New: Brownfield onboarding
Learn more
Why digital independence and cloud performance is just a perceived trade-off — and what European CIOs can do about it right now.
Sovereignty means flexibility, and flexibility costs money.
— Jochen Decker, Executive Board, Swiss Federal Railways · Hamburger IT-Strategietage 2026
Decker compared it to an insurance premium. You can choose not to pay it. But when something goes wrong, it hurts.
It was an honest line. And the room — 1,500 CIOs and IT leaders, the largest gathering of its kind in Germany — knew exactly what he meant. Every year the conversation is the same: digital sovereignty is existentially important, strategically urgent, and financially punishing. Walking away from three American hyperscalers buys you independence. It also buys you a cost structure your CFO will reject by Thursday.
The panel Decker shared with Prof. Helmut Krcmar (TU Munich) and Anke Sax (CTO/COO at investment manager KGAL) crystallized the bind.
And it is wrong. Not because sovereignty is free. But because what everyone calls the "sovereignty premium" is actually a fragmentation tax — and you're already paying it, whether you pursue independence or not.
Forget the narrative for a moment. Look at the market: AWS, Azure, and Google now control 70% of the European cloud market. All European providers combined — SAP, Deutsche Telekom, OVHcloud, the rest — hold just 15%. Down from 29% in 2017. And with US hyperscalers investing roughly €10 billion per quarter in European infrastructure, that gap is not closing.
The market is growing — European cloud revenues hit roughly €36 billion in H1 2025. But nearly all of that growth flows to three US companies, each investing €10 billion per quarter in European infrastructure. As Synergy Research's chief analyst told CNBC: that hill is nearly impossible to climb.
This is the backdrop. And it's what made the Hamburg panel so sharp — all three speakers dropped the polite framing and named the structural traps directly.
It's hard to make yourself independent when every one of your competitors is dependent on the same robber barons.— Jochen Decker, CIO.de
That's not diplomatic hedging. That's a board-level executive at one of Europe's largest rail operators calling the hyperscalers Raubritter — robber barons — on stage. Decker's point was structural: when the entire competitive landscape depends on the same three providers, the first mover to break away gets punished, not rewarded. It's a coordination failure, not a technology gap.
Krcmar pushed further. Sovereignty, he argued, means having the ability to stand up from the negotiating table because you have alternatives. But Europe keeps demanding alternatives it refuses to fund. Sax was blunter: "If I want alternative providers alongside the incumbents, I have to accept that they need to make money. That means I have to be willing to scale. This is a CIO issue and a societal issue."
And then came the DORA revelation.
DORA requires us to name our suppliers. And when we did, it became very visible where our dependencies actually are.— Anke Sax, CTO/COO, KGAL · CIO.de
For a CTO at a financial-sector investment manager, that's a loaded statement. The Digital Operational Resilience Act forced her team to map every ICT supplier for the first time. The dependencies weren't hidden maliciously — they were hidden structurally, buried under fragmented tooling, separate dashboards, and siloed provider relationships that no one had ever stitched together.
This is where the real insight starts.
What if the "sovereignty premium" isn't the cost of adding a European cloud provider? What if it's the cost of operating multiple environments without a unifying layer?
Consider a mid-size European enterprise that uses AWS for compute, a sovereign provider like IONOS or OVHcloud for regulated data, and on-prem infrastructure for legacy workloads. That organization doesn't just have three environments. It has three dashboards, three cost models, three security paradigms, three governance frameworks, and three teams who each understand one silo but not the whole.
The "sovereignty premium" isn't the price of the fourth cloud. It's the compounding cost of fragmented operations that was already there with the first three. Add sovereignty on top of a broken architecture and yes, it looks expensive. Fix the architecture and the premium dissolves.
This isn't theory. Cloud bills in 2026 exceed forecasts by 30–40% — not because compute is more expensive, but because egress fees, duplicated tooling, and manual compliance reconciliation are silently compounding. IDC reports that egress charges alone make up 6%+ of total storage spend.
GDPR was the start. NIS2 and DORA have raised the bar dramatically. By January 2025, over 160,000 EU organizations became subject to new cybersecurity regulations, with penalties reaching €10 million or 2% of global revenue.
In a fragmented multi-cloud environment, meeting DORA, NIS2, and GDPR simultaneously means manually reconciling information across three or four native dashboards — each with different taxonomies, different gaps, and different reporting formats. Every new regulation multiplies the reconciliation burden. And as Sax discovered, the dependencies you can't see are the ones that will hurt you.
If the problem is fragmentation — not sovereignty itself — then the answer isn't "choose between hyperscaler capability and European independence." The answer is an operational layer that makes both available simultaneously.
You can't optimize what you can't see. And you can't see what's spread across three native dashboards with different cost models. The first requirement is a single pane that consolidates cost, performance, and dependency data across every provider — hyperscaler, sovereign, on-prem, edge — without forcing you to normalize it manually.
Krcmar's metaphor only works if you can actually stand up from the table. That means workloads need to move between providers without months of re-engineering. Kubernetes clusters that span multiple clouds, infrastructure abstracted through orchestration rather than provider-specific tooling, and new providers onboarded into the same management plane in days, not quarters. When you can move workloads in minutes instead of months, you negotiate differently.
Data residency rules enforced at provisioning time, not checked after the fact. Access controls that follow resources across clouds. Continuous compliance checks against GDPR, NIS2, and DORA standards — with unified audit trails, not stitched-together exports.
Native FinOps tools fail in true multi-cloud because they optimize within a single provider's ecosystem. What's needed is AI-driven rightsizing that compares pricing across all environments simultaneously, and inter-cloud networking that doesn't penalize data movement with standard egress rates.
Decker said it plainly: "If we don't act now, the dependencies will be even greater in three or four years." Here's what acting looks like.
See what you have. Connect every environment to a unified management layer. Get visibility into dependencies, costs, and compliance posture without changing anything operationally. Most organizations are shocked by what they find.
Model the real cost of lock-in. Use cross-cloud FinOps to compare the "sovereignty premium" against hidden costs you're already paying: egress, pricing leverage loss, duplicated tooling, compliance overhead. The premium usually inverts.
Pilot a balanced architecture. Place regulated workloads on sovereign European providers. Keep hyperscalers where they deliver genuine value. Manage both through a single operational plane. This isn't compromise — it's optimization.
Build the exit muscle. Establish workload portability as a standing capability, not an emergency plan. The ability to walk away from the table only matters if you can do it in minutes, not months.
The infrastructure for this already exists. emma, built in Luxembourg, is one of the platforms purpose-designed for exactly this architecture — unifying hyperscalers, sovereign clouds, and private infrastructure under a single management layer, with AI-driven cost optimization and a networking backbone that routes inter-cloud traffic at roughly a third of standard industry rates.
But the point isn't the platform. The point is the architectural shift it represents: you don't have to choose between hyperscaler capability and sovereign control. You unify. You optimize across the full estate. And the sovereignty premium — the one everyone in Hamburg agreed was necessary but painful — stops being a cost and becomes a competitive advantage.
The question is whether European CIOs keep debating the premium, or start building the architecture that makes it irrelevant.
Ready to see your fragmentation tax? Explore emma →
This post references the panel discussion "Digitale Souveränität erkaufen: Warum CIOs jetzt aufstehen müssen" at the 2026 Hamburger IT-Strategietage, as reported by CIO.de. Market data sourced from Synergy Research Group (H1 2025), CNBC (Feb 2026), and industry benchmarks.
