Should public clouds enforce government policies?

In the world of cloud computing, trust is everything. Businesses migrate to the cloud because they expect reliability, scalability, and uninterrupted operations, regardless of their location or external pressures that may arise. But what happens when these foundational expectations are jeopardized? Recent events involving Microsoft and Nayara Energy suggest that trust in public cloud providers is being eroded, especially among businesses operating outside the United States, and driving a growing movement toward sovereign and private cloud solutions.

Microsoft collides with geopolitics

The recent dispute began on July 18, 2025, when the European Union (EU) announced a fresh round of sanctions targeting Russia to exert economic pressure related to the war in Ukraine. In the fine print of the EU sanctions, Nayara Energy (a major oil refinery in India) was flagged due to its 49% ownership by Russia’s state oil company, Rosneft. The EU accused Nayara of contributing revenue to the Russian government and, as a result, made it subject to sanctions.

Shortly after the announcement, U.S.-based Microsoft took action by suspending Nayara Energy’s access to its Teams and Outlook services. Essentially, Microsoft acted as an enforcer of the EU sanctions, cutting off a customer from cloud services it had paid for. From Microsoft’s perspective, this action might have seemed unavoidable—if it didn’t comply with the EU’s sanctions, the company could face legal or financial repercussions. But from Nayara Energy’s view, this was nothing short of a unilateral disruption of its business activities by a foreign entity.

In response, Nayara took its case to court in India, seeking to restore services under the terms of its Microsoft Business and Service Agreement. Microsoft eventually relented, reinstating the services within two days. However, the damage was done—both operationally and reputationally. Reports indicate that Nayara has since signed with Rediff, an Indian provider offering business-grade cloud email services. This sudden shift to a local cloud provider shows how quickly companies can pivot.

Does public cloud have a trust problem?

The Microsoft-Nayara Energy incident underscores a broader issue in the global cloud market: Customers increasingly perceive public cloud providers as extensions of governments rather than neutral platforms. It’s not the first time such concerns have surfaced. For example, the U.S. CLOUD (Clarifying Lawful Overseas Use of Data) Act allows American authorities to compel cloud providers such as Microsoft, Google, and AWS to hand over data stored on their servers—even if that data is located outside the United States. This has prompted many companies, especially those outside U.S. jurisdictions, to reconsider their dependence on these providers.

Microsoft and other hyperscalers may assert that they are simply following the laws of the countries in which they operate, but this argument holds little weight for customers. The possibility that a public cloud provider might abruptly sever ties, shut down services, or hand over sensitive data is enough to warrant reevaluating cloud strategy. When a cloud provider becomes a liability—be it through unhindered government influence, data sovereignty issues, or the threat of sanctions—a company’s first instinct is to minimize or eliminate the risk.

The appeal of sovereign and private clouds

For years, governments and businesses around the world have been quietly working toward greater cloud independence. The EU itself has invested heavily in developing sovereign clouds. These clouds are designed to meet local compliance standards, operate under local laws, and avoid risks linked to reliance on global tech giants. Initiatives like the Gaia-X project reflect Europe’s goal to create cloud platforms that protect data sovereignty and shield customers from foreign influence.

The irony is hard to ignore: The EU’s sanctions, intended to protect Ukraine’s sovereignty, unintentionally created a problem for India’s sovereignty. By allowing hyperscalers like Microsoft to enforce its rules, the EU unintentionally increased the global demand for sovereign or private cloud providers to prevent this exact problem in the future.

Further complicating matters is the resurgence of private clouds. While public clouds gained popularity due to their cost efficiency and flexibility, private clouds now offer an attractive alternative for companies seeking to retain greater control over their infrastructure. Hybrid cloud approaches—blending private, on-premises resources with public cloud services for non-critical workloads—are becoming increasingly common as businesses seek to balance innovation with control and security.

Who’s to blame?

It’s easy to point fingers at public cloud providers like Microsoft, but the reality is more nuanced. Governments around the world use sanctions and legal frameworks to pressure companies into compliance. Hyperscalers that operate across multiple jurisdictions often find themselves caught in the crossfire.

But businesses are unlikely to sympathize. For most organizations, the bottom line is what matters most. When their operations are disrupted, their data becomes inaccessible, or their services are shut down—regardless of the cause—trust in the provider declines or disappears. Public cloud providers may be seen as tools that serve their home nations’ interests rather than neutral, global platforms.

Migration toward sovereign and private cloud solutions is not just a reactionary response to isolated incidents; it’s a strategic movement. Businesses are realizing that the risks of relying on global public cloud providers are not just theoretical. Nayara Energy is part of a growing list of companies reconsidering their cloud strategies and opting for providers that offer more autonomy and fewer geopolitical complications.

Public cloud providers, especially those based in the United States, may find themselves increasingly on the defensive. To rebuild customer trust, they would need to take real steps to ensure service continuity and neutrality amid government mandates. However, such assurances seem unlikely to emerge in today’s geopolitical climate. This creates a ripple effect in global markets, as businesses increasingly interpret their reliance on large public cloud providers as a risk rather than an asset. The trend toward sovereign clouds and private alternatives is rooted in companies’ desire for greater control over their critical infrastructure.