The VMware pricing squeeze is real.
The sovereignty gap is wider than you think.
emma solves both challenges.
European enterprises face a double bind: vendor lock-in is driving up costs, while "sovereign" cloud offerings still can't prove sovereignty. Cost management tools address one half. EU-only providers address the other. Only an independent European governance layer across all your providers solves both.
The mass exodus that never was — and the squeeze that's just beginning
302 IT decision-makers asked, two years after the Broadcom-VMware acquisition. The predicted stampede never came. But the slow unwind is well underway — and cost management alone won't resolve what's coming next.
The adaptation paradox
Organisations have moved from panic to execution — but the fire is still burning. 60% report higher confidence in their strategy, yet 63% have changed that strategy two or more times since the acquisition.
- Only 4% have completed a full migration away
- 41% report increased executive pressure
- VMware strategy is now a board-level conversation
The multi-platform complexity trap
As organisations diversify away from VMware, they inherit a new operational burden — managing multiple platforms with different governance models.
- 52% cite multi-platform complexity as top new challenge
- 33% face critical skills gaps
- Migration complexity remains the #1 deal-breaker at 25%
- The unwind takes 18–24 months, not 6
The process of unwinding a decade of dependencies is far more complex than a standard cloud lift-and-shift, leading to a significant loss of confidence in our ability to exit quickly enough to avoid the next renewal cliff.
— IT Leader, CII Report 2026 (CloudBolt)The CII data is clear: every organisation leaving VMware inherits a new operational burden — managing multiple platforms with different governance models. Cost optimisation tools can help manage the spend. But for European organisations, pricing is only part of the equation. When workloads move to cloud, a harder question emerges: how do you ensure data sovereignty across all of them — and prove it to a regulator?
Leading analysts warn: storing data in a region doesn't make it sovereign
Leading analysts warn: storing data in a region doesn't make it sovereign. European enterprises need provable control, not just geographic location. The gap between what "sovereign cloud" offerings promise and what they can legally deliver is growing.
The jurisdictional grey zone
US hyperscalers offer "sovereign" regions staffed by EU residents — but remain subject to the CLOUD Act and FISA Section 702. Regulators across Europe are tightening the definition of sovereignty beyond residency.
- US law can compel access to data stored abroad
- GDPR, DORA, NIS2 demand provable control
- Residency answers "where" — not "who controls"
- Administrations change, and so do extraterritorial laws
The innovation vs. sovereignty trade-off
Local EU providers offer jurisdictional clarity but lack hyperscaler innovation. Hyperscalers offer scale and AI services but create strategic dependency and governance risk.
- Sovereign-only providers can't match R&D investment
- AI pipelines break location-based compliance models
- Single-cloud lock-in increases concentration risk
- Organisations are forced into a false binary choice
It comes down to a larger strategic architectural framework where you're going to build, deploy and host your applications — and that needs to be well thought out. Understand that this is going to be a complex array of heterogeneous systems you're going to have to work with.
— David Linthicum, Cloud Computing Industry Thought LeaderThe analysts agree on the prescription. emma makes it operational.
Linthicum's framework calls for multi-cloud resilience, workload classification by risk, rigorous vendor vetting, and continuous regulatory agility. Cost management platforms can address the pricing dimension — but they cannot provision into European sovereign environments, enforce data residency, or remove extraterritorial jurisdiction risk. Executing this framework requires an independent European governance layer that spans all your providers. That's the gap emma fills.
Map regulatory & risk requirements per jurisdiction
Thoroughly map data residency, privacy, and sovereignty rules in each jurisdiction — including sector-specific regulations.
Enforced sovereignty policies
Define EU/UK residency and governance rules once in emma. Policies are enforced across every provider and region — with continuous validation against DORA, NIS2, GDPR, and UK DPA.
Classify workloads by risk profile
Segment data by sensitivity and business criticality. Highly regulated data needs local or independent hosting; less sensitive work can use hyperscalers if they meet sovereignty standards.
Multi-cloud workload placement
Deploy VMs, Kubernetes, data platforms, and AI workloads natively across on-prem, clouds and AI clouds — governed by a single policy layer. Place each workload where it fits best.
Build multi-cloud resilience, not single-cloud dependency
The safest path is a multicloud or hybrid model. Building applications with portability in mind will pay dividends as the regulatory landscape shifts.
Multi-cloud by design, no new lock-in
emma uses no proprietary APIs and no runtime proxy. Workloads run directly on native clouds. Your teams keep direct provider access. Exit any provider without operational chaos.
Vet vendors on control structures, not just location
Scrutinise safeguards against extraterritorial access. Clarify legal status and data access controls. Ask who really controls the infrastructure.
EU-operated, infrastructure governance only
emma is headquartered in Luxembourg. ISO 27001 and SOC 2 certified. Governance-layer only — never payload data. No US-jurisdiction exposure on the control plane.
Stay agile — monitor regulations continuously
Regular policy reviews, security audits, and scenario planning are essential. New regulations are constantly emerging.
Continuous governance and drift detection
Automated, ongoing validation of residency, policy drift, and multi-cloud posture — giving you the audit trail regulators demand, without manual overhead.
Broadcom's pricing alone didn't cause the VMware exodus many expected — but the landscape is shifting. As European regulators sharpen sovereignty requirements, pricing pressure and jurisdictional exposure are compounding. What was once a commercial decision is now a regulatory one. Cost management addresses one dimension. Sovereignty requires another. Organizations need a governance layer that reduces both cost volatility and extraterritorial risk — simultaneously.
European sovereign cloud governance — without the trade-offs
emma adds an independent European operations layer across your providers. It is the only solution that governs across hyperscalers, EU providers, and on-prem — resolving both pricing flexibility and provable sovereignty in one layer.
What you gain
- EU-operated cloud governance
- Enforced data residency across all providers
- Multi-cloud flexibility — on-prem, hyperscalers + EU providers
- Access to hyperscaler AI and advanced services
What doesn't change
- No runtime proxy — workloads run natively
- No payload data access — governance only
- No proprietary APIs — no new lock-in
- No disruption to your existing cloud environments
- Your teams keep direct provider access
Sovereignty you can prove — in four steps
Connect your infrastructure
Link existing hyperscaler accounts, on-prem infrastructure, and EU cloud providers to emma. Takes hours, not months.
Define sovereignty policy
Set EU/UK residency and governance rules once. emma enforces them across every provider and region.
Deploy natively
Workloads run directly on-prem and your clouds. No proprietary abstraction layer.
Govern continuously
Automated validation of residency, policy drift, and multi-cloud posture — giving you the audit trail regulators demand.
A European cloud operations platform
emma is a platform, not a provider — we don't own your infrastructure, lock you in, or compete with your cloud vendors. You maintain full control while we orchestrate across them. Our professional services team ensures you succeed: from architecture design and migration planning to compliance validation and ongoing optimization.
Deploy across providers of your choice
Hyperscaler, global clouds and neoclouds
With emma enforcing EU governance boundaries.
Private cloud & platforms
Govern on-prem and hybrid estates alongside cloud.
EU-sovereign infrastructure
For regulated workloads with full EU residency assurance.
Understand and demonstrate your governance posture
Whether you're assessing your personal exposure, preparing a board briefing, or documenting your governance posture — start here.
Assess your exposure
EU Cloud Sovereignty Framework Assessment
For you if: you need to understand where your gaps are before engaging internally or externally.
Evaluate your organisation's sovereign cloud readiness across five dimensions: data residency, operational control, concentration risk, exit capability, and audit evidence. Takes 10 minutes — results are immediate and shareable with your leadership team.
Start the assessment →See how sovereign cloud works without trade-offs
A 30-minute technical session with an emma Solutions Architect to:
- Review your cloud posture
- Identify sovereignty gaps beyond data residency
- Assess multi-cloud and vendor concentration risk
- Outline an exit-resilient, regulation-ready operating model
No sales deck. No obligation. Just architecture.