Blog
Is uncertainty driving us toward a sovereign cloud?
Regain control, minimize risks.
Cloud sovereignty has become a hot topic in Switzerland and the EU. Companies want more control over data, infrastructure, and governance. At the same time, initiatives such as the Swiss Data Alliance and Gaia-X are emerging to promote federated cloud models. Hyperscalers such as AWS, Azure, and Google Cloud are increasingly responding to new regulatory and geopolitical requirements.
What is a sovereign cloud?
A sovereign cloud is a cloud infrastructure that gives companies maximum control over their data and processes. It ensures that data and metadata remain within a defined legal jurisdiction (e.g., the EU or Switzerland) and comply with local data protection laws such as the DSG. A sovereign cloud combines:
- Data sovereignty through clear legal foundations
- Operational sovereignty through clear operator structures
- Interoperability through standardized technologies and operating models
Is my data secure in the cloud?
Companies used to process their data directly on site on their own servers, whereby they themselves were responsible for access protection and authorization management. Over time, this control was gradually relinquished:
This was mostly done consciously and without much public discussion. It was only with the increased use of international hyperscalers and the development of US foreign policy under the current US administration that the issue of "loss of control" was questioned more broadly. The uncertainty concerns both the potential access to data and the unpredictable cost development for cloud services.
As authors of this blog, we asked ourselves whether we actually trust a US hyperscaler less than or just as much as a Swiss cloud provider.
Intuitively, the answer seemed clear: we trust a Swiss provider more. But why is that? Both parties would be existentially threatened in the event of data misuse. Both also have a strong interest in treating data as securely as possible. Have the ubiquitous discussions about the Cloud Act and the image of the "evil hyperscaler" made us more uncertain than is objectively necessary?
In this blog, we analyze the environment and the drivers of this uncertainty and present possible solutions for optimal workload placement.
Drivers of uncertainty
We use a model shown in the following chart to analyze the environment. The"technology/function"dimension is a strong driver for the use of public clouds. On the other hand, both cost developments and the increasing complexity of compliance and data protection requirements are slowing down growth.
US foreign policy as a driver of uncertainty
US foreign policy indirectly influences all dimensions. Although it does not directly change costs or specifications, it does fuel noticeable uncertainty. In fact, it is the main reason why the issue of cloud sovereignty has become so important in Europe.
Cloud Act: Legal reality instead of scaremongering?
The Cloud Act is not new, but it has come back into the public eye after a French Microsoft manager confirmed that the US government can access data in the Azure Cloud with a court order (see: https://www.inside-it.ch/microsoft-kann-cloud–zugriff-durch-usa-nicht-verhindern-20250721)However, Microsoft also transparently points out that customer data was only disclosed in approximately 5% of requests and that the vast majority of requests concerned free end-user services (source: https://www.microsoft.com/en-us/corporate-responsibility/reports/government-requests/customer-data). What many people don't consider is that, with the appropriate decisions, such access is also applicable to data stored in Swiss clouds. A sovereign cloud does not automatically mean that no external access is possible; it simply means that such access is more clearly regulated.
Cost development: Cloud becoming more expensive
Prices for cloud services have risen significantly over the past two years. Analysts such as Gartner predicted this early on, but without much response—until further price increases were announced recently. This development is further increasing uncertainty, especially against the backdrop of US tariff policy and considerations regarding possible digital tariffs.
TOMs: High costs in public clouds
Implementing technical and organizational measures (TOM) is complex and costly, especially for regulated companies in public clouds. Operating in sovereign or private clouds, or even in-house, can significantly reduce these costs. These costs must be weighed against the benefits (time to market, technology, etc.). These costs can be a key factor in choosing the right cloud offering.
Contractual transparency
Many companies, especially in the public sector, are unsure whether they are even allowed to operate services in a public cloud. Often, even after extensive clarification, there are still no clear answers. As a result, alternatives are increasingly being sought, especially private or sovereign clouds.
Practical solutions and provider landscape sovereign clouds
Programs such as the Swiss Digital Sovereignty Initiative and Data Spaces Switzerland are based on Gaia-X's open standard approach, but without being dependent on European governance. The aim of these initiatives is to strengthen Switzerland's digital (data) independence while benefiting from global and local innovation.
Sovereign clouds as the answer to all questions?
Sovereign clouds undoubtedly have their place, and in an ideal world, all clouds would be designed according to these principles. However, hyperscalers continue to impress with a wide range of innovative and highly scalable services.
Those who cannot do without the wide range of services offered by hyperscalers face a major challenge and pay for this technical progress with a certain loss of sovereignty over their data.
Advantages of sovereign clouds
- For companies that prioritize sovereignty over technology and functionality
Particularly suitable for organizations where compliance and control are more important than maximum feature depth. - For companies that are not permitted to use public cloud services
For example, due to regulatory requirements in the healthcare, financial, or public sectors. - For companies looking to reduce the overhead of complex TOMs
Sovereign or private clouds can significantly reduce operational overhead—especially when compared to public cloud environments.
Limitations of sovereign clouds
- Significantly limited range of functions
The services are not comparable to the technological spectrum of a hyperscaler. - Information security is not automatically higher
The enormous security and analysis functionalities of hyperscalers are often not available in sovereign or private clouds. - Contractual requirements remain in place
Although data protection is becoming easier to regulate, ADV/AVV, TOMs, and other compliance obligations remain necessary.
Summary
The question is therefore no longer "Hyperscaler or sovereign cloud?" but rather:
"Which workloads generate the best balance of risk, compliance, control, cost-effectiveness, and innovation at which location?"
outlook
In the next blog post, we will take a closer look at how companies can evaluate cloud decisions systematically and on a risk-based basis. The focus will be on integrating security and compliance considerations into the strategic selection process for a cloud operating model. Our aim is to show how integral decisions can be brought about.
