, , ,

UK cloud policy gets a harder AI era brief

The government’s Cloud Challenge Book asks suppliers to confront legacy systems, sovereign infrastructure, resilience, skills, and commercial value.

UK cloud policy gets a harder AI era brief
Summary
  • DSIT, GDS, and the Government Commercial Agency have published the Cloud Challenge Book 2026.
  • The document sets out five challenges around legacy modernisation, AI era infrastructure, secure cloud, skills, and national-scale commercial value.
  • It gives suppliers a clearer view of the UK government’s cloud and AI infrastructure priorities.

The Department for Science, Innovation and Technology, the Government Digital Service, and the Government Commercial Agency have published the Cloud Challenge Book 2026, setting out the problems government wants industry to help solve as cloud becomes the foundation for AI era public services.

The document identifies five national challenges: legacy modernisation, digital infrastructure for an AI era, secure and resilient cloud, cloud and AI skills, and commercial value at a national scale. It invites current and future industry partners to invest and innovate with government, making it both a signal to suppliers and a statement of public sector infrastructure priorities.

Cloud has been a major part of UK government technology policy for more than a decade, but the brief has changed. Earlier cloud adoption was often framed around hosting, cost flexibility, and escaping ageing datacentres. The AI era demand is more exacting. Government now needs infrastructure that can support data intensive services, model deployment, secure collaboration, digital identity, casework automation, analytics, and public-facing services that must remain resilient under heavy demand.

The legacy problem remains central. Many public services still depend on older systems that are expensive to maintain, difficult to integrate, and risky to change. Cloud migration alone does not solve that. Departments need architecture, procurement, data governance, service redesign, and operational capability. Moving a fragile legacy system into a cloud environment can reproduce old problems at a higher monthly cost if the underlying service model is not reworked.

The Challenge Book’s focus on digital infrastructure for an AI era reflects the government’s recognition that AI adoption is limited by compute, storage, networking, security, and data readiness. Public bodies cannot safely deploy AI into services if the surrounding infrastructure cannot support reliable data flows, model monitoring, access controls, audit trails, and recovery processes.

Secure and resilient cloud is also more than a technical workstream. Public sector cloud environments increasingly support services that citizens rely on for benefits, health, tax, identity, immigration, policing, education, and local government. Outages, supplier failures, cyber incidents, or poorly governed changes can quickly become public service failures. Resilience is therefore a procurement and operating model question as much as a platform question.

The skills challenge may prove the most stubborn. Cloud and AI capability cannot be fully outsourced without weakening institutional control. Government needs internal buyers, architects, service owners, security specialists, data professionals, and commercial teams who understand enough to challenge suppliers and make coherent long term decisions. Otherwise, the public sector risks swapping legacy lock-in for cloud era dependency.

The commercial value challenge is equally pointed. Cloud procurement has often promised savings, but uncontrolled consumption, fragmented contracts, weak forecasting, and duplication across departments can erode the benefits. As AI workloads increase demand for compute and storage, financial discipline will become harder. Government will need better FinOps capability, shared standards, reusable platforms, and commercial models that reward resilience and interoperability rather than pure consumption growth.

For suppliers, the Cloud Challenge Book gives clearer demand signals. The government is not simply asking for hosting capacity. It wants help with modernisation, sovereign and resilient infrastructure, AI readiness, skills, and value. That creates opportunities for cloud providers, systems integrators, security companies, data platform vendors, consultancies, and specialist SMEs, but it also raises expectations around delivery evidence.

The publication is useful because it turns public sector cloud strategy into a set of problems rather than a shopping list. The next question is whether government procurement can reward suppliers that solve those problems in durable ways, instead of buying another cycle of migration projects that leave departments with new platforms and old constraints.