OK lets break this down a bit...
The terms of this are really interesting:
"The main purpose of this framework agreement is to put in place a route for UK public sector organisations (Buyers) to buy their Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) requirements directly from the owners of public cloud platforms (Suppliers)."
Didn't GDS bang on about 'when we say Cloud we mean Public Cloud, and it should be SaaS?' Now they are mainly looking for IaaS and PaaS?
"The scope is necessarily restricted to ‘pure’ compute requirements which do not require additional services such as design, detailed configuration, tailoring or any ongoing management or professional services to assist with data migration in/out. The services can most simply and usefully be thought of as a commodity ‘utility’ service where Buyers connect to and and use the Supplier’s platform and processing resources for their own requirements, subject to acceptable use policies and compliance with law. Examples could include the development of new software applications or to manipulate large sets of data such as weather prediction or modelling medical scenarios, and particularly the ability for the services to be rapidly scalable at short notice."
So this is a £750m pot which will be worth perhaps 4-5 times this value when its fleshed out fully.
Also interesting that its described as a 48 month Framework, then a 24 month + 12 + 12 month; but on the main page it says its a 3 year plus 1 plus 1 - which is it??
This bit however is REALLY interesting -
"Bidders should note the following key requirements to participate in the procurement of this framework agreement:
1) you must have full and exclusive control of the infrastructure which underpins the platform used to provide the services;"
Not many folks have an environment where they OWN the infrastructure (and its not clear why a provider has to own the underlying infra?) - could this have been written to limit the bidders to one or two individual companies?
"2) you must use the Public Cloud Deployment Model here: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf to provide the services;"
But HMG Classification Scheme specifically says that you CANNOT use Public Cloud for any data that used to be BIL 3xx or above (which is most HMG data).... and yes I know blogs say you can but blog is not signed Ministerial policy
"3) you must be capable of providing the services primarily from within the UK (where specifically required by Buyers);"
So again VERY few suppliers who can actually deliver that - Microsoft and AWS can't (though they claim they can) - Google have no chance.
"4) you must be able to offer a platform availability of 99.9 % across an all day every day baseline;"
Question really is how will that be measured - Azure do it globally, which can mean its far below that locally (ie if you looked just at UK...)
"5) you must provide one example of a contract where you have delivered services using the Public Cloud Deployment Model to a customer organisation (public or private sector) in Europe during the last 3 years."
Challenging - esp since although you can form a consortium, or have named sub-contractors - its not actually clear how they will apply this?
Some of the weightings also tend to move the needle away from the big providers - Data Sovereignty having a weighting of 25% SHOULD hurt those guys (but I suspect it won't be examined in much detail, and both Data Sovereignty and Security are just minor components in a long list...).
And with NOTHING about vetting, or clearances or any of the tricky stuff like that, it's not clear if most of the NCSC Cloud Security Guidelines have even been considered.
Then when you consider its been published just before Xmas (and Brexit) with a sporty timeline in January and you have to draw the conclusion that this was written for mainly one supplier - but which one? AWS, Azure or UK Cloud???