By Dmitry Panenkov, Founder and CEO of emma, the cloud management platform
The October 2025 AWS outage sent shockwaves through the financial sector, causing widespread service disruptions for the likes of HM Revenue & Customs (HMRC) and Lloyds Banking Group. The incident exposed a critical vulnerability in the digital infrastructure of many financial institutions – an over-reliance on a single cloud provider.
As financial services continue to migrate core systems, such as core banking platforms, payments infrastructure and risk management engines to the cloud, the need for robust, diversified cloud strategies has never been greater. This pressure is amplified by the EU’s Digital Operational Resilience Act (DORA), which has introduced stringent requirements for operational continuity and ICT risk management.
The hidden costs of cloud downtime
Cloud outages are high-stakes events with far-reaching consequences. For financial institutions, even brief disruptions can result in millions lost in transactions, reputational damage and increased regulatory scrutiny.
The latest AWS outage led to disruptions for real-time financial functions such as trading platforms, payment processing and customer-facing services. An example of this is payment service providers Stripe and Worldpay, which experienced temporary slowdowns that caused payment failures on retail websites, impacting customer purchases and ecommerce operations.
Beyond the immediate losses, these interruptions not only erode customer trust but also expose firms to compliance risks, especially under DORA’s incident reporting mandates, which requires financial entities to report major ICT-related incidents within tight timeframes, maintain robust monitoring systems and conduct regular testing. It also places accountability on firms to manage risks from third-party providers like cloud platforms, demanding contractual clarity and operational oversight. These obligations mean that even short-lived outages can trigger regulatory investigations and potential penalties, intensifying the impact of technical failures.
In a sector so dependent on cloud infrastructure, downtime can quickly escalate into a systemic issue, threatening market stability and consumer confidence. These events are increasingly being classified alongside traditional systemic risks, placing cloud architecture at the core of financial stability planning.
Why multi-cloud can no longer be ignored
To address these vulnerabilities, financial institutions must rethink their cloud architecture. Multi-cloud strategies are emerging as a necessary evolution, where essential workloads are spread across multiple major providers such as AWS, Microsoft Azure and Google Cloud, and reduce reliance on a single vendor.
This shift is already underway. According to The London Stock Exchange Group, 82% of banks now operate in hybrid or multi-cloud environments, reflecting a growing recognition that flexibility and risk diversification are essential for operational continuity.
Multi-cloud environments offer several advantages, including dynamic workload shifting, allowing operations to continue seamlessly even if one provider experiences an outage. This approach also supports regulatory compliance by offering greater flexibility in data governance and residency.
By embracing multi-cloud, financial firms can build a more resilient digital foundation that supports innovation whilst safeguarding against disruption.
The rise of sovereign cloud solutions
Complementing the multi-cloud approach is the growing adoption of sovereign cloud solutions, particularly in Europe. These solutions ensure that data and operations remain within EU jurisdictions, safeguarding against foreign surveillance and legal conflicts such as the US Clarifying Lawful Overseas Use of Data (CLOUD) Act.
Providers, including OVHcloud, IONOS and Exoscale, offer infrastructure that complies with General Data Protection Regulation (GDPR) and other regional regulations. Sovereign clouds are particularly attractive to financial institutions that operate across borders and must navigate complex regulatory landscapes. By integrating sovereign clouds into their multi-cloud environments, firms can enhance both resilience and compliance, while maintaining control over sensitive data.
Building real-time resilience
However, infrastructure alone isn’t enough. True cloud preparedness requires real-time adaptability in their operations.
Financial institutions must invest in systems that can detect disruptions instantly and respond without delay. This includes automated failover mechanisms, cross-cloud orchestration tools and continuous testing. DORA reinforces this need by requiring firms to validate their recovery capabilities regularly, making resilience a dynamic and ongoing process.
Achieving this level of preparedness demands not only technological investment but also a shift in organisational mindset. Cloud resilience must be embedded into strategic planning, risk management and operational governance at every level of the institution. Executives, boards and regulators now expect it to underpin every business decision and customer promise.
A strategic imperative for the future of finance
Ultimately, the AWS outage was a reminder that cloud resilience is now imperative. It highlighted the fragility of single-provider cloud strategies and underscored the need for diversified infrastructure.
With regulatory frameworks like DORA now in force and outages on the rise, financial institutions must act decisively and ramp up their efforts to future-proof their operations and eliminate the risks associated with a single point of failure during regional outages. Multi-cloud and sovereign cloud solutions offer a clear path forward, enabling firms to balance innovation with reliability, compliance and long-term operational strength.
