Breaking the 92% dependency: why European businesses need local cloud solutions

Europe’s cloud market is dominated by foreign providers. Here’s why that’s a risk, and how going local can strengthen your business.

Relying on non-European cloud providers can put your business at risk of losing control over your data, infrastructure, and innovation. Local cloud solutions not only help you maintain digital sovereignty but also provide secure and flexible access to data and systems from anywhere with an internet connection, while ensuring compliance with local regulations.

The EU’s General Data Protection Regulation (GDPR) and the European Cloud Computing Strategy are designed to protect data privacy and promote secure, sovereign digital infrastructure. These initiatives are part of a broader data regulation landscape that shapes how data is handled, protected, and governed within the EU.

Momentum for digital sovereignty is building as organizations recognize the importance of controlling their digital assets. The growing demand for digital infrastructure and secure cloud solutions is driving both public and private sector strategies.

What is digital sovereignty?

Digital sovereignty is rapidly becoming a cornerstone of modern information technology policy, especially within the European Union. At its core, digital sovereignty is about empowering countries and organizations to control their own digital infrastructure, data, and innovation pathways. This means having the ability to decide where and how data is stored, processed, and protected, as well as fostering the development of local cloud services and solutions that align with national interests.

The push for digital sovereignty has gained momentum as governments and businesses recognize the risks of relying on foreign cloud providers for critical infrastructure and services. The European Union has taken a proactive stance, introducing regulations like the General Data Protection Regulation (GDPR) and launching the European Cloud Computing Strategy to give citizens and businesses more control over their data. These initiatives are designed to ensure that data protection is not just a legal requirement, but a fundamental part of the digital economy.

In cloud computing, digital sovereignty is essential for maintaining secure and compliant operations, particularly when handling sensitive or regulated data. By leveraging local cloud solutions—such as the Swiss Government Cloud—governments and organizations can ensure that their data remains under local jurisdiction, subject to national laws and standards. This approach not only enhances data protection but also supports innovation and the development of robust digital infrastructure, giving countries more control over their digital destiny.

What the 92% really means

In Europe, more than 92% of cloud infrastructure is run by US providers. Amazon Web Services, Microsoft Azure, and Google Cloud lead the market, with only a small share left for homegrown providers. It’s a figure that raises questions—not only about competition but about control, compliance, and resilience. The extent to which European businesses rely on foreign providers for their digital infrastructure highlights significant concerns about technological independence and regulatory divergence.

These companies offer scale and convenience, but their dominance leaves European businesses exposed to external laws, shifting pricing models, and geopolitical risks. The dependency is deep, and for many organisations, invisible—until a policy change, a compliance issue, or a service outage brings it to the surface. Cloud services replace hardware like on-prem servers with a global network of secure servers accessed over the internet, allowing businesses to store data securely in the cloud, offering flexibility and scalability but also introducing new layers of dependency and risk.

Why reliance on US providers is risky

Compliance and legal uncertainty

Operating under a US-based provider means being subject to American laws, including the US Cloud Act, which can compel disclosure of data stored outside US borders. This creates a potential conflict with European data protection rules, particularly the GDPR, which seeks to unify personal data protection rules across the EU. Even with contractual safeguards, the legal landscape is far from settled. Legal challenges persist in digital sovereignty frameworks despite ongoing negotiations on data protection, adding further complexity to the issue.

Vendor lock-in

Many US cloud platforms are designed to keep customers within their ecosystems. Once your infrastructure, data, and workflows are tied to proprietary tools, the cost—financial and operational—of moving elsewhere can be steep.

Security and geopolitical concerns

Europe’s political interests don’t always align with those of the US. In times of geopolitical tension, this dependency could have consequences, from disrupted services to increased compliance burdens. For critical sectors like healthcare, finance, or government, these risks are more than theoretical. Different approaches to digital sovereignty have deepened geopolitical competition, further emphasizing the need for Europe to reduce its reliance on foreign cloud providers.

Cloud Computing Options: Public vs Private Cloud

When considering cloud computing, organizations are often faced with the choice between public and private cloud environments. Public clouds, offered by major providers like AWS and Microsoft Azure, deliver scalable cloud services in a shared infrastructure model, making them cost-effective and easy to deploy. However, because resources are shared among multiple customers, public clouds may present challenges for organizations with strict data protection or compliance requirements.

Private clouds, in contrast, provide dedicated infrastructure—either on-premises or hosted by a third party—offering more control, enhanced security, and greater customization. This makes private clouds particularly attractive for businesses and governments that prioritize data protection and need to comply with stringent regulations. The trade-off is typically higher costs and increased management complexity.

Hybrid cloud solutions have emerged as a strategic middle ground, allowing organizations to combine the scalability and flexibility of public cloud services with the control and security of private clouds. This approach enables sensitive data and critical workloads to remain in a secure, private environment, while less sensitive operations can leverage the cost and performance benefits of the public cloud. The European Union’s cloud computing strategy highlights the importance of hybrid clouds in achieving digital sovereignty, as they provide the flexibility to adapt to evolving regulatory and business needs.

Ultimately, the choice between public, private, or hybrid cloud models should be guided by an organization’s specific data protection requirements, compliance obligations, and need for control. By carefully evaluating these options and working with local cloud providers, businesses can ensure their cloud infrastructure is both secure and aligned with digital sovereignty goals.

European cloud initiatives

Europe isn’t standing still. Across the continent, governments and private companies are building local alternatives aimed at strengthening digital sovereignty, which refers to the ability to have control over your own digital destiny, including control over the data, hardware, and software relied on and created by a nation. Digital sovereignty is a concern for many policymakers due to control being ceded to too few entities. Countries generally agree on the need to foster homegrown tech industries, recognizing the strategic importance of reducing reliance on foreign providers. Investments in innovation are critical for strengthening digital resilience in a hybrid multi-cloud context, ensuring that local solutions remain competitive and adaptable to evolving technological demands.

• Switzerland’s Government Cloud: An established, secure, state-backed infrastructure designed to keep sensitive public-sector data within the country’s borders. The Swiss Government Cloud (SGC) will establish a hybrid multi-cloud infrastructure tailored to the requirements of federal authorities. The SGC will consist of public cloud, public cloud on premises, and private cloud on premises. The private cloud on premises will store and process data exclusively on the Federal Administration’s systems. The public cloud on premises allows users to benefit from public cloud services while processing data locally. Public cloud services within the SGC offer a high degree of scalability and a broad portfolio of innovative services.
• GAIA-X: A European initiative to create a federated cloud ecosystem based on transparency, interoperability, and trust.
• Hivenet, OVHcloud, Scaleway, and others: Commercial providers based in Europe that prioritise compliance with EU regulations and data localisation.

These efforts reflect recent developments in cloud computing and digital sovereignty across EU countries.

These initiatives aren’t just political statements—they’re building infrastructure tailored to regional needs, regulatory realities, and security expectations. Compliance with regulations across EU countries is a key driver for these initiatives.

Case Study: The Swiss Government Cloud Model

The Swiss Government Cloud (SGC) stands out as a leading example of how digital sovereignty can be put into practice. Designed to meet the unique needs of the Swiss federal government and its citizens, the SGC is a hybrid cloud platform that integrates a broad portfolio of cloud services, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).

A key strength of the SGC is its commitment to open source software, which gives the government more flexibility and control over its technological ecosystem. By adopting a multi-cloud approach, the SGC leverages multiple cloud providers, reducing dependency on any single vendor and ensuring continuity of service. This architecture not only enhances security and compliance but also allows the government to adapt quickly to changing requirements and emerging technologies.

The SGC’s focus on data protection and digital sovereignty is evident in its design: sensitive data is stored and processed within the federal administration’s own infrastructure, while public cloud services are used for less sensitive workloads. This ensures that the government retains full control over critical information, while still benefiting from the scalability and innovation offered by modern cloud platforms.

Beyond security and compliance, the SGC supports Switzerland’s digital transformation by providing advanced tools for data analytics and artificial intelligence. These capabilities enable the government to harness the power of data for better decision-making and more efficient public services, all while maintaining the highest standards of data protection and digital sovereignty.

Competitive advantages of local cloud services

Stronger data protection

Local providers operate under the same regulatory framework as their clients. GDPR compliance isn’t a box-ticking exercise—it’s built into how they store, process, and manage data.

Proximity and support

Physical closeness often means lower latency and faster response times. Local support teams understand the regulatory and business environment you work in, making troubleshooting and compliance discussions simpler. Additionally, local cloud solutions can improve latency and performance by processing data closer to the source. They also enhance data security by keeping sensitive information within the physical control of the organization. Local cloud solutions typically offer customizable infrastructures to meet the specific needs of businesses. Furthermore, businesses migrating to the cloud can achieve at least a 20% improvement in their carbon footprint, contributing to sustainability goals. Cybersecurity measures must adapt to the challenges posed by hybrid multi-cloud environments, ensuring that data remains secure across diverse systems. Training and governance are essential for secure and effective use of hybrid multi-cloud environments, helping organizations navigate the complexities of managing multiple platforms.

Economic and strategic value

Choosing local can boost regional economies, create jobs, and reduce Europe’s reliance on foreign infrastructure. For some businesses, this alignment with local policy is also a reputational advantage. Moreover, using local cloud solutions can reduce costs associated with data transfer and storage fees from public internet clouds.

Cost-benefit analysis of moving local

Switching from a global hyperscaler to a European cloud provider comes with costs: migration planning, potential retraining, and adapting applications to new environments. But the long-term gains can outweigh them: Local cloud solutions can integrate seamlessly with existing IT systems, reducing disruption during deployment. Cloud migration projects typically take a minimum of 2 months to complete, so careful planning and phased implementation are crucial to minimize operational impact. One example is the challenge of ensuring data integrity during the transfer process, which can require additional validation steps and temporary parallel operations. Larger and more complex cloud migration projects, however, can take several years to complete, requiring sustained effort and resources. The cost of cloud services can range from a few hundred dollars per month to a few thousand dollars, depending on the services needed, making it essential for businesses to evaluate their specific requirements and budget accordingly.

• Reduced compliance risk means fewer legal challenges and associated costs.
• Lower exit barriers make it easier to adapt as technology changes.
• Customer trust grows when you can clearly state where their data lives and under which laws it’s protected. Local cloud providers often support regulatory compliance by ensuring data residency and sovereignty requirements are met. Many local cloud providers offer managed services such as databases and Kubernetes to facilitate software deployment. Some also provide AI-powered tools like recommender engines to enhance user experience and improve content management.

For many businesses, the upfront investment pays off in resilience, flexibility, and reputation.

Future Outlook and Governance

Looking ahead, the drive for digital sovereignty is set to shape the future of cloud computing and the broader digital economy. As more countries and organizations recognize the strategic importance of controlling their digital assets, we can expect continued investment in local cloud services, robust data protection frameworks, and innovative technological ecosystems.

However, achieving true digital sovereignty comes with significant challenges. Ensuring data security, maintaining compliance with evolving regulations, and fostering transparency in cloud services will require ongoing collaboration between governments, the private sector, and technology providers. The European Union is leading the way with initiatives like the GDPR and the European Cloud Computing Strategy, but a holistic approach is needed—one that integrates technology, policy, and education.

Governance will play a critical role in this process. Developing clear standards, conformity assessments, and accountability mechanisms will help build trust in cloud solutions and support the responsible use of emerging technologies such as artificial intelligence. The World Economic Forum has highlighted the need for a human rights-oriented approach to digital governance, emphasizing the importance of protecting individual rights while enabling innovation.

To secure a resilient digital destiny, countries must invest in digital literacy, support the development of open source software, and encourage the adoption of renewable energy in cloud infrastructure. By working together, governments, businesses, and individuals can create a digital future that is secure, compliant, and innovative—ensuring that control over data and technology remains in local hands and benefits society as a whole.

Action plan for moving local

1. Assess your current cloud footprint: Know where your data is stored, which laws apply, and what your critical dependencies are.
2. Identify priority workloads: Start with services that hold sensitive or regulated data.
3. Evaluate providers: Look beyond price. Consider certifications, compliance record, interoperability, and customer support.
4. Pilot and phase migration: Test with non-critical workloads before moving core systems.
5. Monitor and adapt: Review performance, security, and compliance regularly. It's recommended to conduct a Cloud Readiness Assessment before moving to the cloud to determine if systems can transition with minimal disruption.

Final Thoughts

Europe’s 92% reliance on US cloud providers is more than a market statistic—it’s a strategic vulnerability. Shifting part of your infrastructure to local cloud solutions reduces legal risk, strengthens compliance, and builds resilience against geopolitical and market shocks. The dominance of Chinese and US technologies is raising concerns in the EU regarding competition. The EU's AI Act and broader AI governance frameworks are shaping the regulatory environment for local cloud solutions by introducing risk-based oversight, transparency requirements, and conformity assessments to ensure safety and competitive fairness.

For many organisations, the question isn’t whether to diversify—it’s how soon they can start. A transatlantic approach to digital regulation and cooperation between the EU and US will be crucial for fostering innovation, aligning standards, and ensuring secure, resilient digital ecosystems.

‍