On the night of July 31, 2022, Indonesia’s communications ministry blocked access to PayPal, Steam, and several other online services for failing to meet a local registration requirement. For a few days, the story was framed as a consumer inconvenience. For founders running payments, customer support, logins, and developer tooling on foreign platforms, it read differently: a reminder that “critical infrastructure” is often a web of third-party dependencies that can be throttled by policy with little notice.
That episode has since become a reference point across Southeast Asia’s startup circles. Not because founders expect routine blocking, but because it captured a broader shift. In 2024 and 2025, hyperscalers and regulators alike have shown a willingness to change terms, pricing structures, and product roadmaps midstream. Founders who once treated AWS, Google Cloud, and Microsoft Azure as neutral utilities increasingly treat them as counterparties. Some are moving the most sensitive parts of their stack off hyperscalers entirely. Many more are building escape hatches.
Pricing shifts that turn “variable cost” into board-level risk
The trigger is rarely a single price hike. It is the accumulation of signals that cloud bills are opaque and difficult to renegotiate once an architecture hardens.
Startups in Southeast Asia often scale in bursts, driven by promotions, seasonality, and marketplace dynamics. That profile fits the cloud promise in theory. In practice, cost shocks tend to come from unglamorous line items: log ingestion, monitoring, inter-region data transfer, and the cost of moving data out when architectures change. Pricing tables are public, but the true unit economics only become visible after commitment.
The politics around those fees is also shifting. In 2024, AWS said it would waive certain data transfer out charges for customers leaving its platform, a move linked to regulatory pressure in Europe and the UK. Google and Microsoft made similar announcements. The gesture was framed as customer-friendly, but the implication was clearer: egress fees are a lever. If they can be reduced under pressure, they can also be reshaped later.
That matters in Southeast Asia, where many companies use Singapore as a regional hub and replicate into Indonesia, Thailand, Vietnam, or the Philippines. Once cross-border replication, analytics, and disaster recovery are in play, cloud spend stops being a back-office concern. It becomes a strategic constraint. Some founders respond by pulling steady-state workloads back to colocation or bare metal, while keeping hyperscalers for burst capacity and managed services where speed still outweighs cost.
Service shutdowns that expose hidden single points of failure
The second catalyst is product retirement.
Google’s decision to retire Cloud IoT Core in 2023 became a cautionary tale well beyond IoT. It was a reminder that even widely used managed services can disappear, forcing customers to replatform on someone else’s timeline.
AWS and Microsoft have their own versions. AWS publishes a steady stream of service changes and end-of-life notices. Microsoft has set firm retirement dates for platform components such as the Azure AD Graph API. Not every change hits Southeast Asian startups directly, but the region’s ecosystem has a long tail of companies that adopted whatever worked fastest at the time: a managed repository, an auth shortcut, an IoT bridge that outlived its pilot phase. Retirements surface that archaeology.
Even when migration paths exist, the cost is real: engineering time, regression risk, security review, and sometimes a forced redesign of how data moves. The most unsettling shutdowns are not always core infrastructure, but tools embedded in daily operations. Amazon’s decision to end support for its Chime communications service reinforced the sense that when a vendor’s priorities shift, customer dependencies become collateral.
Dependency risk looks different in Southeast Asia
A third driver is regulatory and geopolitical. Southeast Asia is not converging on a single cloud rulebook. It is fragmenting.
Indonesia stands out because it combines broad platform regulation with sector-specific controls. Companies operating electronic systems have faced registration requirements and credible enforcement, including blocking actions and compliance warnings. In financial services, regulators emphasise governance, outsourcing controls, and data localisation, constraints that hyperscalers themselves acknowledge.
For founders, this creates a distinct risk. A company can comply with a hyperscaler’s global terms and still find itself exposed locally, or dependent on a service caught in regulatory action. Even a temporary disruption can be severe if authentication, storage, or developer tooling becomes unreachable.
The result is renewed interest in “sovereign” architecture, even among companies without obvious political exposure. Keeping certain data sets, encryption keys, and identity systems on infrastructure that can be physically located and contractually controlled reduces the blast radius of policy swings.
What founders are actually moving off hyperscalers
This is not a mass cloud exit. Southeast Asian startups still rely on managed databases, global CDNs, and AI tooling, and hyperscalers continue to invest heavily in the region.
What is changing is the boundary.
Common patterns include repatriating predictable workloads, bringing control-plane services like identity and observability in-house, and designing systems for portability using standard databases and container platforms. Some teams build multi-region setups that pair local data centres for compliance-heavy markets with hyperscaler regions for regional scale.
The motivation is pragmatic. Hyperscalers deliver speed, but speed matters less as products mature and cost curves steepen. Policy changes and service retirements add a layer of uncertainty that founders increasingly see as platform risk, not just vendor risk.
In Southeast Asia’s competitive markets, where margins are thin and regulation can shift quickly, that uncertainty is enough to justify a different architecture. Not because hyperscalers are failing the region, but because founders are learning to treat dependency as a cost, and control as an asset.
Originally written by: Yvan Goudard
Source: e27
Published on: 24 February 2026
Link to original article: How policy shocks are rewriting cloud strategy in Southeast Asia
