Cloud, Compliance and UX: Navigating Change in European Banking

The past decade has seen wholesale adoption of cloud infrastructure across the finance industry. This trend has been underpinned by US technology providers, from Microsoft Azure to Oracle and Google Cloud, decreasing their prices as economies of scale in US-based data centres accelerate. And while going cloud native brings benefits to product development, operational efficiency, and customer satisfaction, European governments and banks are also alert to the risks.

As geopolitical volatility rises, pushing BlackRock’s Geopolitical Risk Indicator to 0.82 earlier this year, pressure is mounting on European banks and fintechs to review their cloud infrastructure and development processes, with a strong focus on operational resilience. In practice, this means building out strong development operations (DevOps) infrastructure and capabilities, enabling them to quickly respond to policy shifts without compromising on operational efficiency and customer experience.

Rethinking cloud infrastructure

As cloud adoption accelerates across financial services, we’re witnessing clear policy trends emerge in parallel. The EU’s Digital Operational Resilience Act extends existing operational resilience requirements to specifically cover technical resilience in response to cloud-based financial services. A key aspect of the regulation is redundancy, requiring institutions to be able to quickly switch between cloud infrastructure providers.

Driven by regulations and broader concerns about supply chain resilience, European banks are rapidly reconsidering where their data physically resides and is accessed. The EU Data Act, which came into force in January 2024, strengthens European citizens’ control over their data, making it clear that service providers must process and store data locally unless explicit consent is granted otherwise. Similar directives are under consideration in the UK, with many banks already recognising the risks driving the legislation and responding accordingly. To comply with existing and expected regulations, banks are scrutinising their  fintech partners’ ability to satisfy data sovereignty policies within their procurement processes.

So, banks are now demanding cloud solutions that guarantee local data residency, regulatory alignment and operational sovereignty. For fintechs, this represents both a challenge and an opportunity to differentiate. Banks that fail to adapt risk censure from regulators and operational disasters during geopolitical events. Fintechs that pass on this opportunity to reorient their infrastructure will not just risk losing banking clients, but will also fall behind in a crucial market transformation. Those unable to offer geographically distributed infrastructure will find themselves at a competitive disadvantage when serving financial clients.

Cloud providers are rising to the challenge of helping their customers meet their data sovereignty requirements. For example, Amazon Web Services (AWS) last year announced plans to launch a dedicated AWS European Sovereign Cloud, physically and architecturally separate from its existing global infrastructure. Similarly, with Microsoft recently completing its EU Data Boundary in February 2025. Fintechs building on AWS or Azure must now plan for how they’ll transition their banking clients to these sovereign environments, requiring significant architectural adjustments and a growing burden on DevOps teams.

Adding to the burden on development teams

Meeting the operational resilience and data sovereignty requirements is not easy. It requires development teams to understand and map out the complex data flows across their platform and its integrations, and once completed, reroute data flows or replace tools that do not satisfy the requirements. This additional burden on development teams compounds with a growing need for banks and fintechs to invest in their mobile platforms; 65% of consumers said they would stop using financial apps if the mobile experience degrades.

A strong DevOps platform is the key to meeting the new standards for digital resilience and data sovereignty while enhancing development team efficiency. At the heart of this is a robust continuous integration and continuous delivery (CI/CD) foundation, which puts in place a controlled pipeline and embeds rigorous and automated testing to meet data residency regulations and other critical security requirements. Strong CI/CD infrastructure also improves developer efficiency by automating release management and enabling adoption of AI-code generation tools in a secure environment. By prioritising these capabilities in their development strategy, financial institutions can rapidly ship continuous improvements to their customer apps, safe in the knowledge that their security, resilience, and data sovereignty standards are being met at all times.