Really ? Pointing the local gov department's officer to AWS's IRAP compliance cert was all that was needed to move quite a lot of their stuff unto AWS.
Yeah, and I'm curious about which sector or agency is the culprit here. Even APRA (the financial regulator) are cloud-friendly now, if you engage them at the start of an adoption process. My wild guess is health insurance, being a sector where IT is notoriously hidebound, but it could just be a case of overzealous/interfering/uncomprehending lawyers. A security policy that precluded cross-site service or data replication would likely be in contradiction with DR/BCP plans.
The classic irony for me was a service manager in just such an environment resisting a cloud move "because it's someone else's computer" - even though his (ancient) application was running on a rented partition of a remote, IBM owned & operated S/390...
No surprise therefore that the big clouds have country resources dedicated to moving the needle on cloud awareness in highly regulated environments.
I've supported multiple legal firms who have assured me they cannot legally host their data in the cloud.
Noone ever seems to be able to refer to a specific law, but then, it's an IT person talking to lawyers, so there are some battles you just don't fight.
I would not call APRA cloud friendly. Systems of record can not be in the cloud, and I don't know of any bank that is actually storing data in the cloud