignty is significantly hampered by the secrecy surrounding the mitigation strategies for the chronic risks mentioned in the National Risk Register,” the MPs wrote.
“This contrasts with open discussions and analysis in other European countries. While there may be aspects of the current documents that need to be kept secret, this cannot and must not apply to the whole analysis,” they stated.
European states, including France, Germany, Denmark and the Netherlands, have engaged in national debates about the risks of overdependence on overseas technology.
France, for example, is moving to sovereign open source desktop and collaboration tools for its senior civil servants to reduce risks of surveillance or loss of services. And the German armed forces are moving to OpenDesk, an open source alternative to Microsoft Office.
European banks are also taking action to protect themselves against interference from the US by building their own electronic card payment system as an alternative to the US-run Mastercard and Visa networks.
The UK Parliament has previously discussed potential risks of relying on Chinese suppliers, including Huawei and Lenovo.
Amendment seeks ambitious approach to UK technology
Collins said the aim of the amendment was not to shut the doors to global technological innovation, but for the government to take a “smart, strategic and ambitious approach” to UK technology.
“Right now, too much of our critical national infrastructure and too many government services depend on foreign technology and supply chains. This creates real risks, from national security vulnerabilities to economic fragility,” she added.
Collins said UK technology companies are being locked out of government procurement in favour of large multinationals.
“A proper digital sovereignty strategy would change that: backing UK innovation, reducing the UK’s dependencies, and ensuring the UK is a world leader in the technologies that will define the next decade,” she added.
The Open Rights Group (ORG), a campaign group for digital rights and privacy, which supports the amendment, said the UK’s reliance on US big tech companies posed both a national security and an economic risk.
Jim Killock, executive director of the ORG, said that “by voting on this amendment, MPs can take the first step to secure the UK’s resilience and control over its digital infrastructure”.
Richard Starnes, a chief information security officer and author of a study on the UK’s cyber security and privacy legislative framework, said the amendment raises valid national security concerns. But he said it also conflates foreign interference risks and economic protectionism.
“The enormous risks facing UK critical infrastructure, vendor lock-in and the UK’s current economic climate warrant a more strategic, open-minded approach,” he said.
