The British government is preparing a desperate pivot toward domestic technology procurement, framed as a strategic necessity in the shadow of escalating tensions with Iran. This directive, aimed squarely at the National Health Service (NHS) and the Ministry of Defence (MoD), seeks to mandate that these behemoths of public spending prioritize UK-based startups and scale-ups over established Silicon Valley giants. The logic is simple on paper. By tethering the survival of British tech firms to the deep pockets of the state, the government hopes to spark a cycle of indigenous growth while insulating critical infrastructure from the volatile swings of global geopolitics.
It is a gamble that ignores the brutal realities of the global software market. While the "Buy British" sentiment plays well in the headlines, the functional gap between a local startup and a global enterprise platform is often measured in billions of dollars and decades of iterative development. The NHS and MoD are not incubators; they are high-stakes operational environments where failure has a body count. Forcing these agencies to serve as a laboratory for unproven domestic tech might solve a short-term economic metric, but it risks degrading the very capabilities they need to manage the Iran crisis effectively.
Security as a Shield for Subsidy
The timing of this push is no accident. As regional instability in the Middle East threatens energy prices and shipping lanes, the narrative of "sovereign capability" becomes a convenient catch-all for protectionist policies. The argument posits that relying on foreign-owned software for hospitals or naval logistics creates a vulnerability—a "kill switch" held by an overseas boardroom. This fear is not entirely unfounded, but it is frequently weaponized by lobbyists to bypass the competitive rigor that usually defines government tenders.
In the MoD, the stakes are immediate. Modern warfare is a contest of data processing as much as hardware. If a British firm provides a bespoke intelligence-sharing platform that lacks the integration capabilities of its American or Israeli counterparts, the British soldier on the ground pays the price. There is a reason the UK has historically leaned on the "Five Eyes" intelligence community and the interoperability it provides. Isolationism in tech architecture is a lonely road.
The NHS presents a different but equally complex hurdle. The health service is currently a patchwork of aging legacy systems and fragmented data silos. To modernize, it needs massive, scalable infrastructure. Proponents of the new mandate argue that British companies understand the unique nuances of the NHS better than a company based in Palo Alto. However, understanding a problem is not the same as having the capital to build a solution that can handle 60 million patient records without crashing on a Tuesday morning.
The Scale Problem Nobody Admits
British tech has a "missing middle" problem. The UK is excellent at the seed stage—the messy, creative birth of an idea. We have the universities and the initial venture capital to get things moving. But the moment a company needs to scale from ten employees to a thousand, it hits a wall. Often, these companies are snapped up by US firms, or they move their headquarters to Boston or San Francisco to access deeper pools of liquidity.
By mandating that the NHS and MoD buy British, the government is attempting to create an artificial market to replace that missing venture capital. They want the state to be the "anchor tenant" that keeps these companies in the UK. This sounds noble until you look at the balance sheet. Public sector procurement is notoriously slow, bureaucratic, and prone to "scope creep." A startup that wins an NHS contract might find itself trapped in a five-year implementation cycle that drains its resources and prevents it from innovating. Instead of building a global champion, the government risks creating a fleet of "zombie" firms that exist only to service a single, massive state client.
Cyber Resilience or Digital Isolation
The threat from Iran is frequently cited as a justification for this move. We are told that domestic code is safer code. This is a dangerous oversimplification. Cybersecurity is not a national flag; it is a discipline. A British-made firewall is not inherently superior to a Finnish or American one simply because the developers hold UK passports. In fact, many of the most significant advances in defensive AI and threat detection are being driven by global conglomerates that have the budget to hire the world's best researchers.
If the UK chooses to go it alone, it risks creating a "walled garden" that is easier for sophisticated state actors to map and exploit. Global tech firms benefit from a feedback loop of billions of users. They see attacks in Tokyo, Berlin, and New York, and they patch their systems accordingly. A UK-only platform has a much smaller surface area of experience. It is a smaller target, perhaps, but also a less practiced one.
Furthermore, the "sovereign" nature of this tech is often an illusion. Most software built in London today sits on servers owned by Amazon Web Services, Microsoft Azure, or Google Cloud. Unless the government plans to build a state-owned cloud infrastructure from the ground up—an undertaking that would dwarf the High Speed 2 rail project in cost and complexity—"British tech" remains a layer of local code resting on a foreign foundation.
The Cost of Compliance
Public sector organizations are already stretched thin. The NHS is grappling with backlogs, and the MoD is trying to modernize its fleet under a tightening budget. Adding a "nationality test" to every software purchase adds a layer of administrative friction that these departments cannot afford. It requires procurement officers to act as venture capitalists, judging not just the quality of the product, but the long-term viability of the company behind it.
Historical precedent suggests this rarely ends well. In the 1960s and 70s, the UK attempted to protect its domestic computer industry through similar "Buy British" preferences. The result was a series of underpowered, overpriced machines that left British industry lagging behind the US and Japan. We are in danger of repeating that mistake with software. When you remove the pressure of global competition, you remove the primary incentive for excellence.
Beyond the Rhetoric
If the government actually wants to drive growth, it shouldn't be forcing its most critical departments to buy British; it should be making British tech so good that the departments want to buy it. This means addressing the structural issues that prevent UK firms from scaling. It means reform of the R&D tax credit system, which has become a minefield of bureaucracy. It means streamlining the procurement process so that a small company can bid for a contract without needing a thirty-person legal team.
It also means being honest about where the UK can actually win. We are world leaders in fintech, life sciences, and specific niches of artificial intelligence. We are not, and likely never will be, the leaders in general-purpose enterprise resource planning (ERP) or hyperscale cloud provision. Forcing the MoD to buy a British alternative to a world-class logistics platform that doesn't exist yet is not a strategy; it is a fantasy.
The Iran crisis is a reminder that we live in a world where digital infrastructure is a front line. In that environment, the priority must be efficacy, not the origin of the IP. If a British company has the best solution, they should win the contract. If they don't, we should buy the best tool available to keep the country safe and the hospitals running. Subsidizing the tech sector through the back door of the MoD and NHS budget is a recipe for mediocrity.
True growth comes from competition. By shielding British firms from the global market, we aren't helping them grow; we are teaching them how to be dependent. The real investigative question isn't whether we should buy British, but why the government is so afraid that British tech can't win on its own merits without a mandated thumb on the scale.
Examine the current procurement pipelines for the "Integrated Review" in defense. You will find that the most successful integrations aren't the ones that prioritized geography, but those that prioritized open-architecture standards. That is the path to actual resilience.
