In recent years, many European organisations have relied heavily on hyperscalers such as AWS and Microsoft Azure, global cloud giants whose vast scale and infrastructure have shaped much of today’s cloud landscape. Their platforms have powered AI development and facilitated data-driven and large-scale digital transformation initiatives across sectors.
However, this reliance has come at a cost. As cloud adoption accelerates, questions surrounding data sovereignty, surveillance laws and compliance are becoming more difficult to ignore. Organisations are increasingly aware that storing sensitive data and running critical workloads on infrastructure controlled by non-European entities exposes them to external jurisdictional risks and potential government access.
With 92% of organisations saying geopolitical shifts have heightened sovereignty concerns and all reporting that these risks, including possible service disruption, are forcing them to reconsider data location strategies, the dependency on global cloud giants is under growing scrutiny.
The cloud conversation in Europe is shifting, but the message is clear: innovation cannot come at the expense of sovereignty.
The sovereignty dilemma
As European organisations consider migrating sensitive workloads, such as R&D and customer data to global cloud platforms, legal and compliance teams are raising serious concerns. The Schrems II ruling, stringent obligations of GDPR and the growing scrutiny of foreign jurisdiction have exposed a critical vulnerability. Once data leaves European borders or falls under non-EU governance, true control is compromised.
This dilemma is being felt across the continent. Enterprises, governments and industries are looking for new approaches that allow them to innovate while still protecting data sovereignty, defined as the right for data to be governed by European laws, stored on European soil and managed by European entities.
The focus now is to move beyond the false choice between innovation and control, without compromising compliance, privacy or independence.
Achieving true data sovereignty
To navigate this increasingly complex landscape, European organisations must adopt practical strategies that ensure sensitive data remains under EU governance, even when leveraging global cloud services.
These strategies include:
- Prioritising providers that operate fully under European legal jurisdiction is essential, but be aware that even when hyperscalers set up European entities, the US CLOUD Act may still apply
- Embedding contractual safeguards that explicitly guarantee data and operational control remain subject to EU law
- Implementing technical measures such as encryption, access controls and data residency policies to ensure sovereignty is enforced by design, not just asserted in policy
The path forward lies in a balanced approach. Rather than choosing between innovation and control, forward-looking enterprises must adopt a cloud strategy that brings together the scale and capabilities of hyperscalers with the trust, compliance and sovereignty of European providers. Critical workloads such as AI, machine learning, data analytics and DevOps pipelines can remain within EU borders while still operating under unified governance and policy frameworks.
This shift is already underway, with 78% of organisations embracing data strategies that include engaging with multiple service providers, adopting sovereign data centres and building enhanced governance requirements into their commercial agreements.
The next phase of cloud maturity will be defined by intelligent orchestration rather than dependence. Organisations that can seamlessly coordinate workloads, policies and data flows across diverse environments will be best positioned to innovate responsibly. True sovereignty is not about isolation; it’s about the freedom to innovate on an organisation’s own terms.
For European enterprises, preserving sovereignty does not mean retreating from innovation, but redefining how it is adopted. Cloud-native services, AI-driven automation and digital platforms should be embraced without fear of compliance gaps.
With intelligent orchestration, enterprises can achieve the flexibility to choose fitting providers and services, optimise cloud costs by balancing local and global infrastructure resources, as well as operational resilience, ensuring continuity even under regulatory disruption or geopolitical shifts.
A new standard for European cloud strategy
The future of cloud in Europe isn’t about choosing sides; it’s about orchestrating freedom. With the right strategy, European enterprises can protect their data, uphold their values and still move at the speed of innovation. Sovereignty and progress are no longer opposing forces; they are two sides of a balanced, resilient future.
Europe’s cloud journey is entering a new chapter, one where sovereignty strengthens, rather than limits, innovation. By embracing architectures that respect local governance while harnessing global capabilities, organisations across Europe can build technology foundations that are secure, compliant and ready for what comes next.
Dmitry Panenkov
Dmitry Panenkov is CEO and founder of emma, the cloud management platform.
