MICKAI
Article · 4 July 2026

93 Percent Of Enterprises Are Pulling AI Back From Public Cloud. We Saw This Coming

The 2026 numbers confirm what we built Mickai for: repatriation is a strategy now, and sovereignty is the reason.

93 Percent Of Enterprises Are Pulling AI Back From Public Cloud. We Saw This Coming
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
data sovereigntyAI repatriationon-premise AIenterprise infrastructureSIOS

By Micky Irons

For two years the story was cloud-first, cloud-only, cloud-forever. Put your models where the GPUs are, pipe your data to them, and let someone else run the metal. I never bought it for the workloads that actually matter, and I built Mickai on the opposite bet. This year the market caught up to the bet.

Cloudian's 2026 Enterprise AI Infrastructure Survey, conducted in February 2026 across 203 enterprise IT decision-makers, found that 93 percent of enterprises have already repatriated AI workloads from public cloud, are in the process of doing so, or are actively evaluating a move. Seventy-nine percent have already moved something. That is not a fringe. That is the mainstream deciding, out loud, that the default was wrong for their most sensitive AI.

I want to make the honest case for what that number means, because the loud version of this story is wrong.

What the data actually says

Three findings matter, and they point the same direction.

First, the headline: 93 percent repatriating, in motion, or evaluating. Second, the driver: when deploying AI that touches sensitive company data, 91 percent said they would choose on-premises, private cloud, or hybrid over public cloud, with data sovereignty the top reason. Third, the money is not shrinking. Eighty-six percent expect their AI budgets to rise in 2026, with 40 percent projecting increases of 25 percent or more.

Read those together and the shape is clear. This is not enterprises spending less on AI and retreating. It is enterprises spending more on AI and deciding they want it under their own roof. It also lines up with the wider on-premise shift we track in our writing on owned, on-premise AI: sovereignty and residency have moved from a niche worry to the first question buyers ask.

Classical marble scene, Artemis, gold rim light on void black

The honest version: this is preference, not a legal bar

Here is where I part ways with the hype, and where I ask you to trust me more because I am telling you what is not true.

You will read pieces claiming regulators have banned the cloud, that GDPR or the EU AI Act or DORA forces everyone on-premises. That is false, and repeating it makes you easy to dismiss in a room full of people who actually read the regulations.

DORA, the Digital Operational Resilience Act, has applied to EU financial entities since 17 January 2025. It does not ban cloud. It regulates it. It makes you own your third-party risk, keep exit plans, and accept supervisory oversight of critical ICT providers. The EU AI Act imposes obligations on high-risk systems, human oversight, accuracy, robustness, cybersecurity, and does not tell you where to host them. GDPR, the FCA and PRA in the UK, the EBA guidelines, all of them permit cloud with the right controls. Almost every regime does.

The genuine no-cloud bar exists, but it is narrow. It lives at the workload level, not the enterprise level: classified material at SECRET and above, ITAR-controlled defence data, isolated OT and SCADA networks running critical infrastructure, and specific processing where a data protection impact assessment came back negative. For everything else, the cloud is legal.

So why are 91 percent choosing to move sensitive AI off it anyway? Because compliance-permitted is not the same as comfortable. Preference, cost, and control are converging, and preference is winning. When your model reads your customer records, your source code, your deal pipeline, and your legal advice, "we are technically allowed to send this to a shared tenant" stops being a reassuring sentence. Cost unpredictability makes the finance team nervous. Latency makes the real-time use cases fragile. And the quiet worry underneath all of it: once your proprietary data trains or grounds a model you do not control, you cannot fully get it back. Preference at 91 percent is not a mood. It is strategy.

What the other side of the move looks like

Repatriation is easy to announce and hard to do well. Pulling a workload out of a hyperscaler and standing it back up on your own hardware, without rebuilding the governance the cloud gave you for free, is how you trade one problem for a worse one. The point is not to be on-premises. The point is to be sovereign, and those are different achievements.

Mickai is a Sovereign Intelligence Operating System. Regulated organisations own it and run it inside their own walls, air-gapped when the workload demands it, with a cryptographically-signed audit record on every action the system takes. It is built and it is live. That last part is what makes repatriation worth the effort instead of just a relocation.

An owned, signed-audit runtime changes what you can prove. When a model answers, you have a tamper-evident record of what it read, which subsystem acted, and under whose authority, sealed so it cannot be quietly rewritten later. When an auditor or a supervisor asks how a decision was made, you hand them the ledger instead of a shrug. When your data scientists want to fine-tune on your sealed corpus, the weights and the corpus never leave the building. Our sovereign audit and signed-action approach is where that provability comes from, and it is exactly what a relocated cloud workload lacks on day one.

The 104 UK patent applications we have filed, spanning around 2,340 claims across 13 families, are concentrated exactly here: sovereign runtime, sealed audit, hardware-bound licensing, the machinery that makes owned AI provable rather than merely private. Those applications are filed and moving toward examination, not granted, and I would rather tell you that plainly than dress it up.

That is the answer to the FinOps and platform question hiding inside the survey. The 40 percent forecasting budget jumps above 25 percent are not funding a science project. They are funding infrastructure they intend to control for a decade. If you are going to spend that money moving AI home, spend it on something that gives you the evidence trail the cloud never did, not just the same workload on colder metal.

Classical marble scene, Artemis, gold rim light on void black

The takeaway

Ninety-three percent is not a signal to panic-migrate. It is permission to plan properly. The regulators are not chasing you off the cloud. Your own judgement is, and 91 percent of your peers reached the same judgement about anything sensitive. That is a healthier reason to move, because it means you are optimising for control instead of reacting to a fine.

We built Mickai for the world the survey just described: AI that lives where your data lives, answers with a signed record, and belongs to you. The market spent two years arguing about it. This year it agreed.

Frequently asked questions

Does the 93 percent figure mean the cloud is banned for AI?

No. The Cloudian 2026 survey measures choice, not prohibition. Ninety-three percent of enterprises have repatriated AI workloads, are doing so, or are evaluating it, and the top driver was data sovereignty at 91 percent. The regulations these firms operate under, including DORA, the EU AI Act and GDPR, permit cloud with controls. This is preference and strategy, not a legal requirement to leave.

When is a no-cloud position actually mandatory?

At the workload level, in narrow cases: classified material at SECRET and above, ITAR-controlled defence data, isolated OT and SCADA networks, and specific processing where a data protection impact assessment came back negative. For the vast majority of enterprise AI, the cloud remains legal, and the move off it is a business decision.

What makes repatriation more than just relocating a workload?

Governance. Moving AI on-premises without rebuilding the audit, access control and residency guarantees the cloud provided leaves you worse off. Mickai gives you an owned runtime with a cryptographically-signed audit record on every action, so you gain provability, not just proximity.

Is Mickai actually deployable today?

Yes. Mickai is a Sovereign Intelligence Operating System that is built and live. Regulated organisations run it inside their own walls, air-gapped when required, owning the weights, the data and the audit trail. It is backed by 104 filed UK patent applications covering around 2,340 claims, moving toward examination.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/ninety-three-percent-repatriating-ai. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Spain Just Made AI Provenance a Legal Duty. Owning the Stack Settles It
Spain has moved to one of the strictest national AI regimes in the EU, making the labelling of AI-generated and AI-altered content a legal duty backed by its supervisory agency AESIA and fines up to 35 million euros. When AI runs inside your own walls with a cryptographically-signed audit record on every action, provenance and disclosure stop being a promise and become something you can prove.
4 Jul 2026
The GPAI Enforcement Switch Flips On 2 August 2026: What Regulated Buyers Should Actually Do
On 2 August 2026 the European Commission can start fining general-purpose AI providers up to 15 million euros or 3 percent of global turnover. Most coverage treats this as a model-maker story. For the regulated buyer it is a supply-chain story. I explain why, and what changes when the model runs inside your own walls with a signed audit record on every action.
4 Jul 2026
The Omnibus Bought You Time On High-Risk AI. It Did Not Buy You Control
On 16 June 2026 the European Parliament adopted the Digital Omnibus and on 29 June the Council signed it off, pushing most high-risk AI obligations to 2 December 2027. The deadline moved. The accountability did not. We make the honest case for building governed, on-premise infrastructure while the pressure is off.
4 Jul 2026
CADA Draws A Line Through The Public-Sector Cloud. Here Is Where Owned Infrastructure Sits
On 3 June 2026 the European Commission proposed the Cloud and AI Development Act, a four-tier sovereignty framework for public-sector procurement. It is not a blanket cloud ban. It is a graduated preference that runs from EU data residency at the baseline to effective immunity from foreign law at the top. I explain where each tier sits, and where owned infrastructure belongs.