Cloud

Together, we build a sovereign cloud foundation: compliant, resilient, and future-proof

Cloud is no longer a technical choice, but the foundation of modern business: it shapes how organisations innovate, compete, and protect what matters. European regulation on data and AI is tightening, AI is becoming a core capability, and geopolitics is changing where and how data is stored, processed and secured.

We can help you by connecting your cloud strategy, risk & compliance, and execution.

Cloud sovereignty

Cloud sovereignty is about who actually controls your data, technology, and decision-making — and whether that control has been deliberately designed or silently assumed. Many organisations discover their sovereignty position is weaker than they thought: AI strategies are built without sovereignty constraints, identity governance cannot keep pace with autonomous AI agents, and outsourcing partners still hold privileged access that predates sovereignty ever reaching the boardroom agenda. In the Netherlands, where regulatory oversight plays a significant role, sovereignty is not a compliance issue but a strategic leadership choice — about autonomy, continuity, and the ability to accelerate responsibly with cloud and AI.

Cloud technology and AI are growing together

Choosing your cloud strategy isn't just a simple yes or no. It's about understanding the level of control you need. For every task and at each level—data, operations, and software—you need to consider two key risks: Can you keep your independence and continuity despite geopolitical, legal, or commercial challenges? And is your data safe from unwanted access, whether from foreign laws or privileged accounts? Many organisations, therefore, choose a hybrid or multi-cloud strategy. This approach allows for maximum innovation where feasible and specific protective measures where needed, with clear decisions on acceptable dependencies and trade-offs.

In the Netherlands and the EU, cloud data is subject to requirements around privacy, security, governance, and demonstrability. Which rules apply depends on the type of data and your sector. GDPR applies to personal data. Additionally, there are obligations around cybersecurity and operational resilience — such as NIS2 and, in the financial sector, DORA. What matters is not only being technically secure, but being able to demonstrate how data is processed, where it resides and how you manage risks and vendor dependencies. In the Netherlands, DNB and AFM supervise how organisations translate these obligations into governance, controls, and demonstrability — particularly when critical processes and data are hosted with cloud service providers.

While many organisations focus on selecting the right cloud provider, the real dependency often lies in existing outsourcing arrangements. Here, control over infrastructure, identities, and security might have been handed over earlier. This dependency is more about governance and contracts than technology. Providers often manage access, security controls, and keys, while contracts may not align with today’s threat landscape. This makes switching providers more challenging than expected.The key question isn't just about your ability to migrate, but whether you have the control to do so—technically, operationally, and contractually. The ability to switch isn't the starting point; it's the ultimate test of sovereignty. This requires a wider view: evaluate not only your cloud options but also your outsourcing relationships using the same sovereignty principles—from identity and key management to governance and exit strategies.

The sovereignty paradox laying in your drawer for a decade

Where is your organisation on its cloud journey?

Many organisations are using the cloud, yet many haven't unlocked its full potential. Often, applications are moved one-to-one— known as 'lift and shift'—which can keep costs high and stifle innovation. Our Cloud Maturity Quick Scan offers a clear view of how well your organisation is using the cloud, not just technically, but also in governance, processes, and ways of working. This gives you a full picture of where value is being missed and where improvements can be made. The scan is a straightforward self-assessment, using ten questions to explore technology, organisation, and governance.

Get started with the Cloud Maturity Scan

How modern is your cloud environment?

Cloud engineering isn't just about moving systems; it's about transforming applications, data, and platforms to spark innovation, scale efficiently, and keep IT straightforward and cost-effective. Cloud-native designs and modern development methods lay a flexible groundwork that adapts to evolving business needs and speeds up market entry. By using standardised platforms, you cut dependencies and gain flexibility in managing workloads—putting you in control of your cloud strategy.

How do you stay in control of access in the cloud?

Identity and Access Management is the foundation of digital trust — and the weakest point in most sovereignty programmes. The right people and systems need access to the right data and applications, at the right time. We help organisations design IAM as an integral part of their cyber, cloud, and sovereignty strategy — ensuring governance covers not only human access but also the machine identities that are increasingly making decisions.

How do you manage the cloud?

With our Cloud Managed Services, we make sure your cloud environment works just as you need it to: dependable for your business, safe for your data, and prepared to grow. We seamlessly integrate security, compliance, and cost management into everyday operations, establishing clear roles, oversight, and control measures. This keeps your platform running smoothly while you stay in charge.

Explore how cloud foundations enable AI performance at scale

Our technology alliances

Collaborating to transform businesses

We work hand in hand to innovate organisations. We collaborate with leading technology providers such as AWS, Google, Microsoft, and others. By combining our specialised knowledge with the innovative technologies of our partners, we assist companies in addressing their most urgent business challenges.

Sharp takes on what’s next

Contact us

Ragnar van der Valk

Partner Technology, PwC Netherlands

Tel: +31 (0)65 157 18 35

Ivo van Bennekom

Partner Digital Identity, PwC Netherlands

Tel: +31 (0)63 911 54 02

Ad van der Graaff

Partner FS Data & Technology, PwC Netherlands

Tel: +31 (0)61 380 10 59

Paul van den Berg

Partner, PwC Netherlands

Tel: +31 (0)62 008 46 29

Pascal Mannot

Partner Technology & Data Analytics, PwC Netherlands

Tel: +31 (0)64 844 90 08

Gerwin Naber

Partner, PwC Netherlands

Tel: +31 (0)65 150 75 75

© 2015 - 2026 PwC. PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Cloud

Together, we build a sovereign cloud foundation: compliant, resilient, and future-proof

Cloud sovereignty

Read more

Read more

Read more

Read more

How do you maximise cloud value?