Introduction
RIPE NCC — the organization responsible for allocating IP addresses and autonomous system numbers across Europe, the Middle East, and Central Asia — has just made a decision that reaches well beyond the network architecture community: it is abandoning its cloud-first strategy and rebuilding its own infrastructure by 2028.
The stated rationale is straightforward. Escalating geopolitical tensions — particularly the uncertainty surrounding the US administration's posture toward its allies — have led RIPE NCC to reassess the risk of critical dependency on cloud providers whose legal obligations fall under US law.
A €5M Infrastructure Plan
The project commits an additional €5 million over three years, from 2026 to 2028. This is not a conventional migration: RIPE NCC describes it as a greenfield deployment — a clean-slate rebuild rather than patching an infrastructure carrying twenty years of technical debt.
The priorities are clear: replacing end-of-life hardware, building geographic redundancy into storage, reducing interdependencies between data centres, and adopting virtualisation platforms designed to minimise vendor lock-in. In practice, this means dramatically shrinking its footprint on AWS, Google Cloud, and Cloudflare — which RIPE NCC currently uses for peripheral services with European data residency — in favour of fully self-operated systems for critical functions.
Geopolitics Enters the Infrastructure Equation
What makes this decision significant is less the technology than the motivation. For years, cloud-first was treated as an almost universal modernisation reflex: elasticity, reduced capex, faster time to deploy. RIPE NCC itself followed that trajectory after 2020.
What has shifted is the framework in which dependency on US hyperscalers now operates. The US Cloud Act — which authorises US authorities to access data held by American companies, even outside US territory — has long been a known but largely downplayed risk. The NIS2 Directive, now in force across the European Union, raises the bar for resilience and continuity for operators of essential services. For an organisation whose availability underpins part of the functioning of the European internet, the geopolitical argument has ultimately outweighed the convenience of public cloud.
A Concrete Signal for European IT Leaders
RIPE NCC is not an SME choosing between two hosting providers for its line-of-business applications. It is critical infrastructure. But its decision reflects a broader shift already in motion.
In April 2026, the European Commission awarded a €180 million framework contract to consortia of European cloud providers for its own systems, ending the near-exclusive dominance of Amazon, Microsoft, and Google over its contracts. Those three players still account for roughly 70% of the cloud market in Europe — but the push toward diversification is accelerating, driven not merely by cost considerations but by sovereignty and operational continuity in the event of a crisis.
For IT leadership in B2B organisations, the message is practical: any cloud strategy must now include a clear map of extra-territorial dependencies and a realistic exit plan for critical services. The question is no longer "why consider on-premises?" but "which workloads cannot remain with a hyperscaler beyond European legal reach?"
The rigour with which RIPE NCC has publicly framed this question — complete with a budget, a timeline, and a target architecture — should prompt a similar rethink in IT departments that have adopted cloud-first as dogma, with no fallback in sight.