The “sovereign cloud” has ceased to be a concept reserved for legal experts and compliance officers, becoming a strategic line item in technology budgets. Gartner estimates that global spending on sovereign cloud infrastructure-as-a-service (IaaS) will reach $80 billion by 2026, a jump that the consultancy associates with a 35.6% annual growth driven by governments, defense, and highly regulated sectors.
The key message is that sovereignty is no longer viewed solely as a “compliance yes/no” checkbox but as a way to shield operations against geopolitical tensions, export controls, and technological dependency risks. Gartner, in fact, places this phenomenon within “geopatriation”: the movement by which organizations relocate workloads and data based on political and regulatory contexts.
Geopatriation: the driver that could shift 20% of workloads to local providers
The most eye-catching projection is the operational impact itself: Gartner expects that geopatriation projects will move 20% of current workloads from global providers to local providers, a shift with direct consequences for architecture, procurement, support, and exit strategy.
Meanwhile, growth doesn’t seem evenly distributed. The regional table accompanying the forecast paints a map where China accounts for the bulk of the spending, but Europe is accelerating fast and, according to projected figures, will surpass North America in 2027.
Below is the regional estimate (in millions of dollars):
| Region | 2025 | 2026 | 2027 |
|---|---|---|---|
| China | 37,539 | 47,379 | 58,544 |
| North America | 12,667 | 16,394 | 21,127 |
| Europe | 6,868 | 12,587 | 23,118 |
| Mature Asia-Pacific | 851 | 1,593 | 3,155 |
| Japan | 519 | 932 | 1,816 |
| Emerged Asia-Pacific | 430 | 755 | 1,326 |
| Latin America | 278 | 506 | 946 |
| Middle East & North Africa | 132 | 250 | 515 |
| Sub-Saharan Africa | 16 | 31 | 61 |
| Total | 59,300 | 80,427 | 110,609 |
The European figure is the most debated: increasing from 6,868 in 2025 to 23,118 in 2027 means the region is not just “keeping pace” but actively competing to lead. In this context, Gartner emphasizes that treating digital sovereignty solely as a matter of security, regulation, or compliance “is not enough”: economic resilience and adaptability are starting to weigh as much as legal considerations.
Spain enters the conversation: meeting with Oracle’s CEO and focus on AI and the public sector
In this climate, Spain has added a significant episode: Minister for Digital Transformation and Public Function, Óscar López, met in Madrid with Mike Sicilia, CEO of Oracle, to discuss the company’s European cloud and AI strategies and explore potential public sector collaborations.
According to the official statement, the meeting is part of the expansion of the Oracle EU Sovereign Cloud, a service offering similar to Oracle Cloud Infrastructure (OCI) but designed to meet European sovereignty and regulatory requirements. The discussion was also grounded on a concrete operational point: the Oracle database is the most deployed management system in the General State Administration of Spain, hosting services on NubeSARA, managed by the Spanish Agency for Digital Administration (AEAD), which provides IT infrastructure to over 50 agencies without their own data centers.
The statement also highlights that Oracle has announced investments “of up to $1 billion” in Spain and claims that Spain would be the only EU country with up to three cloud regions, one of which is linked to its sovereign cloud proposal installed in Madrid since 2023. It also emphasizes Oracle’s industrial presence: four decades in Spain, over 2,000 employees, and operations in multiple cities.
The uncomfortable debate: “sovereignty in Europe” or “sovereignty of Europe”?
With the figures on the table, the debate is no longer whether sovereign cloud will grow but what “sovereignty” actually means. A divide has emerged that the European tech sector has long signaled: one thing is data residing within European territory, another is ownership, corporate control, and legal perimeter of the provider being European.
In other words, for part of the ecosystem, sovereignty does not equal “a local region of a U.S provider”, even if that region complies with data residency and audit requirements. This view gains weight when the declared goal is to reduce structural dependence on traditional hyperscalers.
In Spain, this approach often translates into a more “domestic” proposal: prioritizing Spanish providers in services and layers where viable — telecom, hosting, private cloud, managed services — and aligning them with security requirements and certifications. Actors like Telefónica, Grupo Aire (owner of Stackscale), or Dinahosting are often cited as examples of local ecosystems capable of operating infrastructure and services under national governance.
The nuance is crucial because it impacts very specific decisions: who manages keys, where the control plane resides, which jurisdiction can demand data, how disputes are resolved, and what happens if rules change due to sanctions or diplomatic frictions. For technical decision-makers, it becomes a checklist: client-controlled encryption, identity segregation, audit logs, supply chain security, “on-country” support, and realistic portability plans.
The other front: open-source software, competitiveness, and fear of “tech blockage”
The debate extends beyond infrastructure. In Europe, two impulses coexist: promoting free software as a lever of independence and, at the same time, not losing access to cutting-edge technology. Google, for instance, has called on the EU for a more flexible approach to “open sovereignty” and warned of excessive limitations if the aim is to stay competitive in advanced technologies.
Part of this tension reflects Gartner’s projections: sovereignty is becoming an economic strategy, not just regulatory. And when the economy enters, so do market dependencies: chips, data center capacity, AI platforms, networks, talent, and above all, scalability.
A rapidly evolving market… and a still contested definition
Sovereign cloud is shaping up to be one of the decade’s major battlegrounds: for investment, control, and narrative. Gartner’s numbers point to a market exceeding $110 billion by 2027 and Europe stepping on the accelerator. Spain, meanwhile, explores alliances with major providers like Oracle to modernize and scale cloud and AI capabilities in the public sector.
The lingering question — and one that will decide winners and losers — is whether European sovereignty will mainly be built as a “compliance model” over global infrastructures or as a full-fledged ecosystem with greater local provider influence. Investment is already flowing. Now, it remains to be seen who sets the rules.
Frequently Asked Questions
What is the difference between “sovereign cloud” and a normal cloud region in Europe?
Sovereign cloud typically includes stricter governance requirements (operation, support, access control, audit, data residency, and sometimes jurisdiction limits) compared to a standard region.
What does “geopatriation” mean in cloud projects, and how does it affect migration?
It refers to relocating workloads for geopolitical or regulatory reasons. Practically, it may require redesigns: data segmentation, provider changes, new identity policies, encryption, compliance measures, and more rigorous exit plans.
What should sysadmin teams demand to ensure a truly sovereign deployment?
Typical controls include: client-managed keys, complete audit logs, identity segregation, local support contracts, transparency of sub-processors, and a tested portability plan (not just theoretical).
Can open-source software form a solid foundation for digital sovereignty without sacrificing competitiveness?
It can help reduce dependency and enhance transparency, but balancing access to innovation, support, and scalability is challenging. In practice, many strategies tend toward hybrid approaches.