The government stands accused of sending mixed messages about its commitment to positioning the UK as a technology superpower, after publishing guidance that will pave the way for more public sector bodies to host their workloads and applications in overseas cloud environments.The Department for Science, Innovation and Technologys (DSITs) overseas data guidance dropped on 5 February 2025, and states that public sector organisations can use cloud services that are hosted in datacentres outside of the UK for resilience, capacity and access to innovation reasons.This aligns with the guidances broader recommendation that public sector bodies adopt a considered and controlled multi-region approach to hosting their applications and workloads, which is compatible with UK law.Under the governments cloud-first policy, organisations should consider the best place to store and process data as non-UK services can be more cost-effective, more sustainable or have additional features available, as well as provide an alternative location for disaster response plans, the four-page DSIT guidance document stated.This guidance is designed to reinforce existing legislation and does not constitute a change in policy, said DSIT, with the organisation stating that some public sector bodies will have been storing data overseas for more than a decade. Government has had a cloud-first policy since 2013, [and] this predates many of the UK regions from the cloud vendors and therefore organisations may have already hosted data [classified as] Official in overseas regions, the guidance stated.This is despite the Government Security Classification Policy (GSCP) having, until an update in June 2023, tight restrictions regarding the use of non-UK cloud services, Owen Sayers, an enterprise architect with more than 20 years experience in delivering national policing systems, told Computer Weekly. Its clear this [DSIT] guidance acknowledges that despite these restrictions, the UK government has pushed a lot of critical eggs into these offshore cloud platforms, and it should be clear that this was done despite the [GSCP] policy saying not to do so, said Sayers. The [governments] approach now seems to be that we are where we are and to double down on continuing to do so.It is difficult to say with any certainty how prevalent the use of overseas datacentres may have been by public sector bodies up to the point of DSITs guidance coming out.The cloud-first policy, meanwhile, is mandated across central government and credited with accelerating adoption of off-premise technologies throughout Whitehall since its introduction in 2013.In other parts of the public sector, where organisations are merely strongly encouraged to follow the cloud-first policy, anecdotal reports suggest it has had a less potent impact.What we do know is that the amount of public sector data stored on cloud servers owned and operated by companies with the potential to host it overseas markedly increased following the opening of UK datacentres by public cloud giants Amazon Web Services (AWS) and Microsoft in late 2016.In the wake of that development, a number of domestic UK cloud providers saw a marked downturn in demand for their services, as public sector buyers jumped ship and migrated over to AWS and Microsoft.Proof of that can be seen in the governments Digital Marketplace figures, which document the amount of cloud spend transacted through the public sector G-Cloud procurement framework.Its figures show that AWS had secured just 2.93m during the 57-month period between the framework making its debut in March 2012 and Amazon opening its first UK datacentre region in December 2016. In the 57 months after AWS opened its UK datacentre, the company had banked 149m in G-Cloud sales. To-date, AWS has accrued 1.1bn in public sector spend through G-Cloud.Microsofts G-Cloud sales data follows a similar trend, with the company making a modest amount of money from the framework before the opening of its UK datacentre in September 2016.At the time, the companys UK cloud region was spoken about by Microsoft representatives in the national press as allowing public sector bodies to use its cloud services while ensuring their data remains in the UK.However, reporting by Computer Weekly revealed in the summer of 2024 a disclosure by software giant Microsoft that it could not guarantee the sovereignty of policing data stored in its public cloud.At the time, the company declined to comment on whether it could guarantee sovereignty for other forms of public sector data, prompting questions about how much of the UK governments IT estate may have already been offshored to overseas datacentres.In light of the Microsoft disclosures, what makes the DSIT guidance remarkable in Sayers view is not the fact that it might lead to increased usage of overseas cloud compute resources by the public sector.We know theyve been doing that for years, but what makes this a remarkable piece of guidance is that it specifically says dont buy British if you can get it cheaper elsewhere, and if you seek innovation, youll probably have to seek it elsewhere, he said.Its not difficult to see why Sayers would come to that conclusion, given the guidance documents opening line reads: In order to provide resilience, capacity and access to innovation, organisations may need to use cloud and software-as-a-service solutions outside of the UK.What makes this admission all the more startling for Sayers is that it comes hot on the heels of a run of government announcements about its plans to transform the UK into a technology superpower, with particular emphasis on building out the countrys expertise in artificial intelligence (AI).The UK governments 50-point AI opportunities action plan, which dropped in mid-January 2025, features a commitment to building sovereign AI capabilities in the UK through vast investments in creating supercomputing facilities that will increase the nations high-performance computing (HPC) capacity 20-fold by 2030.The action plan also features a government commitment to develop a long-term compute strategy to ensure the UK has the datacentre infrastructure capacity it needs to realise its AI ambitions, and sets out an intention to create so-called AI growth zones across the country.These zones will be sited in specially designated parts of the UK that have enhanced access to power and support for planning approvals, as detailed in the action plan document, as part of a broader push by the government to fast-track UK datacentre developments.How do those commitments square with the guidances contents that public sector organisations might be better off making use of overseas datacentres, asked Sayers.Another part of the guidance states that not all regions from a cloud provider are equal, with some offering better pricing, a wider range of services, access to more compute capacity, or enhanced uptime and resiliency. In DSITs view, this is why public sector organisations should not be limiting themselves to using UK-based cloud regions.The government is sending out mixed messages here, because the Prime Minister, Chancellor and the DSIT ministers are all promoting the UK as a leader of innovation and artificial intelligence, whereas this piece of guidance says youll probably have to go overseas to find that, continued Sayers.It is not just Sayers who feels that way, as Mark Boost, CEO of UK-based cloud services provider Civo, described the DSIT guidance as bad news for the UK economy, while also pointing out how contradictory it reads in the wake of the UKs recent run of AI announcements.This guidance from the government is bad for British business, bad for the UKs economy, and worse for government departments, he said.DSIT says it wants to champion the UKs fast-growing tech market, but is seemingly discouraging public sector bodies from choosing British businesses. Instead, its channelling taxpayers hard-earned cash offshore and further disincentivising tech investment into the UK.Over the years, weve given away so many of our industries, said Boost. Now, on the brink of another industrial revolution, the government seems intent on doing the same with AI. This is not only wrong, but potentially dangerous.In a statement announcing the guidances roll-out, DSIT said supporting public sector organisations with moving more of their data out to overseas datacentres will boost competition and bring about IT resiliency benefits, without compromising the UKs strict data and security protections.However, these assurances do not hold much sway with Boost. The guidance may make gestures at adequate data protection and security practices, but the fact is that if an organisation is processing its data on foreign soil and transferring it across borders, then that data can be subject to foreign laws.For government departments handling sensitive data including on health and national security this is an unacceptable level of risk, he said.Where DSIT gets right with its guidance is where it talks about the need for public sector organisations to build multi-region resiliency into their cloud deployments to ensure uptime for critical systems, said Boost.But there are plenty of providers in the UK who could satisfy this, he said. We have a thriving ecosystem of cloud providers who are beginning to offer fully sovereign solutions for both the public and private sectors.And what these providers need is the full support of the government, rather than guidance advising public sector IT buyers to look overseas to access the cloud computing services they require.The government should be supporting British business and investing in our sovereign capabilities, boosting our resilience by nurturing an ecosystem of homegrown providers, said Boost. Instead, they seem to be encouraging public bodies to look elsewhere at the expense of our data security, and our tech economy.Read more government cloud storiesThe UK government has unveiled its 50-point AI action plan, which commits to building sovereign artificial intelligence capabilities and accelerating AI datacentre developments but questions remain about the viability of the plans.New government has wasted no time in lowering planning permission barriers to new datacentre builds, with its disclosure that two previously denied projects are being placed under review.Nicky Stewart, senior adviser to the Open Cloud Coalition, which champions competition in the public cloud market, told Computer Weekly she agrees with the guidances view that public services are being held back and made less resilient by poor technology.What she is less convinced about are the competitive benefits being touted by DSIT in its guidance. In her opinion, if the government has competition concerns about cloud, it should be acting instead on addressing the red flags raised by the Competition and Markets Authority(CMA) about the hold the US hyperscalers have on the UK cloud market.We agree [with the government] that public services are being held back and made less resilient by poor technology [and] the best way to fix the situation is to act on anti-competitive practices identified by the CMA, she said. A more competitive market will foster innovation, investment and job creation, and ultimately drive long-term value for the public sector, and for taxpayers.Computer Weekly contacted DSIT for a response to the comments made in this story, particularly about what the guidance signals about the strength of the governments commitment towards supporting homegrown cloud providers.In response, a DSIT spokesperson said the government is fully committed to fostering a competitive and resilient cloud market that supports both domestic and international providers and considers the countrys datacentre sector to be a key component of the UKs digital economy.We are actively driving growth by attracting global investment, with billions already secured for datacentre development and expansion, enhancing both infrastructure and national security, the spokesperson added.Using overseas datacentres strengthens overall resilience, and our multi-region cloud guidance gives public sector organisations the flexibility to select the best cloud hosting solutions whether thats in the UK or overseas, prioritising performance, cost and reliability while ensuring security and compliance.