Evolving Cloud Strategies: Between Hyperscalers and Sovereignty

The cloud market is entering a new phase. For a long time, the equation was simple: those who wanted to scale went to the hyperscalers. Those who needed global availability chose AWS, Microsoft, or Google. Those who needed innovation bought it as a service. It was efficient, convenient, and often economically plausible.

This logic only partially holds in the AI era.

With generative AI, not only does the demand for computing power increase, but also the sensitivity of the data flowing into cloud systems. Today’s prompts often contain source code, internal strategy papers, tenders, contracts, health data, or security-relevant information. Public authorities and regulated companies no longer treat this data as a side issue but as a governance question. National cyber agencies now explicitly point out that inputs into GenAI systems are visible to the operator and that additional controls against data leakage and privacy violations are necessary.

This shifts the competition. The central question is no longer just: Who has the most services? It is: Who can credibly combine computing power, AI functions, compliance, exit capability, and actual control?

This is precisely why the old cloud narrative is no longer sufficient. The market is moving away from pure scaling logic towards a sovereignty logic. Not as a replacement for performance, but as an additional condition for performance.

This is first seen with the hyperscalers themselves. The very providers who have shaped the global cloud market through maximum centralization are now selling sovereignty as a product feature. AWS describes its European Sovereign Cloud as a new, independent cloud entirely within the EU. Microsoft has announced comprehensive sovereign cloud offerings for Europe by 2025, including a Sovereign Public Cloud with additional control and governance functions for European organizations. Google, in turn, emphasizes in its enterprise offerings that content from Workspace and Gemini will not be used for training outside the customer organization without approval.

This development alone is already a political signal. When market leaders suddenly talk about data boundaries, key control, EU operating models, and local governance, it is not out of ideology but because customer expectations have changed.

The reason for this is not hard to see. Europe has been discussing digital sovereignty for years, but only geopolitical tensions, new AI dependencies, and the experience of regulatory vulnerability have made it a boardroom topic. In parallel, the EU itself is trying to close the infrastructural gap. The Data Act is intended to facilitate switching between cloud providers and strengthen interoperability. The new rules on cloud switching have been in effect since September 12, 2025. The European Data Protection Board also finalized its guidelines on Article 48 of the GDPR in 2025, clarifying under what conditions data transfers to authorities from third countries are permissible. Both show: Sovereignty is no longer negotiated only technically, but legally and market-structurally.

Nevertheless, it would be too simple to sort the market into good and bad. The hyperscalers have real strengths that European providers should not downplay. They offer enormous economies of scale, deeply integrated platforms, global availability, mature developer tools, and a speed in new AI services that many European providers have not yet reached. Those who want complex data platforms, MLOps, global APIs, and productivity software from a single source today quickly end up in these ecosystems.

This is why the real conflict is not between “cloud” and “no cloud.” It runs between two operating models.

The first model is: maximum innovation speed through platform depth. The second model is: sufficient innovation speed with higher control, lower legal uncertainty, and better exit capability.

In the AI era, this tension becomes sharper. AI shifts the value focus of the cloud. Previously, the cloud was primarily an infrastructure topic: storage, compute, network. Today, it is also a control point for models, training environments, inference, data pipelines, and work processes. Those who dominate this stack not only control IT costs but also productivity, automation, and, in the future, entire value chains.

Therefore, the term Vendor Lock-in is more serious today than it was a few years ago. Switching from a classic IaaS environment is already expensive. Switching from a deeply integrated AI and productivity stack is strategically painful. Those who bundle models, copilots, data classification, identity management, collaboration, and security in one ecosystem do not build normal customer loyalty. They build structural dependency.

This is precisely where European providers gain relevance. Not because they would beat the hyperscalers in all disciplines in the short term. But because they make a different promise: less political and legal exposure, clearer data location, more transparent responsibilities, and in many cases, more architectural openness. Providers like OVHcloud, Scaleway, or STACKIT have long positioned themselves offensively as European alternatives. OVHcloud is expanding sovereign partnerships in Europe, for example, in Luxembourg. Scaleway explicitly describes itself as a European alternative to the hyperscalers and points to data sovereignty and regional availability. STACKIT, in turn, visibly places its offering in the context of digital sovereignty for business and administration.

The crucial point, however, is: European providers must not confuse the concept of sovereignty with mere origin.

“European” alone is not a product advantage. No one migrates critical workloads out of sympathy. Companies switch when they see a clear value: reliable performance, clean migration paths, robust SLAs, transparent prices, good developer experience, and an AI offering that is not only morally but practically competitive.

This is the real market test of the coming years. The European cloud market will not win by morally criticizing American providers. It will only win if it builds operational excellence.

Paradoxically, the AI wave helps with this. Because it makes it clear that not every organization needs the same type of cloud. For highly regulated areas such as administration, health, critical infrastructure, research, justice, or defense, the maximum breadth of functions is not decisive, but the reliable controllability of the overall system. There, a sovereign or partially sovereign cloud is no longer a luxury but a risk architecture.

For many companies, a different target image will therefore emerge: not “everything out of the hyperscaler,” but a clear stratification. Standardized, less sensitive, and globally scalable workloads can continue to run in large public cloud environments. Critical data, AI-related core processes, sensitive collaboration workloads, or national special applications migrate to more sovereign operating models. Hybrid and multi-cloud architectures thus become not a buzzword, but an expression of strategic differentiation.

But this also means: Multi-cloud is not automatically sovereignty. Two dependencies are not yet freedom. Those who operate two platforms in parallel without cleanly decoupling data models, identities, interfaces, containerization, backup strategy, and exit processes often buy only double complexity. The Data Act tries to counteract this by addressing switching barriers and interoperability problems. But regulation alone does not build a switchable architecture. It only creates the framework in which providers and customers can be forced to take it more seriously.

Added to this is the question of AI itself. Europe’s problem is not only cloud dependency but the coupling of cloud and AI infrastructure. Those who do not have sufficient own computing capacity, competitive hosting models, and viable European platform partners will quickly fall into a new form of colonization with generative AI: European data, European demand, European regulation – but foreign models, foreign platforms, foreign value creation. The EU is therefore trying to systematically expand computing capacity. The Commission presented its AI Continent Action Plan in 2025, and several waves of AI Factories have been announced in member states through EuroHPC. The goal is explicitly more European competitiveness and technological independence in the AI era.

This is right. But it is not enough.

Europe often discusses infrastructure as if it were the precursor to actual innovation. In truth, it is already industrial policy. Those who control cloud and AI today will control development cycles, margins, security, data spaces, and the public sector’s ability to act tomorrow. This is precisely why the term “sovereign cloud” is politically charged. It does not just describe a technical property. It describes a question of power.

My point is therefore clear: The market must not be satisfied with cosmetic sovereignty.

When hyperscalers work with European operating models, local keys, and regulatory assurances, it is a relevant development. It reduces real risks and gives customers more options. But it does not completely solve the fundamental problem. Because value creation, the pace of innovation, the platform lever, and often also strategic control remain with the same global corporations.

Conversely, European providers should not pretend that their mere existence is the solution. Sovereignty without product quality remains symbolic politics. Those who take European cloud seriously must make European cloud better: easier to consume, more integrable, AI-capable, and economically more robust.

The real cloud competition of the hyperscaler and AI era will therefore not be decided by buzzwords. It will be decided where companies and authorities reorder their priorities. No longer just cost against comfort. But comfort against control. Speed against bargaining power. Feature depth against structural dependency.

The market has reached a point where this trade-off is no longer theoretical. It becomes concrete in tenders, architectures, and board decisions.

The most important consequence of this is: Europe’s digital future does not need a romantic return to the data center. Nor does it need a reflexive total refusal against the hyperscalers. It needs a sober redistribution of critical dependencies.

Cloud was long an efficiency decision. In the AI era, it is a sovereignty decision.

And that is precisely why the competition has only just begun.