UK digital rights group urges MPs to address reliance on US technology in cybersecurity bill

Open Rights Group (ORG) has urged Members of Parliament to reduce the United Kingdom’s dependence on US technology companies as part of the ongoing debate on the Cybersecurity and Resilience Bill, which is scheduled for its second reading in the House of Commons on 6 January 2026. The organisation argues that the bill presents an opportunity to embed a digital sovereignty strategy into UK law.

According to ORG, the UK’s reliance on companies such as Amazon, Google, Microsoft and Palantir for critical digital infrastructure creates strategic vulnerabilities that go beyond technical cybersecurity concerns. The group is calling for lawmakers to require a formal assessment of digital sovereignty risks as part of the proposed legislation.

James Baker, Platform Power Programme Manager at ORG, compared dependence on foreign technology suppliers to reliance on external energy sources, arguing that both create long-term risks. He said that digital infrastructure can become a lever of political or economic pressure if it is controlled by a small number of foreign companies, even when those companies are based in allied countries.

ORG pointed to recent examples to illustrate its concerns. These include reports that Microsoft restricted access to services used by the International Criminal Court following US sanctions, leading the court to later move to a European open-source platform. The group also cited the remote disabling of agricultural equipment by US manufacturer John Deere in a conflict context, as well as the UK’s earlier decision to remove Huawei from its 5G networks following a parliamentary inquiry into security risks.

As part of its proposal, ORG is calling for a digital sovereignty strategy that would assess whether essential services can continue if a supplier withdraws, whether foreign laws could restrict access to data, and whether sanctions, trade disputes or political pressure could disrupt critical systems. It also argues that strategic fragility can arise when infrastructure depends on proprietary systems that are difficult to replace or on cloud services governed entirely by foreign legal frameworks.

The organisation has also urged the government to prioritise open-source software and interoperable systems across public sector and essential services. According to ORG, this approach could reduce dependence on a small number of dominant suppliers while creating greater opportunities for UK-based firms, including small and medium-sized enterprises, to participate in government procurement and digital infrastructure projects.