Global Switch: a data centre scandal?
Subtitle: The company's Chinese takeover sparked a security response in Australia. In the UK, was disaster avoided, or was a scandal hushed up?
In December 2016, a Chinese investment consortium called Elegant Jubilee Ltd bought 49% of Global Switch in a deal worth £2.4 billion.
Founded in 1989, Global Switch (GS) was one of the UK’s main carrier-neutral data centre companies, with its main London sites then accounting for a significant portion of the capital’s data centre square footage. Essentially a specialised property company, GS provides floorspace, power, cooling, shelving, security, and so on: the physical space in which the hardware carrying cloud services and the global internet reside.
The 2016 deal attracted immediate consternation. But Brexit had disrupted Westminster and Whitehall, reducing the bandwidth for political or bureaucratic attention. The mentality associated with the ‘golden era’ of UK-China relations declared by Cameron and Osborne’s government the year previously was still dominant. Asked a short question about the takeover in the Commons, then Prime Minister Theresa May appeared to celebrate it as an example of a desirable manifestation of the ‘golden era’:
“We have seen Chinese investment coming into the United Kingdom and we will continue to see Chinese investment coming into the United Kingdom. We have a global strategic partnership with the Chinese and that will continue.”
That was the end of the debate about the matter in the House. Nonetheless, The Times carried comments by Sir Malcolm Rifkind: “The Government needs to be satisfied there are no risks involved. I would assume they will be taking advice as we speak from the intelligence agencies, from GCHQ in particular, and from others with the expertise to know the risk factor. If there is a significant national security dimension then anyone selling a British company would normally listen very carefully to the advice they receive from the British Government.” Former first sea lord Admiral Lord West of Spithead told the paper: “I have a nervousness about the Chinese getting more and more involved in large chunks of our digital infrastructure.”
In 2018, Australian outlets reported that the Australian Defence Department, not satisfied about GS’s assurances that Chinese involvement would have no consequences for data security, would migrate its systems out of GS’s site. Defence was “preparing to spend up to $200 million on the move, despite assurances from the company, Global Switch, that its files are secure.” GS’s Australian sites reportedly hosted servers handling “secret files” and an “Australian Signals Directorate-accredited gateway which allows secure access by public sector agencies.” The Australians gave themselves a 2020 deadline and put aside AU$200 million for the migration.
In January 2018, the Chinese consortium, Elegant Jubilee, became GS’s largest shareholder by purchasing a further 2% of the company.
That March, UKCloud (a now defunct cloud provider that focused on the public sector), testified to Parliament’s Joint Committee on National Security Strategy about GS, contrasting the Australian approach with Theresa May’s dismissal of concerns. Besides this and reference to the case in some work by a think tank, there appears to have been little public attention paid to the case.
By contrast, in Australia, the reports from 2018 about the Defence Department’s migration plans were just the start of a multi-year saga involving extensive public attention and information about the measures taken by the Australian government to mitigate the perceived risks posed by GS. For example, in February 2021, then Prime Minister Scott Morrison was forced to defend delays to the migration schedule which was supposed to have been completed in 2020 but continued then. Morrison referred publicly to “strict security arrangements, including 24/7 Defence security presence, remote CCTV monitoring and regular security audits”. Reporting on the issue in Australia continued through 2022, 2023 and 2024. For example, in 2022, it was reported that various other Australian government bodies, including the Department of Home Affairs, had their data stored in or transiting through GS centres, and had completed their migration. Earlier this year, in February, it was reported that Defence had completed its migration the previous year.
Another important element of the Australian situation was the sale of GS’s Australian operations, whereby Elegant Jubilee relinquished control to another investor. This was completed in late 2024, in fact, just after Defence completed its migration. In fact, GS’s Australian business had been ring-fenced since 2016. As explained by the lawyers who facilitated the 2024 sale, GS Australia (GSA) had…
“operated as a separate, standalone business - subject to strict ring-fencing arrangements - since December 2016, in order to comply with conditions imposed by [Australia’s Foreign Investment Review Board] when its current shareholders acquired a majority interest in Global Switch. These ring-fencing arrangements, and the associated split between economic and legal ownership of GSA (with Global Switch enjoying effective economic ownership, but the former owner of Global Switch retaining legal ownership, of GSA), added significant complexity to the transaction.”
There was no similar oversight in the UK. It is not known whether GS was pressured to sell GSA by the Australian government, either in some very direct fashion or indirectly as a result of loss of business due to public sector data migrations.
Renewed scrutiny in 2020
There are some indications that the GS issue received renewed British government attention in early 2020. That March, the Daily Mail ran a piece on GS, citing concerns from MPs and research into the CCP membership of the head of the company leading Elegant Jubilee. Years later, a former special advisor to then Prime Minister Boris Johnson, made what may have been veiled public references to GS, without naming the company:
“If you imagine having a sci-fi novel and you said what are a whole set of data systems that you really would not want the British state or the American state to be transferring data about and then imagine that it turned out that these things are controlled by, owned by, whatever, Chinese intelligence, then that gives you a kind of nightmare picture that is actually… is the reality. I can’t go into specifics of it, because the specifics of it are, I think, illegal to discuss, but if you just wrote a story and imagined what were some of the most obvious ways in which… I mean, you probably wouldn’t write such a story because that’s completely implausible. There’s no way that would happen. There’s no way they would transfer data between A and B about this information and then find out later that that was actually controlled by China. That would be fucking mental.”
These comments, made in 2023, prompted UKCT to try to identify possible candidate situations. The search for scenarios so “obvious” they were “completely implausible”, and involving data transfer, yielded only a small number of likely candidates, foremost amongst them GS. The Australian oversight of the situation, so much more serious and intense than in Britain’s case, lent credibility to the identification of GS.
So, what happened here?
UK-China Transparency is conducting a detailed investigation into whether GS carried or hosted sensitive data in the UK.
This investigation is complicated by the position of GS’s London centres as a key node in the UK’s telecommunications infrastructure, and the nature of cloud hosting and related supply chains, meaning that this is not a simple question of identifying public contracts won by GS (such as this £586,000 Department for Environmental and Rural Affairs contract GS won in 2019) because GS might merely have provided floor space to other companies that won public sector contracts, and therefore not show up in procurement databases. As well as the possibility that GS provided rack space that was occupied by such other companies, it is possible that GS merely hosted interconnection and ‘on-ramp’ facilities - that is, the physical infrastructure through which government or contractor networks connect to the wider Internet or to public-cloud platforms such as AWS, Azure or Oracle. In this model, Global Switch would not be directly storing or processing government data on its own sites, but would still be handling the network paths that such data travels through.
UKCT has already established that Rackspace, an American cloud computing company with MoD contracts at the time, hosted servers in GS sites in London until December 2017 at the latest, when it began a migration of its managed and co-located customers out of GS centres. Rackspace’s announcement stated:
“Following a review of our global data center footprint, Rackspace decided to reduce our footprint in the Global Switch GS2 (LON7) data center by moving all managed services customers from suites J1 and J2 to an existing Rackspace data center.”
It is not known how long this migration might have taken.
We have also identified large government (including MoD) contracts with major ‘systems integrator’ companies such as Fujitsu, Computacenter, or CGI IT, which may have involved data transiting through or stored in GS centres downstream in a way that would not show up in public procurement documents. A clause in a 2015 £500 million MoD-Fujitsu contract reads:
“For any of the Services which are routed through shared or multi-tenanted ICT hosting environments, the Contractor shall provide documented evidence of assured electronic separation of Customer Authority Data. The Contractor shall also provide documented evidence that Contractor Personnel are always accompanied by at least one (1) other member of Contractor Personnel in network equipment rooms and data centre halls that host critical data processing functions, whether located on a Customer Authority Premise or Contractor Site.”
Alongside MoD contracts, it is possible that GS was entangled in supply chains linked to the Home Office and the Foreign Office, which has a need for global ‘on-ramp’ and interconnection in order to facilitate communication with British embassies and consulates abroad and, conceivably, elements of the British intelligence community worldwide.
We are encouraging others to investigate this and will blog here as we and they continue digging.
A lost opportunity for growth?
UKCT also notes and will continue to investigate the economic angle to this case. Touted as “foreign direct investment”, our analysis of public information about GS’s valuation suggests that the takeover of GS and likely loss of public trust as concerns mounted over Elegant Jubilee has resulted in an apparent stagnation of the British company’s value not commensurate with the wider boom in the data centre market. GS was sold for £4.8 billion in 2016. Its Australian business was sold for AU$2.12 billion. Earlier this year, it was reported that the rest of the business might be sold for US$4-5 billion. Later reporting in the summer suggested US$6-7 billion. This suggests that an increase in the value of the company from £4.8 billion in 2016 to roughly £5.2 billion (plus £1.1 billion for GSA) in 2025 may not reflect a reported 40% growth in data centre revenues since 2016, especially considering that GS has since 2016 increased its portfolio, the sale of GSA notwithstanding. In 2019, GS opened a major new centre in Singapore, in collaboration with a Chinese state-owned enterprise; “Hong Kong’s largest data centre” followed in 2021; a major new site in Amsterdam will be completed next year. (This may not be a comprehensive list.)
Security aside, there is a serious question of whether “foreign direct investment” in this case undermined a promising British data centre company’s prospects.