UK authorities’s G-Cloud 15 framework: All the things you should know
The federal government procurement chiefs on the Crown Industrial Service (CCS) are gearing up for the 2026 launch of the 15th iteration of the federal government’s G-Cloud procurement framework, having handled the buying settlement to the largest revamp in its historical past.
The framework’s worth and size are each markedly bigger and longer, respectively, in contrast with earlier iterations of the framework, with CCS introducing adjustments to seemingly make G-Cloud higher suited to bigger cloud offers.
For instance, the estimated framework worth for G-Cloud 15 is tipped to be £14bn, with the settlement set to run for 4 years to September 2030.
In distinction, the earlier iteration was valued at £4.8bn and could have run for 2 years by the point it ends.
One other sizeable change is the introduction of eight-year contracts for cloud internet hosting deployments underneath G-Cloud 15, when the utmost contract size permitted underneath G-Cloud 14 was half that size at 4 years. For the non-cloud internet hosting tons, contracts referred to as off underneath G-Cloud 15 could be a most of six years.
Based mostly on the entire above, it’s honest to say G-Cloud 15 marks a radical departure for the framework, with all of the adjustments that CCS has deliberate for it.
Right here, we take a deep dive into CCS’s proposed framework tweaks, and discover out why it’s feared a few of these adjustments danger making the framework much less accessible to small and medium-sized enterprises (SMEs).
How totally different is G-Cloud 15 to what’s gone earlier than?
In contrast with the first-ever iteration of G-Cloud, which made its debut in spring 2012, G-Cloud 15 is a world aside.
When it made its debut, the framework was pitched as a way of opening up authorities IT offers to SMEs and supporting the expansion of the UK’s personal homegrown market of cloud suppliers.
This was at a time when the awarding of prolonged and costly contracts to huge tech companies and methods integrators (SIs) was the norm, and G-Cloud was meant to assist break the maintain these companies had on public sector IT procurement.
To this finish, G-Cloud contracts had been initially capped at 12 months in size, to offer consumers the liberty to modify out their cloud suppliers frequently for value or efficiency causes.
The framework was additionally frequently up to date (with new iterations launching each six months) to make sure the general public sector was gaining access to the newest and biggest instruments and applied sciences the burgeoning cloud market needed to provide.
“The G-Cloud tenets had been round innovation and getting SMEs into public sector IT, and introducing a recent strategy, area of interest instruments and cost-effective options, and really liberating up departmental procurement professionals [because it was easier to use],” Invoice McCluggage, a former director of IT technique and coverage within the Cupboard Workplace and deputy authorities CIO from 2009 to 2012, informed Pc Weekly.
“And the purchasers liked it as a result of it meant they didn’t should undergo a giant, pricey, long-winded, advanced procurement course of that – by the point you bought by the opposite finish of it – your necessities have actually modified.”
And whereas the framework initially helped to offer homegrown cloud companies and SME tech suppliers a leg-up into authorities IT offers, the image has steadily modified over the previous decade or so. Particularly, because the hyperscalers started opening UK datacentres in late 2016.
Proof of this may be seen from glancing on the authorities’s Digital Market gross sales figures. These verify the tech suppliers making essentially the most quantity of gross sales from the framework today are huge tech companies comparable to Amazon Internet Providers (AWS), IBM, Microsoft, and consultancies and SIs comparable to Deloitte, Capgemini and Accenture.
“[The framework has] slowly however absolutely been grasped by the procurement professionals in CCS and tailor-made into a standard, risk-averse framework that now begins to look as if it’s favouring the large hyperscalers and the SIs once more,” mentioned McCluggage.
What’s the timeline for G-Cloud 15 to start out?
The invitation to tender (ITT) a part of the procurement course of for G-Cloud 15 started on 23 October 2025, and would-be suppliers have till Friday 30 January 2026 to use for a spot on the framework, which is predicted to go-live in September 2026.
How does G-Cloud 15 differ to G-Cloud 14?
There are fairly a number of variations between the 2 buying agreements, with the quantity and structuring of the framework Heaps for G-Cloud 15 trying considerably totally different for one factor. That is primarily as a result of G-Cloud 15 is protecting the work of the Cloud Compute framework, as nicely.
For instance, Cloud Internet hosting is now unfold throughout two tons (dubbed Lot 1a and Lot 1b) moderately than one.
Lot 1a is for suppliers specialising within the provision of “core” infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) subscription companies, whereas Lot 1b covers the identical forms of companies when used to host info that’s labeled as being above the “official” authorities knowledge safety classification degree.
The framework’s Cloud Software program Lot has additionally been equally break up into Lot 2a, protecting the supply of infrastructure software-as-a service (ISaaS), and Lot 2b, which covers software-as-a-service (SaaS) choices.
Lot 3, protecting Cloud Help companies, stays intact, however Lot 4, which was run as a standalone framework to G-Cloud 14 for public sector IT consumers that wished to run their very own aggressive processes for extra advanced cloud assist contracts, is being discontinued.
As beforehand acknowledged, G-Cloud 15 is ready to run for 4 years whereas G-Cloud 14 was initially a two-year framework (that bought prolonged by a further six months).
In the meantime, the utmost period of time that contracts can run for has doubled (within the case of the cloud internet hosting tons) to eight years in G-Cloud 15. This works out at 5 years for the preliminary time period of the contract, with consumers supplied as much as three non-compulsory extensions of 12 months.
For the opposite G-Cloud 15 tons, the utmost period of time that contracts can run for is six years, consisting of an preliminary interval of 4 years, with consumers supplied as much as two non-compulsory extensions of 12 months.
For context, all G-Cloud 14 contracts, whatever the Lot they had been referred to as off from, might run for an preliminary 36-month interval, with the choice given to increase them by an additional 12 months if wanted.
What different adjustments has CCS launched?
In addition to a rework of the G-Cloud 15 Lot constructions, CCS is contemplating introducing enhanced applicant vetting procedures for Lot 1a and Lot 1b individuals, particularly.
As beforehand detailed by Pc Weekly, CCS is reportedly contemplating making potential suppliers:
- Endure extra rigorous monetary vetting than required underneath the earlier iteration of the framework.
- Possess an expanded variety of obligatory ISO accreditations than earlier than, or present proof that work to accumulate them is underway by the point the appliance deadline for G-Cloud 15 closes in January 2026.
- The place Lot 1b candidates are involved, they have to possess insurance coverage cowl in extra of £75m to safe offers by G-Cloud 15.
How will the monetary vetting procedures for G-Cloud 15 differ to what’s gone earlier than?
Individuals in G-Cloud 15’s cloud internet hosting tons might want to take part in a extra in-depth Gold Normal Monetary Viability Readiness Evaluation (FVRA).
This course of usually includes suppliers having to take part in an in depth evaluation of their monetary affairs, involving the availability of in depth details about their companies, which might be topic to tight scrutiny by CCS.
Underneath the earlier iteration of the framework, all suppliers – no matter lot – had been topic to much less onerous checks that might solely contain them having to take part in a full FVRA if they didn’t meet an preliminary credit score rating screening check. This technique stays in place for Lot 2a, Lot 2b and Lot 3 suppliers underneath G-Cloud 15.
What sort of accreditations are collaborating suppliers anticipated to have?
The CCS has confirmed it’s now obligatory for suppliers wishing to take part in its Cloud Internet hosting Heaps to own the ISO 9001, ISO 20000-1, ISO 27001 and ISO 27018 certifications.
CCS initially acknowledged in its tender paperwork that suppliers would have to be in possession of those obligatory accreditations by the point the appliance deadline for G-Cloud 15 closes in January 2026.
Nevertheless, it seems, in response to provider pushback, CCS’s stance on this matter has now softened.
“Following a evaluation of necessities and the present functionality and capability points that exist inside the market, CCS has determined to amend its place regarding ISO accreditation,” CCS has confirmed.
“The ISO requirements listed are nonetheless obligatory … to function in Heaps 1a and 1b. Nevertheless, the necessities on bidders will now be that if they don’t at the moment maintain the required ISO certification, they have to proof to CCS, earlier than the appliance deadline of 30 January 2026, that they’ve begun the method of certification … This could take the type of an authorised third-party affirmation from an ISO accreditation physique.”
G-Cloud suppliers have beforehand been exempt from needing the Cyber Necessities accreditation. Is that the case this time round?
No – underneath the phrases of G-Cloud 15, all collaborating suppliers will now want to carry a Cyber Necessities accreditation.
CCS beforehand acknowledged this is able to simply be obligatory for G-Cloud 15’s Cloud Internet hosting individuals however – in an e mail to suppliers dated 5 December 2025 – it confirmed this situation now applies to all suppliers.
“Suppliers awarded a spot on the framework on both Heaps 2a, 2b or 3 might be required to acquire a legitimate Cyber Necessities certificates for themselves and guarantee any of their subcontractors who course of private or OFFICIAL knowledge have a Cyber Necessities certificates,” the e-mail, seen by Pc Weekly acknowledged.
“Proof of your certification is required inside 12 months of the award date of the G-Cloud 15 framework. Certificates might be monitored by CCS, and any suppliers who fail to supply a legitimate certificates inside 12 months of the award date might be suspended from the framework. Suspended suppliers will be reinstated as quickly as they supply a legitimate Cyber Necessities certificates to CCS.” It added: “Bidders who have already got a Cyber Necessities certificates ought to present it with their tender.”
And what’s with the adjustments to the insurance coverage necessities?
Particulars of G-Cloud 15’s reworked insurance coverage necessities are specified by a “Joint Schedule 3” doc CCS has beforehand shared with potential suppliers.
It stipulates that suppliers desirous to safe contracts underneath framework Lot 1a, Lot 2a, Lot 2b and Lot 3 “shall maintain” separate personal indemnity, public legal responsibility insurance coverage and employers’ legal responsibility insurance coverage with cowl that totals a minimum of £7m.
As such, suppliers should have separate skilled indemnity insurance coverage and public legal responsibility insurance coverage of a minimum of £1m every, in addition to a minimum of £5m in employers’ legal responsibility insurance coverage. By the way, these ranges of insurance coverage are the identical as these required of suppliers on G-Cloud 14.
Nevertheless, suppliers vying for contracts awarded underneath Lot 1b, which covers IaaS and PaaS companies used to host knowledge that’s above the “official” safety grading, should have in place separate personal indemnity, public legal responsibility and employers’ legal responsibility insurance coverage that totals a minimum of £75m, the doc states.
These adjustments seem to lift the boundaries to entry to G-Cloud quiet considerably. What has been the response to them?
As beforehand reported by Pc Weekly, considerations have been raised by varied sources inside the G-Cloud provider neighborhood that G-Cloud 15 appears set to lastly put paid to the notion that the framework is SME pleasant, based mostly on the adjustments CCS is planning to introduce.
Talking to Pc Weekly, Nicky Stewart, a senior advisor to the pro-cloud market competitors advocacy group, The Open Cloud Coalition, echoed these considerations.
“G-Cloud started as a revolutionary initiative designed to shatter the IT ‘oligopoly’ [of big tech firms and SIs], enabling the federal government to ‘pay much less, get extra, and get it sooner’ by permitting SMEs and new market entrants entry to the market to compete with the oligopoly,” she mentioned.
“G-Cloud, in its preliminary iterations, genuinely enabled this aspiration. SMEs and new market entrants grew, employed, created wealth and helped to underpin the federal government’s digital transformation. However alongside the way in which, G-Cloud misplaced its method.”
An “absence of competitors” inside G-Cloud paved with method for a brand new “duopoly” of suppliers rising – particularly AWS and Microsoft – that, in time, SMEs would discover troublesome to beat on worth and – in the end – would lose out on enterprise to.
And, G-Cloud 15 appears to be persevering with a marked shift that began with G-Cloud 14, when it comes to the framework changing into tougher for SMEs to get a foothold in.
“G-Cloud 14 noticed a shift, not in direction of competitors and variety, however in direction of alignment with the CCS Public Sector Contract,” she mentioned. “This meant monetary assessments from the outset and, initially a minimum of, a lot more durable insurance coverage necessities. Beforehand, consumers would carry out their very own due diligence and decide their insurance coverage necessities.
“G-Cloud 15 takes this shift to a brand new degree … the insurance coverage, monetary and accreditation necessities are all vital boundaries to entry. These, coupled with a possible eight-year time period for cloud internet hosting call-off contracts, danger undermining G-Cloud’s preliminary ideas of range and competitors, and will nullify any significant influence that G15 might have had when it comes to diversifying and strengthening the federal government’s unhealthily concentrated cloud market.”
Why has CCS determined to make such huge adjustments to how G-Cloud this time round?
The reasoning for pushing by lots of the proposed adjustments to the framework will be traced again partly to the actual fact when G-Cloud 15 launches it won’t solely be changing G-Cloud 14, but in addition the necessity for CCS to roll out a 3rd iteration of its hyperscale-focused Cloud Compute framework.
The latter was created as a buying settlement for large-scale, high-value public sector cloud contracts, and so it’s thought that CCS is placing suppliers by heightened monetary vetting and requiring extra accreditations to verify they’ve what it takes to ship on some of these offers.
What distinction will including the Cloud Compute framework to the G-Cloud buying settlement make?
The federal government’s Cloud Compute framework was initially created and launched so that enormous, hyperscale offers of that ilk would now not be funneled by the extra SME-friendly G-Cloud setup. Nevertheless, that buying settlement – over two iterations – has struggled to seek out its footing with public sector IT consumers.
CCS has confirmed that there might be no third iteration of the Cloud Compute, because the ideas of that framework are set to be integrated into G-Cloud 15.
That is regarded as why G-Cloud 15’s worth has ballooned between iterations, and why G-Cloud 16 will not be anticipated to make an look till 2030 on the earliest.
Why precisely is CCS merging the Cloud Compute framework with G-Cloud?
The official line on that is that merging the 2 frameworks will permit Cloud Compute to “leverage” G-Cloud’s recognition, with the latter buying settlement described by CCS within the G-Cloud 15 tender doc because the “largest framework of its form within the public sector”.
Studying between the traces, this might be interpreted as an admission from CCS that the Cloud Compute framework by no means fairly delivered on what it was meant to, and under-performed.
The primary iteration, which went reside in 2021, reportedly generated only a few gross sales, with a 2023 investigation by Pc Weekly uncovering only one contract – totaling £750,000 – referred to as off underneath the £750m Cloud Compute 1 framework.
The framework’s second iteration, Cloud Compute 2, has fared just a little higher because it went reside in November 2023, having undergone a revamp by CCS to make it extra accessible to SME suppliers.
In keeping with contract knowledge provided to Pc Weekly by public sector-focused analyst home Tussell, there have been a minimum of 5 offers totaling £10.8m referred to as off underneath Cloud Compute 2 because it went reside. The most important of those being a £5m contract awarded by the Division for Work and Pensions to Oracle in Could 2024.
For a framework valued at £1.35bn, although, it’s not a terrific gross sales monitor report, notably because it’s a buying settlement meant for large-value cloud offers to be pushed by it.
To place that determine into context, through the 2023-2024 monetary 12 months, the quantity of cloud spend – as confirmed by CCS – transacted by the G-Cloud framework totaled £3.1bn.
