Migration to the cloud promised companies flexibility and scalability they could not dream of in the era of local server rooms. However, behind the promise of almost infinite resources and agility lies a growing dependence on a handful of US technology giants. For Europe, this is not just a business challenge, but a strategic dilemma about digital sovereignty, data and the future of its economy.
A decade ago, the arguments for the cloud were irresistible. Maintaining an in-house IT infrastructure, sized for peak loads, meant that expensive servers were idle most of the time. The cloud model, offering on-demand resources and pay-as-you-go, appeared to be a revolution in efficiency. Companies were enthusiastically abandoning their server rooms in favour of services offered by Amazon Web Services (AWS), Microsoft Azure and Google Cloud.
However, what was initially seen as pure cost and technology optimisation has, over time, shown its other face.
Traps hidden in the cloud
The first hard landing for many companies proved to be cost. While the subscription model seems predictable, the actual cloud bills can surprise. One key, and often underestimated, factor is what are known as egress fees – the costs associated with transferring data outside the provider’s platform. While getting data into the cloud is usually free or cheap, getting it back or moving it to another provider incurs significant fees.
This pricing structure subtly leads to the phenomenon of ‘vendor lock-in’, i.e. dependence on a single provider. The more data and processes a company moves to an AWS, Azure or Google ecosystem, the more difficult and expensive it becomes to possibly switch platforms. As a result, instead of a free market and flexibility, customers are often faced with a choice between rising costs and a complex and expensive migration.
Clash of regulations: RODO vs CLOUD Act
However, the problem goes far beyond finance. The real battleground is becoming data sovereignty. According to Synergy Research Group, three US hyperscalers now control around 70% of the European cloud market. Although their data centres are located in the EU, they are subject to US law, in particular the CLOUD Act.
This regulation allows US law enforcement agencies to demand access to data stored by US companies, regardless of the location of the servers. This is in direct conflict with the EU’s General Data Protection Regulation (GDPR), which strictly regulates the transfer of personal data outside the European Economic Area.
For European companies, especially in the critical infrastructure, financial or healthcare sectors, this creates fundamental legal and business risks. How can the confidentiality of customer data and trade secrets be guaranteed when they can be made available at the request of foreign services, without the knowledge and control of European courts?
This problem takes on particular importance in the age of the AI revolution. Effective artificial intelligence models require access to vast, often sensitive, corporate data sets. The reluctance to entrust these strategic resources to US corporations is a natural consequence of jurisdictional conflict.
In search of an alternative
Europe recognises the problem and is trying to act. The most well-known initiative is Gaia-X, a project to create a federated, secure and interoperable data infrastructure. The aim of Gaia-X is not to build a single ‘European hyperscaler’ to compete directly with AWS or Microsoft. Rather, it is about creating common standards and frameworks that will enable smaller, regional cloud providers to work together and ensure data portability and compliance with European laws.
Despite these efforts, the road to digital sovereignty is bumpy. European providers’ share of the domestic cloud market, although stable, has remained at just 15% for years. US giants are investing billions of euros every quarter in Europe, building more data centres and expanding their service portfolio. For local players such as Germany’s Deutsche Telekom or France’s OVHcloud, it is almost impossible to match this scale of investment.
The future of the European cloud is probably not in the complete rejection of global providers, but in building a diversified and resilient ecosystem. Supporting regional specialists, developing open standards through initiatives such as Gaia-X and promoting multi-cloud solutions that allow companies to use multiple providers simultaneously, minimising the risk of dependency, will be key.
For the European IT sector, this means that it needs to strategically rethink its path in the cloud. It is no longer just a question of where it is cheaper and more efficient, but above all where it is more secure and who is in real control of the digital economy’s most valuable asset – data.
