The UK’s Unaddressed Sovereignty Gap
Executive Summary
On 11 December 2025, the Department for Science, Innovation and Technology announced a partnership with Google DeepMind covering government automation, educational infrastructure, and scientific research.[1] The announcement received minimal parliamentary scrutiny, framed as routine technology collaboration rather than strategic infrastructure decision.
Yet the government’s own Industrial Strategy, published in 2025, explicitly commits to “prioritise the frontier technologies with the greatest growth potential for the UK that also support UK security and sovereignty” and promises “investing in critical supply chains to strengthen domestic capabilities”.[2]
This intelligence brief examines the apparent discrepancy between stated policy objectives and operational decisions through three primary source documents: the Digital and Technologies Sector Plan, the DSIT press announcement, and parliamentary proceedings. The analysis reveals systematic gaps where infrastructure sovereignty implications receive no scrutiny within current governance frameworks.
This brief provides evidence-based analysis using primary government sources and identifies questions appropriate for parliamentary or departmental inquiry.
The Strategic Documents
Industrial Strategy: Stated Commitments
The Digital and Technologies Sector Plan establishes clear sovereignty principles:
“We will prioritise the frontier technologies with the greatest growth potential for the UK that also support UK security and sovereignty. We will enable new sectors to establish themselves… and embed the principles of secure and resilient technology in all of our work.”[5]
On procurement strategy:
“Government can also unlock growth by using our significant buying power to support early-stage digital and technology businesses, particularly in markets where the Government is the largest customer like cloud computing and cyber security services.”[6]
On supply chains:
“investing in critical supply chains to strengthen domestic capabilities through a whole-of-government effort”[7]
“build diversified and resilient supply chains”[8]
On dual-use technologies:
“We are committed to making greater use of public procurement as a lever to support the sector and will align actions in the Sector Plan with the procurement programmes for dual-use technologies in defence and security.”[9]
The Operational Reality: Google DeepMind Partnership
One day after Westminster Hall debated AI safety without mentioning infrastructure sovereignty, DSIT announced:
Scale and Jurisdiction Context
Google DeepMind is a wholly-owned subsidiary of Alphabet Inc., a US corporation subject to US legal jurisdiction. The CLOUD Act (Clarifying Lawful Overseas Use of Data Act, 2018) grants US authorities access to data controlled by US companies regardless of storage location.[14]
The Industrial Strategy celebrates £86 billion in data centre investment,[15] with major commitments from Amazon Web Services (£8 billion), Blackstone (£10 billion), and Vantage Data Centres (£12 billion). Yet it makes no reference to jurisdictional exposure through foreign corporate control, CLOUD Act implications for UK data sovereignty, or infrastructure concentration risks — illustrated when the AWS US-EAST-1 outage of 20 October 2025 disabled Lloyds and Halifax banking for over seven hours.[16]
The Sovereignty Discrepancies
Discrepancy 1: Procurement Power vs Procurement Practice
Discrepancy 2: Security and Sovereignty vs Infrastructure Dependencies
Discrepancy 3: Critical Supply Chains vs Foreign Infrastructure Control
Discrepancy 4: Dual-Use Technologies vs Jurisdictional Exposure
The Parliamentary Scrutiny Gap
Westminster Hall Debate: 10 December 2025
One day before the Google DeepMind announcement, Westminster Hall hosted a substantive debate on AI safety. MPs examined existential risks from superintelligence, algorithmic bias, AI-enabled cyber attacks, children’s safety, energy consumption, job displacement, and copyright implications.
Topics completely absent: infrastructure sovereignty, cloud infrastructure dependencies, CLOUD Act jurisdictional exposure, data sovereignty frameworks, US corporate control of UK systems, infrastructure resilience vulnerabilities, and Commonwealth coordination opportunities.[23]
This doesn’t reflect individual oversight. It reveals a structural gap in parliamentary scrutiny frameworks: infrastructure sovereignty doesn’t exist as a recognised category within current processes. Parliament possesses well-established frameworks for examining safety regulation, procurement compliance, and innovation policy — but no framework for systematic assessment of operational dependencies on foreign-controlled infrastructure under foreign legal jurisdiction.
The 24-Hour Sequence
This sequence reveals systematic absence rather than individual failure.
Questions for Parliamentary or Departmental Inquiry
The Digital and Technologies Sector Plan states government will use “significant buying power to support early-stage digital and technology businesses, particularly in markets where the Government is the largest customer like cloud computing.” How does the Google DeepMind partnership align with this stated procurement strategy?
What metrics does DSIT use to measure whether procurement decisions support UK sector development versus foreign infrastructure dependency?
What framework does DSIT use to assess whether infrastructure dependencies on foreign-controlled systems operating under foreign legal jurisdiction “support UK security and sovereignty”?
Has DSIT conducted any assessment of jurisdictional exposure through the US CLOUD Act for UK government data processed via Google DeepMind infrastructure?
What contingency planning exists for scenarios where access to Google DeepMind infrastructure becomes unavailable, restricted, or subject to foreign government legal requirements conflicting with UK policy objectives?
What assessment has DSIT made of concentration risks when critical government, educational, and scientific infrastructure depends on a small number of foreign hyperscale providers?
What coordination exists between DSIT, the Ministry of Defence, and the National Cyber Security Centre regarding infrastructure sovereignty implications of foreign corporate involvement in government automation and security research?
Governance Intelligence Assessment
This analysis reveals a systematic intelligence gap where infrastructure sovereignty implications receive no scrutiny within current governance frameworks. Parliamentary safety debates properly focus on harm mitigation; procurement processes examine contract compliance; innovation policy focuses on enabling technology development; international coordination examines framework alignment. Infrastructure sovereignty falls between these established frameworks whilst being simultaneously relevant to all of them.
The US National Security Strategy Contrast
The November 2025 US National Security Strategy establishes infrastructure independence as foundational doctrine: “The United States will follow the ‘Hamilton Principle’ — a bedrock of US foreign policy since our founding — which is never to become dependent on any other power for the components necessary to our defense, infrastructure, or economy.”[24]
The analytical point is sharp: the UK is aligning with the governance framework of a nation that has articulated infrastructure independence as foundational principle, whilst demonstrating the opposite posture through systematic dependencies on US corporate infrastructure.
Recommendations for Further Inquiry
Conclusion
The evidence from primary government sources reveals systematic discrepancies between stated policy objectives and operational decisions. The Industrial Strategy promises sovereignty, domestic capabilities, resilient supply chains, and procurement support for UK businesses in cloud computing markets. Operational partnerships create government automation, educational infrastructure, and scientific research dependencies on foreign corporate infrastructure operating under foreign legal jurisdiction.
Neither the strategy nor partnership announcements address jurisdictional exposure through the CLOUD Act, infrastructure concentration risks, or pathways for domestic capability development. Parliamentary scrutiny frameworks contain no mechanism for systematic examination of infrastructure sovereignty implications.
Whether these discrepancies result from deliberate strategic choices or systemic intelligence gaps is a question appropriate for parliamentary inquiry. What is clear from the documentary evidence is that UK policy on AI infrastructure proceeds without comprehensive assessment of sovereignty implications — whilst the government’s own Industrial Strategy establishes sovereignty as a core objective.
References
[1] DSIT. (2025, 11 December). “AI to accelerate national renewal and growth as Google DeepMind backs UK tech and science sectors.” Press release. [2–9] Department for Business and Trade. (2025). “Digital and Technologies Sector Plan: The UK’s Modern Industrial Strategy.” Various pages. [10–13] DSIT. (2025, 11 December). Google DeepMind press release and Notes to Editors. [14] US CLOUD Act (Clarifying Lawful Overseas Use of Data Act), 2018. [15] Digital and Technologies Sector Plan, p.52. [16] AWS US-EAST-1 outage, 20 October 2025. [18–22] Digital and Technologies Sector Plan; DSIT press release as above. [23] Westminster Hall Debate, 10 December 2025. Hansard. [24] The White House. (2025, November). “National Security Strategy of the United States of America,” p.10.