The outage on 20 October at US tech giant Amazon Web Services (AWS) affected a wide range of apps including Lloyds Bank and its subsidiary brands Halifax and Bank of Scotland.

Reports elsewhere highlighted the global impact of the outage. In Australia, customers of ANZ were impacted on and off for much of the day.

AWS is estimated to account for up to 30% of the global cloud market share, ahead of about 20% for Microsoft Azure and 13% for Google Cloud.

Banking sector commentators give their take on the impact of the outage.

Jake Madders, Co-founder and Director, Hyve Managed Hosting

Today’s AWS incident is a stark reminder that even the largest and most reliable cloud providers can experience significant outages – but these risks can be mitigated. The key lies in building resilience into your infrastructure from the outset. Diversifying across multiple cloud providers and geographic regions is essential to ensure redundancy and enable seamless failover when disruption occurs. Just as important is decoupling critical services – such as, for example, identity management, DNS, and core data layers – from any single provider, so that if one ecosystem is impacted, your operations can continue elsewhere.

For organisations that prioritise data sovereignty, it should also be a key consideration, with local failover options and replication to trusted jurisdictions built into their continuity strategy. Effective mitigation also includes regular backup and recovery testing, automated failover processes, and a well-documented, frequently reviewed incident response plan.

A final consideration is that while large enterprises may have the internal resources to implement and manage these safeguards, smaller businesses without in-house expertise may struggle – not just during an outage, but with the aftermath and recovery. By engaging with a trusted infrastructure partner, smaller organisations can gain the foresight, tools and support they need to maintain continuity, recover quickly, and minimise disruption when incidents occur.

Mona Schroedel, a specialist data protection lawyer at Freeths

This is of course not the first major outage we have experienced in recent memory. Only a little over a year ago a Microsoft outage caused airports and banks to grind to a halt. Modern life especially after the pandemic has become dependent on virtual connectivity and systems. It isn’t that long ago that most people carried cash and would have been perfectly able to bridge a banking issue without complications. However, nowadays cashless payments are the norm and most of us don’t habitually carry cash anymore.

As with the law in this area, the need for practical review and adjustments just cannot keep up with the speed of the advancement. That leaves end users vulnerable to be negatively impacted if the few big providers are targeted or have a technical issue. More ought to be done to ensure that there are (a) backup systems for critical services and (b) that the practical aspects of our modern convenient virtual life are reviewed and regulated.

Monica Eaton, Founder and CEO of Chargebacks911 and Fi911

When AWS sneezes, half the internet catches the flu. Outages like this cause frustrated users but also triggers a domino effect across payment flows. Failed authorisations, duplicate charges, broken confirmation pages, all of that fuels a wave of disputes that merchants will be cleaning up for weeks. And once a customer files a dispute, you are already on the back foot.

What I expect now is a spike in ‘I never got my service’ or ‘I was charged twice’ claims. Many of those won’t be fraud, just confusion. But confusion is the number one driver of chargebacks. If merchants sit back and wait for disputes to roll in, they will bleed revenue unnecessarily.”

The smart move is to get ahead of the narrative. Run duplicate charge sweeps. Push proactive notifications to affected users. Document the outage window for clean evidence. Offer fast refunds where appropriate. It is cheaper to fix misunderstandings than fight losing battles in the dispute process.”

The outage will end long before the disputes do. Any business that treats this as a one-day incident is already behind. Downtime happens, but silence and slow responses are what cause real damage.

Edvards Margevics, Co-CEO & Partner Payments Company CONCRYT

The widespread AWS outage today is a sharp reminder that even the most robust cloud infrastructures can become a single point of failure and for merchants and payments providers, the consequences are immediate and significant. With services down across key platforms, businesses reliant on real-time payment processing, digital wallets and account-to-account flows are feeling the impact of disrupted connectivity, delayed settlements and diminished consumer trust.

In the payments world, where every second counts and interruptions equate to lost revenue or reputational damage, this incident underscores the importance of having resilience, backup protocols and multi-cloud redundancy baked into infrastructure planning. It also reaffirms why merchants need to diversify critical systems, partner with payment platforms that have international fail-over capacity and continuously test for operational continuity.

While AWS engineers are working to restore full service and investigate the root cause, this event will accelerate conversations around risk mitigation, contingency planning and the real cost of cloud dependence in the payments ecosystem. For merchants and fintech firms alike, the message is clear: ensure your infrastructure can not only scale but survive downtime when it matters.

Kurt Ma, Partner at Shoosmiths

The AWS outage underscores a critical vulnerability in the modern digital landscape and what we have all known for a while – a single cloud failure can trigger cascading disruptions across unconnected industries.

That sort of domino effect is real and well-understood. The CrowdStrike update in 2024 that crashed millions of Windows systems, grounding flights and halting hospital operations is one recent example. The fallout from the AWS outage remains to be seen, but we know that services reliant on AWS infrastructure range from smart home devices to financial apps and crypto exchanges.

We expect an immediate action point would be to review the force majeure clauses in the commercial contracts and the scope of insurance policies to check whether they expressly cover IT outages of this type and, if so, how they allocate responsibility. This, however, is not the long-term solution. Businesses need to recognise the need to adopt multi-cloud strategies and business continuity and disaster recovery plans that address situations like this. It is also crucial to get into the habit of auditing cloud vendors on a regular basis. As digital dependencies deepen, resilience must become a legal and operational priority.

Kate Brimsted, Partner at Shoosmiths 

There’s been increased focus on ICT supply chain risk and resilience in recent years, backed up by new and strengthened regulation, both cross-sectoral (NIS2) and sector specific (DORA). We’ve gotten used to the ‘weakest link in the chain’ paradigm. But with concentration risk – illustrated by the AWS outage – is it time to start thinking about building a second chain?  How many BCPs facilitate a pivot to a separate infrastructure provider? Does it start to become worth the cost and complexity.