Tag: agile

Posted on by

Our data, our decisions, our AI future: why we need an AI Regulation Bill

There were many consequences of the extraordinary timing of last July’s General Election.  One was that my AI Regulation Bill, which had made its way through all stages in the House of Lords and was just about to go to the Commons, was stopped in its tracks. Almost a year later, a new government and another Parliament has provided the opportunity to reintroduce my AI Bill, as I did last week.

If the need for artificial intelligence (AI) regulation was pressing in November 2023, when I first brought my Bill to bear, that need is now well past urgent and, it seems, even further from fruition.

How the sands have shifted, both domestically and internationally.  A UK government, keen on AI regulation while in opposition, slated an AI Bill in the King’s Speech last summer. Now, some eight months later, there is still no sign of a Bill and what appears to be an increasing reluctance to do anything much until they have squared it with the US. 

Making the case for regulation

At the Paris AI Action Summit earlier this year, a declaration for inclusive and sustainable AI was signed by international participants, although both the UK and US decided not to put their pens to that paper. 

Further, the AI Safety Institute has been renamed the AI Security Institute signalling a definite shift towards cyber security rather than a broader focus on “safety” that would include mitigating risks associated with societal impacts of AI models

All of this makes the case – the more than urgent case – for UK AI regulation. It seems we still have to slay that falsehood which recurs with tedious inevitability – that you can have innovation or regulation but you can’t have both. This is a false dichotomy. The choice is not between innovation or regulation. The challenge is to design right-sized regulation – a challenge that has become much more pronounced in the digital age.

With no current AI-specific regulation, it is us, as consumers, creatives and citizens who find ourselves exposed to the technologies Lord Chris Holmes

Every learning from history informs us, right-sized regulation is good for citizen, consumer, creative, innovator, and investor. We all know bad regulation – sure, there’s some of that around but that’s bad regulation, that in no sense says to us regulation of itself is bad. 

Take the UK approach to open banking as an illustration, replicated by over 60 jurisdictions right around the world.  A determined, thought-through regulatory intervention created in the UK – good for consumer, good for innovator and investor.

We know how to get right-sized regulation, well, right. This could be no more important than when it comes to AI, a suite of technologies with such potentially positively transforming opportunities – economic, social, psychological.  All potentially positive if we regulate it right.

A regulatory approach

My attempt to design a flexible, principles-based, outcomes-focused and inputs-understood, regulatory approach for AI is set out in the provisions of the Bill.

First, an AI Authority.  Don’t think of a huge bureaucratic burdensome behemoth – not a bit of it. We need an agile, right-touch, horizontally focused, small “r” regulator, intended to range across all existing regulators to assess their capacity and competency to address the opportunities and challenges AI affords.  Through this, crucially, to identify the gaps where there exists no regulator or regulatory cover, recruitment being one obvious example. 

The AI Authority would stand as the champion and custodian of the principles set out for voluntary consideration in the previous government’s whitepaper – those principles, put into statute through this Bill.

The Bill would also establish AI responsible officers, to the extent that any business which develops, deploys or uses AI must have a designated AI officer. The AI responsible officer would have to ensure the safe, ethical, unbiased and non-discriminatory use of AI by the business and to ensure, so far as reasonably practicable, that data used by that business in any AI technology is unbiased. 

Again, don’t think unnecessarily bureaucratic and burdensome. Proportionality prevails and we already have a well-established and well-understood path for reporting through adding to the provisions set out in the Companies Act.

With no current AI-specific regulation, it is us, as consumers, creatives and citizens who find ourselves exposed to the technologies. Clear, effective labelling, as provided for in the Bill, would hugely help. 

It holds that, any person supplying a product or service involving AI must give customers clear and unambiguous health warnings, labelling and opportunities to give or withhold informed consent in advance. Technologies already exist to enable such labelling.

Similarly, the Bill supports our creatives through intellectual property and copyright protection. No AI business should be able to simply gobble up others property without consent and, rightly, remuneration.

Public engagement

The most important provisions in the Bill are those around the question of public engagement. The Bill requires the government to “implement a programme for meaningful, long-term public engagement”. It is only through such engagement that we are likely to be able to move forward together, cognisant of the risks and mitigations, rationally optimistic as to the opportunities. 

When the Warnock inquiry was established to do just this as IVF was being developed in the 1980s, we had the luxury of time. The inquiry was set up in 1982 and the Human Fertilisation and Embryology Act came into force in 1991.

Technologies, not least AI, are developing so rapidly we have to act faster. The technologies themselves offer some of the solution, enabling real-time ongoing public engagement in a manner not possible even a few years ago. If we don’t address this, the likely outcome is that many will fail to avail themselves of the advantages while simultaneously being saddled with the downsides, sharp at best – at extreme, existential.

To conclude, we need regulation – cross-sector AI regulation for citizen, consumer, creative, innovator, investor.  We must make this a reality and bring to life, for all our lives, that uniting truth – our data, our decisions, our AI futures.

Source

Posted on by

Public cloud: Data sovereignty and data security in the UK

The UK government’s decision to designate datacentres as critical national infrastructure (CNI) in September 2024 signalled its ambition to build a digital economy that is secure and globally competitive.

But behind the headlines about protecting against cyber crime and IT blackouts lies a more complicated reality – a sector grappling with policy uncertainty, reliance on foreign cloud giants and a data sovereignty agenda that looks increasingly compromised.

In a blog post, Forrester principal analyst Tracy Woo wrote: “New sovereignty requirements such as SecNumCloud, Cloud de Confiance from France, and the Cloud Computing Compliance Controls Catalog (C5) from Germany, along with the push to keep data in-country, have created a broader push for private and sovereign clouds.”

But the promise of “protected infrastructure” rings hollow when hyperscalers openly admit they cannot guarantee that UK government data stored in cloud services such as Microsoft 365 and Azure will remain within national borders.

Woo points out that countries in the European Union (EU) and Asia-Pacific (APAC) have been attempting to more heavily leverage non-US-based cloud providers, create sovereign clouds, or leave workloads on-premise.

In the UK, regulatory scrutiny is exposing the fragile state of the UK’s digital independence. Looking at the UK’s approach to data sovereignty, law firm Kennedys Law describes the Data Use and Access (DUA) Bill, which was published in October 2024, as “a more flexible risk-based approach for international data transfers”.

Kennedys notes that the new test requires that the data protection standards in the destination jurisdiction must not be materially lower than those in the UK. According to Kennedys, this standard is less rigid than the EU’s “essential equivalence” requirement but raises questions about how “materially lower” will be interpreted in practice.

Understandably, with the government’s reliance on cloud-based productivity tools, concerns about compliance with UK data protection laws have intensified.

The Competition and Markets Authority (CMA) is now investigating cloud market practices that could lock customers into foreign providers. A provisional report is expected in early 2025, setting the stage for potential regulatory reforms aimed at boosting data sovereignty and curbing monopolistic practices.

Reshaping data sovereignty

This is not before time for Mark Boost, CEO of Civo, a UK-based cloud hosting specialist. “The inability to ensure data remains within UK borders underscores the risks of depending on hyperscalers,” warns Boost. “If we keep outsourcing critical data infrastructure, we risk losing more than just technical control, we lose national independence.”

The CMA’s review could reshape the country’s digital future, potentially mandating greater transparency and requiring UK data storage guarantees from global cloud providers. This is something Boost has been talking about for some time.

“Transparency isn’t just about where data is stored, it’s about how datacentres are powered, maintained and secured,” he says. His argument highlights the essential connection between data sovereignty and operational clarity, urging providers to adopt clearer accountability measures.

The inability to ensure data remains within UK borders underscores the risks of depending on hyperscalers. If we keep outsourcing critical data infrastructure, we risk losing more than just technical control, we lose national independence Mark Boost, Civo

Despite these challenges around transparency, the UK datacentre industry has seen promising signs, particularly in regional investment. The government’s recent announcement of a £250m datacentre project in Salford showcases how local government cooperation and targeted investment can drive growth. But such projects remain exceptions rather than the rule.

Luisa Cardani, head of datacentres at TechUK and author of the report Foundations for the future: How datacentres can supercharge UK economic growth, warns that without a national policy statement (NPS), the datacentre sector risks becoming fragmented. Local planning authorities lack the expertise and resources to approve projects efficiently, creating bottlenecks that could delay critical infrastructure developments for years.

“The industry wants to work with local people and authorities, but clear national planning guidance is missing,” says Cardani. “Without a coherent strategy, we’re stuck in a cycle of fragmented decisions and regulatory inertia.”

The proposed inclusion of datacentres under the nationally significant infrastructure projects (NSIP) regime could streamline the approval process, ensuring faster decision-making. However, this remains, for the moment at least, more of an aspiration. In reality, investment will remain stalled until the UK develops a coherent, national approach that balances public and private interests while streamlining the project approval process.

Data sovereignty and security requirements are fundamental to this, and to a large extent it will be market forces that determine the shape and size of the UK’s datacentre industry. On this front, Alvin Nguyen, senior analyst at Forrester, says businesses must recognise the different risk profiles posed by local and hyperscaler-operated datacentres.

“It should be expected that hyperscalers will have more bandwidth, more scalability and more redundancy than their more localised counterparts, but having datacentres classified as critical to the UK’s infrastructure may help with mitigating some, but not all, security risks,” he says.

Complexity of keeping data within national borders

Nguyen also questions whether data sovereignty debates might be over-simplified in some cases.

“With data security, it comes down to what the organisation’s requirements are to determine whether or not to go to a hyperscaler or a local datacentre,” he says. “With sovereignty, that is a bit different. If there are components to the sovereignty laws to restrict access or use of data outside of the local datacentres, hyperscalers will need to ensure that guardrails are in place.”

Nguyen’s comments underscore the complexity of managing sensitive data across hybrid environments. Rather than focusing solely on whether to choose a local or global provider, businesses should consider managing workloads across hybrid cloud environments more strategically.

“Many organisations will find a mix of cloud and datacentres makes the most sense … the risk profile of each is different and that blend of risk when combining cloud and datacentres can be made to be optimised for them,” he says.

The security risks associated with data sovereignty are multifaceted, extending far beyond simple data storage concerns. For businesses in regulated sectors, particularly financial services, the stakes are immense.

When on-premise is the only option

Jon Cosson, head of IT and chief information security officer at wealth management firm JM Finn, underscores the potential dangers when businesses assume that using a large cloud provider automatically guarantees security.

“It’s absolutely imperative you know where your data is and how to secure it,” he warns. “You would not believe how many businesses still just rely on somebody else.”

The issue is compounded by the jurisdictional complexity of global cloud services. When sensitive data crosses borders, it may fall under multiple regulatory regimes, raising questions about legal access and government overreach. This concern has been amplified by legislation such as the US Cloud Act.

In 2019, the then home secretary, Priti Patel, signed a US Cloud Act Agreement covering the UK and Northern Ireland, in which the US and UK governments agreed to provide timely access to electronic data for authorised law enforcement purposes. The Cloud Act could compel US-based hyperscalers to provide foreign-stored data to US authorities, bypassing local laws.

“I want to know exactly where my data goes, how it’s encrypted and how quickly I can get out if needed,” says Cosson, reflecting a broader industry concern that opaque data paths and limited contractual assurances can expose businesses to significant compliance risks.

“We use the cloud when we have to, but still run key systems on-premise for control,” adds Cosson. This approach is typical of companies handling sensitive financial data. There is a lack of trust with organisations not prepared to take promises of “secure cloud storage” at face value.

While Cosson acknowledges that cloud adoption is inevitable for some services, such as Microsoft 365, he underscores the enduring role of on-premise infrastructure for businesses that require absolute control over sensitive data. This, of course, raises an additional problem of how to manage hybrid data environments securely and efficiently.

According to Cosson, companies like Nutanix play a critical role here, enabling organisations to manage workloads across cloud and on-premise environments while maintaining data control. Nutanix’s infrastructure services are designed to address sovereignty concerns, he says, by ensuring businesses have clear data management policies and remain compliant with local regulations.

We need coordinated efforts between government, industry and local authorities to build a resilient datacentre ecosystem. This means shared responsibility, clearer policy frameworks, and incentives for both hyperscalers and UK-based providers Luisa Cardani, TechUK

“The next five years will be decisive,” says Civo’s Boost. “If transparency becomes a legal requirement, we’ll see businesses demanding more from providers, not just about where data resides, but also how infrastructure is managed and powered.”

TechUK’s Cardani believes public-private partnerships will play a crucial role here. “We need coordinated efforts between government, industry and local authorities to build a resilient datacentre ecosystem,” she says. “This means shared responsibility, clearer policy frameworks, and incentives for both hyperscalers and UK-based providers.”

Boost and Cardani each agree that the balance of power between hyperscalers and local operators may shift, particularly if future policies mandate data localisation or prohibit cross-border data transfers without explicit guarantees. Sovereignty-by-design, where infrastructure is built to meet local compliance from the start, could become the new standard.

Adhering to current standards

Until that point, organisations need to work out how they can meet existing standards. Cardani argues that adherence to standards must be supported by national policies that enable transparent reporting and clear accountability structures.

In practice, this means enforcing mandatory audits, data residency certifications and security benchmarks tailored to UK-specific legal frameworks. Without these measures, businesses risk falling into compliance gaps that could expose them to data breaches, fines and legal disputes.

Frameworks such as ISO 27001 for information security management, General Data Protection Regulation (GDPR) for data privacy and Payment Card Industry Data Security Standard (PCI DSS) for payment security set clear operational expectations. Yet these standards are only part of the equation, as evolving regulations increasingly emphasise data sovereignty and security-by-design.

Ensuring that datacentres comply with such frameworks while offering sovereignty guarantees has become a pressing challenge. Hyperscalers operating across multiple jurisdictions complicate audits and compliance checks due to varying legal obligations and data transfer rules.

The introduction of the CMA’s investigation is urgently needed, if only to provide some clarity around what, for most buyers, has become a confusing subject.

For IT leaders, the critical takeaway is that responsibility cannot be outsourced. Security, compliance and sovereignty must be actively managed through risk assessments, compliance audits and multi-supplier strategies.

And as the UK’s digital infrastructure evolves, only businesses that stay ahead of regulation and demand transparency from their providers will be able to navigate the uncertainties.

On that score, the UK’s datacentre industry stands at a crossroads – but with policy clarity, local investment and industry transparency, it has the potential to become a global digital leader in this space.

It’s about trust and everyone playing by the same, fair rules, but from a UK perspective it is also about protecting that most valuable national asset – data.

At JM Finn’s Cosson puts it: “Data sovereignty is not a buzzword, it’s survival.”

Source

Posted on by

VMware backup: Key decision points if you migrate away from VMware

Broadcom’s 2023 acquisition of VMware for US$69bn led to disruptive changes in the virtualisation provider’s pricing.

Key here is a move from perpetual licences to a subscription model. This has left some enterprises facing higher costs, with some considering a move to alternative virtualisation environments.

For those considering that, the challenge is to ensure any migration provides adequate backup and recovery measures for new hypervisors. This is as well as protecting remaining VMware workloads.

VMware: Twist or stick?

The main reason CIOs cite for moving away from VMware is cost, with worries over increasing overheads from the new subscription model prominent. VMware also discontinued its free edition of VMware vSphere ESXi, which was popular with smaller firms.

For enterprises looking to move, VMware alternatives include competing virtualisation technologies, such as Nutanix, Microsoft Hyper-V and Oracle Linux Virtualization. There are also open source options that include Red Hat OpenShift Virtualization, Linux Kernel-level Virtual Machines (KVM) and Proxmox Virtual Environment.

As yet, there are few signs of a mass exodus, however. One survey, carried out by backup provider Nakivo, suggested a third of its customers planned to move away from VMware to Proxmox. The supplier points to a smaller number of customers moving to Nutanix and Hyper-V.

This suggests a larger percentage of VMware users have either decided to stay with the technology and the new commercial terms, some of which – including simpler storage licensing – can favour some workloads.

“Naturally, the first reaction is to say, ‘Right, I’m going to go somewhere else, I’m going to use somebody else’s technology’,” says Patrick Smith, field chief technology officer for EMEA at Pure Storage.

“And some organisations have fairly rapidly moved off VMware onto other platforms, but they are either small or very agile to be able to do that.”

Other enterprises might be biding their time, not least because moving between hypervisor platforms is complex and carries risk. Nor do the alternatives offer all VMware’s features and functionality – or not in one place, at least.

Backup, recovery and VMware alternatives

If moving workloads from one hypervisor to another is difficult, then ensuring those workloads and data are backed up adds another layer of complexity.

Much will depend on how an enterprise currently protects its systems, including VMware, alternative hypervisors it is considering, and the backup and recovery tools it uses.

For the majority of organisations, it is probable the data protection systems they use will work if they choose to stay with VMware as a major platform or migrate to alternatives Tony Lock, Freeform Dynamics

The good news is the larger backup and disaster recovery suppliers already have support for competing virtualisation platforms. Hyper-V, in particular, is well supported for businesses that also run on Microsoft infrastructure.

At the same time, providers such as Veeam, Rubrik and Nakivo have strengthened support for open source platforms, especially Proxmox.

This raises the prospect of firms being able to continue with their current backup and recovery provider, even if they move to a mixed approach to virtualisation. Alternatively, if their current disaster recovery supplier falls short, there is the chance to move to a toolset that does support a multi-supplier approach.

“For the majority of organisations, it is probable the data protection systems they use will work if they choose to stay with VMware as a major platform or migrate to alternatives,” suggests Tony Lock, principal analyst at Freeform Dynamics. “This is especially likely to be the case if they have a data protection solution that protects a mixed environment.”

Out of the box?

However, even if a data protection or backup and recovery tool supports alternatives to VMware, IT teams should anticipate carrying out configuration and testing before their alternatives go live.

If they do not, there is a risk that by attempting to save money on licensing, they expose the business to risk and additional costs down the line.

Backup is turning out to be a quite a polarising aspect of moving away from VMware Bruce Kornfeld, StorMagic

VMware’s maturity and market share means products such as ESXi and vSAN are well-understood and well-supported by independent software suppliers, integrators and in-house teams. Not all hypervisors enjoy that industry support.

One area where this is apparent is where backup and recovery providers offer “agentless” integration directly with hypervisors. This is not – yet – on offer for all the alternatives, and CIOs might need to consider agent-based backup.

“Backup is turning out to be a quite a polarising aspect of moving away from VMware,” says Bruce Kornfeld, chief product officer at StorMagic, a supplier of hyper-converged storage.

“The leaders in virtualisation have had the attention of the backup software industry over the last 20-plus years, and tight agentless integration directly with their hypervisors is something that many users have come to expect. However, the backup software industry hasn’t had the research and development capacity to work with every hypervisor on the market – there just hasn’t been the return on investment in the past.”

“VMware customers that have made the decision to move away from VMware need to re-address their backup strategy,” he says. “They need to look at using an agent-based approach. This is the way backup has been done for decades and will work with any hypervisor.” This should not, Kornfeld says, come with extra costs.

Firms also need to consider the time and resources they need to set aside for backup and disaster recovery testing, once they have decided to move workloads away from VMware. This includes testing file and virtual machine-based backup routines.

In fact, changing hypervisors can present a good opportunity to review the strength of disaster recovery and backup arrangements across the business. These might not be as robust as CIOs expect.

“It is fair to say that some organisations are not totally happy with their data protection solutions and processes,” says Tony Lock.

“In such circumstances, it is certainly something they will need to look at, but the issue is do they have the resources and budgets to potentially modify two important systems at once? And even if they do, would they be happy that they can manage the risk of change, since any major platform change carries some element of risk?”

It is here where careful supplier evaluation and selection, and potentially bringing in additional supplier or third-party engineering support, should pay for itself.

Source

Posted on by

Cyber incident that closed British Museum was inside job

A disgruntled insider appears to have been behind a security incident at the British Museum, which forced the 270-year-old institution to partially close its doors over the weekend of 25 and 26 January following disruption to core IT systems.

The incident shuttered two of the museum’s ongoing special exhibitions, one on the history of the ancient Silk Road trading network connecting Asia and Europe, and one on the prints of Pablo Picasso, after key systems including the museum’s ticketing platform were disrupted.

“An IT contractor who was dismissed last week trespassed into the museum and shut down several of our systems,” a spokesperson for the museum said. “Police attended and he was arrested at the scene.

“With regret, our temporary exhibitions were closed over the weekend – ticket holders were alerted and refunds offered.”

The British Museum told Computer Weekly that all of its exhibitions and facilities have now reopened.

London’s Metropolitan Police confirmed its officers attended the museum on the evening of Thursday 23 January and arrested an unnamed man in his 50s on suspicion of burglary and criminal damage. The individual has since been released on bail.

Since the cyber incident did not appear to involve any element of cyber criminal hacking or malware, its long-term impact is unlikely to be as significant as similar attacks against other cultural institutions, such as the autumn 2022 Rhysida ransomware attack on the British Library – from which it’s still recovering.

In this instance, the British Museum appears to have experienced minimal impact, with the disruption apparently limited merely to that caused by unscheduled downtime

Nevertheless, it behoves all organisations to pay close attention to the potential for IT disruption arising from insider actions as their impacts can be wide-ranging, and costly.

Indeed, according to IBM’s 2024 Cost of a data breach report, when compared against other cyber attack vectors, attacks by malicious insiders tend to result in higher recovery costs, close to $5m (£4m) on average, although such attacks represented only 7% of the total seen in the report data.

Risk management

It’s also important to factor insider threats into cyber risk planning activities as such incidents can be very difficult to detect. This is because malicious insiders often look like ordinary users and typically do not reveal themselves until the minute they carry out their attack, at which point the damage is done.

This is in contrast to ransomware attacks, for example, in which organisations with appropriate threat-hunting measures and network monitoring in place can sometimes detect the warning signs of an impending incident, and take steps to thwart them.

“Cyber security arrangements must be agile and constantly updated to keep up with the evolving threat landscape,” said SonicWall executive EMEA vice-president Spencer Starkey.

“This requires a proactive and flexible approach to cyber security, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning,” he said.

“It also requires ongoing training and awareness programmes to ensure that employees are aware of the latest threats and best practices for cyber security,” said Starkey.

“By maintaining agile and up-to-date cyber security arrangements, companies can minimise their risk exposure, detect and respond to threats more effectively, and maintain the trust and confidence of their customers and stakeholders.”

Source

Posted on by

Why Keir Starmer’s plan to rewire Whitehall needs an IT-rethink

In my personal experience, there are certain institutional barriers to productive and successful delivery of major projects in government. Indeed it may be that the mechanisms that are put in place to reduce the risk of delivery failure and wasted money may in many cases be the very things that are significantly increasing the risk of that failure.

At the heart of many of the challenges facing major government IT programmes is the fundamental disconnect between the bottom-up Agile approaches encouraged by the Government Digital Service (GDS) and followed by most IT programmes and the top-down nature of the project approval, funding and oversight mechanisms. 

This approach frequently demands an agreed up-front design, a fully defined set of outputs and benefits at the start of the project and a business case setting out in great detail the budget required for delivery. These are all fundamentally based on Waterfall-type project planning. 

As an ex-Treasury official myself I fully understand the need to ration spending and to allocate it to where it is most useful, however the way this is currently configured does not align with Agile project delivery. 

At best these are simply slightly spurious formalities that projects must go through before they can start the Agile approach to delivery. At worst they undermine the delivery approach needed and distract the project team from the iterative, fast-paced and flexible approach that is needed for successful delivery. This needs to change in the current government’s vision to emulate a start up’s test and learn mantra. 

Disconnected by IT and business staff

But this approach will also falter if another tendency of government IT is allowed to prevail. Many departments focus on delivering all, or certainly most, projects almost exclusively in-house using bespoke code to build the necessary solutions. This is often done because of the complexity, or at least the perceived complexity, of government processes and how much they differ from those in private sector organisations.

However, this focus on building systems using bespoke code is time-consuming, expensive and hard to manage, and still all too often fails to deliver. It also often ends up with a disconnect between the frequently huge IT team and the business staff who are ultimately going to own and use the system, and with massive amounts of design documentation being passed back and forth between them. 

Small and agile projects are key

To deliver Keir Starmer’s vision of re-wiring Whitehall, there does need to be an approach that looks to how government can apply low-code software development intelligently and in the right areas. This can revolutionise the way the government designs and builds IT by significantly reducing the amount of custom code creation needed and by transforming the way business people are involved in the process. 

The new government is right in how it’s choosing small discrete projects. A more iterative, less ‘big bang’ approach to government transformation should be adopted. Starting small  and picking one or two key processes in any given area, to begin with, and adopting an approach such as Agile low-code development that reduces reliance on scarce and expensive technical skills while compelling business and IT teams to work together in an integrated way. 

This lets you get to the stage where the outcomes can be assessed much sooner, providing the basis on which to move onto the next mini-project. Ulitimately you end up ticking off a lot of stages and achieve sweeping but sustainable transformation but with the problems of more traditional approaches minimised.

Alex Case, is a former senior civil servant at Downing Street and a now government industry principal at Pegasystems, which has developed a low-code platform for building applications

Source

Posted on by

CMA gives Vodafone-Three merger green light

The UK’s Competitions and Markets Authority (CMA) has cleared the Vodafone-Three merger, subject to legally binding commitments. It’s expected to formally complete in the first half of 2025.

The CMA had previously warned that the proposed merger of Vodafone and Three would likely lead to higher prices and reduced service. The deal is subject to Vodafone-Three delivering a joint network plan, which sets out the network upgrade, integration and improvements the two companies will make to their combined network across the UK over the next eight years.

Vodafone and Three will also need to cap selected mobile tariffs and data plans for three years, which the CMA said would directly protect large numbers of Vodafone-Three customers from short-term price rises in the early years of the network plan. The merged company will also be required to offer pre-set prices and contract terms for wholesale services for three years, to ensure that virtual network providers can obtain competitive terms and conditions as the network plan is rolled out.

The merger of Vodafone and Three is regarded as Vodafone’s response to BT’s 2016 purchase of EE, and the 2021 merger of Virgin Media and O2 to form VMO2.

Margherita Della Valle, Vodafone Group’s CEO, described the combination as being “great for customers, great for competition and great for the country”.

The two companies have committed to investing £11bn to create what they claim is one of Europe’s most advanced 5G networks. The aim is to reach 99% of the population and benefit over 50 million customers. The investment in mobile networking promises better quality, greater reliability and enhanced capacity for handling ever-increasing data demand, according to Vodafone and Three, who see demand for mobile data servers increasing with more widespread adoption of new technology, such as artificial intelligence (AI).

“The CMA’s decision is not a surprise – it has signalled for some time that it was receptive to approving the merger subject to appropriate concessions from the parties,” said Alex Haffner, a competition partner at Fladgate. “Nevertheless, it is noteworthy in that it has permitted a ‘4-3’ merger in the mobile sector on the basis of purely behavioural remedies – over the past decade, a multitude of ‘4-3’ mobile network mergers across Europe have been permitted only on the basis of significant structural remedies being conceded by the merging parties. In doing so, the CMA has displayed a degree of pragmatism, sensing that consumers will ultimately benefit more from competition between three well-resourced mobile operators in the UK market.”

Kester Mann, director of consumer and connectivity at CCS Insight, described the deal as “one of the most significant moments in the history of UK mobile”, heralding the arrival of a new market leader with a combined 29 million customers.

“The CMA’s decision to approve the merger is the right one, and largely strikes a good balance between nurturing competition and encouraging investment,” he said. “It should pave the way for more efficient investments to bring about much-needed improvements to mobile services in the UK.”

However, as Matthew Howett, founder and CEO at Assembly Research, noted, there is still a chance Sky may seek to challenge the decision. He nonetheless said a successful appeal to the CMA’s decision would be hard-fought, expensive and face a high bar. “We expect positive implications overall, not only for investment in, and the quality of, networks (including standalone 5G), but also for the wholesale customers, consumers and businesses that rely on them,” he said.

For Howett, telco regulator Ofcom has a significant new role focused on the oversight of the Vodafone-Three merger. “The regulator seems emboldened to assume these responsibilities,” he said. “Its monitoring will need to be carried out in an agile a way as possible to ensure the merged entity is living up to expectations, and to minimise any risk of circumvention or market distortions that some have warned about.”

Source

Posted on by

Gartner Symposium: Why the chance of digital success is random

Research from analyst firm Gartner has found that just 48% of digital initiatives meet or exceed business outcome targets, which means over half of such projects are set to fail.

The company’s annual global survey of more than 3,100 CIOs and technology executives, and more than 1,100 executive leaders outside of IT (CXOs), reported that for a certain cohort of IT leaders, the chance of a successful digital initiative is random. Daniel Sanchez-Reina, vice-president analyst at Gartner, described the findings as “the curse of random success”.

He added: “Your chance to succeed is 50:50. It’s like flipping a coin.”

Speaking to Computer Weekly during the analyst firm’s annual European conference in Barcelona about why the chance of success is random, Sanchez-Reina said one of the most common issues is that all the responsibility for the project rests on the shoulders of the CIO.

He said CIOs who have a high proportion of digital initiative failures believe they are solely responsible for the projects. “The CXOs do not feel accountable and feel it is the CIO’s responsibility,” he said. “The business areas participate at the beginning to give CIOs the specifications for what they need and the deadline, but then they disappear. When, after two to three months, the CIO shows the application, the chances it matches their original expectations are very low because they disappeared during the process.”

Gartner’s survey found that CIOs who co-own the delivery of digital initiatives with business leaders achieve project success 71% of the time. Sanchez-Reina said this more positive outcome demonstrates the benefit of CXOs taking equal responsibility and participating equally with the CIO at every stage of the project. Adopting such an approach, he said, breaks out of the random success stigma inherent in projects that lack shared ownership.

Tangentially, project failure is also associated with CIOs failing to relinquish control of IT. “Many CIOs do not want to break down the walls of IT to allow other technologists beyond IT, such as IT roles in finance, marketing and human resources, to participate in the delivery of digital initiatives.”

According to Sanchez-Reina, they may feel they lose power and influence if they open up access and control of the IT that has traditionally been managed entirely by the IT department.

“This is a wrong expectation because the CEO does not care if you do it only with IT people or with people outside IT. The CEO just wants the digital solution on time and of high quality,” he said.

Sanchez-Reina said business executives should break down the organisational wall with IT and participate more in technology production. Given businesses are becoming increasingly digital, this involves business aligning with IT, rather than treating IT simply as the part of the business that delivers digital functionality.

Gartner uses the term “digital vanguard” to identify a new breed of CIO who is focused on collaborating closely with business executives to achieve success in digital projects.

“Behind every digital vanguard CXO, a digital vanguard CIO is guiding and enabling CXOs and their teams to co-lead and co-build digital delivery with IT,” said Sanchez-Reina. “Digital vanguard CIOs nurture their peers to become digital vanguard CXOs. Those CIOs make it easier for their CXOs to lead digital with them and for business area staff to build digital solutions together with IT.”

From an IT architecture and platform perspective, Sanchez-Reina urged CIOs to ensure the platforms their teams develop and deploy are not only designed for the IT specialists within the organisation’s IT function. The platform needs to be usable by technologists outside the IT department, such as those working in finance and human resources.

The digital skills of these people outside of IT also need to be kept up to date, he said, to enable them to collaborate and work alongside the IT department to deliver digital initiatives successfully. Overall, the approach requires agile project management.

Source