View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
December 1, 2023updated 04 Dec 2023 9:21am

AWS wins £450m contract from UK Home Office

The contract is three times more expensive than their previous collaboration and has some curious wording about security vetting.

By Greg Noone

AWS has been awarded a £450m contract to provide cloud services to the UK’s Home Office. The contract document provided little clarity about the services provided under the deal or why it is over three times more expensive than the last partnership between Amazon’s cloud platform and the government department.

The wording of the contract, which begins today and runs for three years, implies that AWS staff may be exempt from security clearances when handling sensitive Home Office data.

The sign for the Home Office building on Marsham Street, Westminster.
The UK Home Office recently awarded a £450m cloud computing contract to AWS, complete with some vague wording about security vetting. (Photo by Yau Ming Low/Shutterstock)

AWS collects large Home Office cloud contract

The deal was awarded according to the UK government’s G-Cloud 13 cloud buying framework. The call-off contract requires the government to pay AWS some £72m for services rendered by this time next year. The services rendered by AWS will include cloud computing infrastructure, support training and ‘bring your own licence’ services, which means AWS will integrate software licences already procured by the department. 

Many details of the contract are redacted, but the deal is likely to be a straight replacement of the Home Office’s previous two-year contract with AWS worth £120m. Precisely why the new partnership is so expensive remains unknown – or why, in a section titled ‘“’Technical Standards’, it is highlighted in yellow that there is “no supplier staff vetting requirement”. 

If the vetting requirement has been waived it “beggars belief that AWS staff are exempt from any type of security clearance, given the nature of Home Office data”, says Nicky Stewart, ex-commercial director for UK Cloud and the former head of ICT strategy delivery for the Cabinet Office. It would also, Stewart told Tech Monitor, be “completely unfair on other suppliers who have to shoulder the costly and time-consuming burden of securing and maintaining security clearances for staff”.

Enterprise security architect Owen Sayers, who has himself worked with the Home Office on similar projects, told Tech Monitor that there was a small possibility that the contract’s wording on vetting could be an error from a civil servant who has failed to fill out that part of the document correctly, which, if true, would be “concerning”.

What is more likely, explained Sayers, was that the contract’s wording crudely reflects little-noticed changes in UK government classification requirements made in June, which specified that “national security vetting” is not required to access data classified as “official”. Even so, the guidelines specify that all contractors must undergo Baseline Personnel Security Standard (BPSS) pre-employment checks or appropriate equivalent vetting to do so. Lowering its vetting requirements to this level would also make it impossible for AWS to handle police data under the new £450m contract, which demands higher levels of vetting to handle by law.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Sayers added that if security vetting requirements have been lowered for AWS as part of this latest deal with the Home Office, other suppliers “might feel justified in either asking to be given the same flexibility in their contracts of supply (i.e. have the requirement removed), or to challenge why there appears to be one rule for the… hyperscalers and another for everyone else. That’s a legitimate question for them to ask, and if this is not an error, Home Office should be prepared to answer that question transparently.”

The Home Office declined to comment on details of the contract, instead inviting Tech Monitor to submit a request under the Freedom of Information Act. AWS has been approached for comment.

Hyperscaler government contracts under the microscope

AWS is a major supplier to the UK government, but critics have questioned the extent to which the Amazon platform is used by Whitehall departments. Last year, a report from the Centre for International Corporate Tax Accountability and Research (CICTAR) and think tank TaxWatch revealed the cloud provider had won UK public sector contracts worth over £600m since 2017. During that time, it had avoided paying some £84m in taxes. Amazon said at the time that the UK branch of AWS pays “all applicable taxes”.

The CICTAR report named the Home Office as AWS’s biggest UK public sector customer, having paid the company some £225m between 2017–22.

The new agreement comes against the backdrop of an ongoing investigation by the Competition and Market Authority into alleged anti-competitive market practices by hyperscaler providers in the UK cloud market. Discount structures like the ‘One Government Value Agreement’ (OGVA) between the government and AWS, under which this new £450m agreement has been signed, have been criticised by smaller cloud providers, who claim that they are unable to provide such guarantees and therefore find themselves excluded from participating in large public cloud computing contracts. 

Despite this, says Stewart, “it looks as if the Home Office is determined to press ahead, given that it expects its spending to nearly quadruple over the next three years. This supports the argument that terms and volume discounts are a recipe for lock-in. What is the next iteration of this contract going to look like in three years?”

Read more: Have the hyperscalers broken the UK cloud market?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.