As geopolitical lines are redrawn across the globe, the digital landscape is fracturing along with them. Nowhere is this more apparent than in Europe, where a push for “digital sovereignty” is reshaping a multi-billion dollar cloud computing industry. We’re joined by Maryanne Baines, a leading authority on cloud technology, to dissect this complex intersection of technology, politics, and business. She will help us understand Europe’s ambitious, and expensive, quest to reclaim control over its data, exploring the strategies driving this shift and the skepticism surrounding the solutions offered by US tech giants.
The US CLOUD Act and sanctions against foreign officials have heightened concerns about data access. How are European executives translating this political uncertainty into concrete digital infrastructure strategies? Please walk me through the key steps they are taking to manage this new level of risk.
It’s a palpable sense of unease that has moved from the political pages to the boardroom. The CLOUD Act was the first tremor, but recent events, like the temporary service cutoff for the International Criminal Court’s chief prosecutor after he was sanctioned by the US, sent a real shockwave. Suddenly, the risk isn’t just theoretical. C-level executives, not just the CIOs, are now asking a fundamental question: “Can we truly rely on digital infrastructure from US-based providers when political winds can shift so unpredictably?” This uncertainty is poison for long-term planning. In response, they are actively de-risking their digital supply chains. They’re moving beyond simple risk assessments to building genuine resilience. This means diversifying their provider portfolio, ringfencing critical data, and, most importantly, initiating serious investment in local and regional cloud providers to regain a measure of control and certainty.
We see some European firms investing billions in their own clouds, while others partner with US hyperscalers to build local skills, much like Airbus did in aeronautics. What are the key trade-offs between these two strategies? Could you describe the decision-making process for a company choosing one path?
It’s a classic “build versus buy” dilemma, but with massive geopolitical stakes. On one hand, you have the “build” path. Think of the Schwarz Gruppe, the owner of Lidl, pouring an incredible €11 billion into its own cloud, STACKIT. This strategy offers the ultimate prize: complete control and true strategic sovereignty. The downside is that it’s enormously expensive, and even with that level of investment, it’s incredibly difficult to match the sheer scale, R&D, and feature velocity of the American hyperscalers.
On the other path, you have the “partner” or “learn” model, which is fascinatingly compared to how Airbus developed its expertise after WWII by working with US aeronautics firms. Companies like Airbus are partnering with Google and Microsoft through European intermediaries like Thales and Orange. The trade-off here is accepting a degree of dependency today in exchange for building the skills and ecosystem needed for independence tomorrow. A company’s choice really boils down to its risk calculus. If the primary concern is immediate business interruption—a risk Airbus considers low-likelihood but very high-impact—partnering makes sense. If the goal is long-term economic sovereignty and insulation from foreign law, then the difficult, expensive path of building becomes more attractive.
US hyperscalers are launching “sovereign” services run by EU subsidiaries, yet many European customers remain unconvinced. Beyond the parent company ownership, what specific technical or governance gaps make these offerings insufficient? Please share some metrics or criteria that clients use to evaluate true sovereignty.
This is the core of the trust issue. The US providers have created some impressive technical solutions. AWS’s European Sovereign Cloud, for instance, is physically and logically separate, and they’ve set up a German GmbH with EU citizens at the helm to manage it. But when you scratch the surface, clients see that AWS European Sovereign Cloud GmbH is still a 100 percent subsidiary of Amazon Inc. That’s the sticking point. True sovereignty isn’t just about where the servers are; it’s about the ultimate chain of command and legal obligation. As long as a US parent company can be compelled by its government to hand over data or cease services, the European entity isn’t truly independent. Clients are looking past the marketing. They’re asking: Who has ultimate control? Can the US parent be firewalled from operational decisions? Is the subsidiary legally obligated only to European law, even in a conflict with US law? Until the US providers can give up that final layer of control, their offerings will be seen as a form of “sovereignty-lite” that doesn’t fully mitigate the geopolitical risk.
Forecasts show Europe’s sovereign cloud spending will triple by 2027, growing from a base of nearly $7 billion. What types of new workloads are being prioritized for these local sovereign clouds, and why is it more practical to focus on them rather than migrating existing complex systems?
The growth is staggering, and it reflects a very pragmatic approach. No one is seriously talking about a “rip and replace” of their existing hyperscaler infrastructure. The reality is that many core business systems are deeply entangled with the proprietary services of the big US providers, and migrating them would be incredibly complex and costly. The focus, therefore, is on the future. We’re seeing new applications, particularly in the public sector, healthcare, and critical infrastructure, being developed from day one on local sovereign platforms. Additionally, companies are looking at the vast amount of data and workloads that still sit on-premises in their own data centers. These are the prime candidates for migration. It’s far easier and less disruptive to move these systems to a sovereign cloud than it is to untangle a deeply integrated system from a US hyperscaler. It’s an incremental strategy: secure the future first, then chip away at the past.
What is your forecast for Europe’s sovereign cloud market?
I see a future defined by a hybrid and multi-cloud reality, but one with a distinctly European flavor. We won’t see the US hyperscalers disappear from Europe; their technology and scale are too compelling. Instead, we’ll see a tiered market emerge. The most sensitive data and critical new workloads, especially for government and regulated industries, will increasingly land on true sovereign clouds—those owned and operated entirely within Europe. The US providers, through their “sovereign-branded” offerings, will compete for the next tier of less sensitive commercial workloads. This will force a more competitive and diverse ecosystem. European providers will have a protected market for high-trust workloads, giving them the runway to innovate and scale, while European customers will gain more choice and, ultimately, more control over their digital destiny. It’s not about building a wall; it’s about building a house with your own set of keys.
