Clouded judgement: Resilience, risk and the rise of repatriation

When Amazon Web Services (AWS) launched its cloud services in 2006, it offered a utopian computing vision of agility, cost-efficiency and freedom from clunky legacy IT. Google with its Cloud Platform (GCP) and Microsoft with Azure weren’t far behind. But as artificial intelligence (AI) ramps up demand on infrastructure, and governments crack down on data sovereignty, that utopian vision doesn’t quite look so utopian.

Cloud repatriation and digital sovereignty, once the concern of fringe sysadmins and European Union (EU) policy nerds, are now the quiet buzzwords of boardrooms and procurement teams. This is not just about where the data lives. It’s about who controls it, who profits from it, and who answers when something goes wrong. And in a world where compute power is increasingly the fuel of geopolitical and economic strength, those questions are starting to feel a little more pressing.

Research commissioned by Civo, surveying more than 1,000 UK IT decision-makers, reveals the depth of this shift. According to the study, 84% of respondents are concerned that geopolitical developments could threaten their ability to access and control data. Over 60% believe the UK government should stop purchasing cloud services from US providers in response to escalating tariffs, and 45% are actively considering repatriating data from US platforms.

While the findings reflect growing concern, they also highlight a strategic shift, with 78% of leaders now considering digital sovereignty when selecting tech partners, and 68% saying they will only adopt AI services where they have full certainty over data ownership. For some, the answer is to take back control. Cloud repatriation is gaining some traction, at least in terms of mindset, but as yet, this is not translating into a mass exodus from the hyperscalers. 

And yet, calls for digital sovereignty are getting louder. In Europe, the Euro-Stack open letter has reignited the debate, urging policymakers to champion a competitive, sovereign digital infrastructure. But while politics might be a trigger, the key question is not whether businesses are abandoning cloud (most aren’t) but whether the balance of cloud usage is changing, driven as much by cost as performance needs and rising regulatory risks.

This came to a head recently with the US administration’s tariff campaign. According to Mark Boost, CEO of UK-based cloud provider Civo, since the announcement of new US tariffs, there has been “a definite shift in attitudes, almost overnight”. He says concerns about reliance on US hyperscalers have intensified, with people starting to think about de-risking from US-dominated cloud providers.

It’s a view supported by Francesco Bonfiglio, CEO of sovereign cloud provider Dynamo Cloud and former head of Gaia-X, a European initiative aimed at creating a federated and secure data infrastructure. Bonfiglio believes the trend is real, if not yet widespread.

“Repatriation is a strong sign of a willingness by businesses to regain control of the critical infrastructure of the business,” he says. In his view, between 20% and 30% of large companies are already taking active steps, repatriating workloads into on-premise or self-managed environments, building their own datacentres, or relying on colocation models outside of public cloud.

“Not because they want to go back to the past,” adds Bonfiglio, “but because there is no other way to control the data.”

Making moves 

There is certainly evidence of this. Writing on LinkedIn, Luiz Gondim, vice-president and CIO at Johnson & Johnson, points to examples where companies have moved critical workloads away from hyperscalers to realise significant savings and performance gains.

Twitter, now X, managed to reduce its cloud costs by 60% after repatriating workloads to its own datacentres. Dropbox transitioned away from AWS, saving $75m over two years while improving operational performance. Similarly, 37signals, the parent company of Basecamp, slashed its cloud expenses by 81% by investing in bare-metal infrastructure, achieving a return on investment within months.

Cloud repatriation is gaining some traction, but as yet, this is not translating into a mass exodus from the hyperscalers

Other companies, such as Discord and Snapchat, have taken a hybrid approach, migrating predictable workloads back on-premise while maintaining elastic operations in the cloud.

Reflecting on these moves, Gondim notes that cloud repatriation “isn’t a one-size-fits-all solution, but for companies with predictable workloads, high costs and strong technical expertise, it can be transformative”.

While many businesses are experimenting with hybrid approaches to manage costs and performance, some have made the full leap back to owned infrastructure. LinkPool, a blockchain-focused company, initially adopted a multicloud strategy across AWS, GCP, OVHcloud and Hetzner to control costs. However, rising expenses and the limitations of public cloud providers for compute- and memory-intensive workloads led the business to reconsider.

“Despite access to cloud cost-optimisation teams, there was limited room to reduce expenses,” says Jonny Huxtable, CEO of LinkPool. After assessing bare-metal and colocation options, LinkPool decided to move fully to Pulsant’s colocation service. The company claims the move achieved a 90% to 95% cost reduction alongside major performance improvements and enhanced disaster recovery capabilities.

Huxtable explains that, beyond cost savings, the transition aligned with the company’s decentralisation values fundamental to the blockchain industry.

“Owning and managing our infrastructure makes us uniquely positioned to collaborate with networks and projects that value true decentralisation,” he says.

LinkPool’s experience shows that full cloud repatriation can deliver transformative benefits, particularly for organisations with the technical expertise to build and manage tailored infrastructure. However, it also underlines a key point that repatriation success often depends on specific needs, workload predictability and internal capabilities. Not every business will find it the right path.

Harder than it looks

Despite some compelling examples, Dario Maisto, senior analyst at Forrester, says cloud repatriation remains an exception rather than the rule. According to Forrester’s 2024 Cloud Survey, 32.62% of public cloud-hosted applications are being repatriated, though predominantly at the level of specific workloads rather than entire environments. Performance improvement is the leading reason cited for these moves, with security concerns following behind.

Maisto points out that repatriation is technically and strategically difficult, and the benefits often do not outweigh the considerable resources required. Most organisations continue to prioritise access to innovation and advanced capabilities over pure cost optimisation.

He stresses that “the pendulum is not swinging back to on-premise”, and that private cloud, hybrid cloud and sovereign public cloud solutions are emerging as more practical alternatives for companies wary of full repatriation.

Boost acknowledges that while cloud repatriation or diversification is technically challenging, it is often perceived as harder than it truly is.

“The fear of migration is part of the lock-in strategy,” he explains. “The reality is, it’s not as bad as people fear. It needs careful planning, but automation and AI are making it easier every day.”

Boost also points to Civo’s work with Stackgen to help automate cloud-to-cloud migrations, suggesting that technological advances could lower the barriers even further.

Risks and regulation 

Thomas Robinson, chief operating officer at Domino Data Lab, highlights emerging concerns among CIOs about cloud concentration risk. From a short-term perspective, CIOs are under increasing pressure to manage rising costs and ensure operational resiliency. These costs and risks can be exacerbated by committing heavily to a single cloud supplier.

Strategically, Robinson notes that CIOs are also considering lock-in risk from the perspectives of talent availability, technological flexibility and regulatory compliance.

Regulators, particularly in Europe, are intensifying scrutiny of data monopolies in the cloud, driven by privacy and operational risk concerns, and spurred by initiatives such as the Digital Operational Resilience Act (DORA) and the Cloud Act. Robinson warns that if regulation ensues, cloud costs could skyrocket. Consequently, forward-thinking enterprises are embracing flexible technology and talent strategies that emphasise hybrid and multicloud models to preserve strategic optionality.

“We see leading enterprises embracing hybrid and multicloud strategies, not solely to cut costs, but to ensure agility, resilience and control in an increasingly complex technology and regulatory landscape,” he says.

Rather than mass repatriation, this appears to be a growing trend – something supported by Forrester’s report last year – where multicloud complexity is increasingly the necessary evil of operating in a post-Covid, public cloud-committed, and cost- and sovereignty-conscious world. If companies are expanding their use of hybrid models enabled by technologies such as Nutanix, VMware Cloud Foundation, IBM and HPE GreenLake, there are, in parallel, sovereign cloud alternatives that are gaining momentum, such as France’s Cloud de Confiance model.

“It’s now becoming more about the workload I’m running,” says Boost, adding that factors such as sovereignty, compliance, performance and AI latency are increasingly driving businesses to rethink where and how their computing takes place. Of course, industries with more agility are moving first, while highly regulated sectors like financial services are showing growing interest but moving more cautiously.

Hyperscalers are also trying to adapt, particularly in response to shifting regulatory expectations around data sovereignty in Europe and the UK. Google, AWS and Microsoft have all introduced sovereign cloud offerings tailored to EU standards, such as air-gapped regions, enhanced data control and localisation features. 

Public scrutiny

In spite of the roll-out of sovereign clouds from the major public cloud providers, the Competition and Markets Authority’s (CMA) January 2025 provisional decision report on the cloud services market (updated in April) flagged significant competition concerns, particularly for public sector organisations in health, education and central government.

We’re not seeing a full retreat from cloud, just a smarter approach to managing it. Resilience, not reversal, is the real enterprise cloud trend

It found that hyperscaler dominance, especially by Amazon and Microsoft, limited the ability of these organisations to adopt multicloud strategies or negotiate fair terms. Proposed remedies included mandatory interoperability, restrictions on anti-competitive software bundling, and potentially even structural changes to improve market access.

The CMA also suggested that stronger regulatory oversight may be needed to protect UK public services. These developments reinforce a broader trend that public sector bodies are increasingly factoring sovereignty, resilience and risk mitigation into cloud procurement strategies, even if full repatriation remains out of reach.

Boost is understandably critical of the current UK public sector cloud strategy, noting that recent government advice continues to favour foreign providers, despite rising concerns about national sovereignty and resilience. He argues that “the government should be setting an example by championing home-grown innovation” and warns that “we are in danger of giving away another critical industry at precisely the wrong moment”.

In reality, cloud repatriation is part of a broader evolution rather than a wholesale reversal. Some specific workloads, especially those tied to AI inference, sensitive data, or predictable performance demands, are indeed returning home. But wholesale abandonment of the public cloud remains rare.

The true enterprise cloud trend for 2025 and beyond is about resilience. Hybrid strategies, sovereign infrastructure options, and strategic flexibility are becoming essential components of future-proofed IT environments designed to weather a shifting technological and regulatory landscape.

As Domino Data Lab’s Robinson neatly summarises, “we’re not seeing a full retreat from cloud, just a smarter approach to managing it. Resilience, not reversal, is the real enterprise cloud trend”.