Communications & Engagement

Stakeholder Materials

Tailored briefings for different audiences including ministerial, parliamentary, security/intelligence, and public communications materials.

---

Materials by Audience

Ministerial Briefing

Audience: Cabinet Ministers, Secretaries of State, Senior Ministers

Key Messages

• Threat is existential: Four US corporations (AWS, Azure, GCP, OCI) can disable government services at US government direction
• Precedent exists: US has weaponised technology against allies (Huawei, TikTok, SWIFT)
• Sovereign alternative available: European providers and open-source technology can deliver equivalent capability
• Cooperative approach reduces cost: Multi-national coordination shares investment burden
• Action required now: Dependency increasing daily; window for orderly transition narrowing

Recommended Actions

1. Commission cross-government dependency assessment
2. Engage partner jurisdictions (EU, UK, Canada, Australia)
3. Allocate initial planning budget for feasibility study
4. Identify ministerial sponsor for sovereign cloud programme

Supporting Documents

• Executive Summary (10 min read)
• Threat Assessment (25 min read)
• Business Case (20 min read)

Parliamentary Briefing

Audience: Select Committees, Parliamentary Committees, MPs/MEPs/Senators

Key Messages

• Democratic oversight at risk: Government data and operations under potential foreign control
• Legal exposure: CLOUD Act gives US government extraterritorial reach over citizen data
• Economic sovereignty: Government cloud spend flows to US corporations, not domestic economy
• Bipartisan/cross-party issue: National security transcends political divisions
• Scrutiny role: Parliament should monitor migration progress and hold government accountable

Potential Committee Actions

• Request government assessment of US cloud dependency
• Summon cloud provider representatives on data access provisions
• Review contracts for service termination clauses
• Examine legal implications of CLOUD Act on citizen data
• Monitor and report on migration programme progress

Supporting Documents

• Strategic Case
• Risk Register
• Country Precedents

Security & Intelligence Briefing

Audience: National Security Councils, Intelligence Agencies, Security Services

Key Technical Threats

• Control plane vulnerability: All major US providers route control through us-east-1 or us-west-2
• 60 undersea cables: Atlantic connectivity passes through US-controlled infrastructure
• Encryption key custody: US providers hold keys to government data
• Legal compulsion mechanisms: CLOUD Act, FISA 702, IEEPA, National Security Letters
• Service denial capability: Remote disable proven during Huawei sanctions

Intelligence Implications

• Diplomatic communications potentially exposed
• Security-cleared personnel data accessible
• Defence procurement and logistics visible
• Policy development documents vulnerable
• Foreign influence on technology supply chain

Recommended Security Actions

1. Immediate: Enable BYOK (Bring Your Own Key) on all sensitive workloads
2. Immediate: Implement sovereign backup for critical data
3. Short-term: Classify workloads by sovereignty risk
4. Medium-term: Migrate intelligence-adjacent workloads first

Supporting Documents

• Threat Assessment
• Non-US Tooling Alternatives
• Technical Specifications

Public Communications

Audience: General Public, Media, Civil Society

Key Messages (Public-Friendly Language)

• Protecting your data: Government is ensuring citizen information stays under national control
• Building resilience: Reducing dependence on any single foreign technology provider
• Supporting local industry: Investment in domestic and European technology creates jobs
• Maintaining services: Migration ensures government services cannot be disrupted by foreign decisions
• International cooperation: Working with allies to build shared, secure infrastructure

Key Statistics

• 67% of global cloud market controlled by US companies (Q3 2025: AWS 29%, Azure 20%, GCP 13%, OCI 2%)
• Four jurisdictions cooperating: EU, UK, Canada, Australia
• Billions in annual cloud spend to be redirected to domestic/allied providers
• Multi-year programme with phased migration approach

Messaging Do's and Don'ts

Do Say	Don't Say
"Strengthening digital resilience"	"US can shut us down"
"Diversifying technology partnerships"	"US is a threat"
"Ensuring data stays under national law"	"US government spying on citizens"
"Building domestic capability"	"Banning American companies"

IT & Technology Leadership Briefing

Audience: CIOs, CTOs, Enterprise Architects, IT Directors

Technical Case Summary

• Architecture: Kubernetes-based, open standards, portable workloads
• Providers: European providers (OVHcloud, Scaleway, IONOS) meet enterprise requirements
• Migration path: Phased approach, starting with cloud-native and containerised workloads
• Skills: Kubernetes, OpenTofu, PostgreSQL - all transferable, widely available
• Timeline: 24 weeks (wartime emergency) / 5-7 years (peacetime) with quick wins in first 12 months

IT Leadership Actions

1. Conduct inventory of US cloud dependencies in your department
2. Identify candidate workloads for pilot migration
3. Assess team skills gap for sovereign cloud operations
4. Engage with programme team on migration planning
5. Plan for parallel running during transition

Supporting Documents

• Common Architecture Framework
• Non-US Tooling Guide
• Quick Start Guide
• Technical Specifications

Procurement & Finance Briefing

Audience: Treasury, Finance Ministry, Procurement Officers, Budget Holders

Financial Case Summary

• Risk mitigation value: Far exceeds migration cost when service disruption risk quantified
• Economic benefits: Redirects cloud spend to domestic/allied economies
• Cost sharing: Multi-national cooperation distributes investment burden
• Phased investment: Spread over 5-7 years (peacetime), with emergency mobilisation option (24 weeks wartime)
• Existing frameworks: European providers available on current procurement vehicles

Procurement Actions

1. Review existing cloud contracts for termination clauses and lock-in
2. Assess European providers on existing frameworks (G-Cloud, EU procurement)
3. Establish sovereign cloud procurement category
4. Include sovereignty criteria in future cloud procurements
5. Plan contract transition timeline aligned with migration

Supporting Documents

• Business Case
• Investment & ROI Analysis
• Supplier Consortium

---

Quick Reference: Key Facts

Category	Fact
Market Share	4 US providers (AWS, Azure, GCP, OCI) control 67% of global cloud market (Q3 2025 data)
Legal Framework	CLOUD Act, FISA 702, IEEPA, Executive Orders enable US government compulsion
Control Planes	All providers route control through us-east-1 or us-west-2
Connectivity	60 undersea cables connect to US-controlled infrastructure
Partner Nations	EU, UK, Canada, Australia cooperating on framework
Programme Duration	24 weeks (wartime emergency) / 5-7 years (peacetime) to complete US cloud exit
Precedents	Denmark (Microsoft exit), France (SecNumCloud), Germany (Bundescloud)

---