Global uncertainty is reshaping cloud strategies in Europe

When Austria’s Ministry of Economy, Energy, and Tourism set out to replace Skype for Business as its virtual meeting platform, Microsoft Teams was the obvious choice. The newer collaboration app is already used across other ministries, and it was widely  assumed that the Ministry of Economy would follow suit.

“From a management perspective, the path was clear to Teams,” said Martin Ollrom, the Ministry’s CIO. But when the IT, security, and legal leaders reviewed the cloud-hosted application, they reached a different conclusion.  

Teams, they argued, posed an unacceptable risk. Call and message data would be processed using software and infrastructure controlled by a US vendor and could therefore be subject to foreign government access requests.

“The point is that every voice message will be processed on external computer systems which are not under our full control,” said Florian Zinnagl, the Ministry’s CISO. “At the end of the day, if a security agency from the US wants to force a US vendor to pull out data, then they have to do this.”

Instead, the Ministry deployed an open-source collaboration suite on its own servers, rolling it out to 1,200 staff earlier this year. While opting for open-source software over a popular proprietary application such as Teams (which has 320 million monthly users worldwide, according to the most recent stats) may be uncommon, it reflects a growing shift in attitudes among European organizations, as some reassess where applications are hosted and who controls the underlying infrastructure and data.

Europe has been debating digital sovereignty for years, but the issue has gained new urgency amid rising geopolitical tensions. “The political environment is changing very fast,” said Ollrom.

Digital sovereignty is a strategy aimed at retaining control over data, applications, and infrastructure in accordance with local regulatory laws and requirements. It relates to where data is stored and processed, who can access it, and under which legal jurisdiction. Some definitions also extend to the development of a domestic technology industry and reducing reliance on foreign suppliers.

A combination of trade disputes, sanctions that affect access to technology, and the possibility of tariffs on digital services has prompted many European organizations to reconsider their reliance on US hyperscaler clouds.

“We have seen a significant second wave of interest on digital sovereignty in the last 12 to 18 months,” said Mauro Capo, digital sovereignty lead for EMEA at IT consultancy Accenture.

Geopolitics is already reshaping cloud strategies. A recent Gartner survey of 214 Western European CIOs and IT leaders showed that 61% intend to shift more workloads to local or regional providers for in response to geopolitical concerns. At the same time, 53% plan to restrict use of global hyperscalers, and 44% said they’ve already started.

How geopolitical factors are impacting the use of global providers and cloud solutions. Source: Gartner survey, Nov. 2025 (Western Europe responses).
Gartner

Artificial intelligence is a growing consideration too: 60% of European organizations plan to increase investment in sovereign AI technology in the next two years, according to an Accenture survey report published in November. 

What was once largely a public-sector concern now attracts growing interest across a wide range of private organizations as well. Accenture is currently working with around 50 large European organizations on digital-sovereignty-related projects, said Capo. This includes banks, telcos, and logistics companies alongside clients in government and defense.

That doesn’t mean European organizations plan to move away from hyperscalers entirely. Any widespread repatriation of cloud workloads is unlikely in the foreseeable future. Instead, many organizations are “revisiting their cloud strategies,” said René Buest, senior director analyst at Gartner, evaluating how they can mitigate risks and reduce dependencies on global cloud providers.

Europe’s reliance on US hyperscalers

The term digital sovereignty dates back to the early 2000s, but interest in the concept has accelerated since the late 2010s, as governments and regulators explored ways to reduce dependence on foreign cloud providers. This included initiatives such as the European Commission’s GAIA-X Framework and France’s SecNumCloud certification. At the same time, the introduction of the General Data Protection Regulation compelled organizations to pay closer attention to  where data is stored, how it’s processed, and who has access to it.

Yet even as sovereignty concerns rise, Europe has remained deeply reliant on US cloud firms for access to cutting-edge technologies. Three hyperscalers — Amazon Web Services, Google, and Microsoft — now account for 70% of the cloud market in the region, according to a Synergy Research Group report, with European providers making up just 15%.

US cloud providers power a range of vital services across the continent. In Germany, for instance, various federal authorities use US cloud providers, as do a wide range of UK organizations, from the National Health Service to GCHQ intelligence service, which hosts classified documents on AWS servers in the UK. The European Commission is one of many public bodies that use the Microsoft 365 office suite, having recently brought its use into compliance with EU data rules.

These cloud services have provided clear benefits to customers, including strong security, global scalability, lower infrastructure costs, and access to advanced AI and analytics tools.

So why would some European organizations be intent on limiting their use of these platforms?

A key concern, according to an IDC survey, is the possibility that a foreign government could compel access to their data even when it is stored in a hyperscaler’s European data center. Under US laws such as the 2018 CLOUD Act and the Foreign Intelligence Surveillance Act (FISA), US-headquartered cloud providers may be required to transfer data to US authorities, regardless of where the data is located.

Source: IDC’s 2025 Worldwide Digital Sovereignty Survey (Aug. 2025).
IDC

In a French Senate hearing this year, Microsoft France president Anton Carniaux said the company could not guarantee that customer data would never be transferred to US authorities under the CLOUD Act, though he said “it has never happened before” and the company would resist any such demands in future.

Another worry is the possibility that cloud services will be swept up in future trade disputes. If the EU imposes retaliatory tariffs on digital services, the cost of using hyperscaler cloud platforms could hike overnight, and organizations heavily dependent on them may find it hard to switch to a cheaper option.

There’s also the prospect that organizations could lose access to cloud services if sanctions or export restrictions are imposed, leaving them temporarily or permanently locked out of systems they rely on.

It’s a remote risk, said Dario Maisto, a senior analyst at Forrester, but a material one.  “We are talking of a worst-case scenario where IT gets leveraged as a weapon,” he said.

This may have been the case for the International Criminal Court’s (ICC) chief prosecutor, Karim Khan. Staffers claim that he lost access to Microsoft services earlier this year, several months after US President Donald Trump placed sanctions on the organization. Microsoft has since denied it suspended services for the ICC.

Other examples include Adobe cutting off Venezuelan customers in compliance with US sanctions against that country in 2019, while Microsoft temporarily blocked access to apps such as Teams and Outlook for Indian energy firm Nayara earlier this year. 

It’s a threat that some European organizations are starting to take more seriously.

“It’s not only technically possible to deactivate our services, because of the political situation it’s becoming more and more likely,” said Ollrom from the Austrian Ministry of Economy. “Everybody says it’s just a theoretical scenario, but now they see it’s not only theoretical.”

Source: Accenture survey (Jul–Aug 2025).Accenture

Open source as a sovereignty strategy

For some European organizations, a move to open-source software is central to their sovereignty strategies. This is particularly the case in the public sector, and likely to increase in the region: one of the commitments made during a digital sovereignty summit in Berlin led by German Chancellor Friedrich Merz and French President Emmanuel Macron was to “broaden the use of open-source tools in their administrations.”

The German state of Schleswig-Holstein is one example, having completed the migration of 40,000 employee email accounts from Microsoft Exchange Server and Outlook to Open-Xchange and Mozilla Thunderbird this year. It previously switched from Windows to Linux on desktops, and Microsoft Office to Libre Office.

In Denmark, the country’s Ministry of Digitalization has begun to phase out Office 365 in favor of LibreOffice, following similar moves by the municipalities of Copenhagen and Aarhus.

The Austrian Ministry of Economy is another example. With on-premises versions of Skype for Business and SharePoint approaching end of support, it migrated to a suite of open-source workplace applications from German software vendor Nextcloud this year, hosted on its own infrastructure. Nextcloud’s suite of applications includes tools for voice and video communication, document editing, wiki-like knowledge management, and project management.

A proof of concept began in autumn 2024, followed by a three-month pilot. A full launch to staff on desktop and mobile followed in April. Teams hasn’t been phased out entirely, however; the Ministry continues to use the application for external events.

From a technical perspective, it was a “very smooth project,” said Ollrom, helped by the fact that it was a greenfield migration and didn’t require migrating and integrating data.

There were challenges around change management, as staff adapted to a new and unfamiliar set of digital tools. Many wanted to use Teams, as they’ve used it at home and in other jobs, said Ollrom. For the most part, though, staff are happy to have more modern workplace tools and the ability to work on mobile devices. Employee adoption is high, Ollrom and Zinnagl said, in part due a pre-launch information campaign with short videos to introduce the application. The next steps are to optimize the deployment and focus on driving adoption across the remaining workforce.

As well control over data and technology, the shift to an open-source application suite has other benefits, such as around availability. “When there’s a major outage in a cloud service like Office 365, you have no control. In our own data center, we can manage and resolve issues ourselves,” said Zinnagl. Cost is another advantage — “Microsoft is way more expensive than Nextcloud,” said Ollrom — as is avoidance of vendor lock-in.

Following the digital workplace project, the Ministry will continue its open-source push. It’s considering VMware’s infrastructure virtualization with an open-source alternative from an Austrian vendor, as well as swapping Microsoft’s SQL Server for postgreSQL or MariaDB.

According to Gartner’s survey, 55% of CIOs and IT leaders said open-source technologies will be an important factor in their future cloud strategies.

Accenture’s Capo said the consultant has seen increased interest in open-source tools among clients — but noted that hosting open-source applications on-premises isn’t for everyone. Implementations and ongoing management can be a significant undertaking, requiring a “step up in terms of skills” for in-house staff and often the need for third-party support, he said.

“Above all, there is the topic around manageability of the solutions … you have to think carefully what it means operating and managing solutions that are based on a community, whether it’s security patches, updates, and so on,” he said.

A ‘hybrid’ model the likely result

As more organizations revisit their cloud strategies, many are landing on a hybrid model with a mix of European and non-European cloud services.

That’s the case for 57% of European organizations in Accenture’s survey, with decisions around sovereignty “based on the balance between performance, price, and sensitivity of the data they manage,” Capo said.

Source: IDC’s 2025 Worldwide Digital Sovereignty Survey (Aug. 2025).
IDC

That shift has forced vendors to respond. As interest in digital sovereignty has grown, European technology vendors have sought to capitalize on demand.

SAP has launched its own Sovereign Cloud service, with the option to use its cloud provider subsidiary, Delos, and plans to invest €20 billion (about $23.5 billion US) in its sovereign cloud. The German business software vendor has also partnered with European AI firm Mistral to create the “first full AI stack for Europe.”

Other software vendors are taking a similar approach. Nextcloud, for example, has partnered with German cloud provider IONOS to deliver what it describes as an open-source alternative to Microsoft 365 for European businesses.

“As demand is coming up, offerings are being developed in the market — something that we had not seen before up to one year ago,” said Maisto from Forrester.

European infrastructure providers such as OVHcloud, IONOS, and Scaleway are also keen to emphasize their digital sovereignty credentials, touting European ownership and operations as an alternative to US cloud providers.

Yet European cloud providers struggle to rival hyperscalers’ services, with trade-offs in areas such as functionality and scalability. Almost two thirds (65%) of respondents to the Accenture survey said they can’t remain competitive without non-European technology providers.

At the same time, US cloud providers have introduced their own sovereign-cloud variants to reassure customers with data residency services, as well as options for management by European citizens.

Microsoft expanded its Soveriegn Cloud plans this year, for example, introducing a Data Guardian service that ensures only Microsoft staff residing in European countries can access customer data. It launched a Sovereign Private Cloud option, as well as Microsoft 365 Local, essentially a version of Microsoft’s cloud productivity apps that can be installed locally on a customer’s own servers. AWS, Google, and Oracle have also announced plans to launch or expand sovereign cloud services in the region.

These sovereign cloud services offered by hyperscalers have the benefit of access to familiar technologies and some of the scale of public cloud, albeit with some constraints.

However, they typically cost significantly more than the standard public cloud option: between 10% and 20% more for Google Sovereign Cloud, for example, and 15% to 30% for Oracle EU Sovereign Cloud, according to Boston Consulting Group. And while these sovereign-cloud models may reduce the risk of data being subject to access or transfer requests by foreign governments, they do not eliminate it entirely, and questions remain over how sovereign such services are in practice.

Alongside these approaches, a third model has emerged that seeks to combine local control with access to hyperscaler technology. Here, US cloud providers’ software is delivered through infrastructure operated by local partners. In Germany, for instance, Google is working with StackIT to deliver its Workspace apps, while Microsoft offers Azure and Microsoft 365 services in France via Bleu (a joint venture between Orange and Capgemini), an example of Microsoft’s National Partner Cloud strategy.

How to make decisions around digital sovereignty

So how should organizations navigate this complex landscape? It’s best to start by taking a risk management approach, said Gartner’s Buest, and categorize workloads by placing them on a spectrum in terms of what’s most critical.

For applications where a high level of sovereignty is required, a local or regional provider may be preferable, he said. At the other end of the spectrum would be tools that pose less of a risk in a hyperscaler cloud — an office room-booking application, for instance.

“If it’s not available, well, it hurts, but it doesn’t have a very huge impact on your organization,” said Buest. “It’s different if your ecommerce website is down, or other types of processes you need to exist as an organization.”

srcset='https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?quality=50&strip=all 1188w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=300%2C163&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=768%2C418&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=1024%2C558&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=150%2C82&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=854%2C465&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=640%2C349&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/12/gartner-2025-sovereign-cloud-deployment-spectrum.png?resize=444%2C242&quality=50&strip=all 444w' width='1024' height='558' sizes='auto, (max-width: 1024px) 100vw, 1024px'>Source: 2025 Gartner report on digital sovereignty strategyGartner

It’s also important to consider how easy it is to move away from a particular vendor if necessary. This is where open standards and open source can be helpful, as well as technologies such as containers that make it easier to move if necessary. “Portability is something that becomes more and more important,” said Buest.

Adoption of cloud-native technologies can, generally-speaking, improve workload portability.

Craig Tivendale, Volvo Connected Solutions cloud provisioning manager, said the firm has used AWS for around a decade to store and process data locally in several regions where it operates — including Europe, the US, China, Japan, and South Korea — to meet data residency requirements and reduce latency. He said the company is satisfied with the service provided by AWS and wouldn’t seek to change this relationship (or move to the European Sovereign Cloud service that AWS has begun rolling out) unless new legal requirements were to emerge.

Should that need arise in the future, he said, the company’s cloud systems are architected to support portability. “We could move a lot of our workloads as they’re containerized,” he said. “From that perspective, it shouldn’t be too difficult.”

A bigger challenge would lie in the various external services the company depends on, such as mapping platforms and telecoms providers, which would need to be reconnected and tested in a new environment. “If you’re using provider-specific services, you need to figure out what the equivalent is elsewhere, and then go through the whole development and testing cycle again,” he said.

Alongside these technical considerations, there are organizational challenges to address too. For IT leaders who want to change their cloud strategy, it’s important to get senior executives and CEOs on board.

“Sovereignty was — and still is — mostly a topic relegated to compliance and technical managers,” said Accenture’s Capo, “while this transition towards a new set of ecosystem partners is really a board-level discussion. Moving this topic to the board and to the CEO is an imperative that we urge clients to proceed with.”

Senior leaders may be more willing to support a change in strategy once they are aware of both the risks associated with global cloud services and, importantly, the options that support digital sovereignty. “Give them alternatives,” suggested the Austrian Ministry’s CIO, Ollrom.

“They know the most common tools like Microsoft Teams; they don’t think about alternatives. If you give them a very clear and logical strategy why Microsoft Teams or any other cloud service is maybe an enterprise risk, I [have had the experience] that they never say no,” he said.

“You have to be open-minded. And you have to transport this open-mindedness to the next management level.”

Ultimately, it’s about shifting expectations, said Zinnagl, the Ministry’s CISO. “They didn’t believe before that it’s possible to use other tools than Microsoft here — we showed that it is,” he said. “There are a lot of other really cool enterprise tools out there: open source or not open source, but from a local or European vendor.”

More on digital sovereignty:

An EU breakup with US cloud providers

Why CIOs need to respond to digital sovereignty now

M365 Copilot data processing goes local to meet sovereignty demands

EuroStack: Europe’s path to digital independence?

Local clouds shape Europe’s AI future

End-to-end encryption is next frontline in governments’ data sovereignty war with hyperscalers

Nvidia: ‘Sovereign AI’ will change digital work