Cloud Repatriation: Why Organisations Are Moving Back to European Infrastructure

For a decade, the narrative was one-directional: everything moves to the cloud. On-premises was legacy. Data centres were dead. The only question was which hyperscaler to choose.

That narrative is cracking. A Barclays CIO Survey (Q4 2024) found that 86% of CIOs plan to move some public cloud workloads back to private cloud or on-premises infrastructure — the highest rate ever recorded in the survey's history. IDC reports that approximately 80% of enterprises expect to repatriate some compute or storage workloads within 12 months, and 25% have already repatriated at least one workload. Compare the Cloud found that 87% of organisations plan to repatriate some or all workloads within two years, with data sovereignty as the primary driver.

These are not anti-cloud zealots. 92% of organisations that repatriated some workloads still increased their overall cloud spending. This is selective optimisation: moving steady-state, predictable workloads to cheaper infrastructure while keeping bursty, variable workloads in the cloud where they belong. IDC found that high-compute, steady-state workloads are 3.2 times more likely to be repatriated than variable workloads.

The three drivers are consistent across every survey: cost (54% of respondents), performance requirements (31%), and data sovereignty (27%). In Europe, that third driver carries a weight that it does not carry in the United States — because in Europe, sovereignty is not just a preference. It is becoming law.

Two companies made cloud repatriation a mainstream topic by doing it publicly and publishing the numbers.

37signals (Basecamp/HEY) is the most transparent repatriation case in the industry. In 2022, the company was spending approximately $3.2 million per year on AWS. DHH (David Heinemeier Hansson) decided to leave.

• Phase 1 — Compute (2022-2023): 37signals invested approximately $600,000-$700,000 in Dell servers across two data centres. Result: compute costs dropped by roughly $2 million per year. The servers paid for themselves in six months.
• Phase 2 — Storage (2025): They migrated 18 petabytes from Amazon S3 to on-premises Pure Storage arrays. The S3 bill alone was approximately $1.5 million per year. The Pure Storage investment cost $1.5 million. Ongoing storage operating costs: under $200,000 per year. Annual storage savings: $1.3 million.
• AWS waived $250,000 in egress fees to facilitate the data migration.
• Projected five-year savings: over $10 million. Total infrastructure costs dropped from $3.2 million per year to well under $1 million.

Dropbox did it earlier and at larger scale. Starting in 2015, Dropbox relocated 90% of approximately 600 petabytes of customer data from AWS S3 to its own custom infrastructure ("Magic Pocket") across three colocation data centres. The investment: over $53 million in proprietary infrastructure. The savings: $74.6 million over two years, disclosed in Dropbox's 2018 S-1 filing. The 10% that remained on AWS served geographic regions where Dropbox lacked its own data centres.

These are American companies moving to American infrastructure for cost reasons. But the lesson applies universally: for large, predictable workloads, owning or leasing dedicated infrastructure is dramatically cheaper than renting it from a hyperscaler. Typical savings range from 30% to 60% of infrastructure spending. Andreessen Horowitz (a16z) went further, arguing that public cloud spending reduces software company gross margins by 50% or more, and that repatriating workloads can "double their market valuation."

In Europe, repatriation is not just about cost. It is about jurisdiction.

The structural conflict between the US CLOUD Act and GDPR has not been resolved. The CLOUD Act requires US companies to produce data upon receiving a valid government demand, regardless of where that data is stored. This directly conflicts with GDPR's restrictions on international data transfers. The EU-US Data Privacy Framework provides a legal basis for transfers, but it is already under challenge: French MP Philippe Latombe appealed to the European Court of Justice in October 2025, and noyb (Max Schrems' organisation) has signalled a broader challenge. The CJEU has already invalidated two prior transatlantic frameworks — Safe Harbor in 2015 and Privacy Shield in 2020.

The regulatory response is accelerating. The European Commission published its Cloud Sovereignty Framework in October 2025, defining eight Sovereignty Objectives — strategic, legal, data, operational, supply chain, technology, security, and environmental — and launched an EUR 180 million tender for sovereign cloud services via the Cloud III Dynamic Purchasing System. Any provider failing to meet minimum assurance levels across all eight objectives is automatically rejected.

EU Member States adopted the Declaration for European Digital Sovereignty on November 18, 2025. The proposed Cloud and AI Development Act (CADA), expected in H1 2026, aims to at least triple the EU's data centre capacity within 5-7 years and will prioritise European cloud providers for highly critical use cases. And Gartner forecasts that global sovereign cloud spending will reach approximately $80 billion in 2026, with Europe as the fastest-growing region.

Close to two-thirds of CIOs and IT leaders in Western Europe now believe that geopolitics will increase their reliance on local or regional cloud providers. This is not hypothetical. It is procurement policy.

Individual EU Member States are not waiting for Brussels. Several have already implemented sovereign cloud mandates.

France leads with its "Cloud au Centre" doctrine, introduced in 2021, which mandates that government digital services use cloud qualified by ANSSI (the French cybersecurity agency) as SecNumCloud. Government data is classified into three sensitivity levels, with only SecNumCloud-qualified providers permitted for the most sensitive tier. Bleu, a joint venture by Capgemini and Orange, was created to provide Microsoft technologies under French sovereign control. The effect is systematic: French government agencies are migrating away from US hyperscalers for sensitive workloads.

Germany has taken a similar path. Delos Cloud, an SAP subsidiary, operates Microsoft Azure and Office 365 under German sovereign control for the public sector. Customer data remains exclusively on German soil, operations are physically separated from Microsoft, German law applies, and German courts have jurisdiction. The platform meets BSI (Federal Office for Information Security) cloud platform requirements and is operated by cleared personnel in Germany.

These "sovereign wrapper" models — where US technology runs under EU operational control — represent a pragmatic middle ground. They allow governments to use familiar software while reducing (though not eliminating) jurisdictional exposure. Whether they survive a Schrems III ruling is an open question. A CJEU judgment invalidating the Data Privacy Framework would force a reassessment of any arrangement involving US-headquartered technology providers, regardless of where the data is physically stored.

For organisations that want genuine sovereignty — not a wrapper around US technology, but European-owned and European-operated infrastructure — the options are maturing rapidly.

OVHcloud was selected as the sovereign cloud infrastructure provider for the European Central Bank's digital euro project, with US cloud providers explicitly excluded. OVHcloud's SecNumCloud-qualified offering is expanding: bare metal is already certified, IaaS building blocks (VMs, storage) arrived in early 2026, and managed Kubernetes, databases, and AI services are planned for end of 2026. OVHcloud also launched a partnership with OpenNebula enabling fully sovereign cloud deployments achieving 100% compliance with the EU Cloud Sovereignty Framework.

T-Systems (Deutsche Telekom) is positioning its T Cloud Public as a sovereign European hyperscaler alternative, with a stated goal of "significantly closing the feature gap with US providers in key core capabilities" by end of 2026. For the highest sovereignty requirements, T-Systems manages and operates Google Distributed Cloud Hosted — an air-gapped, ultra-secure deployment of Google Cloud technology under German operational control.

STACKIT (Schwarz Group) stores and processes data exclusively in Europe, operates 7 data centres in Germany and Austria, and is investing billions in expansion including a 200 MW facility in Lubbenau. Built because Europe's largest retailer could not find a cloud provider that met its own sovereignty requirements, STACKIT now provides sovereign cloud storage for Google customers and runs Google Workspace for 575,000 Schwarz Group employees on its own infrastructure.

The EURO-3C project, announced at MWC Barcelona in March 2026 with EUR 75 million in Horizon Europe funding, is building a federated Telco-Edge-Cloud infrastructure spanning 70+ nodes across 13 European countries. With 87 organisations in the consortium — including BT, Deutsche Telekom, Orange, Vodafone, Swisscom, and Telenor — this represents the most ambitious attempt yet to build pan-European cloud infrastructure that is not dependent on any single provider or jurisdiction.

The single biggest practical barrier to cloud repatriation is egress fees. Moving data into a hyperscaler is free. Moving it out is not.

At AWS's standard rates, extracting 1 petabyte of data costs approximately $90,000 to $120,000 in egress fees alone. One case study found that repatriation costs exceeded three times an organisation's annual AWS bill just to exit. 37signals was large enough that AWS waived $250,000 in egress fees — most organisations do not have that leverage.

But this barrier has an expiration date. The EU Data Act, applicable since September 2025, already limits egress charges to "cost-covering" levels. From January 12, 2027, switching and egress charges will be completely prohibited for data processing services in the EU. Hyperscalers have already started responding: Google eliminated certain transfer fees for EU and UK users, AWS removed egress fees for customers switching providers, and Microsoft offered at-cost pricing for EU Azure data transfers.

For European organisations evaluating repatriation, the calculus is shifting. The economic moat around hyperscaler lock-in — egress fees — is being legislated away. After January 2027, the cost of leaving will be the engineering effort of migration, not the data transfer bill. That changes the break-even timeline for repatriation significantly.

For a detailed breakdown of how EU provider pricing compares to hyperscalers, see our European cloud pricing comparison. For the mechanics of vendor lock-in that make migration difficult regardless of egress fees, see our analysis of vendor lock-in with US hyperscalers. And for an understanding of why European startups end up on US cloud in the first place, read our piece on the cloud credits gap.