On a grey Tuesday in February, a mid-level official at Her Majesty's Revenue and Customs sits down to approve a software update that will alter the way corporation tax is calculated for 1.2 million British businesses. The update is not installed on a server in a Whitehall basement. It is pushed to a data centre in Dublin, operated by Amazon Web Services, via a control plane running out of a cluster in Northern Virginia. The official does not think of this as a geopolitical act. She logs into a portal, clicks "deploy," and gets on with her day. Yet in that click, the British state performs a ritual that has quietly become one of the defining transactions of the age: it pays rent to a foreign landlord for the privilege of governing its own citizens.
The preceding articles in this series have mapped the individual chokepoints—hyperscale cloud, low-Earth orbit satellites, submarine cables—through which a handful of U.S. companies now control the foundational infrastructure of statehood. The data points are arresting on their own: 62% of cloud infrastructure in three firms' hands, 71% of undersea cable capacity owned by four tech giants, a single entrepreneur's satellite network running the communications of a sovereign state at war. This article draws the threads together. It asks what it actually costs a state, in both financial and political terms, to lease its operational nervous system from a private, foreign corporation. And it asks the deeper question: can a state that rents the very tools of sovereignty still be called sovereign?
The political economy of rent#
To understand why this matters, one must grasp the difference between buying a product and paying rent. When a government buys a fleet of trucks, it owns the trucks. It maintains them, fuels them, and, when the time comes, sells them for scrap. The transaction is finite. The government has a capital asset on its balance sheet. When the government instead signs an enterprise agreement with Microsoft or AWS, it is not buying a server; it is purchasing a stream of access that must be renewed annually, quarterly, or even by the minute. It is paying rent. And like all renters, it is subject to the landlord's rules, the landlord's price increases, and, ultimately, the landlord's ability to evict.
The scale of this rental economy is no longer trivial. Canada's federal cloud bill since 2021 exceeds CAD $1.3 billion, with Microsoft alone accounting for more than $1 billion. The UK's annualised Microsoft spend approaches £4.6 billion—a figure that rivals the Royal Navy's entire equipment budget, yet produces no sovereign capability that persists when the contract ends. The United States federal government, landlord-in-chief of the digital world, nonetheless spends roughly $20 billion a year renting back its own digital infrastructure from the companies it nominally oversees. These sums are not one-off capital investments; they are permanent, escalating obligations.
The dumbbell chart makes the arithmetic vivid. On the left, current dependency; on the right, the projected cost of sovereign alternatives. The gap is not merely financial; it is structural. The $250 billion global sovereign-cloud market forecast for 2028 represents the ambition of the backlash. But ambition and execution are different things, and the Big Three are not standing still.
The rentier model extracts value in two ways. First, there is the visible rent: licence fees, per-gigabyte storage charges, and egress fees that spike unpredictably when data leaves the cloud. Second, and more insidious, is the invisible rent: the atrophy of in-house technical capacity. As states migrate their services to hyperscale clouds, they inevitably retire their own server administrators, network engineers, and security architects. After a decade of cloud-first policies, many governments have lost the institutional ability to run a sovereign data centre even if they wanted to. The skills have evaporated. The state is not just renting infrastructure; it is renting the very capability to govern digitally.
The architecture of lock-in#
The contracts themselves are a masterclass in dependency engineering. AWS agreements with government customers often include data-transfer fees that make it cheaper to store data indefinitely than to retrieve it. Microsoft's licensing terms bundle cloud infrastructure with productivity tools—Office, Teams, Exchange—so that cancelling the cloud subscription would also cripple a ministry's entire back-office communications. Google's AI contracts are trained on proprietary data models that cannot simply be exported to a competitor. Each of these mechanisms is legal, commercially rational, and devastatingly effective at making exit unthinkable.
The "sovereign cloud" label that governments have adopted to manage this anxiety is, more often than not, a marketing veneer. The French government's "trusted cloud" initiative, which was meant to exclude American firms, ended up granting a special security clearance to Microsoft and Google after it became clear that a purely French alternative would be years behind schedule and incompatible with widely used applications. Most "sovereign" cloud offerings are, in essence, American technology wrapped in a local legal entity. The root keys, the security patches, the very ability to decrypt the data still reside with the U.S. corporation.
A Canadian government IT manager who oversaw a major cloud migration told researchers: "We knew we were getting into bed with a monopoly. We just didn't realise there was no door out of the bedroom." His observation is not an indictment of his government's competence. It is an accurate description of a market that was designed from the outset to be inescapable. The cloud giants understand that the second contract is easier to sign than the first, and the tenth is not a choice at all.
The legal shadow#
If the economic structure of the cloud relationship is that of landlord and tenant, the legal structure is even more lopsided. The CLOUD Act of 2018 means that data stored on an American company's servers, anywhere in the world, is reachable by U.S. law enforcement with a warrant. The company can be gagged from informing its customer, meaning that a foreign ministry's confidential cables could be copied by the FBI without the foreign ministry ever knowing. The Foreign Intelligence Surveillance Act allows for even broader collection, authorised by a secret court, with minimal transparency.
Governments are acutely aware of this asymmetry, but they have chosen, almost uniformly, to proceed. The reason is straightforward: the efficiency gains are immediate and politically popular, while the risks are hypothetical and juridical. An election is won on tax refunds issued in three days, not on the remote possibility that a future U.S. administration might weaponise the CLOUD Act. But the risks are no longer hypothetical. The Trump administration's first term showed that trade disputes could be escalated into digital sanctions. The Biden administration's use of extraterritorial export controls on semiconductor technology demonstrated that Washington is willing to stretch its legal reach far beyond its borders. A future administration, facing a geopolitical crisis, could instruct AWS, Microsoft, or Google to suspend service to a foreign government's tax authority, its defence logistics system, or its police database. No invasion would be necessary. Just a letter from the Department of Justice.
The American response to such concerns is often to invoke the "trusted partner" relationship—the Five Eyes alliance, the NATO treaty, the long history of transatlantic co-operation. But treaties can fray. Alliances can shift. And the lesson of history is that legal vulnerabilities that are tolerated in peacetime become gaping wounds in a crisis. The British Empire's control of the submarine telegraph cables was established quietly in peacetime; it was the First World War that turned that capability into a weapon. No one should assume that the same dynamic will not repeat itself in the digital domain.
The hollow state#
Political theorists have long distinguished between the apparatus of the state and its substance. The apparatus is the visible machinery—the ministries, the uniforms, the stamps on passports. The substance is the effective capacity to make and enforce decisions within a territory without external interference. The migration of core state functions to rented cloud infrastructure does not change the apparatus. The flags still fly. The ministers still hold press conferences. But the substance becomes contingent, because the ability to deliver a tax rebate, to dispatch a police patrol, or to coordinate a military manoeuvre now depends on a contractual relationship with a foreign corporation that can be altered or terminated without the state's consent.
This is the paradox of the digital state. Never have governments been able to deliver services so efficiently, and never have they been so enmeshed in webs of dependency that erode the very sovereignty those services are meant to uphold. The cloud providers, for their part, are not malevolent. They are profit-maximising corporations doing what profit-maximising corporations do: expanding their market share, locking in customers, and extracting rents. The fault, if there is one, lies with the governments that signed the contracts without fully comprehending the terms. They bartered long-term autonomy for short-term efficiency, and the bill is coming due.
In Ukraine, the dependency is absolute and existential. The government's digital services—the Diia app that lets citizens access public documents, the Prozorro procurement platform that ensures transparent spending—are hosted on AWS, outside the country. Should the legal or commercial relationship ever be severed, the state would lose not only its wartime communications but the administrative backbone of civilian life. The irony is sharp: a nation fighting for its sovereignty has entrusted the digital tools of that sovereignty to a foreign power. It has no choice. That absence of choice is the defining characteristic of the infrastructure rentier's grip.
The question sovereignty must answer#
Is a state that leases its operational nervous system still sovereign? The answer, increasingly, is that it is sovereign only in the ways that its landlord permits. The rentier model has turned sovereignty into a subscription service. As long as the subscription is paid and the terms of service are observed, the state functions. But the subscription can be cancelled. The terms can be changed. The landlord can raise the rent, or, in a moment of geopolitical tension, change the locks. The tenants, for all their trappings of sovereignty, have no legal remedy. They have signed away the right to self-help.
The Peace of Westphalia established that the state is the highest authority within its territory. That principle assumed that the infrastructure of authority was also within that territory. When a tax assessment was written on paper and stored in a cabinet in the ministry, it was beyond the reach of any foreign power. When the cabinet is now a virtual container on a server in a data centre in Northern Virginia, the writ of the foreign power runs as deep as the CLOUD Act allows.
The Infrastructure Rentiers series has traced this transformation from the Suez Canal to the server rack, from the ocean floor to low-Earth orbit. Each layer of the new digital infrastructure—cloud, satellite, cable—follows the same logic: a capital-intensive, first-mover-dominated asset that confers structural power on those who control it, and structural dependency on those who do not. The Westphalian ideal of the self-sufficient territorial state has not been abolished by treaty or by force. It has been quietly, incrementally, and contractually dissolved—one enterprise agreement at a time.
