The cloud-first movement was the right call. The hyperscalers offered a step-change in what engineering teams could build without massive upfront investment, and that value hasn't gone away. AWS, Azure, and GCP aren't going anywhere.
But the more interesting question isn't "should we be in the cloud?" That debate is over. The question gaining ground among forward-thinking organisations is: does every workload belong with the same provider, on the same terms, forever? Increasingly, the honest answer is: probably not.
The future isn't cloud or no cloud. It's hybrid — hyperscalers where they genuinely win, alternatives where the ROI and risk make sense. The organisations that navigate that well will be the ones who built the right foundations before the question became urgent.
Two Forces Driving the Shift — Especially in EMEA
In the US, several high-profile engineering teams have already repatriated workloads and written publicly about why. Cost is the headline driver — hyperscaler bills at scale are harder to optimise than the early sales pitch implied. But in EMEA, there's a second force that's arguably more structural: data sovereignty.
The US CLOUD Act allows US law enforcement to compel American-headquartered companies to hand over data regardless of where it physically sits. Frankfurt, Dublin, Stockholm — if the infrastructure has a US parent, US law can reach it. Microsoft told French lawmakers directly that they cannot guarantee EU data is protected from US government access, even in EU data centres. That's a significant statement for any regulated organisation. Layer on top of that GDPR's evolving transfer mechanisms, DORA for financial services, NIS2 for critical infrastructure, and the EU AI Act — which introduces infrastructure obligations that are architectural, not just legal — and the compliance picture is materially more complex than it was three years ago.
For UK organisations: post-Brexit doesn't mean outside EU jurisdiction. If you process EU residents' data or sell AI-enabled services into the EU market, EU law still applies to you — on top of UK GDPR at home. For many organisations, the regulatory complexity doubled, not diminished.
Cost makes finance ask the question. Sovereignty makes legal demand an answer. Together, they're putting cloud infrastructure decisions on the executive agenda in a way they haven't been before.
The Lock-In Nobody Talks About
Most organisations that went cloud-first built platforms tightly coupled to their hyperscaler of choice — not out of negligence, but out of entirely rational decisions to move fast. The cumulative effect is a platform that only runs in one place, operated by engineers whose infrastructure intuition is shaped by one provider's abstractions.
When the hybrid question arises — driven by cost, regulation, or simply the right workload meeting the right alternative — these organisations discover their optionality is theoretical. What should be an architectural decision becomes a multi-year programme. That inertia means most organisations don't move, even when the numbers say they should.
The most durable form of cloud lock-in isn't contractual. It's the capability gap between the platform you have and the ability to run anything alongside it.
Build the Platform Now. Decide Later.
The answer isn't to avoid managed services or build speculatively for a future that may not arrive. It's to invest in platform engineering fundamentals — portable pipelines, infrastructure abstraction, genuine operational capability — that deliver value against your current stack today, and quietly build optionality for tomorrow.
When a workload arises that clearly belongs somewhere else — a regulated data domain, a steady-state process with punishing egress costs, an acquisition on different infrastructure — organisations with solid platform engineering foundations can evaluate that honestly and move. Organisations without them already know the answer before the conversation finishes.
You don't need to predict where your workloads will run in five years. You need a platform that gives you the freedom to put them where they belong when the time comes.
Where to Start
If you're not sure how mature your platform engineering capability actually is — as opposed to how mature it feels from the inside — that's exactly the question our Platform Engineering Maturity Assessment is designed to answer. A focused engagement, a clear picture, a prioritised roadmap.
If this conversation resonates, it's worth a chat.
Found this useful?
Share it on LinkedIn, or get in touch if you'd like to talk through your platform engineering strategy — that's what we're here for.