- 21 Oct, 2025 *
Market forces recreated the single point of failure the internet was designed to avoid
At three o’clock on Monday morning, a mundane technical error in northern Virginia paralysed the internet. Within minutes, Snapchat vanished. Reddit went dark. Lloyds and Halifax customers found themselves locked out of their banking. Roblox and Fortnite players saw error messages. HMRC became unreachable. For three hours, a significant portion of the digital world simply disappeared.
The services themselves were fine - servers hummed along normally, data sat intact. But Amazon Web Services had lost its address book. Like a postal service that cannot read its own delivery routes, AWS could no longer direct traffic to where it needed to go. A Domain Name System error, the…
- 21 Oct, 2025 *
Market forces recreated the single point of failure the internet was designed to avoid
At three o’clock on Monday morning, a mundane technical error in northern Virginia paralysed the internet. Within minutes, Snapchat vanished. Reddit went dark. Lloyds and Halifax customers found themselves locked out of their banking. Roblox and Fortnite players saw error messages. HMRC became unreachable. For three hours, a significant portion of the digital world simply disappeared.
The services themselves were fine - servers hummed along normally, data sat intact. But Amazon Web Services had lost its address book. Like a postal service that cannot read its own delivery routes, AWS could no longer direct traffic to where it needed to go. A Domain Name System error, the sort of glitch that makes IT professionals mutter “it’s always DNS,” had begun cascading through the company’s vast Virginia data centre complex. By the time Amazon declared the problem fixed around half past six, millions worldwide had experienced how fragile modern digital infrastructure actually is.
What made Monday revealing was not the technical failure itself - DNS errors are common enough - but what it exposed about how the internet really works. Over two decades, market forces have quietly concentrated global digital infrastructure in ways that would have seemed impossible at the internet’s founding.
A textbook cascading failure
The failure originated in US-East-1, AWS’s oldest and largest data centre region. The DNS error hit DynamoDB, a database service underpinning thousands of other AWS applications. Mike Chapple, a cybersecurity expert at the University of Notre Dame, explained that whilst “DynamoDB isn’t a term that most consumers know, it underpins the apps and services that all of us use every single day.”
AWS provides the infrastructure for roughly a third of the internet - storage, computing power, and crucially, the routing that connects users to services. When DynamoDB’s DNS failed, the consequences rippled outwards with startling speed. John Scott-Railton, a cybersecurity researcher at Citizen Lab, put it bluntly: US-East-1 is “a backbone for so many services that when things go screwy, domino effects around the internet-as-we-know-it are enormous.” Even Microsoft Azure appeared on outage reporting sites, likely through cross-cloud dependencies.
This pattern has become disturbingly familiar. AWS suffered major disruptions in 2017, 2020, and 2021 - that last one lasting over five hours and affecting everything from airlines to payment apps. Another incident hit in 2023. Each time, the same architectural vulnerability manifests: concentrated infrastructure creates concentrated failure.
The costs are staggering. Major outages can individually exceed £800 million. Last year’s unrelated CrowdStrike incident cost Fortune 500 companies £4.3 billion. Mid-sized firms lose thousands per minute. AWS powers over 90 per cent of Fortune 100 companies. These aren’t theoretical risks.
The self-reinforcing economics of cloud oligopoly
The concentration didn’t happen by accident. In 2006, Amazon launched AWS by repurposing infrastructure built for its ecommerce operations. That early, uncontested start created an advantage that compounds still. Today, AWS holds 31 per cent of the global cloud market. Microsoft Azure, which entered in 2010, commands 23 to 25 per cent. Google Cloud, from 2011, takes 10 to 11 per cent. Three American companies control two-thirds of the world’s cloud infrastructure.
The investment required to compete is almost absurd. Between 2011 and 2022, AWS alone spent more than £85 billion on US infrastructure. This year? Over £80 billion. Microsoft’s quarterly spending hit £18 billion at the end of 2024. Google deployed £11 billion in just three months. According to Synergy Research Group, global hyperscale capital expenditure topped £190 billion last year - up 44 per cent, driven by artificial intelligence infrastructure.
McKinsey projects that AI-related data centres will require between £2.9 trillion and £6.3 trillion over the next six years. Read that again: trillions, not billions. These aren’t just big numbers. They reveal why alternatives struggle to emerge.
The economics create a trap. Massive investment enables economies of scale. Scale allows lower prices. Lower prices attract more customers. More customers justify further investment. The cycle reinforces itself. Conversely, smaller competitors charging more for less cannot attract the customers needed to achieve competitive scale. You need scale to lower costs, but you need low costs to achieve scale. Any new entrant starts impossibly far behind.
Europe’s sovereignty ambitions meet economic reality
European policymakers have seen this coming. The continent generates nearly 25 per cent of global cloud revenues but owns less than 2 per cent of cloud infrastructure, according to Gaia-X, the Franco-German initiative meant to fix this. Yet US companies still control roughly 70 per cent of the European market.
Gaia-X itself tells you everything about why this is hard. Launched in 2019 with considerable fanfare by German and French ministers, it aimed to create federated European cloud infrastructure based on transparency and data protection. Six years later, it’s facing internal disputes, declining confidence, and key members withdrawing. One insider told CIO magazine that “the fact that important members are slowly withdrawing and that the funding is not flowing as originally planned is not a good sign.”
The pattern repeats. In March, 70 European companies including Airbus and OVHcloud sent a desperate letter to the EU Commission. They warned of a “critical digital dependency crisis” threatening sovereignty and economic survival. Without radical action - “Buy European” mandates, pooled resources, sovereign certification - Europe’s dependence would be “irreversible within three years.”
European alternatives do exist. OVHcloud, Hetzner, Scaleway, STACKIT (launched by Lidl’s parent company), Exoscale, Open Telekom Cloud. They operate under European law and meet GDPR requirements. Collectively, they hold perhaps 30 per cent of the European market. Even Dutch and French government clouds, built by technologically sophisticated nations, run on Microsoft and AWS infrastructure. The alternative to American cloud infrastructure is... American cloud infrastructure with extra steps.
Why even £30 billion cannot buy independence
Money alone won’t solve this. Amazon just committed £24 billion to AI campuses in Pennsylvania and £8 billion to North Carolina. But capital is only the beginning.
Technical dependencies create deeper problems. Europe’s most promising AI startups - Mistral AI, Aleph Alpha - depend heavily on American hardware and cloud services. There’s no European equivalent to the GPU access Microsoft provides OpenAI. Without it, European AI companies compete with one hand tied. NVIDIA makes the graphics processors essential for AI model training. NVIDIA is American. Access to advanced chips comes almost entirely from US companies. European digital sovereignty hits a hard wall called the supply chain.
Then there’s talent. Europe’s universities produce excellent research. The best engineers leave for American tech companies offering substantially higher pay. Commercialisation lags. Europe’s internal market, fragmented by language, legal systems, and procurement rules, prevents efficient scaling. The infrastructure needed for competitive AI demands capital, yes, but also expertise, supply chains, and operational experience built over decades.
Brian Alletto, director of enterprise technology at West Monroe, explained to CIO Dive that capital programmes compete “for scarce resources on the GPU and chipset side, but I think what we’re seeing in the industry is competition for power systems, cooling systems and expertise to build these things out.” Large cloud providers benefit from experienced in-house teams guiding infrastructure build-outs. They’ve negotiated power agreements, secured land, and developed regulatory relationships. New entrants cannot easily replicate this.
Emil Sayegh, chief executive of Cybersheath, a government cybersecurity company, noted Monday’s outage likely involved “a control plane failure that cascaded through to APIs and DNS services. When a foundational layer falters in that region, the impact zone is massive because so many workloads, including national security systems, are anchored there.” His conclusion: “It is a reminder that overconcentration remains the cloud’s biggest structural weakness.”
Sovereignty solutions that aren’t sovereign
The hyperscalers spotted the opportunity. AWS announced a £6.2 billion “European Sovereign Cloud” launching this year. Google unveiled a “Sovereign Cloud” for Canada. Microsoft has run various sovereignty initiatives since 2015. The marketing is sophisticated. The reality is contradictory.
AWS, Microsoft, and Google are incorporated in the United States. They’re subject to American law, particularly the CLOUD Act. This legislation explicitly requires any US company to hand over data to American authorities upon request, regardless of where that data physically sits. A server in Frankfurt storing data for a European government agency remains accessible to US law enforcement if operated by an American company.
This killed the Amsterdam Trade Bank. Microsoft cut off its email access in response to US sanctions. The bank collapsed. If this happened to critical infrastructure operators, the consequences would be severe. Yet the Dutch government reluctantly approved moving its .nl domain registry to AWS in January, despite acknowledging “significant national security risks.” Parliament members raised formal questions about whether this threatened the “Dutchness” of Dutch internet infrastructure. The government approved it anyway, with oversight measures experts dismissed as “mustard after the meal” - too late to matter.
The Carnegie Endowment for International Peace warns that policymakers must balance the cybersecurity benefits of large providers’ sophisticated security teams against “the emerging risk of concentration—that increased reliance on a few major cloud service providers could expose societies writ large to systemic risks.” Chris Hughes, chief information security officer at Aquia, told the Atlantic Council that the three largest providers “face specific challenges as providers upon which the entire modern internet and digital infrastructure has become dependent, ushering in unseen levels of systemic risk across the ecosystem.”
Critics call this “sovereignty-washing.” Genuine sovereignty from US-incorporated companies is impossible by definition.
The irony of internet resilience
Here’s the profound historical irony: the internet was explicitly designed for distributed resilience. Its architecture emerged from Cold War military research, intended to create communications that could survive nuclear strikes by routing around damage. The fundamental principle was that no single node should be critical to overall function.
Through market forces alone, we’ve recreated precisely the vulnerability the internet was designed to avoid. A DNS error in one data centre region paralyses global infrastructure. Banking, healthcare, government operations, communications - all fail simultaneously because they share dependencies on concentrated infrastructure.
The European Commission wants to triple EU data centre capacity within seven years. France and Germany continue supporting Gaia-X, with over 180 data spaces in development. These efforts pursue broader objectives around data governance and AI regulation. Whether they can overcome fundamental economic and technical barriers remains uncertain.
What seems clear is that Monday’s outage, like those before it and those inevitably to come, represents not an aberration but a predictable consequence of concentration. As cloud reliance deepens - driven by AI’s massive computational appetite - the paradox intensifies. Everyone recognises the problem. Experts have warned about systemic risk for years. European policymakers have launched multiple initiatives. Yet nothing fundamental changes, because market economics make genuine alternatives economically irrational for individual organisations to choose.
The distributed, resilient internet was brilliant design. We simply chose not to build it. Monday morning in Virginia was just the latest reminder of that choice.