Source: IDC’s 2025 Worldwide Digital Sovereignty Survey (Aug. 2025).
IDC
That shift has forced vendors to respond. As interest in digital sovereignty has grown, European technology vendors have sought to capitalize on demand.
SAP has launched its own Sovereign Cloud service, with the option to use its cloud provider subsidiary, Delos, and plans to invest €20 billion (about $23.5 billion US) in its sovereign cloud. The German business software vendor has also partnered with European AI firm Mistral to create the “first full AI stack for Europe.”
Other software vendors are taking a similar approach. Nextcloud, for example, has partnered with German cloud provider IONOS to deliver what it describes as an open-source alternative to Microsoft 365 for European businesses.
“As demand is coming up, offerings are being developed in the market — something that we had not seen before up to one year ago,” said Maisto from Forrester.
European infrastructure providers such as OVHcloud, IONOS, and Scaleway are also keen to emphasize their digital sovereignty credentials, touting European ownership and operations as an alternative to US cloud providers.
Yet European cloud providers struggle to rival hyperscalers’ services, with trade-offs in areas such as functionality and scalability. Almost two thirds (65%) of respondents to the Accenture survey said they can’t remain competitive without non-European technology providers.
At the same time, US cloud providers have introduced their own sovereign-cloud variants to reassure customers with data residency services, as well as options for management by European citizens.
Microsoft expanded its Soveriegn Cloud plans this year, for example, introducing a Data Guardian service that ensures only Microsoft staff residing in European countries can access customer data. It launched a Sovereign Private Cloud option, as well as Microsoft 365 Local, essentially a version of Microsoft’s cloud productivity apps that can be installed locally on a customer’s own servers. AWS, Google, and Oracle have also announced plans to launch or expand sovereign cloud services in the region.
These sovereign cloud services offered by hyperscalers have the benefit of access to familiar technologies and some of the scale of public cloud, albeit with some constraints.
However, they typically cost significantly more than the standard public cloud option: between 10% and 20% more for Google Sovereign Cloud, for example, and 15% to 30% for Oracle EU Sovereign Cloud, according to Boston Consulting Group. And while these sovereign-cloud models may reduce the risk of data being subject to access or transfer requests by foreign governments, they do not eliminate it entirely, and questions remain over how sovereign such services are in practice.
Alongside these approaches, a third model has emerged that seeks to combine local control with access to hyperscaler technology. Here, US cloud providers’ software is delivered through infrastructure operated by local partners. In Germany, for instance, Google is working with StackIT to deliver its Workspace apps, while Microsoft offers Azure and Microsoft 365 services in France via Bleu (a joint venture between Orange and Capgemini), an example of Microsoft’s National Partner Cloud strategy.
How to make decisions around digital sovereignty
So how should organizations navigate this complex landscape? It’s best to start by taking a risk management approach, said Gartner’s Buest, and categorize workloads by placing them on a spectrum in terms of what’s most critical.
For applications where a high level of sovereignty is required, a local or regional provider may be preferable, he said. At the other end of the spectrum would be tools that pose less of a risk in a hyperscaler cloud — an office room-booking application, for instance.
“If it’s not available, well, it hurts, but it doesn’t have a very huge impact on your organization,” said Buest. “It’s different if your ecommerce website is down, or other types of processes you need to exist as an organization.”
Source: 2025 Gartner report on digital sovereignty strategy
Gartner
It’s also important to consider how easy it is to move away from a particular vendor if necessary. This is where open standards and open source can be helpful, as well as technologies such as containers that make it easier to move if necessary. “Portability is something that becomes more and more important,” said Buest.
Adoption of cloud-native technologies can, generally-speaking, improve workload portability.
Craig Tivendale, Volvo Connected Solutions cloud provisioning manager, said the firm has used AWS for around a decade to store and process data locally in several regions where it operates — including Europe, the US, China, Japan, and South Korea — to meet data residency requirements and reduce latency. He said the company is satisfied with the service provided by AWS and wouldn’t seek to change this relationship (or move to the European Sovereign Cloud service that AWS has begun rolling out) unless new legal requirements were to emerge.
Should that need arise in the future, he said, the company’s cloud systems are architected to support portability. “We could move a lot of our workloads as they’re containerized,” he said. “From that perspective, it shouldn’t be too difficult.”
A bigger challenge would lie in the various external services the company depends on, such as mapping platforms and telecoms providers, which would need to be reconnected and tested in a new environment. “If you’re using provider-specific services, you need to figure out what the equivalent is elsewhere, and then go through the whole development and testing cycle again,” he said.
Alongside these technical considerations, there are organizational challenges to address too. For IT leaders who want to change their cloud strategy, it’s important to get senior executives and CEOs on board.
“Sovereignty was — and still is — mostly a topic relegated to compliance and technical managers,” said Accenture’s Capo, “while this transition towards a new set of ecosystem partners is really a board-level discussion. Moving this topic to the board and to the CEO is an imperative that we urge clients to proceed with.”
Senior leaders may be more willing to support a change in strategy once they are aware of both the risks associated with global cloud services and, importantly, the options that support digital sovereignty. “Give them alternatives,” suggested the Austrian Ministry’s CIO, Ollrom.
“They know the most common tools like Microsoft Teams; they don’t think about alternatives. If you give them a very clear and logical strategy why Microsoft Teams or any other cloud service is maybe an enterprise risk, I [have had the experience] that they never say no,” he said.
“You have to be open-minded. And you have to transport this open-mindedness to the next management level.”
Ultimately, it’s about shifting expectations, said Zinnagl, the Ministry’s CISO. “They didn’t believe before that it’s possible to use other tools than Microsoft here — we showed that it is,” he said. “There are a lot of other really cool enterprise tools out there: open source or not open source, but from a local or European vendor.”
