Glowing blue digital cloud shape made of connected dots and lines on a dark background.

Sovereignty Meets Innovation

The hybrid cloud imperative for healthcare in EMEA

Our pulse check among healthcare executives in the DACH region revealed that 65% prefer hybrid cloud strategies over hyperscaler-first or EU-first approaches to balance regulatory compliance and data protection with digital transformation & innovation.

"Are US hyperscalers evil?"

This question can be derived from current discussions in media and among health and life science organizations across EMEA. As regulatory pressures intensify, data protection requirements evolve, and AI-driven innovation accelerates, healthcare leaders face a critical challenge: How do you harness cloud technology and innovative ecosystems for AI & data analytics while ensuring sovereignty for sensitive data (e.g. PHI, PII, keys)?

Our insights and results from the SEMECO Cluster4Future research initiative - funded by the German Federal Ministry of Research, Technology and Space (BMFTR) - provide guidance: The path forward isn't choosing between hyperscaler or sovereign infrastructure. It's strategically and responsibly combining both.

This aligns with industry sentiment. In our recent pulse check, which we conducted among 20 senior executives across MedTech, Pharma/ LabTech, health insurance, and clinical institutions, 65% favored a hybrid cloud strategy that combines sovereign European infrastructures with hyperscaler ecosystems.

The hybrid approach reflects a pragmatic recognition that healthcare organizations must navigate multiple competing requirements:

Regulatory frameworks like GDPR and the European Health Data Space (EHDS) require stringent data protection
Patient trust depends on demonstrable control over Protected Health Information (PHI)
Competitive advantage requires rapid access to AI and analytics ecosystems
Operational resilience demands flexibility and vendor independence

Healthcare decision-makers want sovereignty and innovation — not one or the other.

Principles for hybrid cloud success

The following principles were derived based on our work in the SEMECO research initiative together with industry and technology leaders, academic institutions, and public sector partners. The findings validate the hybrid approach and define its core principles:

Keep sensitive data in sovereign infrastructure

Keep Protected Health Information (PHI), encryption keys, and patient-identifiable data on European sovereign cloud platforms. This ensures compliance with GDPR, EHDS, and national data protection laws while maintaining patient trust.
Leverage hyperscalers for innovation

Tap into hyperscaler ecosystems for AI model training, advanced analytics, and developer tools, ideally using anonymized or pseudonymized data sets to access world-class innovation without compromising data protection.
Design for portability

Build modular, cloud-native architectures using vendor-independent services and cloud-native technologies (Kubernetes, containerization, open standards) to reduce lock-in and preserve strategic flexibility to adapt as technology and regulations evolve.
Enforce zero trust and end-to-end encryption

Implement end-to-end encryption using Confidential Computing. Use identity-based access controls. Model breach scenarios and design defenses accordingly. Zero trust isn't optional—it's foundational. Never trust an access automatically.

Why this matters now

The healthcare industry is at an inflection point. AI-powered diagnostics, closed-loop automation, precision medicine, interoperable health data platforms - these aren't future concepts. They're happening right now. But they require massive data processing power, sophisticated algorithms, and seamless integration across systems. Healthcare organizations that fail to modernize their cloud infrastructure risk falling behind competitors who can deliver faster insights, better patient outcomes, and more efficient operations.

At the same time, regulatory requirements are intensifying. The European Health Data Space will reshape how patient data is used and shared. National data protection authorities are taking enforcement seriously. Reputational risk from data breaches has never been higher.

Hybrid cloud strategies help to solve this tension. They enable healthcare organizations to innovate at scale while maintaining control, compliance, and patient trust.

Deep dive on the topic

Dr. Andreas Bachmeier

Watch a summary of our findings presented by our colleague Dr. Andreas Bachmeier in this 14-minute webinar for a deeper dive into hybrid cloud architecture principles and actionable next steps. Watch the Webinar here.