Jerome Evans sees local companies under pressure to act: Changed framework conditions due to transatlantic conflicts of interest require a rethinking of many cloud strategies.
“The geopolitical developments of recent months have given new urgency to the discussion about digital sovereignty. This is immediately reflected in rising demand for alternatives to US cloud services. Many companies have realized that their dependence on providers such as AWS (https://aws.amazon.com), Microsoft Azure (https://azure.microsoft.com), or Google Cloud (https://cloud.google.com) represents a risk. This risk extends far beyond abstract data protection concerns.”
Current political developments in the United States demonstrate how quickly the framework conditions for internationally available digital services can change. Donald Trump’s renewed presidency particularly illustrates this dynamic. Technology corporations have rapidly adjusted their corporate policies under political pressure. This has had direct impacts on critical infrastructures.
Should the current US trade policy lead to EU counter-tariffs on digital services, European companies face significant restrictions. This creates a climate of uncertainty. Companies storing critical business data in US clouds are particularly affected. When tech corporations change their policies due to political influence, trust in their independence suffers. This directly impacts the European market.
Furthermore, the US government is planning comprehensive regulation of cloud providers for the first time. These measures could further facilitate US authorities’ access to cloud data. This represents a significant risk for European companies. This risk exists even when data is physically stored in data centers within the EU. The decisive factor is who holds the data. If the cloud provider is a US corporation, US authorities can still access the data through laws such as the CLOUD Act or FISA 702. This contradicts GDPR requirements and jeopardizes the digital sovereignty of European companies.
Data sovereignty means more than mere GDPR compliance. Rather, it concerns control over one’s own data. This includes who may store, view, process, or delete it. A truly data-sovereign cloud ensures this control holistically. This enables companies to operate independently and with crisis resilience.
Therefore, many companies in Germany are specifically seeking cloud solutions from Germany or Europe. The reason is clear: they want their data in safe hands. At the same time, they want to reduce their dependence on non-European providers.
In this context, the use of open-source technologies is gaining importance. They create transparency regarding source code and reduce dependencies on proprietary systems. At the same time, they enable stable and verifiable infrastructure. Companies thus retain control over their systems. Additionally, they become more independent from political developments and the business models of large US corporations, as well as from potential access by American authorities.
A data-sovereign cloud solution is characterized by several factors. The operator has its headquarters and entire infrastructure in the EU. Economic independence and stability are additional factors. Open-source technologies are preferentially deployed to avoid vendor lock-in. At the same time, flexibility in cloud usage is maintained. Furthermore, the data centers meet the highest European security standards.
The market for European cloud and colocation services is growing strongly. More and more providers are developing solutions specifically tailored to the requirements of European companies. These offerings are operated exclusively in Europe. At the same time, they meet high security and compliance requirements.
Nevertheless, US hyperscalers continue to dominate over 70% of the European cloud market. To counter this, the EU is pursuing the 8ra project (https://www.8ra.eu) to build an open, decentralized cloud and edge ecosystem. The goal is to secure Europe’s digital sovereignty in the long term.
At the same time, the withdrawal of German provider Nextcloud (https://nextcloud.com) from the Gaia-X project (https://www.gaia-x.eu) demonstrates that political initiatives alone are insufficient. Bureaucratic hurdles and lack of long-term political will are slowing progress. Moreover, many companies continue to rely exclusively on US solutions despite known risks.
Therefore, a clear trend is emerging. Companies are not turning away from the cloud. Instead, they are adopting differentiated models. Hybrid and multi-cloud strategies combine the flexibility of public cloud with the security of private cloud or the control of on-premise solutions. This makes companies significantly more adaptable. European providers offer compelling alternatives with a strong compliance focus.
For companies, switching to European cloud providers may initially appear complex. Nevertheless, geopolitical realities make this step necessary. The question is no longer whether a migration should occur. Rather, what matters is how it can be implemented efficiently.
With local hosting in German data centers, ISO 27001-certified infrastructures, and a clear focus on open-source technologies, the foundation for digital sovereignty is established. Networked locations also enable distributed server operations with high availability.
Considering the overall situation, it becomes clear: digital sovereignty is not an optional nice-to-have. It is a strategic necessity. Those who invest today in independent European cloud and colocation solutions not only secure their data. They also strengthen the long-term resilience and operational capability of their company.
Jerome Evans is founder and managing director of firstcolo GmbH. He has been working with IT services and the construction and operation of data centers and cloud-based server infrastructures for approximately 20 years.
