Sovereign is a control model you can prove, not a vendor label.

The Ministry of Defence announced a £400 million agreement with Google Cloud to deliver a UK sovereign cloud capability that underpins secure information sharing and a digitally integrated force (GOV.UK, 2025).

Google says the platform will run on Google Distributed Cloud in an air gapped configuration operated under UK control (Google Cloud Press Corner, 2025).

What was actually announced 

Scope
A UK controlled environment for sensitive workloads, including cyber and AI, with data and operations constrained to the UK (GOV.UK, 2025).

Platform
Google Distributed Cloud in air gapped form. Documentation describes a local control plane and management without public internet dependency, plus an appliance option for fully isolated deployments (Google Cloud docs, 2025). 

Policy context
Any Defence capability that uses AI is expected to align with JSP 936, which sets dependable AI requirements for governance, assurance and auditability (GOV.UK, 2024).

Independent coverage broadly matches the above and reiterates the £400m value and sovereign positioning (Computer Weekly, 2025; DataCenterDynamics, 2025).

Definition: sovereign capability 

Sovereign capability = sovereign control + domestic capability 

• Sovereign control is the state’s ability to direct people, assets, capital and IP to deliver outcomes with full control of data, risk and operation. In cloud terms, think control plane location, who can administer and recover systems, where keys are held, and which laws apply. 

• Domestic capability is the resident capacity to design, build and run the service using UK people, skills, facilities, funding and access to data or IP. 

In security and data protection you need both. Defence needs the capability to act independently and the control to prioritise UK interests and protect citizens’ data. 

A useful test: Location, Operation, Evidence 

If you describe a platform as sovereign, you should be able to show three things on demand. 

Location
Sovereignty means all data and data exhaust remain under UK jurisdiction, with traceable lineage. That includes:

• Core customer and mission data

• Metadata (logs, telemetry, config state)

• Support and ticketing data

• Backups and snapshots

• Derived analytics, model artefacts and AI training/outputs

Residency isn’t just about where the primary dataset lives; it’s about ensuring every derivative and shadow copy, whether metadata, AI-generated, or operational, is governed and evidenced in the UK.

Operation
Privileged access (including break-glass) is performed only by UK-cleared personnel, from UK-controlled sites, with clear procedures for normal and emergency operations. No dependency should exist on foreign networks, operators or laws.

Evidence
Governance, audit and assurance align with Defence and national standards (e.g. JSP 936 where AI is involved). Evidence must be reproducible, automated where possible, and suitable for boards, regulators and coalition partners (GOV.UK,  2024).

Reality check 

Announcements are intent. Delivery is proof. The MoD and Google still need to demonstrate a working operating model in practice. That means staffing cleared UK teams, running incidents under UK control, and producing repeatable evidence for accreditors. Until those playbooks are proven on real workloads, this remains promising rather than bankable (GOV.UK, 2025).

Why this matters 

Sovereign and air gapped patterns are joining, not replacing, public cloud landing zones. For programmes handling UK national or coalition data, this expands architecture and accreditation options. It also sits in a multi cloud reality that already includes Oracle Cloud Infrastructure UK Government Regions in London and Newport (Oracle Docs, 2025).

Think sovereign resilience, not sovereign isolation. The goal is choice, control and a clear exit plan, backed by evidence. 

How programmes can prepare 

1) Classify workloads and data, without over or under doing it
Map systems to domains and data classes. Decide what must live in sovereign zones and what can run in public cloud. Over classification drives cost and friction. Under classification raises mission and accreditation risk. In coalition settings, classification should allow situational and contextual views, for example policy driven redactions for different national audiences. Where AI is involved, align with JSP 936 (GOV.UK, 2024).

2) Build compliant landing zones
Codify identity, key management, logging, monitoring and backup as code. For higher sensitivity, design for air gapped operations and UK only admin paths from day one. Reuse published patterns to keep teams consistent (Google Cloud docs, 2025).

3) Run a small assurance pilot
Pick one bounded workload and prove the operating model end to end. Show observability, incident handling including break glass, backup and restore, and performance under realistic load. Treat it like production so it generates real artefacts for accreditation. 

4) Automate the evidence
Use policy as code and automated evidence capture so Location, Operation and Evidence can be proven at any time. Tools such as Castlepoint help automate classification and re classification without relying on originator metadata, apply retention and legal hold, and provide audit for coalition redactions and national “eyes–only” views. See the product materials on audit and assurance, records management, and enterprise discovery for details (Castlepoint Systems, 2025).

Where Castlepoint fits
AI assisted documents often blend sources, so originator metadata is not enough. Castlepoint adds policy driven auto classification and re classification with audit, so programmes can apply coalition redactions and retention policies consistently, then prove it. See Castlepoint’s UK page and records governance blogs for context, including references to UK public sector use (Castlepoint Systems, 2025, 2024).

What to put in your contract 

• Quarterly independence backed sovereignty attestations that cover Location, Operation and Evidence across all data types. 

• Clear key custody model and break glass procedures under UK control 

• Named roles for UK privileged access, with change control 

• Evidence delivery schedule and format, not just on request 

• Exit plan with tested runbooks for data, keys and logs 

Questions a board should ask 

• Where is the control plane, and who can operate it in normal and emergency conditions 

• How are keys, privileged access and break glass governed and evidenced 

• What independent attestation proves Location, Operation and Evidence each quarter 

• How is JSP 936 applied to AI models, updates, rollback and audit trails 

• What is the exit path, and how are data, keys and logs handled at contract end
  

Assured Digital position 

Assured Digital designs sovereign patterns across multi cloud estates for UK Defence programmes. We deliver on platforms including OCI UK Government Regions and will evaluate Google Distributed Cloud in air gapped form on its merits for each mission, accreditation path and operational need. The objective is choice, control and demonstrable assurance (Oracle Docs, 2025).

 

Sources and references 

1. GOV.UK, “Security delivered for working people as UK–US ties strengthened with new Google Cloud partnership for classified information sharing”, 12 Sep 2025. GOV.UK 
2. Google Cloud Press Corner, “Google Cloud Awarded Landmark Sovereign Cloud Contract with UK Ministry of Defence”, 12 Sep 2025. googlecloudpresscorner.com 
3. Google Cloud Docs, “Google Distributed Cloud air gapped option overview”, accessed 15 Sep 2025. Google Cloud 
4. Google Cloud Docs, “About Google Distributed Cloud air gapped appliance”, accessed 15 Sep 2025. Google Cloud 
5. GOV.UK, “JSP 936: Dependable Artificial Intelligence in Defence (Part 1: Directive)”, 13 Nov 2024. GOV.UK 
6. Computer Weekly, “Ministry of Defence signs £400m sovereign cloud deal with Google”, 12 Sep 2025. Computer Weekly 
7. DataCenterDynamics, “UK’s Ministry of Defence awards Google Cloud £400m contract”, 12 Sep 2025. DataCenterDynamics 
8. Oracle Docs, “United Kingdom Government Cloud Regions”, updated 22 Aug 2025. Oracle Docs 
9. Castlepoint Systems, “Audit and Assurance”, accessed 15 Sep 2025. castlepoint.systems 
10. Castlepoint Systems, “Records Management”, accessed 15 Sep 2025. castlepoint.systems 
11. Castlepoint Systems, “Discovery”, accessed 15 Sep 2025. castlepoint.systems 
12. Castlepoint Systems, “UK page”, accessed 15 Sep 2025. castlepoint.systems 
13. Castlepoint Systems, “Records and Risk Management in Box with Autoclassification”, 4 Jul 2024. castlepoint.systems 

 

---

Need to Stress Test Your Resilience?

• Get in Touch to Learn More
• Want to learn more? Read: Cybersecurity for SMBs: Protect Your Business Like an Enterprise
• Or subscribe to our insights for updates

Take our FREE Cyber Health Check