Your cloud bill keeps climbing every month, and you can’t quite figure out why. Compute instances haven’t changed, stored data volumes are stable, and yet the total line keeps creeping up. The reason hides in the margins: data egress fees, inter-region transfers, NAT Gateway charges, public IPv4 addresses, retrieval from archival tiers. A few cents per gigabyte, invisible until they account for 15% of the bill. In 2026, understanding these costs is no longer optional: it is a prerequisite for running your infrastructure.
The initial promise and the reality of the invoice
The cloud argument has always rested on a simple equation: you only pay for what you consume, you no longer invest in capital, you move to a predictable operational model. That promise still holds for well-sized compute resources. It collapses the moment data starts moving.
The foundational principle of hyperscaler pricing is asymmetric by design: data ingress is free and egress is billed. AWS charges $0.09/GB for the first 10 TB of data leaving to the Internet, Azure $0.087/GB, Google Cloud $0.12/GB for the first terabyte (source: EgressCost.com, March 2026). These rates apply to every byte that leaves the provider’s network, whether toward your users, another cloud, or your on-premise datacenter.
The result is mathematically staggering for organizations processing significant volumes. A SaaS application serving 50 TB of data per month from AWS pays roughly $4,300/month in egress fees alone, more than $51,000 per year simply to deliver its own data to its own users (source: EgressCost.com). And that is before counting inter-region transfers, multi-AZ replication, API calls, and the other billing lines quietly accumulating in the background.
According to a CloudZero analysis published in 2025, data transfer fees account for 6 to 12% of typical cloud invoices, but most teams are unable to pinpoint exactly where their egress spend is coming from (source: CloudZero, 2025, via Deloitte). Gartner goes further, estimating that in some cases egress fees can reach 40% of the total cloud bill (source: Gartner, via Akave).
The line items inflating your bill without anyone noticing
The difficulty lies not so much in the listed rate as in the sheer number of triggers. Data charges do not concentrate in a single billing line: they spread across dozens of distinct sub-items, often labelled differently depending on which AWS, Azure, or GCP service is involved.
Internet egress fees are the best known but the least anticipated at scale. An API handling 10 TB of responses per month generates roughly $900/month in AWS egress alone. A poorly tuned CDN configuration, with a 30% cache miss rate on a high-traffic video site, can silently add several thousand dollars a month (source: CloudCostChefs, February 2026).
Inter-region transfers are billed at $0.02/GB on most providers. Negligible individually, they accumulate rapidly on high-availability architectures. A backup job replicating 2 TB per night to a secondary region costs $1,200/month in inter-region fees alone. Automated and governed by retention rules, this kind of flow often runs for months without anyone monitoring the corresponding line in the dashboard (source: Strategic Micro Systems, April 2026).
NAT Gateway is described as a « notorious hidden cost » across multiple FinOps analyses in 2026. A single AWS NAT Gateway costs $32.40/month in fixed fees, before processing a single byte, plus $0.045/GB of data processed. For a standard multi-AZ deployment with one NAT Gateway per availability zone, the monthly bill easily exceeds $4,800 for a mid-sized platform, a line that most dashboards quietly absorb into the generic « Networking » category (source: FirstPassLab, March 2026).
Public IPv4 addresses became their own cost line after AWS introduced a $0.005/hour charge per address in February 2024, whether attached to an active instance or simply reserved and unused. Azure and GCP followed with similar structures. For enterprise accounts with hundreds of load balancers, RDS instances, and Elastic IPs, the annual bill runs into tens of thousands of dollars, purely to hold IP addresses (source: CloudCostChefs, February 2026).
Monitoring and observability tools rarely appear in initial estimates. Datadog, New Relic, Splunk, and even native CloudWatch all pull data from your VPC to their ingestion endpoints, generating billable egress. A verbose log configuration across a fleet of 50 instances can transfer several hundred GB per day without anyone connecting the dots to the network bill (source: Strategic Micro Systems, April 2026).
The real cost of storage, beyond the advertised price
Hyperscaler marketing leads with raw storage prices. Amazon S3 Standard at $0.023/GB/month, Azure Blob Hot at $0.018/GB/month, Google Cloud Storage Standard at $0.020/GB/month: these figures are accurate, but they represent only a fraction of the total cost of ownership for data that is actually used.
For active workloads, the reality looks more like this: raw storage represents roughly 30% of the total bill, and egress fees, charged every time data is downloaded, served to a user, or moved between services, account for the remaining 70% (source: Akave, January 2026). Azure charges $0.018/GB for storage but $0.087/GB for egress: a fivefold gap.
A few figures that reframe the debate:
- 6 to 12%: share of data transfer fees in a typical cloud bill (CloudZero, 2025)
- 27%: share of cloud budget that companies say they waste, according to cloud executives (Deloitte, 2025)
- 50%: proportion of organizations that exceeded their cloud budget last year, with an average overrun of 15% (Deloitte / Flexera, 2025)
- 30 to 40%: potential cloud cost reduction through structured FinOps practices (Deloitte, 2025)
- 45%: organizations that have repatriated workloads to on-premise or alternative providers, citing unpredictable transfer costs as the main reason (IDC, 2025)
Retrieval fees from archival tiers add yet another layer of invisibility. AWS Glacier Deep Archive looks attractive at $1/TB/month compared to $23/TB for S3 Standard. But retrieval fees apply on every access. Add early deletion penalties (a minimum storage duration of 90 days is enforced across many archival tiers), and the theoretical savings evaporate the moment access patterns differ from those anticipated during initial sizing (source: DoiT, March 2026).
What the European Data Act changes (and what it does not yet change)
Regulatory pressure is beginning to bite into hyperscaler practices. The European Data Act, which entered into application on 12 September 2025, requires cloud service providers to remove barriers to switching providers, including egress fees on migration. AWS, Azure, and Google Cloud have all announced egress waiver programs for customers leaving their platform (source: Data Center Dynamics, March 2026).
But reading the applicable conditions tempers the enthusiasm. At Azure, the egress waiver only applies to standard Internet transfer, not via ExpressRoute, and only if the customer fully closes their account within 60 days of the request. At AWS, the program does not cover ongoing multi-cloud use. At Google, the waiver is contingent on a complete exit or reserved for a specific use case (source: The Register, September 2025).
Full elimination of egress fees is scheduled for 12 January 2027. In the meantime, between September 2025 and January 2027, providers can still charge egress fees « at cost », without margin, but the definition of that « actual cost » remains vague and difficult for customers to audit (source: European Commission).
What the Data Act does not yet resolve: inter-service transfer fees within the same provider, NAT Gateway costs, external monitoring fees, and all the micro-charges that inflate invoices without ever carrying the « egress » label. Regulators are tackling the exit; the hidden costs are shifting into the internal pipes.
Three questions every CIO should ask before signing a cloud commitment
1. What is the real TCO of my data, transfers included? The total cost of ownership of a cloud architecture is not limited to storage and compute. It incorporates every gigabyte in motion, between regions, toward users, toward analytics tools, toward backup systems. Without modeling data flows upfront, the budget is fiction.
2. Where is my data processed, not just stored? Choosing a hosting provider is not enough. If analytical processing goes through an external engine, if logs flow to a third-party observability platform, if ETL pipelines replicate data across regions, each hop generates billable egress, regardless of the sovereignty of the initial storage. The same reasoning applies to healthcare data: sovereign hosting does not protect if the processing chain is not.
3. Does my architecture minimize unnecessary data movement? Before optimizing egress pricing, identify transfers that should not have existed in the first place. Unconfigured VPC endpoints, verbose logs, forgotten automated replications, poorly tuned CDNs: in most FinOps audits, roughly a third of identified transfer costs come from workloads nobody knew were still running (source: Strategic Micro Systems, April 2026).
The cloud promise was not false. But it was incomplete. Paying per use requires precisely understanding what you consume, including what you cannot see. The organizations that control their cloud bill in 2026 are not those who negotiated the best storage rates: they are those who mapped every data flow and eliminated unnecessary transfers before they could be billed. An architecture that minimizes data movement is not just cheaper: it is less exposed, more sovereign, and more predictable.
Discover how iD4Connect addresses data processing without intermediate storage →