News in Cloud Computing & Data Storage


Addressing enterprise storage's biggest challenges
In this article for DCNN, Eric Herzog, CMO at Infinidat, explores how enterprise storage platforms can help organisations strengthen cyber resilience, support AI adoption, simplify operations, and manage growing data volumes more efficiently: IDC's research highlights how enterprises can tackle five key challenges The most successful organisations aren't the ones that avoid challenges; they're the ones that directly confront them. Whether it's improving cyber resilience, managing data growth, reducing operational complexity, or navigating the demands of AI investment, enterprise leaders that ignore challenges won’t see them disappear. Instead, they need to identify a technology partner capable of tackling them together. The IDC Business Value Snapshot, ‘The Business Value of Infinidat InfiniBox Solutions’, provides a very useful lens through which to examine how Infinidat supports enterprises to realise their business goals. In part, this is achieved through overcoming the five major challenges facing IT and enterprise storage teams, as this article highlights. IDC's research, based on interviews with Infinidat Global Fortune 500 and very large enterprise customers, describes how Infinidat provides a blueprint for doing exactly this, with significant improvements quantified across operational efficiency, complexity, integration, cyber resilience, downtime, and operating costs. Importantly, the study highlights the value of a storage platform that goes beyond storing data to one that’s designed to help enterprises navigate the realities of modern IT. Supporting AI initiatives without increasing infrastructure overheads AI has exploded in use and many research papers highlight how widely adopted it is. A 2025 study by Deloitte found that 85% of organisations increased their AI investment in the previous 12 months, and 91% plan to increase levels of investment again. McKinsey's State of AI in 2025 report corroborates this, finding that 88% of organisations are using AI tools in at least one business function. All these projects come with significantly increased demands on storage and data teams, which also needs to be financed, unless appropriate technology is in place. Data-intensive AI and analytics applications are forcing IT departments to reconsider legacy architectures to ensure their storage infrastructure can meet rapidly evolving requirements for high performance, availability, scalability, and data accessibility. IDC’s study found that Infinidat significantly reduced storage expenses via its high-density architecture and efficient data reduction, whilst delivering powerful, real-world application performance. This means IT teams are freed up to focus on AI projects rather than infrastructure management. Strengthening cyber resilience and reducing downtime Cyberattacks are now so prevalent that enterprises must realise the question is not if your enterprise will suffer a cyberattack, but when and how often. The latest data suggests an average enterprise is suffering over 2,000 cyberattacks per week, which is an incredible number. Cybersecurity has become such a hyper-critical issue that it’s a top concern across the whole of the C-Suite - and it’s not going away. In fact, the inevitability of cyberattacks means enterprises are now being judged on speed of recovery and post-service availability. This means having ultra-reliable storage that underpins enterprise cyber resilience and business continuity objectives is essential. IDC’s study reported that users of InfiniBox and InfiniBox SSA benefit from this, with the backing of InfiniSafe cyber storage which provides guarantees for data recovery and restoration within a minute in the event of a cyberattack, regardless of dataset size. Infinidat's capabilities include ransomware detection, immutable snapshots, logical air-gapping, and automated cyber protection mechanisms as standard. Reducing operational complexity Too many enterprises are managing fragmented, multi-platform environments which result in significant administration and management inefficiencies. In fact, storage simplification is a key driver of value. The IDC report found that organisations using InfiniBox were achieving this, with enterprises reporting less staff time for storage management activities and over 50% greater storage administration team efficiency, highlighting the clear business value of simplifying storage operations and reducing management complexity. Managing data growth within budget constraints As stored data volumes continue to grow, enterprises face increasing pressure to expand storage capacity without matching increases in budget. IDC found that enterprises using InfiniBox were able to achieve this goal, with an average of 51% annual cost reduction and 58% lower operational costs. These improvements were driven by Infinidat’s high-density architecture, advanced data reduction technologies, and lower infrastructure overheads. The result is a storage platform that helps enterprises absorb their data growth more efficiently while controlling operational and capital expenditure. Delivering more against resource and skills constraints This final challenge is far from new, but it remains one of the defining characteristics of today’s IT department. At a time when enterprise technology spending overall continues to rise exponentially, CIOs and IT leaders face increasing pressure to deliver greater business value without corresponding increases in departmental resources or headcount. IDC's report highlights that Infinidat helps enterprises achieve this balance through a combination of simplified management, reduced operational overhead, and improved infrastructure efficiency. The IDC study highlights productivity improvements, lower management effort, and the ability for smaller teams to manage larger environments effectively. This enables IT departments to maintain high service levels while focusing their resources on strategic initiatives like AI innovation rather than routine administration. In short, Infinidat’s easier-to-manage ‘set it and forget it’ infrastructure helps them to do more with the resources they already have. Overall, IDC's research shows us that the greatest value enterprises derive from their enterprise storage is not based solely on performance metrics, capacity figures, or technical specifications. These are still important, of course, but the greatest benefits reported by InfiniBox users were strategic outcomes that directly impact business performance. IT professionals must contend with constantly growing data volumes, tougher cyber resilience requirements, expensive AI initiatives, and ongoing general pressure on resources. The question is no longer simply whether the storage solution can perform well, but how well it can help the business operate more effectively. For more from Infinidat, click here.

Kaytus launches all-QLC flash storage solution
Kaytus, a manufacturer of servers, storage systems, and data centre infrastructure hardware, has unveiled its All-QLC Flash Storage Solution at AI EXPO KOREA 2026, a platform engineered for ultra-large-scale AI training across clusters of 10,000-plus GPUs. As model sizes and agentic-AI workloads surge, Kaytus argues that the real bottleneck in modern AI infrastructure is no longer raw compute, but the storage layer feeding data to accelerators fast enough to keep them fully utilised. Built on an all-QLC flash architecture, the solution is designed to deliver the sustained throughput and high-density capacity that hyperscale AI clusters demand - reducing GPU idle time and improving overall training efficiency. Purpose-built for over 10,000 GPU clusters, the new architecture targets storage - not compute - as the decisive constraint on AI scale. The launch signals a broader shift in AI-era infrastructure priorities, placing high-performance storage at the centre of the conversation around scaling AI.

What European data sovereignty means for data centre tools
In this exclusive article for DCNN, Swiss privacy technology company Proton Mail examines why evolving European data sovereignty requirements are forcing data centre operators to reassess the tools they use to manage infrastructure, store operational data, and demonstrate regulatory compliance: Data sovereignty moves into the data centre For most data centre teams, the concept of data sovereignty has lived at a comfortable arm's length. It was something legal worried about, something the sales team put in proposals, something that got mentioned at vendor briefings before the coffee break. But that distance is collapsing, and fast. The European Union's regulatory architecture around data has shifted from a set of compliance checkboxes into something far more structural. GDPR established the foundations; the EU Data Act, the Data Governance Act, and the ongoing ripple effects of transatlantic legal friction (particularly the tensions created by the US CLOUD Act) have built several more floors on top of it. The result is a framework that increasingly determines not just what data your organisation holds, but which tools you are permitted to use to manage, transfer, share, and store it. This has direct, practical consequences for data centre operations teams. The monitoring platform you log into each morning, the cloud storage your engineers use to share runbooks, the ticketing system where incidents are logged, the collaboration suite where shift handovers happen: if any of these tools are operated by a company headquartered outside the EU, they may now carry a compliance risk that regulators are no longer prepared to overlook. As explored in a broader look at why data security is no longer optional, the costs of underestimating this shift go well beyond fines. The sovereignty problem in plain terms Data sovereignty, at its core, is the principle that data generated within a jurisdiction should remain subject to that jurisdiction's laws, regardless of where it is physically stored or which company's servers it sits on. In the EU context, this means that personal data relating to European citizens and businesses should not be accessible to foreign governments or legal systems without going through EU legal channels and oversight. The complication arises from the US CLOUD Act, signed into law in 2018. This legislation grants US authorities the power to compel American technology companies to hand over data, even data stored on servers in Europe, without necessarily requiring a formal mutual legal assistance treaty process. For a European organisation using a US-headquartered SaaS provider, this creates what regulators have called an active legal paradox: data that appears to be stored safely in an EU data centre may still be legally accessible to a non-EU government. It is a risk that regulators across France, Germany, the Netherlands, and beyond are treating with increasing seriousness. Enforcement actions against US cloud providers by national data protection authorities have grown steadily, and the appetite for leniency is diminishing. Where operations teams feel it The challenge for data centre teams is that the operational tooling that makes modern facilities function efficiently has, over the past decade, migrated almost entirely into the cloud - and largely into platforms operated by American technology companies. This was a rational progression: the tools were excellent, the pricing was competitive, and the compliance requirements, while present, were manageable. That calculus is changing. The categories of software that carry the most exposure include: • DCIM platforms — If telemetry, asset data, or incident records are routed through non-EU cloud infrastructure, they may be subject to foreign access requests. • Ticketing and ITSM systems — Incident logs can contain sensitive operational and customer data, and where these records are stored and processed matters legally. • Collaboration and file-sharing tools — Runbooks, change documentation, and engineering notes shared via US-headquartered platforms may not satisfy GDPR data processing requirements. • Monitoring and observability platforms — Network performance data, access logs, and infrastructure health metrics can constitute sensitive data under certain regulatory interpretations. • Email and calendar services — Operational communications may be covered by data residency requirements, particularly in regulated sectors such as finance or healthcare. The question teams are increasingly being asked by compliance officers, enterprise customers during audits, and regulators during inspections is not simply "is this data encrypted?" but "under whose legal jurisdiction does this data sit, and who could compel access to it?" Industry voices have been making this point for some time, as reflected in commentary gathered on Data Privacy Day, where the emphasis fell squarely on building repeatable operational controls rather than chasing individual compliance milestones. The sovereign cloud push The response from the market has been a wave of "sovereign cloud" offerings: architecture models where infrastructure, operational staff, and legal entities are all resident within the EU, and where data is contractually and technically ringfenced from parent-company access in non-EU jurisdictions. Several major hyperscalers have invested heavily in these products. Microsoft's EU Data Boundary, Google's Sovereign Controls, and AWS's EU Sovereign Cloud are all attempts to provide assurances that European data will not traverse US legal jurisdiction. Whether these assurances are sufficient, given that the parent companies remain subject to US law, remains contested amongst legal scholars and regulators. Germany and France, in particular, have pushed back on the idea that a US company's technical commitments can fully override a foreign court order. The EU's Gaia-X initiative represents the most ambitious attempt to build a native alternative: a federated, interoperable digital infrastructure that reduces dependency on non-European hyperscalers entirely. Progress has been slower than its architects hoped, but the framework it has established around transparency, portability, and provenance of data is increasingly influencing procurement decisions at large European enterprises and public sector bodies. The physical reality of where infrastructure actually sits remains critical to all of this, a point underlined by the lessons drawn from the OVHCloud fire, which demonstrated how quickly assumed protections can evaporate when something goes wrong at the hardware level. Rethinking the toolchain For data centre teams, the practical consequence is a growing need to audit the toolchain - not just the infrastructure they manage for customers, but the tools they use internally to manage that infrastructure. This is a non-trivial task. Many of the most capable platforms in categories like monitoring, ITSM, and collaboration are US-headquartered. Replacing them wholesale is expensive, disruptive, and technically risky. The more pragmatic approach being adopted by many European operators is a tiered assessment: identifying which tools handle which categories of data, and which of those data categories carry the highest regulatory exposure. Operational telemetry that contains no personal data may carry a different risk profile than a shared drive full of customer documentation, change records, and contractual files. The latter category (documents and files shared amongst engineering and operations teams) is one where the market for European-origin alternatives has matured considerably. For file storage and document sharing specifically, a number of privacy-focused alternatives have emerged that offer end-to-end encryption, EU-based infrastructure, and no exposure to US jurisdiction. Proton Drive is one example; being built on zero-access encryption and hosted under Swiss and EU law, it is designed so that even the service provider cannot access the contents of stored files. For operations teams handling sensitive engineering documentation or customer-related records, this kind of architecture addresses the sovereignty question at a technical rather than contractual level. The distinction between technical and contractual sovereignty protections is one that regulators are increasingly paying attention to. A Data Processing Agreement with a US cloud provider commits that provider contractually to certain behaviours; zero-access encryption means that no behaviour, however compelled, can result in plaintext data being handed over, because the keys never leave the customer's control. The compliance burden on operations What makes this period particularly challenging for data centre teams is that sovereignty compliance is not a one-time project; it is a continuous risk assessment process, one that requires keeping pace with an evolving regulatory landscape across multiple EU member states. Germany alone layers 17 state-level data laws on top of national and EU requirements. The practical implication is that an operations team running a facility serving customers across multiple European jurisdictions may need to maintain a sophisticated, jurisdiction-aware view of where data flows, which tools touch it, and which legal regimes apply. The full scope of what that means for day-to-day operations is covered across DCNN's compliance coverage. This is driving demand for a new kind of capability within operations teams: compliance literacy, meaning engineers who understand not just how to configure a monitoring platform, but what data that platform collects, where it sends it, and whether that is consistent with the data processing agreements their organisation holds with its customers. The audit pressure is already here Customer-driven audit pressure is one of the most immediate ways data centre teams are encountering sovereignty requirements in practice. Enterprise customers, particularly those in regulated sectors like finance, healthcare, and government, are increasingly including detailed data residency and toolchain questions in their due diligence processes before signing colocation or managed service contracts. They want to know not just where their data sits, but which third-party tools the data centre operator uses to manage access, monitor systems, and handle incidents, because those tools are part of the data processing chain. A data centre that stores customer data on EU infrastructure but logs all incident management activity through a US-based ITSM platform may have a harder time satisfying those audits than one that has thought carefully about the full operational stack. This connects directly to the broader operational challenges outlined in an earlier look at the key pressures facing data centre operations teams, where compliance and ESG demands were already competing for finite team bandwidth. Looking ahead European data sovereignty is not a temporary regulatory moment; it reflects a deep structural shift in how European governments, regulators, and enterprise customers think about digital infrastructure, one in which the origin and legal jurisdiction of technology matters as much as its performance or price. For data centre teams, this means the toolchain review is not optional. The platforms that operations, engineering, and management teams use every day are now part of the compliance picture. The good news is that the market for sovereign-by-design tooling is expanding, covering everything from monitoring and observability to file storage and secure communications. The teams that will navigate this most successfully are those that start the audit now, before a customer inquiry, a regulatory inspection, or an incident forces the issue. Understanding which tools handle which data, under whose jurisdiction, and with what level of technical protection is not just a compliance exercise; it is increasingly a competitive differentiator.

Broadcom, Nationwide deepen cloud partnership
Nationwide Building Society, the world’s largest building society, has expanded its strategic partnership with Broadcom, a designer, developer, and supplier of semiconductor and infrastructure software, as it continues to develop its private cloud infrastructure and integrate Virgin Money into the wider organisation. The agreement will see Nationwide adopt VMware Cloud Foundation as the platform for its private cloud, providing a standardised infrastructure for applications and digital services across the enlarged group. According to the organisations, the platform is intended to support greater resilience, scalability, and operational consistency while meeting the governance and compliance requirements of the UK financial services sector. Paul Walsh, Director of Infrastructure and Service Delivery at Nationwide, says, "Our extended partnership with Broadcom represents a significant step forward in our technology strategy. "As we continue to evolve as a business, including integrating Virgin Money into the group, it is vital that we have a resilient, scalable, and secure technology foundation. "A private cloud built on VMware Cloud Foundation enables us to simplify operations, accelerate innovation, and deliver seamless digital experiences for our members, while maintaining the trust and stability that define the Nationwide brand." A private cloud platform to support integration VMware Cloud Foundation combines compute, storage, networking, management, security, and automation within a single private cloud platform. Nationwide says the technology will provide a common infrastructure for traditional applications, cloud-native workloads, and future artificial intelligence deployments, whilst helping simplify infrastructure management across the organisation. The building society also expects the platform to support long-term operational efficiency and service continuity as it modernises its IT estate. Joe Baguley, EMEA Chief Technology Officer at Broadcom, says, "Nationwide is taking a deliberate and strategic approach to private cloud that balances agility with control and innovation with resilience. "By extending our partnership and adopting VMware Cloud Foundation as a consistent platform across the group, Nationwide will be able to integrate operations more efficiently, accelerate service delivery, and reduce operational complexity, while maintaining the security and governance expected of a leading UK financial services brand."

EUDCA welcomes European cloud and AI plans
The European Data Centre Association (EUDCA) has welcomed the publication of the proposed Cloud and AI Development Act (CADA), introduced by the European Commission as part of its Tech Sovereignty Package. The association says the proposal is an important step towards expanding Europe's compute capacity and creating conditions that support continued investment in digital infrastructure across the EU. According to EUDCA, access to scalable digital infrastructure will play a key role in Europe's ability to compete in artificial intelligence and other emerging technology sectors. The organisation argues that meeting growing demand for AI and cloud services will require further deployment of compute capacity alongside investment in skills and technology adoption. Permitting, investment, and infrastructure EUDCA highlighted several elements of the proposed legislation that it believes could help support future data centre development. These include requirements for EU Member States to develop national cloud and AI strategies, the creation of designated development zones with access to essential resources, and streamlined permitting processes intended to reduce barriers to infrastructure deployment. The association also welcomed proposals for a strategic project designation for data centres, which could help attract investment and support projects that demonstrate strong integration with energy systems and digital infrastructure. In addition, EUDCA noted the proposed alignment between the legislation and the Energy Efficiency Directive, arguing that existing reporting frameworks could help identify projects that meet high environmental and efficiency standards while avoiding additional administrative burdens. Michael Winterson, Secretary General of EUDCA, says, "The Cloud and AI Development Act marks an important step for Europe’s digital infrastructure ambitions. Our industry stands ready to support the growth of Europe’s compute capacity and is committed to contributing to the development of sustainable and resilient data centre capacity in Europe. "This initiative reflects several of the key enabling conditions we have long advocated for, including more efficient permitting, access to resources, and clearer strategic direction. We look forward to engaging with policymakers and Member States to support effective implementation." Calls for further action Whilst welcoming the proposal, EUDCA says several areas will remain important as the legislation progresses. The association is calling for a consistent application of definitions across EU Member States, continued investment in electricity grid infrastructure, measures to address skills shortages, and greater access to sustainable resources, including renewable energy and non-potable water for cooling. EUDCA says these factors will be essential in ensuring that Europe can develop the digital infrastructure required to support future AI growth while meeting sustainability objectives. For more from the EUDCA, click here.

Huawei launches AI data centre infrastructure platform
Chinese multinational technology company Huawei has introduced a new full-stack data infrastructure platform designed for AI data centres and large-scale enterprise AI deployments. The announcement was made during the Huawei Innovative Data Infrastructure (IDI) Forum 2026 on 21 May in Paris, France, where Yuan Yuan, Vice President of Huawei and President of the company’s Data Storage Product Line, outlined the growing role of AI infrastructure in enterprise operations. According to Huawei, increasing adoption of AI agents and AI applications is driving significant growth in enterprise data processing and token consumption, requiring organisations to redesign traditional IT infrastructure around AI workloads. With this in mind, the company says its platform has been developed to support AI data lakes, inference systems, model deployment, agent frameworks, and data resilience. Platform targets large-scale AI workloads Huawei says the infrastructure platform combines storage, data management, model deployment, and AI orchestration technologies intended for enterprise and hyperscale AI environments. The company introduced updates across several areas of its AI infrastructure portfolio, including: • OceanStor Pacific Scale-Out Storage for high-density data storage• DME Omni-Dataverse unified data management platform• Context Memory Storage for AI inference environments• ModelEngine deployment and resource scheduling platform• Nexent AI agent framework• AI-focused data resilience and protection technologies Firstly, Huawei says its OceanStor Pacific storage platform can deliver 11PB of capacity within a 2U chassis, enabling massive data storage at "optimal total cost of ownership" (TCO), while DME Omni-Dataverse is designed to support multimodal and cross-site data management. The company also introduced its Context Memory Storage system, which it says is designed for large-scale inference clusters and can reportedly reduce time to first token by 90%. AI infrastructure evolves beyond compute alone Huawei states that AI infrastructure planning increasingly requires integration between storage, compute, models, and data management systems, rather than focusing solely on GPU capacity. The company says its ModelEngine platform supports model deployment and compute resource scheduling, including partitioning resources across multiple workloads. Huawei also introduced the Nexent agent platform, which is designed to allow AI agents to be generated through natural language interactions. “AI is unlocking new opportunities for the IT industry," says Yuan. "The next chapter of AI is data. "Committed to technological innovation in data storage, Huawei will accumulate the experience of industrial AI adoption and work closely with the entire industry to help customers accelerate their journey into the intelligent era." The company says the platform also includes technologies designed to address AI-related security risks including ransomware, data tampering, and data poisoning attacks. For more from Huawei, click here.

Vultr launches Milan cloud data centre region
Vultr, a privately held cloud infrastructure company, has launched a new cloud data centre region in Milan, expanding its European footprint to nine locations. The Milan site becomes Vultr’s 33rd global cloud data centre region and was announced during AI Week 2026 at Fiera Milano Rho. The company is also participating in the event as a platinum sponsor and co-host of the AI Agent Olympics Hackathon. Vultr says the Milan region will provide access to its AI and cloud infrastructure portfolio, including its VX1 cloud compute platform, bare metal services, and GPU infrastructure based on technologies from NVIDIA and AMD. The company states that the new region is intended to support workloads including AI, SaaS platforms, databases, analytics, ERP applications, microservices, and APIs. Milan joins Vultr’s existing European regions in London, Amsterdam, Frankfurt, Manchester, Madrid, Paris, Stockholm, and Warsaw. Milan expansion targets AI and enterprise demand According to Vultr, the Milan region is designed to provide low-latency connectivity for European users while supporting increasing demand for AI and cloud infrastructure services. The company says its global network is positioned to reach 90% of the world’s population within 2–40 milliseconds. J.J. Kardwell, CEO of Vultr, comments, “Italy is one of Europe's fastest-growing cloud infrastructure markets, and Milan is at the heart of it. Vultr is here because the enterprises and developers driving that growth need high-performance cloud infrastructure without the cost and complexity of the traditional hyperscalers. "This is a long-term investment in Italy and in European AI innovation." Vultr has also connected its Autonomous System Number (ASN) to the Milan Internet Exchange (MIX) to support local traffic routing, lower latency, and increased regional bandwidth capacity. The company says its cloud compute platform supports configurations ranging from two to 192 vCPUs. For more from Vultr, click here.

How to define the right sovereign cloud strategy
In this exclusive article for DCNN, Joe Baguley, CTO EMEA at Broadcom, gives his insight into how a workload-first approach to sovereign cloud, underpinned by data classification, flexible architecture, and strong partnerships, is reshaping European digital competitiveness: Reclaiming control and competitiveness Across Europe, governments and enterprises alike are increasingly recognising that data control holds the keys to innovation. This means a change in attitudes towards cloud sovereignty; it’s no longer seen as a simple compliance factor, but as a top priority for competitiveness and trust. The European Union is taking steps to support this shift, placing greater emphasis on sovereign infrastructure as part of its broader digital strategy. A clear example is the €180 million (£156 million) tender launched by the European Commission through its Cloud III Dynamic Purchasing System, aimed at procuring sovereign cloud services for EU institutions. To ensure cloud sovereignty, the first step is preparation: organisations need a clear understanding of where their data resides, how it moves, and who controls it. Answering these questions requires a clearly defined strategy, one that aligns workloads with the most appropriate cloud environments and establishes effective data governance. Importantly, it has to support the development of flexible cloud architectures capable of meeting regulatory demands while still enabling innovation. Designing cloud strategies around workload needs At the heart of a successful sovereign cloud strategy lies a simple principle: placing the right workload in the right environment. There is no single solution that fits all applications. Enterprises must align each workload with the cloud environment that best meets its compliance, operational, and performance requirements to determine whether it belongs in a public, private, or sovereign cloud. Some applications may thrive in a hyperscaler environment, while others require the control and security of a sovereign setup. This reality has made hybrid cloud strategies the norm. Over the past decade, many organisations initially committed to a single hyperscaler for all workloads only to realise that different applications have different requirements. Today, IT leaders increasingly need to adopt a ‘right workload, right place’ mindset, recognising that some applications may remain on premises, others run optimally in public clouds, and some require sovereign environments for regulatory or operational reasons. This hybrid approach enables organisations to balance innovation with control while avoiding vendor lock-in and making more effective use of the strengths of different cloud ecosystems. Data classification comes first Of course, organisations cannot secure or govern what they do not fully understand. Comprehensive data classification is a critical first step. Misclassified data is a frequent source of compliance risk and over-classification, often a product of risk aversion, which can create extra operational complexity and cost. Many organisations treat all data as highly classified simply to be safe, but this can lead to over-investment in secure infrastructure where it is not needed. Mapping data flows across borders and providers is equally important. Compliance blind spots often appear when data is inadvertently stored or processed in jurisdictions with restrictive data laws. Understanding where sensitive data resides, how it moves, and which regulations apply is essential to reducing risk, demonstrating accountability, and maintaining trust with partners and customers. Retrofitting compliance into existing infrastructure is costly and complex; embedding that understanding into cloud architecture from the outset is far more efficient. Building flexibility into architecture Flexibility is the cornerstone of effective sovereign cloud implementations. Architectures built for interoperability and portability allow workloads to move seamlessly across private, public, and sovereign clouds. This adaptability is vital for risks posed by geopolitical or regulatory change. Hyperscalers cannot always guarantee sovereignty due to extraterritorial legislation such as the US CLOUD Act, which permits government access to data held by American companies abroad. By contrast, working with local cloud operators enables enterprises to maintain jurisdictional control over their data while still leveraging the latest technology. Moreover, working with local cloud operators can provide additional technological sovereignty benefits ranging from the investment to the local ecosystem and industrial base, all the way to addressing supply chain concerns, promoting interoperability, avoiding vendor lock-in, having stronger operational control, and managing dependency concerns. Sovereignty should be viewed not as a constraint, but as a design principle guiding infrastructure, data placement, and application deployment. Organisations that prioritise adaptability can balance regulatory compliance with innovation and long-term strategic growth. Partnerships powering sovereign cloud Partnerships also play a pivotal role. No single vendor or platform can solve sovereignty challenges by themselves and, in the current interconnected supply chain, there does not exist a perfect vertical integration of suppliers within one region. Open source is often presented as a solution to more autonomy. The reality, however, is that open source solutions create questions on code providence, reliability of a solution when deployed at scale, and different dependencies on support. The most successful sovereign cloud environments combine global technology providers, local operators, and trusted EMEA partners (such as evoila and Arvato). This collaborative approach not only strengthens compliance and transparency, but also accelerates innovation by ensuring that governance does not become a barrier to progress. Meanwhile, the presence of a local ecosystem guarantees the ability to operate and support solutions with a high degree of autonomy. As regulatory and geopolitical landscapes evolve, organisations that foster open dialogue across their supply chain and internal teams will be best placed to adapt. Sovereignty is as much about alignment, strategic choices, and accountability as it is about infrastructure. From compliance requirement to strategic asset Sovereign cloud has moved beyond a purely compliance-driven requirement and is increasingly becoming a source of strategic advantage. Organisations that commit to the ‘right workload, right place’ mindset and have clear data classification, flexible architecture, and prioritise interoperability are the ones that will have a competitive advantage. This approach allows organisations to scale globally whilst remaining aligned to regulatory and geopolitical shifts. Sovereignty is an enabler of AI and should be treated as such.

Scaleway selected for EU sovereign cloud framework
French cloud computing provider Scaleway has been selected by the European Commission as one of four cloud providers under the Cloud III Dynamic Purchasing System, a €180 million (£156 million) programme supporting access to sovereign cloud services for EU institutions. The framework, which runs for up to six years, enables EU bodies and agencies to procure cloud services through a pre-approved group of providers. Selection follows an evaluation process based on the European Commission’s Cloud Sovereignty Framework, which assesses legal, operational, and technical criteria. As part of the programme, Scaleway will be eligible to participate in project-specific competitions to deliver cloud services, including for sensitive and critical workloads. Cloud III is managed by the Directorate-General for Digital Services and was introduced in 2025 as the European Commission’s primary framework for cloud procurement. The initiative promotes a multi-cloud model, allowing institutions to select from a limited group of approved providers rather than relying on a single vendor. It is designed to support resilience, continuity, and flexibility across public sector digital infrastructure. The framework also supports deployment of cloud environments for critical systems, alongside fallback capabilities for existing cloud or on-premises infrastructure in the event of disruption. A framework supporting a sovereign and multi-cloud approach A key element is the Cloud Sovereignty Framework, which establishes a consistent set of criteria for assessing cloud providers. This is intended to improve transparency and standardisation in how sovereignty is defined and applied across the European cloud sector. Scaleway operates as a European-owned provider, with infrastructure and operations based within Europe. Its platform is designed to support data localisation and compliance with European regulatory requirements. Damien Lucas, CEO of Scaleway, comments, "At Scaleway, we are committed to contributing to Europe’s digital autonomy, not only through our technology and our alignment with European regulatory frameworks, but also through how we build and invest in our ecosystem. “Today, for every euro spent with Scaleway, around 68 cents are reinvested in the European economy, compared to around 20 cents when relying on international hyperscalers. "Directing investment towards truly European cloud providers helps strengthen local capabilities and ensures that value, expertise, and innovation remain anchored in Europe”. The company notes that the selection reflects an increasing focus across Europe on sovereign cloud infrastructure, as demand grows for secure, compliant platforms to support data and artificial intelligence workloads.

DE-CIX, Ooredoo link Doha IX to Marseille
Internet exchange (IX) operator DE-CIX and Qatari telecommunications company Ooredoo have connected Doha IX to DE-CIX Marseille, expanding international interconnection for networks in Qatar. The link connects Qatar’s first commercial internet exchange with a wider European ecosystem, enabling direct access to networks in Marseille and remote connectivity to those linked via DE-CIX Frankfurt. Doha IX is operated by Ooredoo under the DE-CIX-as-a-Service model and is hosted in one of the company’s data centres. The interconnection is intended to improve access to cloud platforms and digital services not currently available locally. The connection allows networks in Qatar to exchange data directly with almost 120 networks in Marseille, as well as access a broader pool of networks connected through Frankfurt, one of Europe’s largest internet exchanges. This supports lower-latency connectivity and provides additional resilience for cloud and content delivery. It also enables access to major cloud providers through dedicated and private connections, alongside tools designed to support hybrid and multi-cloud environments. Expanding low-latency access to global networks Since its launch in October, Doha IX has developed as a carrier-neutral interconnection hub, supporting local and international data exchange. The platform also offers services including cloud connectivity, IP transit, hosting, and colocation. Ivo Ivanov, CEO of DE-CIX, says, “The direct interconnection between the IXs in Doha and Marseille brings the world closer together. “By providing even better performance and user experience for internet-based content and applications, our collaboration with Ooredoo opens up new opportunities for Qatar’s digital economy. "Enhanced connectivity will further strengthen the digital ecosystem in the GCC, supporting economic growth and innovation while paving the way for the amazing digital decades ahead of us.” Hassan Ismail Al Emadi, Chief Business Officer at Ooredoo Qatar, adds, “The direct interconnection between Doha IX and DE-CIX Marseille represents a strategic expansion of Qatar’s global digital reach. “By linking our national interconnection platform with one of Europe’s leading internet exchange ecosystems, we are enabling differentiated digital performance through lower latency, enhanced resilience, and secure, seamless access to global cloud and content networks. "This collaboration reinforces Qatar’s position as a regional digital gateway and enables enterprises to operate with greater performance, reach, and competitiveness, accelerating digital transformation across Qatar and the wider GCC.” The companies say the development reflects continued investment in interconnection infrastructure to support growing demand for cloud services and international data exchange. For more from DE-CIX, click here.



Translate »