Sovereignty Is an Architectural Decision — Not a Product
What Gartner’s cloud verdict really means for industrial decision-makers
At the Gartner IT Symposium/Xpo in May 2026, one sentence sent ripples through European IT departments: true technological sovereignty is currently only achievable in the United States and China. Outside these two countries, no viable alternative to the major hyperscalers exists.
The verdict is uncomfortable. It is also correct. But it is not the real news.
The real news is how European companies are responding to it. And this is where the next five years will be decided — whether they become a phase of strategic clarity, or yet another round of expensive symbolism.
What Gartner is actually saying
The obvious mistake is to reduce Gartner’s statement to data residency. That would be convenient, because data residency can be addressed contractually. AWS offers a European Sovereign Cloud, Microsoft an EU Data Boundary, Google equivalent constructs. Problem solved, one might think.
Gartner means something different. Sovereignty spans the entire chain: physical infrastructure, management software, security mechanisms, support processes, hardware supply chains. And above all: the legal jurisdiction of the provider. A US company is subject to the CLOUD Act and FISA — regardless of where its hard drives sit.
The conclusion is uncomfortable: even locally operated variants of global cloud platforms remain structurally tied to their providers. The “European Sovereign Cloud” is a meaningful improvement over the status quo. It is not sovereignty.
For sensitive workloads in industrial contexts, there is no way around European architectures.
Two loud, weak responses
Over recent months, two camps have formed. Both miss the point.
The Outraged. They demand that Europe finally build its own hyperscalers. GAIA-X as a political signal was not enough — now we need investment, subsidies, a European answer to AWS. The argument is emotionally understandable and strategically naive. Trying to close a fifteen-year gap in scale economics, tooling ecosystems, and developer productivity by replicating the exact target arrives structurally too late. GAIA-X demonstrated precisely this.
The Resigned. They read the verdict, shrugged, and adopted Gartner’s own terminology: “Shelter in Place” — consciously remain with the incumbent provider despite known risks. “Hide in Plain Sight” — segment and encrypt more aggressively, but essentially carry on. This is not a strategy. It is resignation with better vocabulary.
Both camps share one flaw in reasoning: they treat sovereignty as a product that can either be bought or not.
Sovereignty is not a product
Sovereignty is an architectural decision. It emerges not from choosing a vendor, but from how a company structures, classifies, and secures its digital processes. This shifts the question radically — away from procurement, toward engineering discipline.
Four principles define this architecture:
First: data classification before cloud strategy. Most companies decide their cloud strategy before they know which data actually needs protection. This is the wrong sequence. If you don’t know which bills of materials, which supplier terms, which design data belong to the crown jewels, you cannot build a meaningful architecture around them. In practice, a three-tier model emerges: crown jewels (IP, R&D, strategic supplier contracts) belong on European or on-premises infrastructure — no compromise. Operational workloads (ERP, logistics, analytics) can pragmatically run on hybrid architectures. Standardized workloads (office, collaboration) remain where they sit today — consciously, documented, eyes open.
Second: exit architecture as a design principle. Gartner rightly identifies missing exit strategies as the blind spot of most cloud customers. Migrations of complex enterprise applications stretch over years — especially when cloud-native services and proprietary PaaS offerings are deeply woven into the application logic. Whoever treats exit as an afterthought has, in effect, no exit. Sovereign architectures design portability in from day one: through containerization, through open standards, through deliberate restraint in adopting vendor-specific PaaS features wherever possible.
Third: honesty about scope. The current debate around Confidential Computing creates the impression that in-memory encryption solves the sovereignty problem. It solves part of the problem — protecting data during processing. It does not address who owns the model operating on that data. It does not address which jurisdiction binds the operator. Anyone selling Confidential Computing as a sovereignty seal is selling a half-truth.
Fourth: architecture as daily practice. Sovereignty is not a one-time design decision. It is a discipline renewed in every sprint, every architecture review, every make-or-buy choice. Every time a team decides to integrate a proprietary cloud service instead of choosing a portable alternative, sovereignty erodes. Usually unnoticed, always cumulative.
The European opportunity
This is where the picture turns. Because the verdict Gartner delivers is not the end of a story — it is the beginning of a more honest one.
The foundations are already in place. On the infrastructure side, Schwarz Digits with STACKIT demonstrates that sovereign cloud infrastructure is technically feasible in Europe at production quality. Not as a political project, but as a commercial offering from a retail group that understood its own digital sovereignty as competitive advantage. On the regulatory side, the BSI delivers a framework with C5, IT-Grundschutz, and protection profiles that commands international respect. These building blocks are unspectacular but solid.
What is missing is the software layer above. And here lies the strategic temptation we must avoid: not to build the next European clone of the US hyperscalers. Not to develop “AWS for Europe.” That would repeat the GAIA-X fallacy at greater scale.
European strengths lie elsewhere. They lie in process discipline, in engineering depth, in a data protection culture that is increasingly read internationally as an asset rather than a burden. They lie in an industrial base that sets global standards — in mechanical engineering, in automotive supply, in pharma. A European software layer for sovereign architectures must emerge from these strengths, not from the attempt to replicate foreign ones.
This is not cultural pessimism. It is economics. Whoever copies arrives late and sells cheaper. Whoever constructs independently defines the rules of the game in their segment.
What this means for industrial decision-makers
For CDOs, COOs, and managing directors in the industrial mid-market, three concrete questions emerge that should be answered over the next twelve months:
First: which of our data and processes are genuinely crown jewels — and where do they sit today? The answer is rarely the one expected.
Second: what would our cloud exit look like if we had to begin tomorrow? Are there triggers, budgets, timelines? Or is exit a PowerPoint promise?
Third: are we building architectures where sovereignty is the default — or a retrofit option we will never exercise?
These questions cannot be delegated to IT. They are strategic decisions that must be owned at executive level. Which is precisely why they serve as a litmus test for the maturity of a company’s digital transformation.
Closing
Gartner’s verdict is not a defeat. It is an honest assessment that ends a debate that could not be won anyway: whether Europe can build its own hyperscaler quickly enough. It cannot. It does not need to.
What Europe can do is something else: design sovereign architectures that rest not on the scale of infrastructure, but on the discipline of its construction. Less glamorous than a hyperscaler of one’s own. Also more sustainable.
Sovereignty is not a product you buy. It is an architectural decision you make every day.
E-Mail: sven.vollmer@business-quotient.com
Sven Vollmer is “The Industrial Translator.” He bridges the gap between industrial operational reality (SAP, supply chain) and the possibilities of generative AI. His focus is on value-creating applications—beyond the hype.
Transparency Note: This article was created with editorial support from AI (Gemini/Claude). The ideas, technical validation, use case selection, and adult supervision were 100% authored by Sven Vollmer.
LinkedIn: www.linkedin.com/in/sven-vollmer-bq
