Cloud 2026: AI Capex, Sovereign Clouds, and the New Reality of Risk

The cloud in 2026: AI build‑out, sovereignty, and a new reality of risk

Cloud is having a “capex supercycle” moment as AI reshapes everything from provider roadmaps to power markets and regulation. The last year delivered three defining shifts: hyperscalers racing to custom silicon, governments forcing easier switching and stronger data controls, and a sobering reminder that digital infrastructure faces physical as well as cyber threats. (techtarget.com )

Hyperscalers double down on custom silicon (and Nvidia still sets the pace)

• Microsoft formally unveiled its Maia 200 AI accelerator in January 2026, positioning it for production inference across services like Microsoft 365 Copilot and OpenAI’s GPT‑5.2, with tight Azure control‑plane integration. Independent coverage framed Maia as a bid to reshape cloud AI economics. (blogs.microsoft.com )
• Nvidia’s roadmap remains the metronome: 2025 saw large Blackwell deployments; Rubin, the next architecture, is expected to arrive late 2026, extending hyperscale training and inference capacity again. Azure highlighted Blackwell clusters at supercomputer scale in late 2025. (tomshardware.com )
• Google’s Arm‑based Axion CPU program and continued TPU evolution reflect broader Arm momentum in data centers, while industry trackers point to Axion built on advanced nodes to lift cloud price‑performance. (trendforce.com )

The through‑line: AI demand is driving unprecedented capex across AWS, Azure, Google and others, with 2025 revenues and 2026 spending trajectories accelerating on the back of GPU and custom‑ASIC rollouts. (techtarget.com )

Market share: big three still expand as spending re‑accelerates

Cloud infrastructure revenues surged to roughly $119 billion in Q4 (IaaS, PaaS, hosted private), capping a $419 billion 2025 according to Synergy Research data, with AWS, Microsoft and Google capturing about two‑thirds of enterprise spend. Multiple trackers show the trio expanding while Azure and Google grow fastest in percentage terms. (techtarget.com )

Regulation and portability: the EU Data Act era begins

Europe’s Data Act switched on cloud portability obligations on September 12, 2025, with a hard ban on egress (data export) fees due by January 12, 2027. Cloud providers have pre‑empted parts of this: Google cut inter‑cloud transfer fees in the EU/UK and extended exit waivers; Microsoft and AWS also announced programs that reduce or eliminate egress in specific scenarios. For buyers, the net effect is more leverage to negotiate multicloud and exit terms. (digital-strategy.ec.europa.eu )

Sovereign cloud: from promise to product

• AWS opened its European Sovereign Cloud in January 2026, with the first region in Germany and separate EU‑only operations and controls. Roadmaps point to additional services coming online through 2026. (aws.amazon.com )
• Microsoft is broadening in‑country processing and “disconnected” sovereign options through 2025–2026, building on its EU Data Boundary commitments. (techradar.com )
• In France, S3NS (Thales + Google Cloud) secured ANSSI’s SecNumCloud 3.2 qualification and is bringing Vertex AI into its trusted cloud stack in 2026—evidence that “sovereign AI” services are moving beyond slideware. (lemagit.fr )

Takeaway: sovereignty is now a concrete product category, not just a policy talking point, and it’s expanding fast across Europe. (itpro.com )

Security—and physical resilience—took center stage

• Cloud identity and SaaS supply chain attacks persisted. The 2024 Snowflake customer data theft wave, investigated by Mandiant, was driven largely by stolen credentials and weak MFA, a lesson many enterprises spent 2025 operationalizing. (techcrunch.com )
• At internet scale, DDoS ceilings climbed again; Microsoft reported mitigating a record 15.7 Tbps attack on Azure late in 2025. Major internet dependencies also showed fragility, with Cloudflare suffering multiple high‑impact outages the same year. (tomshardware.com )
• Most consequentially, March 1–3, 2026 delivered the first widely confirmed wartime strikes against hyperscale cloud facilities: AWS said two data centers in the UAE were directly hit and a third in Bahrain was damaged, forcing regional service disruption and recovery operations. The incidents put availability zone design—and concentration risk—under a geopolitical spotlight. (apnews.com )

The power problem: cloud meets the grid

AI data centers are redrawing power planning. Microsoft inked a 20‑year agreement enabling the restart of the Three Mile Island Unit 1 reactor, supported by a $1 billion U.S. DOE loan in 2025; Google expanded geothermal procurement, including new deals in Taiwan alongside earlier U.S. projects with Fervo. Providers and partners are experimenting with “power‑first” campuses that co‑locate generation with data halls to scale faster. (apnews.com )

VMware upheaval ripples through cloud choices

Broadcom’s overhaul of VMware licensing and partner programs upended large swaths of the channel in 2025, with hyperscalers no longer bundling VMware licenses and European providers raising competition concerns. Google Cloud VMware Engine, for example, shifted to BYO VCF licenses starting November 1, 2025. Enterprises reassessing virtualization stacks are weighing lift‑and‑shift to native cloud, alternative hypervisors, or modern container platforms. (cloud.google.com )

The cloud economics reset: FinOps expands to AI, SaaS and on‑prem

FinOps has evolved from a cloud‑only discipline into a cross‑technology operating model. The 2026 FinOps Foundation updates highlight teams now accountable for AI, SaaS and data centers—often tasked to “self‑fund” AI by squeezing waste elsewhere. Persistent Kubernetes over‑provisioning and idle resources remain the biggest quick wins, with studies still finding double‑digit waste opportunities. The bottom line: unit economics and allocation discipline are prerequisites for AI era budgets. (data.finops.org )

Practical checklist for 2026 buyers:

• Treat portability as a design goal. Exploit new EU switching rights, exit/egress waivers and cross‑cloud data transfer programs to avoid lock‑in.
• Build a sovereign stance. Even if you’re not regulated, evaluate data‑location controls, operational separation, and local operator models as resilience levers.
• Model power as a constraint. Ask about a provider’s secured megawatts, on‑site/near‑site generation, and carbon‑free energy roadmaps for your regions.
• Make identity your perimeter. Enforce phishing‑resistant MFA, continuous credential hygiene, and restricted network paths to “crown jewel” stores.
• Budget for AI hardware scarcity. Assume spotty availability for top‑end GPUs; validate timelines on custom silicon (Maia, Axion, TPU) and plan for mixed fleets.

What to watch next

• Rubin‑generation GPUs and broader Blackwell rollouts push another step‑function in model scale and inference density by late 2026. (apnews.com )
• Sovereign AI stacks mature: AWS expands EU‑sovereign services; S3NS brings Vertex AI to SecNumCloud; more countries eye national operating models. (aws.amazon.com )
• Portable economics: as egress bans approach in 2027, expect more zero‑ or low‑cost inter‑cloud transfer options and contractual portability guarantees. (digital-strategy.ec.europa.eu )

The cloud’s center of gravity hasn’t changed—AWS, Microsoft and Google still set the cadence—but its operating assumptions have. In 2026 the winning posture blends AI‑ready infrastructure with portability by design, sovereign‑grade controls, and a hard‑nosed approach to energy and cost. The stakes are no longer just about uptime or unit price—they’re about resilience in a world where compute, markets and geopolitics now move together.