Rethinking cloud strategy: A smarter path to digital sovereignty

Cloud Native
Hybrid Cloud
Cloud Transformation
Digital Sovereignity
IT Transformations
The cloud sovereignty crossroads

Cloud technology has become the backbone of modern enterprises, offering scalability, agility, and operational efficiency. Growing geopolitical tensions, regulatory changes, and concerns over digital sovereignty have forced organizations to rethink their reliance on U.S.-based hyperscalers. Can European enterprises realistically achieve full cloud independence? Not yet. But a strategic, step-by-step approach can help reduce dependency while maintaining performance and security.
06 May 2025 minute read

Key takeaways about these insights

The conversation around cloud sovereignty is no longer theoretical - business leaders must take action. With rising geopolitical risks and growing regulatory pressure, organizations need to rethink their cloud strategy. A structured, pragmatic approach can mitigate dependency risks while maintaining flexibility and performance.


  • European enterprises are heavily reliant on U.S. cloud providers, with 72% of infrastructure and 80% of data managed by U.S. firms. This dependency presents risks related to compliance, security, and business continuity.
  • There are four major hurdles to reducing dependency: lack of viable European alternatives, interoperability challenges, financial trade-offs, and security concerns.
  • A structured, stepwise approach enables organizations to regain control focusing on cloud strategy, visibility, diversification, architecture, and governance.
  • Cloud sovereignty isn’t about full independence, It’s about strategic flexibility continuously assessing risks, optimizing dependencies, and ensuring long-term resilience.

    The challenge: between dependency and complexity


    The geopolitical landscape has heightened Europe's awareness of its substantial reliance on U.S. technology firms, particularly in cloud computing and data management. Approximately 72% of all cloud infrastructures in Europe are hosted by U.S. providers, and around 80% of European data is managed by U.S. tech firms (CSIS). The European Union has expressed concerns over this dependency, prompting initiatives like the EU Data Act to enhance data sovereignty and reduce reliance on non-European service providers.

    The imbalance is underscored by the disparity in market capitalizations between U.S. and European tech firms. The combined market value of Europe's seven largest tech companies is approximately $705 billion, starkly contrasted by the $12 trillion valuation of the top U.S. tech giants (EQT Group).

    In response, European governments and organizations are reassessing their cloud strategies, aiming to bolster digital sovereignty. However, challenges persist due to the entrenched position of U.S. providers and the current limitations of European alternatives.

    • Regulatory exposure: With stricter EU data laws emerging, companies relying on U.S. providers could face compliance challenges and legal uncertainties.
    • Limited bargaining power: A lack of viable alternatives weakens negotiation leverage, leaving businesses at the mercy of pricing models and service levels dictated by hyperscalers.
    • Geopolitical risks: Rising tensions, sanctions, and shifting policies can impact access to data, applications, and critical cloud services. Additionally, if a hyperscaler faces operational or financial trouble, U.S. firms and government entities are likely to receive priority support, leaving European businesses more vulnerable.

    The risk is clear: cloud dependency isn’t just an IT issue it’s a strategic business risk. The good news? Organizations can take a structured approach to mitigate these risks without sacrificing performance or innovation. The Growth model explains how. 


    0%
    Cloud Infrastructure in U.S.
    0%
    Data Managed by U.S Tech
    0x
    U.S. Market value compared to Europe

    The cloud dependency reduction playbook

    There is no one-size-fits-all solution to cloud sovereignty. Organizations must navigate a mix of technological, financial, and regulatory constraints. Take an incremental, strategic approach that builds resilience over time while maintaining flexibility.





    Use these five perspectives to draft your roadmap to reducing U.S. cloud dependency:

    1. Establish a Clear Cloud Strategy

    Cloud sovereignty starts with determining the desired level of digital dependency. Organizations must integrate sovereignty decisions into business continuity, security frameworks, and regulatory planning.

    • Assess and define the acceptable level of reliance on U.S. digital services
    • Develop a mid and long-term roadmap that integrates sovereignty into IT decision-making.
    • Align cloud sovereignty goals with business priorities, risk management frameworks, and regulatory requirements to ensure sovereignty supports growth and compliance

    2. Gain visibility and secure critical infrastructure

    To regain control, organizations need both insight into their cloud dependencies and immediate safeguards to ensure business continuity.

    • Identify your cloud dependencies and map to business process to assess associated risks.
    • Ensure you have access to (backed up) data that’s hosted on EU owned & managed servers.
    • Secure critical infrastructure services like DNS and Identity & access management

    3. Evaluate and Diversify Cloud Partnerships

    Avoiding vendor lock-in requires diversification. Organizations should evaluate alternatives and test solutions that enhance flexibility.

    • Conduct an objective assessment of EU-based cloud providers.
    • Run pilot projects with alternative providers to measure feasibility and risks.
    • Develop exit strategies to ensure flexibility and avoid vendor lock-in.

    4. Future-Proof Architecture for Portability

    Resilient architecture is the foundation of cloud sovereignty. Hybrid solutions and standardization ensure operational flexibility.

    • Assess the feasibility of leveraging on-premises hosting platforms as part of a hybrid strategy.
    • Standardize applications using containers (Kubernetes, OpenShift) for interoperability.
    • Design for abstraction layers to enable workload mobility between providers.

    5. Integrate Cloud Sovereignty into IT Governance

    Cloud sovereignty is not a one-time project—it’s an ongoing commitment that requires strong governance frameworks.

    • Make cloud independence a strategic principle in procurement and technology investments.
    • Establish policies ensuring sovereignty considerations in vendor selection and IT architecture.

    Maarten Vervoorn

    "A strategic, step-by-step approach can help reduce dependency while maintaining performance and security"

    The results: a continuous path to resilience


    By executing this approach, organizations gain more than just compliance. They build a cloud strategy that enhances trust, resilience, control, and long-term sustainability. This is not about overnight transformation but a continuous process of evaluation, adaptation, and risk reduction:

    • Greater resilience: Reducing dependency on a single provider safeguards operations against geopolitical and economic disruptions.
    • Improved bargaining power: A diversified cloud portfolio gives enterprises leverage in negotiations and pricing. Reduced vendor lock-in reduces the effect of unilateral price increases.
    • Long-term flexibility: With open architectures and multiple vendor options, organizations can shift workloads strategically as new technologies emerge.
    • Regulatory alignment: A sovereignty-first approach ensures compliance with evolving EU regulations while maintaining operational excellence.
    • Business security: Data remains under company control, reducing exposure to third-party risks and unexpected policy changes.
    Organizations that embrace this approach don’t just mitigate risks, they take charge of their digital future. Read the full article on Microsoft’s confession and its impact on European cloud strategy here.

    Conclusion: cloud sovereignty as an Evolution, not a Revolution



    You don’t need to choose between agility and sovereignty. A strategic, stepwise approach enables organizations to balance compliance, resilience, and innovation without disrupting operations. While complete decoupling from hyperscalers isn’t feasible today, thoughtful planning, technological preparedness, and structured execution will lay the foundation for a more sovereign digital future.


    Sources
    European cloud providers grow but lose market share to US titans
    European Cloud Providers Continue to Grow but Still Lose Market Share | Synergy Research Group
    The EU Data Act: The Long Arm of European Tech Regulation Continues
    AWS, Microsoft, Google own most of Euro customer cloud spend • The Register
    European Digital Sovereignty


    Maarten Vervoorn CTO