United Kingdom
The cooperative represents 10,000+ cloud specialists ready for immediate mobilisation. This is not a typical government programme. This is a coordinated multinational response to protect democratic infrastructure from foreign control.
THE STRATEGIC OBJECTIVE
Government cloud infrastructure under sovereign democratic control.
Critical government systems in the EU, UK, Canada, and Australia currently run on infrastructure controlled by US corporations subject to CLOUD Act, FISA 702, and executive orders. This programme migrates those systems to sovereign infrastructure.
Coalition investment: €45-90 billion over 7 years (peacetime) for sovereign infrastructure.
- 8,000-12,000 specialist roles across 4 jurisdictions
- 126+ SMEs available for parallel development
- 36 core platform capabilities
- Emergency timeline: 24 weeks (wartime scenario only)
- Recommended timeline: 5-7 years phased migration
Cooperative Mobilisation Capacity
Resource Pool by Jurisdiction (Estimated)
| Jurisdiction | Estimated Specialists | SMEs Available | Derivation |
|---|---|---|---|
| European Union | 4,000-6,000 | ~96 | ~60% of total (population-weighted) |
| United Kingdom | 2,000-3,000 | ~15 | Based on UK cost model staffing |
| Canada | 1,000-1,500 | ~9 | ~12% of total (GDP-weighted) |
| Australia | 700-1,000 | ~6 | ~8% of total (GDP-weighted) |
| TOTAL COOPERATIVE | 8,000-12,000 | 126+ | See methodology below |
How these figures were estimated
Specialist headcount (8,000-12,000)
Derived from the UK Cost Model which estimates ~2,850 direct FTE for the UK programme (500 core platform + 2,000 migration specialists + 200 security + 150 programme management). Coalition total scaled by relative investment share:
- UK: ~20% of coalition investment → ~2,500 FTE
- EU: ~55% of coalition investment → ~6,000 FTE (largest contributor)
- Canada: ~13% of investment → ~1,200 FTE
- Australia: ~12% of investment → ~900 FTE
Important: These are programme roles, not net new jobs. Most will be filled by retraining existing government IT staff and contractors.
SME count (126)
Illustrative distribution based on approximate number of qualified cloud/infrastructure SMEs in each jurisdiction's government supplier frameworks (e.g., G-Cloud UK, EU equivalents). Actual availability requires formal market engagement.
Investment figure (€45-90B over 7 years)
From the Business Case coalition total, converting jurisdiction figures to EUR. This is total programme investment, not "redirected annual spend"—the previous $300B/year figure was misleading.
Timeline (24 weeks emergency / 5-7 years peacetime)
Emergency timeline assumes wartime mobilisation with suspended normal governance. Peacetime timeline (5-7 years) is the recommended phased approach—see Implementation Playbooks.
Emergency Migration Timeline
Why This Timeline?
Context: This emergency timeline represents a contingency scenario for rapid response if circumstances require it. It is NOT the recommended primary approach. The recommended approach is the phased programme described in Pilot Programme (24-36 months).
Note: There is no precedent for US cloud action against Five Eyes allies. Emergency mobilisation should only be triggered by specific intelligence indicating imminent risk.
Emergency Declaration & Mobilisation
- Cabinet COBRA-level authorisation for emergency procurement
- Suspension of normal spend controls for sovereign cloud
- Activate all 126 SME suppliers across cooperative
- Stand up 24/7 programme command across all jurisdictions
- Emergency contracts issued (direct award, national security basis)
Infrastructure Sprint
- CloudStack deployed in Crown Hosting datacentres
- Parallel deployment in EU, CA, AU sovereign facilities
- Core networking, storage, compute operational
- IAM/Keycloak and OpenBao deployed for security foundation
- CI/CD pipeline operational across all jurisdictions
Platform Services Sprint
- All 36 core capabilities under parallel development
- 10,000 developers working simultaneously across time zones
- Kubernetes clusters operational
- MinIO (S3), PostgreSQL, Kafka deployed
- OpenFaaS (Lambda replacement) operational
- First workloads migrating to staging
Critical Services Migration
- GOV.UK migrated to sovereign infrastructure
- GOV.UK Notify operational on sovereign platform
- GOV.UK Pay migrated
- NHS App backend migration begins
- HMRC self-assessment preparation
- Universal Credit infrastructure replicated
Mass Migration Wave
- All OFFICIAL-SENSITIVE workloads migrated
- Department-by-department cutover
- Blue-green deployment with instant rollback capability
- 24/7 migration support teams
- Performance validation and optimisation
Completion & US Cloud Exit
- Final workload migrations
- US cloud contract terminations issued
- Data deletion verification (legal requirement)
- Sovereign platform fully operational
- MISSION COMPLETE: Full sovereignty achieved
Investment Requirements
Programme Investment by Jurisdiction (7-year programme)
| Jurisdiction | Est. Investment (7yr) | Share of Coalition | Basis |
|---|---|---|---|
| European Union | €25-50B | ~55% | 27 member states, largest population |
| United Kingdom | £8-15B (€9-18B) | ~20% | From UK cost model |
| Canada | CAD 8-15B (€5-11B) | ~13% | GDP-proportional estimate |
| Australia | AUD 8-14B (€5-9B) | ~12% | GDP-proportional estimate |
| COALITION TOTAL | €45-90B | 100% | 7-year programme |
Investment delivers sovereign control over critical government infrastructure. Cost is comparable to continued US cloud spending over the same period, with the benefit of eliminating foreign dependency.
UK Critical Dependencies (Immediate Risk)
Citizen-Facing Services
| System | US Cloud Provider(s) | Citizens Affected | Migration Priority |
|---|---|---|---|
| Universal Credit | AWS (primary) | 6+ million claimants | CRITICAL |
| NHS App / NHS Digital | AWS, Azure, GCP (varies by system) | 56+ million patients | CRITICAL |
| HMRC Tax Systems | AWS, Azure (multi-cloud) | 31+ million taxpayers | CRITICAL |
| GOV.UK Platform | AWS | All citizens | CRITICAL |
| Home Office Immigration | AWS, Azure | Visa applicants, borders | CRITICAL |
| State Pension / DWP | AWS (primary) | 12+ million pensioners | CRITICAL |
| DVLA Services | AWS, OCI | 49+ million licence holders | HIGH |
| Student Loans Company | OCI (Oracle), AWS | 9+ million borrowers | HIGH |
Defence & National Security (Separate Track)
Ministry of Defence (MOD) systems require separate handling under OFFICIAL-SENSITIVE, SECRET, and TOP SECRET classifications.
| System Category | Current State | Migration Approach |
|---|---|---|
| MOD OFFICIAL | AWS GovCloud, Azure Government | Sovereign cloud (UK classified hosting) |
| MOD SECRET/TS | Dedicated MOD facilities, some US integration | UK sovereign facilities only (existing) |
| Defence Contractors | Mixed: AWS, Azure, GCP, OCI | Contractual mandate for UK sovereign |
| Intelligence Services | Classified | Separate workstream (NCSC/GCHQ lead) |
Note: MOD migration operates under separate governance via Defence Digital and NCSC. Five Eyes intelligence sharing implications require careful coordination. See Intelligence Sharing Framework.
US Cloud Providers Active in UK Government
| Provider | UK Gov Presence | Key Departments Using | US Legal Exposure |
|---|---|---|---|
| Amazon Web Services (AWS) | London, Ireland regions; G-Cloud | GDS, DWP, HMRC, Home Office, NHS, MOD | CLOUD Act, FISA |
| Microsoft Azure | UK South, UK West regions; G-Cloud | NHS, MOD, HMRC, multiple departments (M365) | CLOUD Act, FISA |
| Google Cloud Platform (GCP) | London region; G-Cloud | Various departments, NHS components | CLOUD Act, FISA |
| Oracle Cloud Infrastructure (OCI) | London, Newport regions; G-Cloud | DVLA, SLC, legacy Oracle systems, NHS Wales | CLOUD Act, FISA |
Emergency Governance (Speed-Optimised)
Normal government procurement and approval processes are suspended for this mobilisation. This operates under national security emergency provisions.
| Normal Process | Emergency Process | Authorisation |
|---|---|---|
| CDDO spend control (weeks) | Direct award (hours) | Cabinet Office emergency |
| Framework competition (months) | Pre-qualified supplier call-off (days) | National security basis |
| Business case approval (months) | COBRA-level authorisation (hours) | Prime Minister / Cabinet |
| Service assessment (weeks) | Continuous assessment (embedded) | GDS embedded team |
| Security accreditation (months) | NCSC fast-track (weeks) | NCSC emergency process |
UK Sovereign Suppliers (Immediate Activation)
| Provider | Ownership | Capability | Activation Status |
|---|---|---|---|
| Crown Hosting Data Centres | UK Government | Secure colocation, up to SECRET | ACTIVE |
| OVHcloud UK | French (EU) | Full IaaS/PaaS, UK datacentres | ACTIVE |
| UK SME Pool | UK-owned | Development, integration, operations | 15 SUPPLIERS READY |
| EU Partner Suppliers | EU-owned | Shared development, knowledge transfer | 96 SUPPLIERS READY |
Immediate Actions Required
THIS WEEK
- Prime Minister authorisation of emergency sovereign cloud programme
- COBRA briefing on US cloud kill-switch threat
- Cabinet Office directive suspending normal procurement for sovereign cloud
- NCSC activation of fast-track security certification
- Diplomatic coordination with EU, Canada, Australia counterparts
- Programme command established with 24/7 operations
- First contracts issued to UK sovereign suppliers
There is no time for debate. The threat is real, the capability exists, and the workforce is ready. Every day of delay is a day our critical national infrastructure operates under foreign control.