Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
More UK organisations are treating cloud location as a governance risk decision, because incidents and audits expose questions around jurisdiction, access and evidence. Recent research found that 87% of respondents plan to partially or fully move workloads away from the public cloud over the next two years, with 54% considering private cloud, 38% exploring greater reliance on their own data centres, and 36% assessing colocation.
While those figures should be treated as a directional indicator rather than a market census, they align with a wider move towards localisation as geopolitics and jurisdictional exposure become bigger inputs to cloud decisions. Gartner has reported that 61% of CIOs and IT leaders in Western Europe plan to increase reliance on local cloud providers, which matches what many UK IT teams are already seeing in procurement language and internal policy updates.
Here, Mark Lewis, Chief Marketing Officer at Pulsant, offers his insights.
Why cloud strategies are being rewritten
The driver is often described as “sovereignty”, but the operational triggers are more specific than a general desire to keep data close to home. When risk and legal teams look at a workload, they care about which jurisdictions can apply, who can administer services, which support chains are involved, and how incident response works when access is needed at speed.
Those concerns are showing up in formal strategy resets, with research stating that 68% of UK respondents have changed their cloud strategies and that geopolitical risk is driving closer scrutiny of how data is stored, processed, accessed and secured.
Where UK GDPR forces clarity
A large part of the discomfort comes down to jurisdictional exposure and the practical realities of administration in global platforms. UK GDPR does not prevent organisations from using global providers, yet it does require a clear view of whether data is being transferred outside the UK, including cases where it is accessed from abroad as part of delivery, support, or incident handling. The ICO’s guidance on international transfers and restricted transfers is useful here because it pushes teams to map where access and processing happens, and which overseas parties can receive or access personal data.
Cost still matters, but it is rarely the only trigger
Cost is also present in many repatriation conversations, although it rarely stands alone. A cloud estate that grew quickly can leave teams paying for storage sprawl, duplicated environments, data egress, and services that were never properly retired, and those costs become harder to justify when boards also want stronger jurisdictional control. Kyndryl’s findings reported by Computer Weekly include that 62% of organisations invested heavily in cloud early on and later reverted some workloads to on-premise, which helps explain why “bringing data home” is appearing as a corrective step in mature estates.
Mark Lewis, Chief Marketing Officer at Pulsant, says: “What we hear from UK IT teams is that repatriation is rarely a blanket move, because cloud still delivers real value for the right workloads. The pressure comes when teams cannot explain, in plain terms, which country’s rules apply, who can access systems during incidents, and how that access is controlled and logged. When those answers are weak, the default response is to reduce exposure.”
Not leaving cloud, tightening control
This is also why the phrase “cloud repatriation” can mislead, because most organisations are not abandoning cloud consumption. The more common pattern is a tighter split between workloads that benefit from elastic services and global platforms, and workloads where the organisation needs stronger evidence of control, predictable performance, or simpler assurance.
In that model, sensitive datasets and control-heavy components move to environments where location, access and operational responsibility are easier to define, while cloud services remain in use through governed connectivity and clearer boundaries.
The UK policy context is reinforcing domestic hosting
The UK policy context is reinforcing the focus on domestic infrastructure, which makes the “bring it home” narrative easier to defend internally. UK data centres were designated as Critical National Infrastructure in 2024, reflecting the extent to which data centre resilience is now treated as part of national economic security.
The market response suggests sovereignty requirements are moving into mainstream procurement, with organisations looking for hosting models that keep data and processing domestic and can be evidenced in assurance reviews and incident response planning.
Why UK-sovereign colocation is a practical control point
A colocation facility in the UK supports physical hosting within UK borders, while giving organisations the option to implement their own security and access controls, manage hardware and key material, and set clear operational boundaries around incident processes and privileged access. The value lies in how easily those boundaries can be documented and audited, particularly when internal policy requires confidence in where systems are hosted and who can administer them.
“Sovereignty clauses in contracts tend to be written broadly, then tested during onboarding and audit when teams get into the detail,” says Mark Lewis. “The questions that decide the outcome are usually about privileged access, support delivery, subcontractors, and what changes during incident response. When organisations anchor sensitive workloads in UK colocation, they can define those access routes more tightly and keep the evidence trail cleaner, then connect into cloud services that meet the same requirements.”
What holds up when decisions are tested
A repatriation programme that reduces sovereignty risk depends on evidence, not intent, because auditors and customers will test claims during incidents and supplier changes. The organisations that handle this cleanly tend to reduce the number of environments that hold sensitive data, maintain a clear map of access routes and administrative roles, and document how recovery processes work in practice. Those steps can be applied in any hosting model, yet they are often easier to execute and evidence when critical components sit in a UK-controlled environment with clearly defined access and operational ownership.
As cloud strategies mature, “bringing data home” is becoming less about nostalgia for on-premises infrastructure and more about governance reality, because boards want the organisation to demonstrate control under pressure. UK-sovereign colocation provides one of the clearer routes for organisations that need location certainty, auditable control, and the ability to integrate cloud services through governed connectivity, while keeping the operating model defensible when it is examined in detail.
