No video selected
Select a video type in the sidebar.
Choosing the right cloud strategy is a balancing act for Nordic businesses today. In a world of geopolitical tensions, new EU regulations and rapid technological developments, innovation must be balanced with compliance and digital sovereignty. So how do you drive innovation without compromising security, compliance and digital sovereignty? In this article, Ivers CTO Mattias Persson shares how organisations can navigate an increasingly complex landscape.
Technology decisions have increasingly become strategic business choices. Rapid technological advancement—combined with tighter regulations and a more uncertain external environment—is forcing companies and public authorities to navigate complex trade-offs.
“We see a strong ambition to leverage the capabilities of global cloud providers, while at the same time a growing awareness of the risks associated with losing control over data and governance,” says Mattias Persson.
For many organisations, cloud strategy has therefore evolved into a question of speed, risk management, and long-term strategic flexibility.
The Nordic region is characterised by pragmatism
Compared to many other European countries, the Nordic region is characterized by a more pragmatic approach to cloud computing. While countries such as France and Germany tend to focus more on national and political cloud models, Nordic companies often opt for hybrid solutions that combine global hyperscalers with European platforms to meet regulatory requirements without slowing down development.
However, this more flexible approach has different impacts depending on the industry.
"The differences are clearly visible across sectors. "Finance and the public sector often move more slowly due to regulations, supervision, and data locality requirements, while tech and industrial companies are more able to make quick decisions," explains Mattias Persson.
At the same time, interest in European suppliers has increased significantly, not least due to the security situation and increased demands for digital sovereignty.
"The issue has become more concrete. It is no longer just about technology choice, but about control over critical infrastructure."
There is also a clear shift at the political level.
"Sweden is now talking more openly about the need for its own solutions that meet sovereignty requirements, rather than waiting for the EU. This affects companies' strategies and priorities."
Regulatory framework shapes business strategy
Cloud choices today are largely driven by political and regulatory factors. Issues of sovereignty, competitiveness, and supplier dependence have become increasingly central to decision-making processes. At the same time, rising costs in public clouds have led more organisations to explore open source solutions and European alternatives.
Three EU regulations have a particularly strong impact on cloud strategies: NIS2, which focuses on supply chain security, DORA, which regulates risk management in the financial sector, and EUCS, the upcoming certification of cloud services.
"It is often at the intersection of EU rules, national legislation, and companies' risk appetite that the crucial decisions are made," says Mattias Persson.
Interpretations also differ between countries. Sweden focuses on GDPR and the principle of public access to official records, Denmark on supplier dependencies within NIS2, and Finland on the AI Act and risk management.
"This means that companies need to build architectures that can handle change over time. It is not enough to choose a platform - the architecture must be adaptable when regulations or practices change."
Parallel strategies create flexibility
A clear trend is that more and more organisations are building parallel cloud strategies. It's not about leaving global providers, but about complementing them with alternative solutions.
"Many organisations are now building a well-thought-out Plan B, where they secure control over data, keys and the operating environment," says Mattias Persson.
In practice, this often means that hyperscalers are used for AI, analysis, and development, while sensitive information is placed in EU-based infrastructure. In parallel, many are introducing their own governance layers for identity, security, and access.
"We are also seeing more organisations working with AI guardrails to use advanced models without losing control of their data."
The aim is to create choice and resilience, so that the business can adapt when regulations, prices, or contract terms change.
A robust strategy requires a Plan B
Based on his work with Nordic organisations, Mattias Persson highlights three basic principles for a sustainable cloud strategy:
- Flexibility - avoid unnecessary lock-in to individual suppliers
- Control - ensure ownership of data, identities, and governance
- Exitability - plan for change from the start
"The most vulnerable strategies lack preparedness for regulatory change. A robust cloud strategy, therefore, requires both technical and legal planning. The organisations that succeed are those that combine innovation with clear governance," he concludes.
Want to know more about how Iver can support organisations in creating a robust cloud strategy? Read more about hybrid clouds and take a closer look at our European cloud option Compliant Cloud
.png?width=180&height=180&name=Speech%20bubble%20(1).png)
