In Ukraine, tech companies have played an outsized role, encroaching into traditional areas of statecraft. It is clear that no state could have provided Ukraine with the kind of services it needed – cloud storage, threat intelligence, satellite communications and the use of artificial intelligence for battlefield targeting – at the speed at which they were required.

Companies like Microsoft, Amazon, Starlink, Palantir, Maxar, Cisco etc., have plainly demonstrated their capabilities and infrastructural power. But rather than simply describing their actual involvement into Kyiv’s war effort, the conference has sought to explain how state-private interactions have worked so far in the Ukrainian war, along three main features which carry a strong infrastructural dimension.

First of all, U.S. tech firms envisioned the provision of cloud storage services as a “sovereignty-as-a-service” matter. On the day of the invasion, Amazon and the Ukrainian government sketched out a plan to transfer critical data from Ukrainian ministries and essential companies to the cloud. The transfer was an intricate process relying on Amazon’s existing logistical chains in Europe for their AWS Snowballs. By July 2022, more than 10 million gigabytes of data had been relocated from servers located in Ukrainian to Amazon’s cloud, including data from 42 government authorities, 24 universities, and dozens of companies.

Amazon conducts a disaster response training exercise using Snowball Edge data storage units. Similar units have been used to transfer Ukraine government data to the Amazon cloud.  (Noah Berger / Amazon)

Amazon and Microsoft iterate that the existence of cloud infrastructure enables governments at the brink of war to ensure the continuing operation of their vital digital networks. It highlights the role of cloud infrastructure in generating co-production of sovereignty and security governance at the intersection between public and private, disrupting ideas of territorialized state control over cyberspace.

In war, these infrastructural mediations of public-private boundary drawing, sovereignty, and security governance have implications for all the states involved. The distribution of the cloud infrastructures enables data essential for military operations to be stored and processed in other states. In that sense, Amazon data centres in Germany, Switzerland, or Ireland hold data that enable Ukraine’s war machine.

Secondly, the war in Ukraine demonstrated how connectivity mixed both responsabilization and contracting from U.S. tech firms. The use of Amazon cloud services relies on Amazon’s continuing sense of obligation for Ukraine’s war of independence. Not every Big Tech company shares the same sense of responsibility for Ukraine with Elon Musk and SpaceX being the most evident example. A few days into the war amid widespread Internet blackouts, Vice PM Fyodorov approached Elon Musk on Twitter pleading for Starlink satellite services to ensure stable communication flows for civilians and the government. Twelve hours later, Musk replied saying that he had activated services in Ukraine, and within a few days the first of over 30.000 terminals were being shipped to Ukraine to enhance connectivity. The Ukrainian military utilized the then 4,500 satellites in orbit on the battlefield, not only for command and control but also more specifically to direct its reconnaissance and combat drones. In October 2022, Musk demanded financial compensation from the Pentagon – a request which was withdrawn after receiving public criticism. Though later, Musk refused to provide Starlink access to the Ukrainian military as they were targeting Russia’s naval fleet. Musk told his biographer that he wanted to prevent a ‘mini–Pearl Harbor’ on Crimea that would lead to Russian nuclear escalation. In June 2023, Pentagon signed a contract with SpaceX to ensure Starlink satellite service for Ukraine, and there was no reporting about lack of coverage for the Ukrainian military until Donald Trump re-entered the White House.

The satellite infrastructure that secures stable communication flows to the battlefield mediates a particular form of public-private relation: on the one hand, it reaffirms well-known contractual dynamics between governments and private defence companies. And on the other, it recreates the non-contractual logic of responsibilization where security is considered a duty rather than a right. The infrastructurally mediated responsibilization, however, comes with a new twist in that it leaves room for erratic CEOs to make strategic decisions directly influencing a state’s ongoing military operations based only on the CEOs geopolitical judgement and thus without consultation or alignment with the government it is contractually tied to.

Thirdly, providing massive cyber threat intelligence (CTI) to Ukraine, tech firms acted as knowledge brokers on the conflict itself. The extensive use of Microsoft’s products and services in Ukraine positions the company to constantly monitor the ongoing activities in the country’s networks, and ultimately identify specific cyber threat patterns from Russian cyber and information warfare units. The access to threat data have turned Microsoft into a gatekeeper of knowledge about the war.

Microsoft’s extensive involvement in defending Ukraine from Russian cyber-attacks enables the company to position itself as the truth teller of the cyberwar. In war, knowledge about what is happening and what it means are inherently sparse and contested. Intelligence agencies often have to balance the strategic utility of knowledge sharing with the potential loss of continuing information gathering capacity. The company has published several well-designed reports on what they see of Russian cyber activity against Ukraine. The reports function as a practice of epistemic infrastructuring by analysing, presenting, and validating the large and rather eclectic landscape of bottom-up knowledge production on cybersecurity incidents in Ukraine based on open-source data.

In this way, Microsoft tells both Ukraine and the world how to understand, learn about, and adapt to protect their potentially critical digital assets. These two ways in which the boundary between Microsoft and the state is being drawn have political implications, especially in relation to the dependencies of Microsoft, also outside the borders of Ukraine. By collecting and analysing threat data against Ukraine, Microsoft is not only helping a country at war protecting itself in cyberspace. The constitution of the epistemic infrastructure enables Microsoft to also help all its global customers. Microsoft may aid Ukraine for free, but by being both a global software and a cybersecurity provider, Microsoft improves both services by collecting, analysing, and mitigating cyber threat data in Ukraine. This only strengthens Microsoft’s ability to extract rent from users of its software and additional rent from the same users for protecting the insecure software these users are renting in the first place.

This multifaceted involvement has multiple consequences for Ukraine (and Europe), including for the country’s digital corporate autonomy. The most obvious one is Ukraine’s dependency on private sector goodwill for national security provision. Another ramification is from an international legal standpoint. Because the companies are demonstrably taking sides in the war, if their engagement in defensive activities is interpreted as involvement in hostilities, then they could be seen by Russia as participants in the conflict and therefore legitimate military targets. This issue is intensified by the fact that the companies are understood to be helping manage not only civilian services but also military assets, for example, the protection of military networks and storage of military data in the cloud. Ukraine ceded a substantial level of control over its critical data to American companies with servers located extraterritorially, under a legal regime different to its own. Ukraine thus effectively traded a proportion of its digital sovereignty for cyber resilience. These actions also have sovereignty implications for countries hosting the  servers(e.g. Poland), as they become potential Russian targets.