Intesa Sanpaolo Google Cloud Migration: What Keeping 800 Banking Applications on Italian Soil Actually Secures
Intesa Sanpaolo moved over 800 core banking applications to Google Cloud regions in Turin and Milan hosted by TIM. Here is what data residency secures.
The Bright Recap
Intesa Sanpaolo completed the migration of more than 800 core banking applications to Google Cloud on 2 July 2026. The applications run on two Google Cloud regions located in Turin and Milan, both hosted inside TIM's data centres, an arrangement that fully satisfies the bank's data residency requirements under Italian and European rules.
TIM manages the governance of the new infrastructure end to end, with financial operations monitoring tracking cost and usage. The migration retired an equivalent number of legacy applications from the bank's premises and recorded no major incidents.
To know more about this topic, read our related articles:
- Why sovereignty comes in layers
- The concentration lesson of May's outage
- Financial technology explained
Bright Answers
Does the Intesa Sanpaolo Google Cloud migration keep the bank's data inside Italy?
Yes. The bank's applications run on two Google Cloud regions physically located in Turin and Milan, hosted inside TIM's data centres, and Google Cloud states the arrangement fully satisfies Intesa Sanpaolo's data residency requirements.
What is the difference between data residency and technological sovereignty?
Data residency defines where data is physically stored and is a legal requirement regulators can verify. Technological sovereignty covers additional layers, including who owns the hosting infrastructure and who controls the software platform, and a residency rule measures neither of those layers.
Intesa Sanpaolo confirmed on 2 July 2026 that its Google Cloud migration is complete, with more than 800 core banking applications now running on two Google Cloud regions in Turin and Milan, both hosted inside TIM's data centres.
The Intesa Sanpaolo Google Cloud migration gives Italy's largest bank something its regulators can verify with precision: customer data that lives on infrastructure physically located inside national borders. That verification deserves close attention, because it shows exactly which layer of technological sovereignty a data residency rule can secure and which layers sit beyond its reach. The answer determines how much protection Italy actually acquired, and it applies to every European bank writing a cloud contract.
Data residency is the sovereignty layer a regulator can verify
Sovereignty in technology arrives in layers, and each layer has a different owner. This outlet traced that structure through Italy's own layered sovereignty debate in June, when the UK's sovereign artificial intelligence (AI) programme showed a country can hold the geographic layer, the talent layer, and the funding layer while depending on a single American chip designer for the hardware underneath all three.
The Intesa Sanpaolo Google Cloud migration secures the geographic layer completely, since every one of the 800 migrated applications now runs on Italian soil and satisfies the bank's residency obligations in full. The platform layer belongs to Google, the physical hosting layer belongs to TIM, and the residency rule that regulators enforce measures neither of those two.
The migration ran with the caution a €1.4 trillion bank requires
The engineering deserves the credit it claims. Intesa Sanpaolo carries €430 billion in loans and €1.4 trillion in customer financial assets, and the joint announcement states that the project retired an equivalent number of legacy applications from the bank's own premises while recording no major incidents across the entire migration.
TIM manages the governance of the new infrastructure end to end, with financial operations monitoring (FinOps) tracking cost and usage throughout, and the choice of two separate regional data centres rather than one gives the bank a redundancy its previous on-premises estate never offered. Massimo Proverbio, the bank's chief data, AI and technology officer, described the completed migration as the close of a technology plan that ran from 2022 to 2025 and the foundation of Isytech, the AI-ready platform the bank builds next.
TIM hosts the cloud regions and runs the network that failed in May
TIM's position in this project rewards a closer look, and the reason is a few weeks old. TIM's national network suffered a failure on 29 May 2026 that reached roughly a third of the country through the company's landline coverage and its role as transit infrastructure for competing providers, and this outlet examined that concentration risk the day it happened. The outage was national in scale, and Turin and Milan matter to this story only as the two cities where TIM's data centres now host Intesa Sanpaolo's Google Cloud regions.
Data centres and consumer networks are different systems, and a hosting facility can stay fully operational while the network around it degrades, which means the May failure says nothing direct about the reliability of the bank's new infrastructure. The failure says something precise about market structure instead: the company managing the governance of Italy's largest bank's cloud estate is the same company whose concentration turned one technical fault into a national event.
Fintech keeps writing cloud contracts around geography
The pattern extends well beyond one bank. Cloud agreements across financial technology keep being negotiated around where servers physically sit, because residency is the requirement regulators can inspect, audit, and enforce, while ownership concentration underneath the residency line has no equivalent rulebook anywhere in Europe.
Intesa Sanpaolo made a defensible choice on the terms available to it, since core banking needs one accountable operator and TIM's facilities paired with Google's platform deliver exactly that accountability. The gap sits in the terms themselves, because a compliance framework that measures geography will keep certifying arrangements it lacks the vocabulary to question. Italy has now supplied two demonstrations of that gap in a few weeks, one through a national network failure and one through the bank that just rebuilt its core systems with the same corporate group.
Italy can now verify that its largest bank's data never leaves the country, and the measurement still missing is how few companies that data depends on once it stays.
Editor's note
Every piece published on The Bright Minded goes through careful verification, but mistakes can happen. If you spot an error, have additional information, or want to flag anything, write to rosalia@thebrightminded.com.