Yesterday was frustrating for many of us due to trouble accessing websites like Canva, Grammarly, Disney+, Duolingo, Reddit, Microsoft 365, Fortnite, Facebook, Zoom, Slack, Snapchat, Signal and Perplexity, as well as multiple UK national banks, and key public services.
The problem has been attributed to Amazon’s AWS service, and triggered by a DNS resolution failure tied to the DynamoDB API endpoint in AWS’s US-East-1 (Northern Virginia) region, s with a flow on to thousands of services, including Amazon’s own services, such as Alexa, Ring and Prime Video, were experiencing problems, as well as big names from around the web.
One thing is clear: when so much of Europe’s digital infrastructure runs on a handful of American cloud providers, resilience becomes as much a geopolitical issue as a technical one. It exposes the fragility of global digital supply chains and the UK’s growing challenge in ensuring digital sovereignty and resilience.
Recent outages and policy debates have underscored just how dependent governments, businesses, and users have become on the “big three” cloud giants — AWS, Google Cloud, and Azure — and the urgent need for multi-region, multi-provider strategies to mitigate systemic risk.
In the UK, criticism was raised that HMRC (His Majesty's Revenue and Customs) is a critical UK national infrastructure, but it's dependent on operational competence in another continent.
Mark Boost, CEO of UK cloud provider Civo and an outspoken advocate for sovereign cloud, says this latest disruption highlights how dangerously exposed the UK is when it comes to digital resilience. He’s calling on government and regulators to rethink procurement, fund sovereign alternatives, and make resilience a baseline requirement.
“We should be asking the obvious question: why are so many critical UK institutions, from HMRC to major banks, dependent on a data centre on the east coast of the US?
Sovereignty means having control when incidents like this happen - but too much of ours is currently outsourced to foreign cloud providers.
The AWS outage is yet another reminder that when you put all your eggs in one basket, you're gambling with critical infrastructure. When a single point of failure can take down HMRC, it becomes clear that our reliance on a handful of US tech giants has left core public services dangerously exposed."
Scott Dew, Head of Technology at Loqbox, expressed his surprise on LinkedIn upon discovering that parts of the UK tax authority’s infrastructure run outside the country.
“I’d assumed a British tax authority would run in British data centres,” he wrote.
“Deploying to eu-west-2 (London) is no harder than deploying to us-east-1 (Virginia). Same API calls, same infrastructure-as-code.”
He went on to note that while taxpayers have little say over government IT decisions — “roughly the same influence… as we do over road maintenance” — businesses don’t have that excuse. Dew argued that companies have a clear responsibility to care about where their data is stored and processed: “Data sovereignty isn’t just a compliance checkbox. It’s about control, resilience, and trust.”
John Hankinson, Head of IT at Utility Aid, voiced his alarm on LinkedIn over what he described as a “lack of discussion” about the implications for local UK governance.
“I highly doubt these organisations operate complex multi-region VPC architectures with cross-continent replication,” he wrote.
“So I’m left to assume that some workloads were simply deployed with AWS’s default region — US-EAST-1.”
Hankinson warned that hosting UK-facing services in the US not only raises concerns about performance and latency, but also about the location of sensitive government data.
“Yes, GDPR and data-transfer frameworks technically allow this — so it’s unlikely to be illegal — but it does seem architecturally and strategically poor, especially for critical national or financial systems.”
Chris Dimitriadis, Chief Global Strategy Officer at ISACA — an international association focused on IT governance — drew parallels between the latest cloud disruptions and the global IT outage caused by CrowdStrike in July 2024, which affected airlines, broadcasters, the London Stock Exchange, and businesses worldwide.
“When CrowdStrike went down, I coined the term ‘digital pandemic’ — a situation where a single point of failure in the technology ecosystem triggers ripple effects across multiple industries,” he said.
“More than a year later, we are witnessing a widespread outage through today’s Amazon Web Services disruption, which has already impacted critical sectors including communications, retail, and workplace productivity tools worldwide.
It’s another stark warning of how interconnected and fragile our digital world has become."
He predicts that fixing this one incident will not prevent the next and calls for investment in education, training, and “building a larger, better-equipped army of cybersecurity professionals who can envelope our supply chains in resilience.”
He also connected the outage with the need for strong cyber legislation, such as the UK Government’s forthcoming Cyber Security and Resilience Bill.
“Whilst the root cause of today’s outage remains unclear, data centres like those affected today would fall under its scope, adding another layer of protection. It’s imperative that the legislation is implemented swiftly and applied broadly to cover the full digital ecosystem and the supply chains behind it.
Without stronger safeguards, there should be no doubt, these ‘digital pandemics’ will continue to threaten productivity, trust, and economic stability”.
That said, Chris Street, DevOps Technical Lead at the UK Civil Service and an AWS Community Builder, pushes back against what he sees as misplaced panic around data sovereignty.
“All the top-level CISSPs and security consultants shouting so loudly about data sovereignty clearly don’t understand how AWS actually works at the nuts-and-bolts level,” he wrote on LinkedIn.
He criticised what he called “outrage over outages”, arguing that some commentators were more interested in fuelling fear than understanding infrastructure reality:
“They don’t report the outage; they report the outrage — because fear sells. But AWS going down, while a monumental pain, has little to do with data sovereignty. That’s the least of the worries, to be honest.”
Street asserts that AWS’s global architecture inherently depends on centralised control points — such as S3 bucket naming or Route 53 DNS — that must exist in a single region to ensure worldwide consistency.
“If one of these central services suffers an outage — like S3 naming or Route 53 — it can affect services elsewhere,” he said.
“But that doesn’t mean your data is stored where the problem occurred. Your data might still live entirely in the UK.”
Would you like to write the first comment?
Login to post comments