India's largest IT services company, Tata Consultancy Services (TCS), is under growing pressure from both the United Kingdom and the United States regarding its employee displacement claims and cybersecurity operations, as regulators and lawmakers investigate its involvement in recent cyberattacks and worker displacement complaints.
In the US, Senators Charles Grassley and Dick Durbin of the Senate Judiciary Committee have written to TCS's CEO K. Krithivasan questioning TCS's recruitment, outsourcing, and staffing policy in key areas like cybersecurity.
The question is reported to address whether TCS's recruitment can make systems vulnerable to breaches, such as dependence on foreign talent, visa arrangements, or subcontracting, that would make systems vulnerable to risk. (Times of India)
Simultaneously in the UK, Parliament members and trade committee panels have questioned TCS on its association with top-level cyberattacks. The Business and Trade Committee has requested information on TCS's involvement in the Jaguar Land Rover (JLR) cyber shutdown.
TCS has also been in the spotlight for its work with UK retailer Marks & Spencer (M&S). Following a cyber attack that paralyzed M&S's online presence and dealt an estimated £300 million blow to profitability.
TCS, a long-time technology partner of M&S, has admitted to carrying out an in-house investigation to determine whether its infrastructure or staff were used as a vector. TCS has responded by stating publicly that neither its systems nor its users were compromised in the M&S incident.
In both the UK and India, critics argue that major IT outsourcers, such as TCS, are in a regulatory blind spot. In the UK, MPs have called on TCS to be more open about its contracts in ‘critical infrastructure’ sectors, the level of access it has to sensitive systems, and how widely its internal security audits are done.
In America, lawmakers are reportedly examining whether specific procurement or immigration policies unintentionally create vulnerabilities in foreign-based service providers.
These simultaneous pressures occur as part of a larger tension surrounding the global supply chain for cybersecurity services.
Commentators refer to the exact cost and efficiency imperatives behind outsourcing, which introduces associated systemic risk, allowing attackers to achieve cascading entry through third parties.
For TCS, the stakes are high. The company's credibility as a go-to global technology partner is on the line as it deepens its cybersecurity play and issues threat forecasts — including GenAI-powered detection and zero-trust architecture.
Suppose regulatory bodies in the US or UK identify gaps in governance or oversight. In that case, TCS may be subject to restrictions on access to key contracts, increased regulatory audits, or reputational damage that impacts its global business pipeline.
As these investigations continue, the central argument is: in a time of transnational cyber threat, can outsourcing behemoths such as TCS remain both cost-effective and justifiable in countries where national security and data sovereignty become increasing concerns?