The worldwide AWS outage highlights the growing dependence on a small number of cloud hyperscaler providers.
That’s the view of Tim Wright, tech partner at Fladgate, following the disruption caused today by an outage at a location of Amazon Web Services on the East Coast of the US.
US-EAST-1, the tech giant’s original and largest location for its web services and data centres, is said to be coming back online following sporadic service outages for many popular global platforms including social media, banks and HMRC.
AWS suffered from “increased error rates and latencies” for multiple services following a Domain Name System (DNS) issue at US-EAST-1.
Users of UK banks Lloyds and Halifax were unable to access services, while the UK Government’s HM Revenue and Customs website also went down.
Among the more than 50 platforms affected included Snapchat, Duolingo, Zoom, Roblox, Fortnite, Signal, Duolingo, Ring doorbells and WhatsApp – as well as BusinessCloud’s own website briefly.
“Today’s widespread AWS outage underscores the growing systemic risk from heavy national and sectoral reliance on a small number of hyperscale cloud providers,” said Wright.
“The disruption cascaded across global networks — affecting UK institutions from HMRC to major banks such as Barclays and Lloyds, along with financial, retail and AI‑driven platforms that depend on AWS-hosted services.
“Today’s incident highlights the tension between cloud convenience and concentration risk. For regulated entities, especially in financial services, the UK’s Critical Third Parties (CTP) regime — now in force under the Financial Services and Markets Act 2024 and applied through the PRA and FCA’s operational resilience framework — will inevitably come into sharper focus.
“Supervisors may require stress testing and post‑incident audits to ensure that firms maintain visibility and contractual leverage over their cloud dependencies.”
Wright said that as AI adoption deepens, and vast model training and data‑governance systems increasingly run on a handful of platforms like AWS.
“Today’s event is a reminder that resiliency is not purely a technical parameter but a regulatory and contractual one,” he continued. “Firms must reassess their agreements with specific focus on cloud exit, redundancy and incident‑notification contractual clauses through that lens.”
Amandine Le Pape, COO & co-founder of Element – which provides sovereign and resilient communications to governments – agreed that the incident is “yet another reminder of the weakness of centralised systems”.
“When a key component of internet infrastructure depends on a single US cloud provider, a single fault can bring global services to their knees,” said Le Pape.
“Centralised systems may offer convenience and scale, but they also create single points of failure. True resilience comes from decentralisation and self-hosting. Governments and other organisations must rethink their infrastructure strategies now, or risk being next in line when the cloud goes dark, especially when it comes to their communications.”
Digital transformation consultancy Public Digital was founded by the team behind the UK’s Government Digital Service (GDS) and advises major organisations and governments on cyber risk, resilience and leadership.
Its CTO Dai Vaughan said disruption from large-scale digital outages “is no longer a question of if, but when”.
He added: “Accidental technology failure can pose as big a risk as a cyber-attack. Organisations need to move beyond a defensive mindset focused on prevention, towards an approach that embraces preparedness and resilience as an ongoing commitment.
“Having well-rehearsed response plans that align leadership, IT, and operations is key to minimising damage and restoring services swiftly.
“Crucially, resilience must be treated as a whole-organisation challenge, not just an IT problem… ultimately, it isn’t about eliminating risk entirely, but about understanding it, planning for it, and cultivating a culture that can absorb shocks and recover quickly.”
A UK government spokesperson said: “We are aware of an incident affecting Amazon Web Services, and several online services which rely on their infrastructure.
“Through our established incident response arrangements, we are in contact with the company, who are working to restore services as quickly as possible.”