UK Governance Structure
| Role | Organisation | Responsibility |
|---|---|---|
| Programme Sponsor | Cabinet Office Minister / PM | Political authority, COBRA escalation |
| Senior Responsible Owner (SRO) | Government Chief Digital Officer (CDDO) | Programme accountability, cross-department coordination |
| Technical Authority | Government Digital Service (GDS) | Architecture standards, service assessment |
| Security Authority | NCSC (National Cyber Security Centre) | Security accreditation, threat assessment |
| Procurement Authority | Crown Commercial Service (CCS) | Framework management, emergency procurement |
| Infrastructure | Crown Hosting / Government Property Agency | Datacenter capacity, facilities |
| Defence Workstream | Defence Digital (MOD) | Classified systems, MOD migration |
UK Estimated Budget (24-week Programme)
£400-800M
Hardware CAPEX
£150-300M
Platform Development
£100-200M
Migration & Integration
£80-150M
Annual Operations
Total Programme Cost: £730M - £1.45B (initial) + £80-150M annual operational cost
Context: UK government spends ~£6B+ annually on IT. This is ~12-24% of one year's IT spend for permanent sovereignty.
UK Critical Systems - Priority Migration Order
| Priority | System | Department | Citizens Impacted | Target Week |
|---|---|---|---|---|
| P1 | GOV.UK | GDS | All citizens | Week 8-10 |
| P1 | GOV.UK Notify | GDS | Cross-government notifications | Week 8-10 |
| P1 | Universal Credit | DWP | 6M+ claimants | Week 10-14 |
| P1 | State Pension | DWP | 12M+ pensioners | Week 10-14 |
| P1 | HMRC Self Assessment | HMRC | 12M+ taxpayers | Week 12-16 |
| P2 | NHS App | NHS Digital | 30M+ users | Week 14-18 |
| P2 | Home Office Immigration | Home Office | Visa applicants | Week 14-18 |
| P2 | DVLA | DfT | 49M licence holders | Week 16-20 |
Phase 1: Emergency Declaration & Mobilisation
Week 1-2-
PM/Cabinet
COBRA authorisation - Emergency sovereign cloud programme approved under national security provisions. Suspend normal spend controls.
-
Cabinet Office
Programme command established - 24/7 operations centre, cross-department coordination, international liaison.
-
CCS
Emergency procurement enabled - Direct award authority for sovereign cloud contracts. National security procurement basis.
-
Crown Hosting
Datacenter capacity reserved - Formal reservation of available rack space at Corsham and Farnborough facilities.
-
NCSC
Security fast-track activated - Accelerated security assessment process for sovereign platform components.
-
CDDO
Cross-department audit - Complete inventory of all cloud workloads across government (AWS, Azure, GCP, OCI).
-
FCDO
International coordination - Liaison with EU, Canada, Australia counterparts. Establish cooperative governance.
Exit Criteria: COBRA authorisation received, emergency procurement powers active,
datacenter capacity secured, international cooperation confirmed.
Phase 2: Infrastructure Deployment
Week 3-6-
Crown Hosting
Hardware delivery and installation - First wave of servers, storage, networking equipment installed in Crown Hosting facilities.
-
GDS/Platform Team
CloudStack deployment - Core IaaS platform operational with compute, storage, and networking capabilities.
-
GDS/Platform Team
Kubernetes clusters - Production-grade Kubernetes clusters deployed for container workloads.
-
Security Team
IAM/Security foundation - Keycloak (IAM), OpenBao (secrets), security monitoring deployed.
-
DevOps Team
CI/CD pipeline - GitLab, container registry (Harbor), deployment automation operational.
-
Network Team
Network connectivity - PSN integration, VPN gateways, inter-site connectivity established.
Exit Criteria: Core platform operational, passing NCSC security baseline,
ready to accept workloads.
Phase 3: Platform Services
Week 5-10-
Platform Team
Object storage (MinIO) - S3-compatible storage for applications, backup, and data lake use cases.
-
Database Team
Managed databases - PostgreSQL, MySQL clusters with HA, backup, and monitoring.
-
Platform Team
Messaging (Kafka) - Event streaming and queue services for async communication.
-
Platform Team
Serverless (OpenFaaS) - Function-as-a-Service platform for Lambda-style workloads.
-
Observability Team
Monitoring stack - Prometheus, Grafana, Loki for metrics, dashboards, and logging.
Exit Criteria: All core platform services operational and documented.
Ready for application migration.
Phase 4: Critical System Migration
Week 8-16-
GDS
GOV.UK migration - Core government website and publishing platform migrated to sovereign infrastructure.
-
GDS
GOV.UK Notify - Notification service for all government departments migrated.
-
DWP
Universal Credit - Benefits system migrated with zero disruption to claimants.
-
DWP
State Pension - Pension payment systems migrated.
-
HMRC
Tax systems - Self Assessment and related services migrated (critical timing around tax year).
Exit Criteria: All P1 critical systems operational on sovereign platform.
Blue-green deployment maintaining rollback capability.
Phase 5: Mass Migration & US Exit
Week 14-24-
All Departments
Department-by-department migration - Systematic migration of remaining workloads per department.
-
NHS Digital
NHS systems - NHS App, GP systems, and health data platforms migrated.
-
Home Office
Immigration systems - Visa, border, and immigration platforms migrated.
-
CCS
Contract termination - AWS, Azure, GCP, OCI contract terminations issued. Notice periods served.
-
All Departments
Data deletion verification - Confirm all government data deleted from US cloud providers per GDPR.
-
CDDO
Programme closure - Full sovereignty achieved. Transition to business-as-usual operations.
Exit Criteria: Zero government workloads on US cloud infrastructure.
All contracts terminated. Data deletion confirmed.