In July 2025, ProPublica published an investigation revealing that Microsoft had, for close to a decade, been using engineers based in China to help maintain cloud systems operated for the US Department of Defence.
The arrangement used US-based “digital escorts” — typically former military personnel with limited coding knowledge — to supervise the Chinese engineers’ remote access to systems categorised at FedRAMP Impact Level 4 and 5: systems whose penetration or outage is expected to have “severe or catastrophic adverse effect on organizational operations.”
Defence Secretary Pete Hegseth’s response was unambiguous. “The use of Chinese nationals to service Department of Defense cloud environments — it’s over,” he said, issuing a formal letter of concern to Microsoft and ordering a third-party audit of the digital escort programme, including review of all code submitted by Chinese nationals.
Microsoft terminated the arrangement and confirmed that no China-based engineering teams would provide technical assistance for DoD cloud services. What Microsoft’s statement did not confirm was whether the same arrangement had applied to other government customers, in the US or elsewhere.
That unresolved question is the one that UK and European government customers of the same platforms should be asking and largely haven’t.
The supply chain provenance problem
The Pentagon’s discovery was not, in the end, surprising : global technology companies operate global engineering teams. Cost efficiency, access to STEM talent, and time-zone coverage all create structural incentives to locate engineering work wherever it is cheapest and most available.
A 2024 Deloitte Global Outsourcing Survey found that 83% of executives were using AI in their outsourcing strategies, and China’s combination of cost efficiency and large STEM graduate output makes it a consistently attractive location for technical outsourcing across the industry.
Microsoft was not alone in this practice; it was simply the first to have it publicly documented and terminated under government pressure. Many SI's use similar measures, and the issue is not limited to China.
The underlying issue is supply chain provenance for cloud and AI support services: the question of where the engineers who can access your infrastructure are actually located, under whose legal jurisdiction they operate, and what obligations they carry to foreign governments.
The “digital escort” model itself is instructive about how the risk was supposedly 'managed'. US citizens with security clearances supervised foreign engineers’ remote access. the thinking applied was traditional - a form of two man rule, where one party can be trusted fully to monitor the other.
The problem with this thinking was in the execution: the supervisors lacked the technical capability to detect malicious code injection. Although the arrangement had operated for close to a decade before being publicly exposed, none of the other major cloud providers contacted by ProPublica admitted to similar arrangements — though the absence of admission is not the same as the absence of the practice...
The question UK and EU customers haven’t asked
Microsoft’s statement terminating Chinese engineering support was carefully scoped and worded: it covered “DoD Government cloud and related services” but made no reference to other US government agencies; no reference to allied nation government customers; and no reference to non-government customers all operating on the same platforms.
For the absence of any doubt - let us clarify: the same infrastructure that handles UK Ministry of Defence data, Home Office systems, NHS records, and HMRC operations is operated by global engineering teams subject to global outsourcing economics.
The same cost and talent pressures that drove the Pentagon arrangement apply equally to support services for UK and EU government customers - there is no structural reason why the engineering support model for a UK government Azure deployment would be materially different from the one that the Pentagon discovered — and no publicly available evidence that it has been audited to the same standard that the US government is now demanding.
In truth, the UK government position is somewhat more parlous; the US DoD system was considered high value and engineers had escorts. the UK government does not have a dedicated 'for Government' cloud; our engineers aren't escorted, they have free rein.
45 UK MPs who signed the January 2026 Early Day Motion on digital sovereignty identified exposure to “service withdrawal, sanctions, commercial failure, geopolitical disruption and unilateral changes in service terms” as the primary risks of hyperscaler dependency.
Supply chain provenance of engineering access — who can touch the infrastructure, from where, under whose jurisdiction, and to do what — also belongs on that list, but it’s also a critical sovereignty question, not merely a security one.
What assured provenance looks like
The answer to the supply chain provenance question is not to avoid global technology providers entirely — that's neither realistic nor in fact necessary for most workloads.
Rather you need to ensure that for sensitive and sovereign workloads or data, the answer to “who can access this infrastructure, and from where?” is known, documented, auditable, and controlled by the deploying organisation rather than determined by the provider’s global HR and outsourcing economics or the simple availability of the next conveniently available engineer.
For genuinely sovereign AI infrastructure, supply chain provenance is an architectural property: whilst engineering access must be restricted by design to personnel within the national jurisdiction, under the legal obligations of that jurisdiction, and with access controlled and audited by the deploying organisation rather than self-certified by the provider.
That is a materially different model from “digital escorts supervising remote access,” and it’s the model that the Pentagon has now, belatedly, moved toward requiring from Microsoft and other suppliers.
The question UK and European government customers should now be asking their AI and Cloud infrastructure providers is the same one the Pentagon asked: who exactly has access to our infrastructure, where are they sitting, and what legal obligations do they carry?
The providers who can answer that question clearly and specifically are providing a different level of assured service from those who cannot. That difference is worth understanding, and documenting as a key requirement before the next contract renewal.
Axiom Edge provides sovereign AI inference infrastructure with engineering access restricted by architecture to the national jurisdiction of deployment. Learn more at axiom-edge.ai