The World's Over Reliance on US Technology, in an Uncertain Political Climate

For years, most businesses treated American technology as the safe default. Microsoft for productivity. Google for search, advertising and mobile. Apple for devices. Amazon, Microsoft and Google for cloud. Meta for social reach. Stripe, Visa and Mastercard for digital payments. Now add AI, where the most influential frontier models and platforms are again overwhelmingly American. What once looked like convenience now looks more like structural dependence. That matters more in 2026 because the political climate is less stable, the legal climate is more confrontational, and the room for pretending this is just an abstract policy debate is getting smaller.

This is not an anti-American rant. It is a risk statement. The modern business world, including much of the UK and Europe, runs on a stack that is heavily controlled by a small number of US firms. The European Parliament's own recent work says Europe's digital ecosystem remains heavily dependent on non-EU software and cloud providers, primarily US firms, and that US firms dominate all major software layers. The UK competition authorities have separately found that cloud markets in the UK and EEA are highly concentrated, with Microsoft and AWS in especially strong positions and those positions likely to endure.

That dependence reaches far beyond cloud hosting. It sits inside email, collaboration, identity, mobile devices, app distribution, cybersecurity tooling, online advertising, CRM, analytics, digital payments, developer platforms and now AI. Even public sector procurement reflects it. In 2024 the UK government signed a five-year agreement with Microsoft covering access to a wide range of its products and services, including AI-powered ones, and public bodies continue to let contracts specifically tied to Microsoft estates. Private firms looking for "industry standard" tools often end up buying the same stack by default.

World leaders are starting to notice

The political tone has changed. European leaders are no longer discussing digital sovereignty as a niche Brussels hobby. It is now being framed as part of economic security, resilience and strategic autonomy. Recent European policy and think tank work has become unusually direct: the risk is not just that Europe buys foreign software, but that it depends on external providers for core digital functions that underpin both the economy and public administration. A recent CEPR column made the point that Europe's services dependencies are becoming an economic security issue. The European Parliament's software dependency work is even blunter, warning of strategic vulnerabilities created by US dominance across the software stack.

That shift is not happening in a vacuum. It is happening in a world of trade friction, sanctions, data localisation pressure, regulatory confrontation, increasingly explicit techno-nationalism, and growing concern that digital infrastructure can be used as leverage. Even Microsoft felt the need in 2025 to publish a set of "European digital commitments" promising digital stability and resilience regardless of geopolitical volatility. Companies do not make promises like that unless customers and governments are already worried.

For the UK, the concern is sharper because Britain is outside the EU but still deeply tied to European rules and deeply dependent on the same American platforms. The UK gets the same strategic exposure without having the same ability to shape the regulatory environment as the EU bloc. That is not a comfortable place to be.

The legal fights keep revealing the same problem

One reason this debate will not go away is that the same names keep appearing. Apple, Google, Meta, Microsoft, Amazon. Different laws, different cases, same broad pattern: Europe tries to impose rules, the companies push back, delay, appeal, negotiate around them, or claim compliance while critics and regulators argue the practical effect falls short.

Apple and Meta were both found by the European Commission in 2025 to be in breach of obligations under the Digital Markets Act. Apple was found to have breached anti-steering rules, while Meta was found to have breached requirements around user choice and personal data. Apple has also openly argued that the DMA is making products worse for EU users, creating security and privacy risks, and delaying features.

Google has hardly been a model of harmonious compliance either. In September 2025, the European Commission fined Google €2.95 billion over abusive practices in advertising technology, saying it had distorted competition. That sits on top of a long history of EU competition cases involving Google's conduct in search, Android and ad tech. This is not one unfortunate misunderstanding. It is a repeated conflict between European competition law and the business models of major US technology firms.

Meta remains the poster child for the clash between US business models and European privacy law. Schrems II blew up the old EU-US Privacy Shield in 2020 because of concerns over US surveillance and the protection of Europeans' data. In 2023, Meta was hit with a record €1.2 billion fine and ordered to stop transferring EU user data to the United States unless it changed its approach. Even though the EU-US Data Privacy Framework now exists, the underlying stability question has not fully disappeared.

The same tension runs through cloud. The European Commission opened market investigations under the DMA into cloud computing services involving Amazon and Microsoft in late 2025. The UK CMA's cloud market investigation found competition concerns linked to market concentration, barriers to switching and software licensing practices that favour incumbents. Google itself filed an EU complaint against Microsoft's cloud practices in 2024, arguing Microsoft was leveraging its dominance in software to hinder cloud competition. Whatever one thinks of Google's motives, the fact that one US giant is accusing another of anti-competitive lock-in tells you everything about how concentrated the market has become.

Some US firms have openly hinted they would rather pull back than comply

This is where the conversation gets uncomfortable.

Meta's old threat to shut Facebook and Instagram in Europe over data transfer rules was not a fringe rumour. The broader debate around whether Facebook and Instagram might need to suspend European service became a very public showdown. Even when these threats are partly tactical, they reveal something important: many essential digital services are not guaranteed civic utilities. They are privately controlled systems, and their operators will use the possibility of withdrawal as a negotiating lever if regulation threatens core economics or architecture.

Apple's line on the DMA follows the same underlying logic, even if the wording is softer. Its argument is essentially that Europe's rules damage product quality, create security risks and cause EU users to miss features. Meta again showed the pattern in 2026 when it agreed to allow rival AI chatbots on WhatsApp in Europe for one year to avoid potential temporary EU action — changing course at the edge of enforcement rather than as an eager participant in Europe's regulatory vision.

Russia showed how quickly access can disappear

After the invasion of Ukraine, Microsoft suspended new sales of products and services in Russia. Apple paused product sales. Adobe halted all new sales of products and services in Russia and Belarus. The moral context of those actions was very different from a normal commercial dispute, but the practical lesson is the same: access to software, services, updates, support and platforms can become conditional very quickly when geopolitics turns hostile.

That matters for UK and European businesses even if they are nowhere near sanctions risk. Once you accept that software can be switched off, restricted, denied, degraded or legally fenced off, dependency stops looking like an efficiency story and starts looking like a resilience problem. If your business cannot function without a handful of foreign-controlled platforms, then your operational continuity is partly subject to politics you do not control.

Europe has rules, but the rules are slow and often lack teeth

There is a second uncomfortable truth here. Europe is not blind to the problem. It is just not very good at solving it quickly.

The DMA, DSA, antitrust enforcement, GDPR and data transfer rulings have all tried to put limits on the market power or legal conduct of major US technology firms. But the pattern is often the same: long investigations, partial compliance, appeals, negotiated remedies, continued market power. The law bites eventually, but usually after the market structure is already entrenched.

That is why regulation on its own does not fix dependency. Europe may fine Google billions, force Apple to change store rules, and challenge Meta's data practices, but none of that automatically creates a homegrown alternative to Microsoft 365, AWS, Android, iOS, Google Ads or OpenAI. Regulation can constrain behaviour. It does not conjure a parallel ecosystem out of thin air.

The lack of alternatives is the real problem

It is easy to say "use European alternatives". It is much harder to rebuild a modern operating stack around them.

The European Parliament's own dependency study is stark. AWS, Microsoft Azure and Google Cloud hold about 70% of the EU cloud market, while the combined share of EU providers fell to roughly 13% by 2022. Even SAP, one of Europe's biggest technology names, captures only a small portion of cloud infrastructure. When the foundational layer is this concentrated, most other layers inherit the same dependence.

There are, of course, non-US options. OVHcloud exists. Nextcloud exists. Proton exists. SAP exists. Mistral exists in AI. There is a real European sovereignty conversation happening around cloud, productivity and AI. But "exists" is not the same as "is a realistic like-for-like substitute for most organisations". Migration costs are real. Integration gaps are real. User resistance is real. The business world has spent years standardising on the American stack, and the convenience of that standardisation is precisely why the dependency became so deep.

Open source is part of the answer, but not the whole answer. For some organisations, especially those with stronger internal IT capability, open-source tools can be a realistic partial escape route. But for the average business environment, open source is rarely a full replacement for the convenience, support model, third-party integrations and user familiarity of the dominant commercial stack. The conclusion, bluntly, is that Europe does have alternatives in places, but not enough mature, widely adopted, low-friction alternatives to break the dependence at scale in the near term.

Would China be any better?

Probably not.

China is the only non-US power with the scale to be treated seriously in this conversation, but it is not an easy or comfortable substitute for most UK and European businesses. Recent Carnegie work on China's access to data and control of software and connected technology argues that Beijing is pursuing a mirror-image campaign against what it sees as US technology risks. In other words, China already thinks in these terms too.

There is also a broader pattern of Chinese willingness to use economic and technological leverage in disputes. A shift from US dependency to Chinese dependency would not solve the underlying problem. It would simply swap one geopolitical exposure for another, probably with higher trust barriers for most Western organisations. So no, China is not the comforting backup plan.

AI is heading in the same direction

If anything, AI makes the whole problem worse.

The world spent the last twenty years becoming dependent on American cloud, productivity and platform companies. Now it is starting to become dependent on American AI firms and AI infrastructure too. Frontier model development is dominated by US players. AI deployment is deeply tied to the same US hyperscalers that already dominate cloud. Even where open-source models exist and serious non-US players emerge, the centre of gravity remains heavily American.

That means the next layer of dependency is likely to be stacked on top of the previous one. First businesses depended on US software. Then on US cloud. Now increasingly on US AI models, APIs and compute. If this continues, the practical effect is obvious: more of the world's decision support, knowledge work, automation and digital mediation will be routed through systems controlled by a small number of American firms.

What should businesses take from this?

Not panic. Not fantasy. Not anti-American theatre.

The sensible conclusion is simpler and more serious. UK and European businesses should recognise that their digital dependence on US technology is not just a commercial issue. It is a strategic risk. The risk is not that every American platform will suddenly vanish tomorrow. The risk is that too much of modern business now relies on too few foreign-controlled platforms, in a world where politics is rougher, regulation is more confrontational, software access can become conditional, and the realistic alternatives remain weak.

That does not mean ripping out Microsoft on Monday morning and replacing it with a heroic but half-broken open-source stack by Friday. It does mean understanding where the dependencies are, which ones are mission critical, and what the business would do if one of them became legally, politically or commercially difficult to use. At the very least, that means a dependency audit and some form of contingency planning.

Because this is no longer just about convenience.

It is about leverage.

And right now, far too much of that leverage sits somewhere else.

If you want to discuss what this means for your organisation, your technology stack, or your exposure to single-vendor dependence, use the contact page.