How geopatriation is reshaping global cloud strategies

As much as 20% of cloud infrastructure as a service (IaaS) workloads are expected to shift from global to local cloud providers by 2027, according to Gartner’s global sovereign cloud IaaS forecast. This, it says, is down to geopatriation which the organization defines as the movement of company data and applications out of global public clouds and into local options due to perceived geopolitical risk.

Gartner has predicted that by 2028, 65% of governments will introduce some technological or digital sovereignty requirements to improve independence and protection from extraterritorial regulatory interference. “Digital sovereignty has rapidly ascended government agendas. While the topic isn’t new, the urgency to act has increased dramatically,” says René Büst, senior director analyst at the firm.

Technology governance issues changing due to geopolitics are also of increasing concern to businesses, with many pursuing their own sovereign digital strategies. This, says Büst, is because they’re increasingly impacted by digital geopolitical issues such as trade disputes, legislation coming from one country that impacts global operations, and government-imposed restrictions on the acquisition and use of digital technology.

"Most importantly, they’re operating under uncertainty, which makes planning ahead difficult. Every organization – particularly in a world of public clouds – needs to be in control of its own risk management, compliance policies and business strategy, and address multiple regulatory requirements,” he says.

Geopatriation: a long-term shift

According to Dario Maisto, senior analyst at Forrester, the need to break free from the dependency on foreign providers and “therefore foreign jurisdictions and governments’ influences” is no passing trend. Rather than being a knee-jerk reaction to geopolitical tensions, he says it will reshape the IT world and entire architectures over the next 20 years.

“Sovereignty’s putting long-term vendor relationships under scrutiny, but a shift won’t happen overnight. It will happen in very small, incremental steps.”

For Büst, the workloads most at risk – and therefore a priority to ‘localize’ – are the most sensitive and business critical. He expects that local sovereign cloud IaaS offerings will serve as foundations to run platform as a service (PaaS) environments and software as a service (SaaS) solutions, as this is where: “organizations experience the biggest vendor lock-in from global cloud providers”.

A range of options already exist for those seeking greater operational control. Chris Hazell, programme manager – cloud, tech and innovation at techUK, points to private cloud, co-location and hybrid architectures that combine cloud services with on-premise infrastructure.

“Where technical dependency or vendor lock-in is a concern, strategies such as multi-cloud adoption and the use of open standards can also help organizations maintain flexibility,” he notes. Forrester has evidenced businesses turning to multi-cloud as a geopolitical hedge, reporting that cloud leaders are increasing the number of cloud vendors they leverage.

Geopatriation: the C-suite dilemma

For C-suite leaders trying to navigate the current sovereignty debate, experts advise that they look at the issue from a broader IT stack perspective and come at it with a risk-managed approach rather than a GDPR-like compliance mindset.

The reality is that sovereignty rarely comes for free, and prioritizing it can mean sacrificing functionality, notes Maisto. “Usually the more of one, the less of the other. For instance, air-gapped clouds come with much fewer functionalities than their public cloud, non-sovereign twins. There’s also a budget issue for resources that get redirected from innovation, for example, to sovereignty-related projects.”

There are also concerns that a mass move to sovereignty-fulfilling local providers could lead to an innovation divide between different areas of the world, as they may not be able to match hyperscaler capabilities and ecosystem maturity.

Even so, Gartner predicts that more than 75% of European and Middle Eastern enterprises will have moved some or all of their virtual workloads to local or regional providers by 2030.

This move “is an alarming development for global hyperscalers and a challenge for their business, as more cloud spend will go to local or regional providers which are by definition sovereign to their local clients,” says Büst. He adds that it’s very likely governments will also pressure major cloud providers to regionalize their platforms through partnerships with local players for “alignment with regulatory priorities and national interests”.

Not everyone shares Gartner's outlook on the pace of change, however. Hazell isn’t seeing organizations moving away from hyperscalers, saying that “instead they’re taking a pragmatic approach by applying additional controls to particularly sensitive datasets or workloads while continuing to benefit from the scale and innovation that global cloud platforms apply”.

Geopatriation: market convergence

Maisto sees the sovereign cloud market as one of convergence. Hyperscalers have been quick to identify and respond to the gap in their offerings, and while local players are ramping up capabilities and capacity to meet these new emerging demands, they’ve begun offering sovereign alternatives to their commercial cloud offerings.

These are technically operating fully isolated from the standard global public cloud offering, but the devil lies in the detail, notes Büst.

“Some sovereign hyperscaler options are very limited in their sovereign capabilities. In particular, the offerings in which they still have full control and where even the European entity is a wholly-owned subsidiary of its American parent company.”

This distinction matters, as a European subsidiary of a US parent company remains subject to US law, including legislation that can compel access to data regardless of where it’s stored.

“Offerings from local cloud providers such as Scaleway and OVHcloud in France, STACKIT and IONOS in Germany, Uplcloud in Finland or Infomaniak in Switzerland are by definition cloud providers to their home markets. The US hyperscalers are by definition sovereign cloud providers to their US clients, but not European organizations,” he explains.

The reality is there’s no one-size-fits-all approach to cloud sovereignty as requirements will vary depending on the organization, sector and sensitivity of the workload. To future-proof cloud strategies, Maisto advises enterprise leaders to take an neutral approach and evaluate how different offerings from both international hyperscalers and local players can address their sovereignty needs. 



“They need to take a ‘minimum viable sovereignty’ approach. This is a pragmatic framework that instead of pursuing complete, unachievable digital independence, prioritizes cost-effective, necessary capabilities like data portability and auditability,” he explains.

“It focuses on what’s ‘minimum’ to avoid dependency and ‘viable’ in terms of economic and political sustainability. It’s not about building total, independent infrastructure, but rather about managing risk through ongoing ‘glocal’ strategies. The concept has gained traction amid rising geopolitical tensions, emphasizing that modern sovereignty is maintained through technological choices rather than isolation,” he concludes.