The hyperscalers’ hold on the global, multibillion-pound cloud computing market has come under repeated scrutiny over the past couple of years from governments, regulators and trade bodies.
In broad terms, the purpose of this scrutiny is to ascertain if the market’s biggest hitters, which include Amazon Web Services (AWS) and Microsoft, are behaving in anti-competitive ways to grow and protect their market-leading positions.
Where Microsoft’s activities are concerned, there is one particular behaviour the company participates in that has been singled out for criticism in many of these investigations. That behaviour concerns its widely criticised practice of charging customers more for wanting to run and host its software (namely Windows Server) in competing cloud environments.
It is claimed the tactic can make it cost-prohibitive for enterprise cloud users to run Microsoft’s software anywhere but on the software giant’s own public cloud platform Azure, which could potentially give it an unfair advantage when it comes to building its share of the cloud infrastructure market.
The CMA’s 637-page investigative report devoted more than 170 pages to discussing Microsoft’s cloud licensing habits in detail, and concluded the company’s practices are “adversely impacting the competitiveness of AWS and Google [specifically] in the supply of cloud services” and “reducing competition in [the] cloud services market”.
The CMA also stated that Microsoft’s licensing practices, “in combination with other features we have identified”, are further limiting the choice and “attractiveness” of alternative products and suppliers.
As a result, the CMA recommended that Microsoft be subject to targeted and bespoke interventions to remedy the impact the company’s behaviour is having on the UK cloud infrastructure services market as a whole.
At the time of writing, it is unclear when exactly in 2026 the CMA’s recommendations are likely to come into effect and what the long-term impact of them will be on Microsoft’s behaviour.
In the meantime, work is underway to secure financial recourse for UK businesses in the form of a burgeoning group legal action, which is open to any firm that fears it may have paid more “at any point since December 2018” to use Microsoft’s software in the AWS, Google or Alibaba public clouds.
Overseeing this effort is Italian competition lawyer, Maria Luisa Stasi, with the support of complex disputes resolution firm, Scott+Scott. They claim UK firms affected by Microsoft’s cloud licensing practices could be collectively owed £2bn in compensation.
The first round of court hearings on the issue are due to take place at the UK Competition Appeal Tribunal (CAT) on 11 December 2025.
The hearing’s purpose is to determine if a collective proceedings order (CPO) for the matter should be granted. This is a legal mechanism that allows a collective action involving multiple claimants with similar issues to band together in a single legal action against an entity (in this case, Microsoft) on anti-competition grounds.
If the CAT grants the order, that will certify Stasi’s claim and means her case against Microsoft can proceed to full trial, putting the businesses that have allegedly been left financially disadvantaged by Microsoft’s actions one step closer to being compensated.
The case itself has been more than a year in the making, as news that Stasi had submitted a claim for consideration to CAT first emerged in December 2024, with it being confirmed at the time that this claim would take the form of an “opt-out collective action”.
This approach makes it possible for class actions, such as Stasi’s case, to proceed against a company like Microsoft without needing to get those allegedly affected by its behaviour involved and onside first.
Over the past 12 months, Microsoft has been given the chance to respond to the claim, and – in October 2025 – Stasi issued her first call for businesses that suspect they’ve fallen foul of Microsoft’s alleged licensing practices to get in touch and join her group action.
Ahead of the 11 December CAT court date, Computer Weekly sat down with Stasi to find out what it is about Microsoft’s cloud licensing practices that persuaded her to take on this fight on behalf of the UK business community.
“Microsoft is dominant on some parts of the [IT infrastructure] stack and is using this power to impose things that otherwise will be difficult to accept for business users, and the reality is that they can do that because they limit choice for people,” she says.
“It’s not just about the [fact its services are] overpriced, it’s also about how difficult it is for users to switch and use other providers, and how that limits competition within the market.”
She adds: “[The cloud market] is a sector of the economy that should be very vibrant, innovative and open because we all rely on it, but it’s not. And someone is making a profit out of this situation, so things need to change.”
Stasi makes the point that it would be very difficult for a single business, upset with its treatment by Microsoft, to launch a legal action against the company alone and achieve that change.
“[It’s] my mission. to represent all of [the affected users] and try to get their money back, working on the theory that together, you’re a stronger force”
Maria Luisa Stasi, competition lawyer
“That’s my mission. I want to represent all of [the affected users] and try to get their money back on their behalf, working on the theory that if you unite together, you’re going to be a stronger force to be reckoned with.”
The UK court system is set up well to support this kind of claim, she says, with one of the most advanced systems in Europe for pursuing this kind of group claim. “It’s also exciting to be part of shaping this body of law that, to me, is one of the best guarantees we have for the public interest to be respected.”
Momentum for change
Citing the European Commission’s recently launched investigation into Microsoft, and the previous work done by Ofcom and the CMA to bring to light aspects of the software giant’s anti-competitive behaviours, Stasi says there is a real momentum building to get the software giant to change how it operates.
However, change will take time, she admits. “We are hoping to see some remedies introduced soon [on the back of the outcome of the CMA’s work], but it’s not a fast process, and even my proposed class action is not going to progress quickly.”
She says: “We went to court a year ago, and we’re hoping to have the certification in a couple of weeks’ time, but that doesn’t mean we’re going to get judgment anytime soon. But if we get certified [after 11 December 2025], we can start working towards the trial, and the game is on.”
Microsoft’s take on Stasi’s case
Perhaps unsurprisingly, Microsoft has not taken the news of Stasi’s legal action particularly well, with a spokesperson for the company sharing a statement with Computer Weekly that accuses Stasi of trying to opportunistically capitalise on Google Cloud’s complaint to the European Commission about Microsoft’s licensing practices.
“This is an opportunistic attempt by a law firm and its private funders to piggy-back on baseless complaints Google has made and which we’ve all addressed or rebutted,” the Microsoft spokesperson’s statement reads.
“We enable our cloud competitors to profit by offering our products to their cloud customers, and our competitors set their own prices when they do this.”
Stasi dismisses Microsoft’s take on her legal action and the notion that its existence owes anything to Google’s (now abortive) attempt to address its rival’s cloud licensing strategy.
“I’m grateful to my brilliant legal team and supportive funders, but the driving force for this case is me. What’s more, my voice is not alone. UK regulators found that Microsoft charges higher prices for using its software on rival cloud services,” she says. “The European Commission recently announced a similar probe into Microsoft’s cloud services.”
In response to Computer Weekly’s questions about how Microsoft has engaged with the legal process so far, she says: “It won’t surprise you that we have a completely different reading of what the impact of its actions are on the class [the businesses involved] and on those sectors of the economy overall.”
She continues: “We’re trying to do everything we can to solve all the different things that can be solved before getting to a potential trial, so that the latter can be straightforward and proceed as fast as is reasonably possible.”
I would be very surprised if nothing changes in the cloud market over the next five years. There are political discussions, policy discussions and enforcement actions coming down the line, so everything seems to be in place for a change to come Maria Luisa Stasi, competition lawyer
The trial will also be an opportunity to address what Stasi describes as an “asymmetry of information” in this case, which would not be possible without getting Microsoft into the courtroom.
“One of the aspects covered by this asymmetry of information is how many clients are actually paying what I consider to be an overcharge [to run Microsoft software in competing clouds],” she says.
“This is something I don’t know precisely, but our experts have been estimating this based on publicly accessible information. The precise number is known to Microsoft, but this type of disclosure won’t happen unless we go to trial.”
She adds: “The piece that I’m arguing is that Microsoft’s [behaviour around licensing has] a real financial impact on many, many businesses and public administrations, which needs addressing.”
With an imminent court date, the CMA’s actions set to take effect in 2026, and the European Commission’s own investigation into Microsoft now underway, Stasi says she is confident that the cloud market will become a much more level playing field in the years to come.
“I would be very, very surprised if, in five years from now, we’re sitting, having this conversation and nothing has changed,” she says.
“This class action might be one of the entry points [for change] and is particularly targeted on claiming back some extra charges, but there is a lot going on [in the cloud market] with the European Commission investigation and the CMA and the work they’re doing to restructure the market, but this is only part of the story.”
She then went on to cite the October 2025 AWS outage in the US, which had far-reaching consequences across the globe, as further evidence that having a market so reliant on just a handful of large tech firms is far from ideal.
“The outages are a strong reminder of what kind of harms and problems we can face as a democracy and as a citizenry, if we keep on having this environment so concentrated and so controlled in brackets by just a few global players,” she says.
“This makes it extremely difficult to guarantee basic principles such as observability, transparency, accountability and resilience. I would be very surprised if nothing changes in the cloud market over the next five years. There are political discussions, there are policy discussions, and there are enforcement actions coming down the line, so everything seems to be in place for a change to come.”
UK companies interested in joining Stasi’s legal action can find out more about it here: ukcloudclaim.com/register.
The Federal Communications Commission has banned new consumer internet routers manufactured outside the US, citing national security concerns. The ban doesn’t affect any routers already in American homes or currently on sale in the US, but all new routers aimed at the consumer market will need to be approved.
While the headline is that foreign-made consumer routers are banned, manufacturers can apply for exemptions. There’s no need to throw out your router, and you’ll still find plenty of mesh systems on the store shelves. But what does this mean for you?
Why Are Foreign-Made Routers Banned?
“Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” the FCC wrote. “Foreign-made routers were also involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital US infrastructure.”
Foreign-made consumer routers were added to the Covered List, which details equipment and services “deemed to pose an unacceptable risk to the national security of the United States.”
Which Routers Are Banned?
The ban only affects the sale of new Wi-Fi routers aimed at consumer households. The ban does not apply to existing FCC-approved routers on sale in the US. Previously purchased routers already in use in homes across the country are also fine and are not part of the ban, according to the FCC’s FAQ. These routers can continue to be sold, used, and updated with new firmware.
Any new router manufactured outside the US now requires FCC approval before it can be imported, marketed, or sold in the US. This includes routers from US companies that are manufactured overseas, which is the vast majority of the market right now.
What Does Foreign-Made Mean?
This is decidedly murky. The ban is concerned with “consumer-grade” routers and could include any that are designed or manufactured outside the US or manufactured by companies that are not completely US-owned and operated. All the major players in the market, including Netgear, TP-Link, Asus, Amazon’s Eero, Google’s Nest, Synology, Linksys, and Ubiquiti, fall under the definition. As do most, if not all, of the routers supplied by internet service providers in the US.
Just like the recent federal drone ban, the router only applies only to new routers, but manufacturers can apply for Conditional Approval from the Department of Defense and the Department of Homeland Security. Applications must include details about ownership, board membership, and country of origin for components, IP ownership, design, assembly, and firmware, among other things. The final section requests details of the applicant’s US manufacturing and onshoring plan, so there’s a clear push to persuade companies to commit to making their routers in the US.
“No routers or manufacturers have been granted a Conditional Approval so far, but as the process gets underway, we expect approvals to be granted in a timely manner,” an FCC spokesperson tells WIRED.
What About Foreign-Made Components?
Well, the FCC provides some clarification in its FAQ (“covered” here means banned):
“Non-‘covered’ devices do not become ‘covered’ simply because they contain a ‘covered’ component part, unless the ‘covered’ component part is a modular transmitter under the FCC’s rules,” it says. “Therefore, a router produced in the United States is not considered ‘covered’ equipment solely because it contains one or more foreign-made components.”
Manufacturers importing components from China but assembling them in the US will presumably be OK, though it’s far from clear. “Applicants will need to be able to have sufficient evidence that the routers were not produced in a foreign country to make this certification, but there is no specific documentation or evidence required,” according to the FCC.
Let’s look at the big three US router brands and see how they’re affected.
Will TP-Link Be Banned?
Since all of its routers are made overseas, TP-Link will have to apply for Conditional Approval or spin up manufacturing in the US to sell any new routers. Estimates vary, but TP-Link’s US consumer router market share is somewhere around 35 percent, with Netgear and Asus accounting for another 25 percent or so.
The US Commerce, Defense, and Justice departments have reportedly been investigating and considering a ban on TP-Link routers for more than a year over concerns about the company’s links to China. No ban has been enacted until now, but Texas attorney general Ken Paxton sued TP-Link in February, claiming the company allows the Chinese Communist Party to access American consumers’ devices. Detractors have also criticized perceived predatory pricing, claiming TP-Link flooded the US market with a wide range of affordable routers to establish dominance.
TP-Link has repeatedly denied any wrongdoing and claims it has divested from its Chinese roots and is now headquartered in the US with the bulk of manufacturing in Vietnam. TP-Link’s cofounder and CEO, Jeffrey Chao, recently applied for permanent US residency through President Trump’s Gold Card program, according to the Times of India.
“Virtually all routers are made outside the United States, including those produced by US-based companies like TP-Link, which manufactures its products in Vietnam,” a spokesperson from TP-Link tells WIRED. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.”
TP-Link is a privately owned company and not publicly listed on any stock exchange. Chao and his wife, Hillary, are listed as the company’s sole owners.
Will Netgear Be Banned?
While it is a US-founded and headquartered company, Netgear’s routers are manufactured abroad, mostly in Vietnam, Thailand, Indonesia, and Taiwan, so it will have to apply for Conditional Approval. The company has moved away from China in recent years. Netgear has been lobbying the government on “cybersecurity and strategic competition with China.”
“We commend the administration and the FCC for their action toward a safer digital future for Americans,” a Netgear spokesperson tells WIRED. “Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward.”
Netgear is a publicly traded company on the Nasdaq, mostly owned by institutional investors, including BlackRock and Vanguard. The company’s stock rose on news of the ban, suggesting that many investors believe it won’t be hit too hard.
Will Asus Be Banned?
Asus primarily makes its routers in Taiwan, though it has production facilities in China and works with several third-party manufacturers. Recent tariff pressures led the company to branch out to Thailand, Vietnam, Indonesia, Mexico, and the Czech Republic, but the bulk of its routers still come from Taiwan or China. Asus will have to apply for Conditional Approval to sell new routers. The company did not respond to WIRED’s request for comment.
The company is listed on the Taiwanese Stock Exchange and is mostly owned by public shareholders. The ban doesn’t appear to have impacted its stock price.
Are Any Routers Manufactured in the US?
The only routers I know of that are manufactured in the US are some Starlink Wi-Fi routers, which are primarily made in Texas. Starlink is part of Elon Musk’s SpaceX company, but many of the components in these routers come from East Asia.
How Will the Router Ban Impact Ordinary Folks?
It’s not entirely clear, but it probably won’t have a huge immediate impact. There is already a wide range of Wi-Fi 7 routers and mesh systems on the market that will continue to be sold—they enable speeds well in excess of what most people need at home. Whether companies spin up manufacturing in the US or find other ways to satisfy government agencies that their wares are not a security risk, the result is likely to be higher prices for consumers.
“This ruling has the potential to significantly disrupt the U.S. consumer router market,” Brandon Butler, Senior Research Manager, Network Infrastructure and Services at IDC tells WIRED. “In the near term, much will depend on how quickly conditional waivers are processed. Most vendors are likely to pursue them, but any delays could constrain supply and create upward pressure on pricing.”
If you haven’t upgraded to the latest Wi-Fi 7 standard, now might be a good time to do it.
Unanswered Questions
The ban does leave several unanswered questions. Why is it being applied only to consumer routers? Which routers or manufacturers will be granted a Conditional Approval? Why are the foreign-made routers currently on sale and in our homes deemed safe? The FCC did not address these questions.
Cyber security professionals must embrace a narrow window of opportunity to develop safeguards around AI-enhanced software generation – popularly known as vibe coding – or risk losing control of the narrative and exposing organisations to cyber attacks and other disruptions, National Cyber Security Centre (NCSC) chief executive Richard Horne has said.
In a keynote speech delivered at the annual RSAC Conference in San Francisco today, Horne called on the security community to work together to develop safeguards around vibe coding, highlighting how modern-day society faces ongoing and fundamental issues with technology thanks to exploitable vulnerabilities.
However, Horne also argued that while it was true insecure software produced without human eyes on the code could propagate vulnerabilities far and wide, well-trained AI tooling could yet create software that is secure-by-design, which would be transformative for cyber security outcomes throughout its lifecycle.
“The attractions of vibe coding are clear. Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own,” he said.
“The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.”
Horne said cyber pros also have a responsibility to ensure that the future in which vibe-coding and other AI code-generation tools are widely adopted proves to be a “net positive”.
New paradigm
In a thought leadership blog published alongside Horne’s speech today, senior NCSC technical leadership argued that while vibe-coding poses an “intolerable risk” for many organisations as things stand, the trend offers “glimpses of a new paradigm”.
Indeed, wrote the agency’s architecture CTO, AI-backed coding could ultimately prove to be as much a technological revolution as software-as-a-service (SaaS) – pioneered at the turn of the century by the likes of Salesforce – proved to be.
While careful not to state that organisations will suddenly use AI to whip up a replacement for their CRM tools or other platforms, the NCSC said there are now clear indications that the cost versus effort curve for ‘bespoke enough’ software is shifting and as such, more and more organisations will soon begin to make different choices when it comes to software.
Given the many security concerns around SaaS – such as appropriate authentication and access controls, misconfigurations, and third-party risks – which have never really been fully addressed to the satisfaction of all, this therefore raises the question of what technology, guardrails, platforms and assurances does the security community need to have in place to ensure that the vibe-coded future is safer than the status quo.
Things to consider
Some of the safeguards that security leaders need to start to advocate for are obvious, said the NCSC. For example, AI models must be schooled in security-by-design, humans need to have confidence in the provenance of the model and trust that it hasn’t been badly-developed, and thought needs to be given to how AI can be used to review both human- and AI-generated code.
But there are also more nuanced questions, such as how to use deterministic architectures to limit what code can do should it prove malicious, compromised or unsafe, what platforms need to be designed to host AI-generated services that implement the needed controls to protect data and users, and how AI might be used to ensure the security hygiene of software through practices such as documentation, test cases, fuzzing, or updating threat models.
The NCSC noted the possibility of a future where AI code is more restricted and locked down than even the most secure on-premise or SaaS products ever were.
Ironically, it concluded, this may at long last address the unsolved security issues that still dog SaaS and that have prevented the last, most cyber-conscious hold-outs from going all in on the cloud.
Tata Communications has launched a self-healing network platform called IZO datacentre Dynamic Connectivity, which is designed to eliminate costly datacentre downtime and support the demands of an artificial intelligence (AI)-driven world.
In explaining the rationale for the launch, Tata Communications said that in the current digital economy, disruptions from cable cuts, route failures or sudden AI workload spikes can bring business to a standstill.
Specifically, that is every enterprise depends on the ability to always be connected with an uninterrupted data flow. From financial transactions, information technology-enabled services (IT-ITeS) and manufacturing to streaming platforms and online retail, the connections between datacentres keep the modern world running. Tata Communications added that when those connections are interrupted, businesses do not just slow down, they are brought to a complete standstill.
The company warned that the networks connecting many enterprise datacentres were built for a different era. Traditional datacentre (DC)-to-DC links were designed for predictable workloads and stable traffic patterns. It stressed that the current reality is far more dynamic. In this, enterprises operate across global locations and cloud environments, moving massive volumes of data in real time to support AI workloads and business needs.
In an environment shaped by increasing geopolitical constraints, cable outages, route failures or sudden spikes in demand, these can quickly cascade into service disruption and operational risk, leading to a costly downtime. In such scenarios, the response is often reactive and manual, consuming valuable time when business need certainty and speed.
The IZO datacentre Dynamic Connectivity platform is designed to address these issues by creating an intelligent network that covers key global datacentres across five continents.
Tata Communications, said that unlike conventional architectures, the new platform uses deterministic multi-path routing to deliver predictable latency and performance. It said this transforms resilience from a reactive process into an autonomous capability, changing how enterprises connect their datacentres in an increasing AI-driven and distributed world.
This means the platform is smart enough to automatically re-route traffic within seconds without manual intervention during disruptions. This is said to enable enterprises to achieve >99.99% service availability across mission-critical infrastructure that supports business-critical applications, “turning resilience from a contingency into a default state”.
The platform is also attributed with giving enterprises access over their connectivity. Through a unified digital interface and APIs, enterprises can monitor performance, receive proactive alerts and dynamically scale bandwidth as workloads evolve.
Tata Communications said the result is that business impact is a shift from crisis management to strategic growth with business leaders no longer having to guess their future needs or over-pay for “just in case” bandwidth. Instead, leaders have access to Al-driven predictive insights allowing them to forecast their capacity requirements in advance. If a sudden workload demands more capacity or choice of route, users can instantly scale their bandwidth or add route through self-service feature.
Tata Communications calculates that by moving to a flexible, consumption-based pricing model, enterprises can reduce the need for idle backup capacity and save up to 30% on operational costs. Enterprises can activate resilience and bandwidth when required, helping to optimise costs while maintaining deterministic performance across geographies.
“Datacentres are the core engines of today’s digital economy, and the connections between them must be as resilient as the networks that connect them,” said Genius Wong, chief technology officer and executive vice-president of core and next-gen connectivity services at Tata Communications. “They must be just as dynamic as the applications they support.
“With IZO DC Dynamic Connectivity, we are shifting resilience from a reactive process to an autonomous capability. By combining global reach, deterministic routing and intelligent automation, we are enabling enterprises to build a digital foundation that scales with confidence and operates without disruption.”
Tech7 days ago
Fashion1 week ago
Sports1 week ago
Fashion6 days ago