Navigating the Sovereign Cloud Era – PAC’s Takeaways from the Google Cloud Summit in Munich

At this year’s Google Cloud Summit South in Munich, the event opened with a pointed question:

“Warum nicht?” – Why not?

In a joint keynote titled “A New Way to Cloud – Innovation, Security, and Sovereignty for Germany,” Michael Korbacher, Managing Director Google Cloud Germany, and Marc Voß, Head of Customer Engineering Germany, laid out a challenge:

If cloud platforms can meet Germany’s high standards for compliance, security, and operational control—then what continues to hold organizations back?

The keynote’s underlying theme was reinforced by Dr. Florian Herrmann, Bavarian State Minister for Federal Affairs and Head of the Bavarian State Chancellery. Referring to Munich as the heart of “Isar Valley,” Herrmann emphasized the region’s strengths as a tech and research hub—powered by universities like TUM, public-private partnerships, and a strong industrial base.

“No startup will launch here if it needs more lawyers than engineers.”

This framing set the tone for a day of discussions centered on what a sovereign, AI-enabled cloud future might look like, not just conceptually, but in real-world deployments.

A recurring topic throughout the day was how German organizations are building toward digital sovereignty while still making use of global cloud technologies.

Jochen Schmidt, VP Workspace Services at Schwarz IT, presented one such example. Schwarz IT, which operates its own STACKIT sovereign cloud platform, pursues a model that reduces external dependencies but still leverages global collaboration tools like Google Workspace, enhanced with Gemini AI capabilities.

“We build for sovereignty, but we collaborate for innovation,” Schmidt said.
“Cloud isn’t just infrastructure—it’s a mindset shift. Organizations need clear governance and role clarity, especially with AI in the mix.”

For Schmidt, sovereignty is not limited to data residency—it extends to strategic control, trust frameworks, and internal capability development.

Gemini, Vertex AI, and the Agentic Cloud

The keynote by Hayete Gallot, President of Customer Experience at Google Cloud, broadened the AI discussion. She introduced Google’s AI-native stack, which includes foundational models like Gemini, development platforms such as Vertex AI, and the recently introduced AgentSpace.

AgentSpace is designed to help organizations move beyond static AI chatbots toward autonomous agents that can reason, retrieve data, and take action. With enterprise connectors and built-in compliance tooling, it reflects Google Cloud’s focus on aligning advanced AI with enterprise governance expectations.

This approach is intended to meet the rising demand for intelligent systems that operate within regulated environments – a key concern for many German and EU-based organizations.

Use Cases from Retail to Telecom and the Public Sector

Throughout the event, use cases illustrated how these concepts are being applied across industries:

• Tchibo’s Customer Voice platform uses Google’s AI stack to synthesize unstructured customer feedback into decision-relevant insights. The company is preparing to adopt a multi-agent architecture that spans departments and connects structured and unstructured data.
• Deutsche Telekom’s RAN Guardian Agent, developed using Gemini and Vertex AI, now supports self-healing mobile networks, resolving up to 90% of issues autonomously. The system, built for real-time scalability, is expected to unlock significant operational efficiencies.
• In the public sector, BWI and PwC shared insights into sovereign IT delivery for defense and government use. BWI is building a sovereign platform hosted in its own data centers, with full operational control by German personnel, while leveraging Google Cloud’s underlying technologies. PwC emphasized the importance of public institutions having not only technical sovereignty, but also the governance capacity to steer partnerships effectively.

The Summit also featured an announcement about Google Cloud’s deepened partnership with STACKIT (Schwarz Group). The offering includes client-side encryption, EU-only data residency, and zero Google access—key requirements for use in regulated sectors such as healthcare, finance, and public administration.

By enabling compliant Workspace deployments via STACKIT, this model could unlock wider adoption of Google’s productivity and collaboration tools in industries where data sovereignty remains a limiting factor.

PAC’s View

Much like AWS and Microsoft, Google Cloud is expanding its portfolio of sovereign capabilities. However, its approach diverges from creating fully separate sovereign regions or entities. Instead, it emphasizes a modular, embedded model that incorporates:

• Client-side encryption and key access justifications
• Assured Workloads and sovereignty controls in Workspace
• Regionalization of AI infrastructure and tooling
• Federated operational models and partner-led delivery

This distributed strategy may resonate in markets like Germany, where sovereignty often requires strict isolation in some cases and flexible collaboration in others, and where compliance must align with innovation and AI-readiness.

Sovereignty was a consistent theme across all use cases presented in Munich. In each case, it was framed less as a constraint and more as a condition for sustainable innovation, particularly in highly regulated or sensitive sectors.

The rise in sovereign cloud requirements across Europe is not slowing. According to PAC’s tracking, over 100 vendors now market solutions aligned to regional sovereignty expectations. These include public cloud offerings, private SaaS platforms, hybrid architectures, and national consortium models. Similar dynamics are unfolding in Asia, including Japan and India.

Google Cloud’s layered, partner-driven approach reflects a broader trend: instead of carving out isolated offerings, global providers are embedding compliance and control directly into their platforms, allowing customers to tailor for sovereignty without foregoing core capabilities.

Given the significant investment involved, it’s also clear that providers see continued demand, especially in regions where cloud adoption depends on assurances around governance, location, and data access.

PAC will soon launch an EU-wide survey of IT and business decision-makers to gain deeper insights into their challenges, strategies, and investment plans related to digital sovereignty.