Bottom line: Organizations must systematically classify workloads by data type, regulation, dependency risk, and performance requirements to determine whether they belong on hyperscalers, sovereign cloud, or on-premises.
European enterprises must systematically classify and distribute their cloud workloads to combine regulatory requirements such as NIS2 and GDPR with the efficiency of hyperscalers. Only 74 percent of DACH organizations embed digital sovereignty in their IT strategy.
IT leaders face a structural dilemma: Regulatory requirements – GDPR, NIS2, DORA, BaFin mandates – and geopolitical risks such as the US CLOUD Act demand control over data processing and infrastructure. At the same time, hyperscalers promise scalability and innovation speed that are difficult to achieve with in-house data centers. The central management decision is therefore no longer whether to use the cloud, but rather: Which workloads belong where?