In my previous article, we looked at how the conversations about enterprise cloud have changed over the past 10 years or so. Previously, enterprise IT departments had operated under a “cloud-first” mode and on the whole, the public cloud HAS delivered improved agility, scalability and alleviated the gruelling cycles of physical data centre management for many enterprises. As with everything, this should not be taken as a silver bullet and enterprises must assess the cost/benefit and viability of this model for their particular circumstances – including awareness of the flip side of the coin such as corresponding scaling of ingress/egress charges – but that is a well-trodden topic best saved for another day perhaps.
As we move through 2026, a new norm is emerging in Europe. Regulations such as the EU Data Act and broader digital policy developments, coupled with the fallout from high-profile outages are driving a strategic pivot in European enterprises.
Pressure is mounting alongside ongoing updates to the EU Cloud Services Scheme (EUCS). Currently under consultation, this framework aims to introduce common cybersecurity standards. Crucially, some proposals include strict rules around jurisdictional control and exposure to foreign legal frameworks. These discussions are part of a broader European effort to reduce reliance on non-EU providers for highly sensitive workloads and to address concerns linked to extraterritorial legislation such as the US CLOUD Act.
As explored in the previous article, “Sovereignty vs. The Cloud: Is Your Data Truly European?“, true sovereignty requires a high degree of control. The best way to ensure compliance and business resilience in highly sensitive sectors is the Sovereign Core: an on-premises repatriation strategy where mission-critical, regulated, and sensitive workloads are brought back into a locally controlled, physically secure, and legally insulated environment.
To assure readers, moving back to on-premises does not necessarily mean the return to the dark ages of rigid, manual, legacy infrastructure. To succeed, an on-premises sovereign core must deliver absolute data autonomy without sacrificing the cloud-like simplicity that developers and users demand.
The Hardware Blindspot: The Traditional Architecture Trap
When IT executives look to move workloads back to on-premises, their major concern is falling into the trap of old-school administrative overheads where traditional enterprise storage architectures may have inhibited the very flexibility that made the cloud attractive:
- Rigidity: Traditional storage required administrators to manually provision LUNs, volumes, and RAID groups.
- The “Noisy Neighbour”: Because traditional storage often lacks visibility into hosted workloads, contention between applications can happen. If one VM suddenly experiences a I/O spike, it “steals” bandwidth from its neighbours and degrades performance for all applications within that volume.
- Operational Drag: If a developer requests a new application environment, it takes seconds in the cloud but can take days or weeks on legacy on-premises hardware.
We can conclude that forcing cloud-native workloads back onto legacy, block-level hardware isn’t a solution – it’s an operational bottleneck. To make on-premises repatriation work, the underlying infrastructure must change.
The Illusion of “Sovereign” Public Clouds
In response to the EU regulation shifts, non-EU providers have launched localised partnerships and sovereign variants. Amazon introduced separate European services hosted entirely on the continent, Microsoft rolled out locally controlled ventures like Bleu (via Capgemini and Orange) and Delos Cloud, and Google paired with Thales for the S3NS joint venture.
Although these ventures may tick the boxes from a preliminary legal and governance perspective, they introduce a new layer of complexity:
- Operational Fragmentation: Instead of a single, unified cloud management layer, IT teams will need to manage fragmented silos across distinct “sovereign” and “standard” public cloud environments.
- Tech Stack Dependency: Even when fronted by a European entity, elements of the underlying technology stack may still be developed or maintained by a non-EU parent company. This raises considerations around dependency and resilience, particularly in extreme geopolitical or operational scenarios.
These proxy solutions patch a compliance hole, but they do not always provide full architectural independence.
The Solution: Workload-Aware On-Premises Architecture
To build a viable and robust sovereign core, on-premises infrastructure must speak the same language as your cloud applications. This requires workload-aware infrastructure. These are systems that manage data at the application level such as individual VMs or containers, rather than at the hardware level.
An intelligent on-premises system addresses the sovereignty issue while maintaining cloud-like agility across five key areas:
- Jurisdictional and Physical Control
The latest draft of the EU’s cloud security rules underscores that data residency in a European-based hyperscaler data centre is no longer sufficient for highly sensitive workloads. If a foreign entity holds the keys, the data remains exposed.
Keeping data within your own physical data centre increases control over infrastructure, network paths, and encryption keys. While this does not eliminate all legal exposure, it can significantly reduce reliance on external providers and improve governance clarity.
- Autonomous Performance Optimisation
Workload-aware architecture isolates every individual VM or container into its own dedicated, automated I/O lane. This completely eliminates any “noisy neighbour” issues. Mixed workloads such as intense SQL databases to rapid development environments can coexist on-premises seamlessly without storage administrators having to manually tune policies.
- Alignment with Sovereign Qualification Criteria
The regulations place heavy emphasis on sovereign qualification criteria, and in some cases, they also consider jurisdictional control and resilience.
Deploying an on-premises footprint satisfies these procurement rules from the start. By operating on a platform built for architectural transparency, European requirements for technological autonomy and security can be met from the outset.
- Hyper-Granular Data Protection & Interoperability
The EU Data Act mandates seamless data switching and robust interoperability. Legacy systems make this impossible by forcing you to take massive, clumsy snapshots of entire storage volumes.
In comparison, an intelligent on-premises core allows you to execute space-efficient, native snapshots and single-click recoveries down to the level of single VMs or containers. This allows precision and rapid recovery capabilities required.
- Financial Predictability
As alluded to earlier in this article, unprepared public cloud adopters may find themselves presented with unexpected ingress/egress charges, fluctuating resource pricing, and hidden API call costs.
Bringing steady-state, highly regulated workloads back on-premises delivers predictable cost certainty and controls. With QoS and predictive analytics, an on-premises sovereign core allows enterprises to project infrastructure costs accurately up to 18 months in the future, eliminating both compliance anxiety and cloud-spend surprises.
In short, data sovereignty should not be a compliance task managed by the legal department. With the advent of the EU Cloud Certification Scheme guidelines, data sovereignty is a strategic requirement for risk management and operational resilience.
The (Tintri) Path Forward
The direction is clear: European enterprises must reclaim digital autonomy, and the most secure place to do that is on-premises. Joint-venture public clouds may satisfy a baseline compliance audit, but they may also bring with it added operational complexity and structural dependency.
For organisations exploring a sovereign core strategy, the challenge lies in modernising on-premises infrastructure without reintroducing legacy operational burdens.
This is where platforms such as Tintri VMstore can play a role. By deploying workload-aware systems in private data centres, organisations can build an on-premises sovereign core that supports both regulatory and operational requirements. By operating at the application level rather than the traditional block layer, these platforms simplify infrastructure management and provide visibility aligned to workloads.
This approach enables organisations to achieve greater control and predictability within their own environments, while maintaining the usability and responsiveness that modern teams expect. Rather than replacing cloud entirely, it supports a more balanced model in which sensitive workloads can be retained on-premises, alongside cloud services, within an architecture designed for today’s operational demands.
###
Sources
- European Parliament and Council (2023). Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act).
European Commission Digital Strategy Policy on the Data Act
- European Union Cybersecurity Certification Scheme for Cloud Services (EUCS).
ENISA – European Cloud Cybersecurity Certification Scheme
- The Digital Operational Resilience Act (DORA) – Regulation (EU) 2022/2554.
- European Banking Authority (EBA) Designated Critical ICT Providers List
- Bauer, M., & Pandya, D. (2026). Cloud resilience and security: Why exit, portability, and lifecycle design matter. European Centre for International Political Economy (ECIPE) Policy Brief, No. 03/2026.
EconStor Open Access Repository
- Martens, B. (2026). The European Union needs more than the digital omnibus to make digital services competitive.
- Stark, J. (2026). Sovereign 2.0: Control-Plane Sovereignty for Cloud Systems Under Disruption. arXiv preprint arXiv:2604.14242.
arXiv Cornell University Library
- Paseri, L. (2024). Unpacking B2G data sharing mechanism under the EU Data Act. BioLaw Journal, 1(3).
