Gartner analyst says true sovereign cloud is impossible outside US and China

Sovereign cloud has become one of the most talked-about concepts in enterprise technology over the past few years. Governments reference it in policy documents. Cloud vendors build entire product lines around it. Yet according to a Gartner VP analyst speaking in Sydney this week, most of what passes for sovereign cloud today is something considerably less than the name suggests.

Douglas Toombs, presenting at Gartner’s IT Infrastructure, Operations and Cloud Strategies Conference, made the case plainly. Only the United States and China currently manufacture all the technology components necessary to build a genuinely sovereign cloud. Every other country, regardless of its ambitions or regulations, remains dependent on technology produced elsewhere. That dependency, Toombs argued, makes complete sovereignty structurally unavailable to most of the world.

Even solutions specifically marketed as sovereign, including on-premises deployments like AWS Outposts, Azure Local, and Oracle’s Dedicated Cloud Regions, still require regular communication back to their parent infrastructure. As Toombs put it, they all need to phone home. The American corporate ownership sitting behind those products also creates legal exposure that no product configuration can fully neutralize.

Toombs pointed to France’s sovereign cloud efforts as a cautionary reference, citing the Andromeda, Numergy, and Gaia-X projects as initiatives that generated substantial documentation but delivered limited practical outcomes. He also drew on Boston Consulting Group’s Rule of Three and Four to argue that the cloud market has effectively stabilized around AWS, Google, and Microsoft, leaving limited room for meaningful challengers to emerge at scale.

Adrian Wong, a Gartner Director Analyst who also addressed the Sydney conference, approached the consequences from a different angle. Heightened geopolitical tensions are already pushing European organizations to reconsider their relationships with US-based cloud providers, and Wong considers that reassessment overdue. His concern, however, is that most organizations have never built a serious exit strategy in the first place.

Wong warned that exiting a major cloud provider within less than two years demands significant planning and investment, and that most organizations have quietly ignored that preparation entirely. He described cloud exit planning as something largely swept under the rug, with users deeply locked in, particularly those relying on cloud-native services or platform-as-a-service products.

His broader message was direct: multi-cloud adoption does not automatically improve resilience, and assuming otherwise without first solving application portability creates a false sense of security that geopolitical shifts can expose very quickly.