Amazon Cloud Outage Reveals Democratic Deficit in Relying on Big Tech

On Monday, a global technical failure at Amazon Web Services (AWS), Amazon’s cloud computing division, sent hundreds of applications and services from Snapchat and Signal to Fortnite and Lloyds Bank offline. Even a range of British government services were crippled by the fault.

While precise technical details have yet to be reported, here is what we know now: There was a significant technical issue beginning in Amazon Web Services’ ‘us-east-1’ region that brought down large portions of the internet, including services like Signal. Us-east-1 is one of AWS’s key geographic regions—a cluster of data centers where companies can host their cloud infrastructure. It is located in Northern Virginia, near the United States capitol.

The outage once again demonstrates how concentration in the computing industry—in this case, in cloud computing—can crash major parts of the internet, all at once. These disruptions are not just technical issues; they are democratic failures. When a provider of such a singular scale as AWS goes dark, critical services go offline with it. Media outlets become inaccessible, secure communication apps like Signal stop functioning, and the infrastructure that serves digital society crumbles.

Today is no exception, but this outage signals a worrisome trend. The 2024 Microsoft cloud-CrowdStrike outage revealed how essential services—from emergency responders to media organizations—were precariously reliant on a single cloud vendor. This reality points to the urgent need for diversification in cloud computing and a substantial reduction in reliance on these systems for societal critical functions. The infrastructure underpinning democratic discourse, independent journalism, and secure communications cannot be dependent on a handful of companies.

Open source software, closed clouds: the paradox of the digital world

The irony is striking: projects built on principles of openness, decentralization, and digital sovereignty—from open-source collaboration platforms to non-profit secure messaging services—all go dark the moment their commercial cloud provider experiences an outage. Signal, an encrypted messaging service designed to resist government surveillance and corporate data harvesting, becomes unreachable because Amazon’s servers fail. Wikipedia, the commons-based encyclopedia that represents the internet’s democratic potential, relies on the same centralized infrastructure as multinational banks.

The damage stems not only from technical failure but also from governance failure. These open source and open commons projects may not contribute to the ‘surveillance capitalism’ business model adopted by the big tech, but they remain vulnerable to the latters’ behaviors. They have relocated their vulnerability one layer down—to infrastructure monopolies and oligopolies that operate with even less transparency and accountability. Inadequate risk assessment of relying on one single cloud provider for operational resilience remains a problem, which no amount of enthusiasm for open software solutions can address, as these are often run atop of these commercial clouds.

The “open” internet, it turns out, rests on a remarkably closed foundation. Cloud providers control information access. When AWS or other cloud behemoths, like Google and Microsoft, are down, so is the rest of the internet. While today’s outage appears to be accidental, it does not change the fact that these infrastructure providers now increasingly have unilateral power over how we access information and in what ways. They are not afraid to leverage that power for content moderation in more directed ways.

Holding cloud giants accountable: essential safeguards now

A more accountable digital ecosystem requires distributed infrastructure, interoperability standards, financial tools, and the effective enforcement of regulatory frameworks that prevent dangerous levels of power concentration, while encouraging meaningful alternatives to the current three market leaders in cloud: AWS, Google and Microsoft.

Cloud computing companies, especially the big hyperscalers, need real accountability frameworks. From Article 19’s long-standing work on digital infrastructure and direct engagement with competition regulators, we have highlighted the need to understand various risks that our collective reliance on hyperscaler cloud computing companies poses. We also recommend, in the European context, revisiting the ways in which existing regulation such as the Digital Markets Act (DMA) can be adapted to prevent such harms. Furthermore, we need to look at cloud infrastructure as the essential “production environment”it has become for the global digital economy, rather than approaching the concerns it raises primarily through the lenses of surveillance capitalism or platform governance.

Organizations like ARTICLE 19 are actively involved in debates about the feasibility of concrete interventions. For example, we are researching mandatory structural technical and economic dependency assessments that require comprehensive mapping of cloud dependencies, with diversification requirements, especially for public institutions including public media. Furthermore, we wonder if there is space to establish frameworks to understand the human rights implications of cloud providers when moderating content? Civil society is also debating public procurement and redirecting investments in European defence and industrial policy, to support the development of alternative, distributed cloud infrastructure. We see opportunities for including public cooperatives and experimental alternatives like cloud modules, as a path to offer alternatives to the big three.

Building resilience: what we need to do long term

Resilience, however, necessitates more than technical implementation. It requires a fundamental shift in how we think about digital infrastructure. Regulation and market interventions are necessary, but are they sufficient? As activist research collectives and academic labs like The Institute for Technology in the Public Interest (TITiPI) and the critical infrastructure lab argue, we need to fundamentally challenge the cloud model itself. Its logic of extractive production, its narrative of frictionless, always-on infrastructure, and the reality of its material footprint across the globe mean that these are not problems to be reformed through policy and market tools alone, but systems to be fundamentally resisted.

Real change requires not just improving existing cloud infrastructure, but building entirely different infrastructures rooted in the needs of communities and people. The urgency of this work is clear. We increasingly see both states and companies wield the importance of cloud computing in ways that harm human rights. Such hidden but critical infrastructure-level concerns, as we learned again today, do not discriminate—they can silence everyone.