Editor’s note: this is a living post published mid-polish. Corrections and additions are landing over the coming days; the attached study is already onto its third round of humbling me.
On June 29th the US Supreme Court decided, in Trump v. Slaughter, that the FTC answers to the president after all. Interesting constitutional law, not my department. What is my department: the EU-US Data Privacy Framework leans on the FTC being independent, the European Commission mentions that independence 259 times in the adequacy decision, and Max Schrems has already loaded the third torpedo. Safe Harbor sank in 2015. Privacy Shield sank in 2020. If you are keeping score at home, transatlantic data agreements now ship with roughly the support lifecycle of an Ubuntu LTS release. Unlike Ubuntu, there is no extended security maintenance you can pay for.
The adequacy decision is formally still in force, and the lawsuit will take years. So this is not a fire alarm. It is, however, an excellent moment to ask the question every European architect has been postponing since 2015: if we actually had to run on European infrastructure, could we?
I spent some quality time with one research plan, one Terraform Registry audit script, and a small army of research agents to find out. The result is a spreadsheet mapping 46 providers against 31 features and 18 DevOps ecosystem signals, every cell backed by a source log. Not listicles. Filings, provider docs, and machine-readable schemas. The study is attached at the end; here are the parts that survived contact with evidence. A good starting point for anyone doing their own digging, and one of mine, is European Alternatives, which catalogues EU-native providers and, usefully, separates real managed-service clouds from plain VPS hosts.
Finding one: nobody can even measure this market
The plan was simple: map every EU provider with €100M+ in cloud revenue. The plan survived. My assumptions did not. Europe turns out to be littered with big providers offering too little and small providers offering nearly everything, and being small and efficient is not a crime. The €100M filter measures invoicing, not capability, and the first thing it caught was the revenue math itself.
IONOS reports roughly €1.3B in revenue. Sounds like a European cloud champion. Then you open the FY2025 filing and find the actual “Cloud Solutions” segment: €187.0M. The headline number overstates the cloud business by roughly a factor of eight; the rest is hosting and domains. Schwarz Digits reports €1.9B, which includes cybersecurity and, delightfully, Lidl’s e-commerce. Scaleway’s revenue hides inside iliad’s group accounts and has not been broken out since 2022. Hetzner publishes nothing at all, in the grand German family-business tradition, while quietly operating one of Europe’s largest networks: its own product pages state 47.15 Tbit of total bandwidth (up from 5.27 Tbit/s in 2019), over 500,000 server units, and an investment in the C-Lion1 Baltic submarine cable back in 2015. A company that discloses no revenue but co-owns a 120 Tbit/s undersea cable. You will learn more about Hetzner from a traceroute than from any registry.
Meanwhile, Databricks alone runs at roughly $6.9B annualized. One American data platform vendor out-earns every native European cloud combined. Whatever we think the EU cloud market is, we are estimating it, not measuring it.
Finding two: there are two markets, and Europe is losing the important one
The self-service market is where you and I live: credit card, API token, Terraform apply. Here Europe is genuinely fine. Hetzner beats DigitalOcean on price and performance, Scaleway has the most complete EU service catalog, and UpCloud’s MaxIOPS storage delivers some of the fastest VM disks in the business, at a price and an egress fee structure that will not ambush you at month’s end. No complaints at the VM tier. (If you want the running catalogue of who lives here, European Alternatives keeps a decent directory, and usefully draws the same line this article does: it separates managed-service “cloud platforms” from plain VPS hosters.)
The tender market is where governments buy, and it is a different planet. Norway’s DFØ awarded framework agreements worth roughly €850M directly to AWS, Google, Oracle and IBM in autumn 2025. Denmark routes billions through the reseller Atea. Finland disperses cloud spend through Hansel’s 43-supplier dynamic purchasing system, plus Microsoft license frameworks via Crayon with a publicly announced combined value of up to €1.16B (the current Microsoft distribution framework runs 2024 to 2027 with an option year). Sweden, having read the CLOUD Act analysis in 2019, responded by having no national cloud framework at all, which is one way to stay compliant. The only genuine counterexample is Germany, whose €250M Germany-Stack AI cloud went entirely to European consortia. One country, and the award is a third the size of Norway’s hyperscaler framework.
So the sovereignty debate happens in the market that buys American, while the market that buys European gets ignored by the debate. The real Nordic cloud incumbents, by procurement volume, are resellers. Nobody puts Crayon on a cloud comparison chart. Perhaps somebody should.
Worse: the European telcos everyone assumed would carry the sovereign flag are walking off the field. Tietoevry sold its entire Tech Services unit to UK private equity firm Agilitas for €300 million; it now trades as Vivicta. Telia agreed in June to sell its Finnish cloud and capacity services business to Canada’s CGI, nearly 250 specialists included, and the competition authority waved it through within the month. In fairness, the Helsinki datacenter itself stays with Telia, which will rent infrastructure to CGI under the partnership. The sovereignty stays in the walls; the business leaves through the door. Telenor’s sovereign cloud launches commercially in the first half of 2027, announced four weeks before Telia signed its exit. In the space of one Nordic spring, one national telco declared cloud a sovereign duty and the other declared it somebody else’s problem. Norwegians and Finns famously agree on everything. Telenor’s launch arrives in roughly the same window as Microsoft’s Finland Central region, which was announced back in March 2022 and whose first construction phase, per Microsoft’s own April 2026 update and Finnish press coverage, completes around the turn of 2026 and 2027 with commissioning to follow. The Nordic sovereign alternative and the hyperscaler’s local region may well cut their ribbons in the same news cycle, and only one of them arrives with a full service catalog. The segment I expected to be invisible turned out to be actively shrinking into foreign ownership.
Finding three: the schema does not lie
Marketing pages negotiate. Terraform provider schemas do not. My audit script
pulls every resource type a provider exposes through its Terraform provider and
buckets them into capability categories. If your schema has instance,
network and volume and nothing else, you sell VM rental. If it has
rdb_instance, mnq_queue, function and iam_policy, you sell a cloud.
Highlights from the machine, verified by humans afterwards:
Scaleway confirmed 25 of 31 features, the strongest EU-native result, including SQS-compatible queues with FIFO and dead-letter support. It also got selected for the European Commission’s €180M sovereign cloud framework this year, so someone in Brussels reads schemas too.
OVHcloud, Europe’s revenue leader at a verified €1.084B, confirmed 21. It has the broadest managed database list in Europe and still no general-purpose serverless platform. To be fair, serverless does exist at OVH if you enter through the AI aisle: AI Endpoints is a serverless inference API by its own description, and AI Deploy will happily run any Docker container with autoscaling and per-minute billing, provided you are comfortable calling your web app a model. Meanwhile the general-purpose serverless container product has been an open ticket on OVH’s public roadmap since 2021. The revenue champion and the capability champion are different companies, which no ranking ever tells you.
Open Telekom Cloud topped everything at 27 of 31. It also still runs on the Huawei-built OpenStack fork from 2016, with roughly 30% of servers carrying Huawei components and no public removal timeline. Europe’s most complete sovereign cloud achieves completeness with Chinese technology, and T-Systems’ CEO calls the concern a “pseudo-discussion.” I admire the confidence.
Hetzner confirmed 11, which sounds like an insult until you look at the ecosystem side, where it turns into the plot twist.
And the funniest one: the open-source world already ran this experiment. OpenStack’s healthy projects are compute, networking, storage and identity. Its DBaaS, messaging, and functions projects all stagnated or got retired. The community, with no CLOUD Act and no excuses, hit exactly the same wall as Europe’s providers: the bottom of the stack is buildable in the open, the managed service layer apparently is not.
Finding four: it’s not a real cloud until DevOps has tools for it
Here is my actual thesis, and you can have it for free: a cloud is not real for practitioners until the standard toolchain supports it without writing glue in-house. The provider’s catalog is half the story. The other half is whether somebody else already maintains the integrations.
The audit results are gloriously mixed. Upstream cluster-autoscaler ships cloud providers for Hetzner, Scaleway, OVH, Exoscale and IONOS. external-dns covers nine EU providers. Ansible Galaxy carries eight official EU vendor collections. Crossplane has five, which is more than DigitalOcean can say. The Kubernetes ecosystem, bless it, has quietly adopted Europe.
Then you leave the k8s bubble. cert-manager’s core DNS01 solvers: Route53, CloudDNS, AzureDNS, Cloudflare, DigitalOcean, Akamai. European providers in the core list: zero. Community webhooks or nothing. Velero first-party backup plugins: AWS, Azure, GCP. Infracost, the cost-estimation tool: AWS, Azure, GCP, full stop. I predicted zero EU coverage before checking, and I have rarely been so annoyed to be right. Even the tooling that tells you what your infrastructure costs assumes your infrastructure is American.
This is what hyperscaler lock-in actually is. Not the services. Ten thousand integrations that other people maintain for free. Every missing integration is a line item in somebody’s platform team budget, forever. Which is why Hetzner, with its 11 features, is a real DevOps cloud (official CCM, CSI, upstream autoscaler, an ecosystem that borders on a fandom), while a telco cloud with a fat service catalog and no Terraform provider is a very expensive appliance.
The gaps that actually hurt
If you are planning a genuine EU architecture today, three holes will find you.
CDN plus web application firewall. The Cloudflare and Sucuri category. One company turned out to break my “empty set” prediction at functional grade: Gcore, Luxembourg, with a genuine CDN, WAF, bot management, DDoS protection and Wasm edge compute bundle. Before you celebrate, the caveats: revenue is a CEO statement, the only external funding round was led by Wargaming, and the company’s founding history requires what diplomats call a careful footnote. The alternative is a patchwork: Bunny.net for CDN, Myra Security for German-grade WAF and DDoS, and nobody at all for edge compute. At enterprise scale and depth the set is still empty. If you run Cloudflare Enterprise today, there is no European drop-in, and pretending otherwise helps nobody.
PaaS and the managed middle. Serverless, event buses, the forty small conveniences. Scaleway is the only EU-native with a credible functions and queues story. Nobody has anything EventBridge-shaped. The flagship of European cloud has no Lambda equivalent in 2026, and that sentence should embarrass more people than it does.
Managed databases beyond the big providers. Here the answer is a Finnish company and a bit of honest patchwork. Aiven (Helsinki, €83.2M FY2025 per the filing, so close to my €100M cutoff that I waved it through on neutrality grounds) now runs GA regions on OVHcloud, UpCloud and Exoscale. That means a fully EU-jurisdiction managed Postgres, Kafka and ClickHouse stack is genuinely assemblable today, no hyperscaler in the chain. It will not feel like RDS. It will feel like three vendors and a Terraform module. It works.
And one correction I owe the record, because the agents caught me overstating: regulators have not declared ML model weights to be personal data per se. The EDPB’s Opinion 28/2024 line, now consolidating into 2026 anonymisation guidelines, is that models trained on personal data cannot automatically be considered anonymous, and the deployer carries the burden of a case-by-case proof. Less dramatic than the LinkedIn version. Still means your data platform’s jurisdiction follows your models around like a paternity test.
The timing could be better
One more curve to ruin your quarter: European capacity got expensive at precisely the wrong moment. The AI buildout sent DRAM prices up roughly 350% between late 2025 and mid-2026 per TrendForce data, and the providers passed it on. Hetzner raised prices four separate times this year, with some cloud plans up 169%. OVHcloud took 9 to 11% in April and blamed the RAM market in writing. Leaving US cloud just got easier on principle and harder on invoice, simultaneously. The universe has a sense of humor; it is just not on our side.
What actually needs to happen
If the legal workaround does not materialize, and three sunk frameworks suggest a pattern, the sector needs to DevOps-mature the European offerings. Not build more datacenters. Europe has datacenters the way Finland has lakes. What it needs:
A CDN and WAF option at enterprise grade, because right now that layer is one Luxembourg company with footnotes and a patchwork of specialists. A real PaaS tier, because functions and event buses are where developer gravity lives. Managed databases and queues as boring commodities, not adventures. And on the tooling side, the cheapest wins available anywhere: getting EU providers into cert-manager core, Velero, and Infracost costs less than any datacenter and moves the practitioner experience more. If you maintain an EU provider and you are wondering where to spend one engineer-quarter, it is there.
Until then, the pragmatic architecture is a patchwork, and I have made my peace with that: EU IaaS for compute, Aiven-style specialists for data, Bunny or Gcore plus Myra at the edge, self-hosted control plane where the managed one is missing. The principle that makes the patchwork coherent is simple, and it is the one I would tattoo on every procurement document in the Union:
Software can come from anywhere. Data stays inside. Now more than ever.
Run American software, run open source, run whatever wins on merit. But the operator of the infrastructure, the jurisdiction of the storage, and the keys to the encryption belong in Europe. That is not protectionism. That is the lesson three dead frameworks were trying to teach us, and this time there may not be a fourth chance to skip the homework.
The full study (46 providers, 31 features, 18 ecosystem signals, 462 sourced claims, plus the Terraform audit script) is attached: download the study (xlsx). Every claim above has a row in it. If you find an error, tell me; the spreadsheet has survived one round of humbling corrections already and is developing a taste for it.