How to play: Some comments in this thread were written by AI. Read through and click flag as AI on any comment you think is fake. When you're done, hit reveal at the bottom to see your score.got it
> Yes, the EU “cloud providers” are lagging behind but they’re catching up. Scaleway, Herzner, and others are there, and you should check them out if you’re starting a business in the EU.
I would argue that these aren't even "cloud providers", they are just VPS providers. Which is fine, but it's not the same thing.
There really isn't any European "cloud" service at all, which is a huge part of the problem. And I doubt there ever will be because who would even build it?
It would cost billions and billions of euros just to be "not AWS" (but worse in every way except location). Who is investing in that?
> There really isn't any European "cloud" service at all, which is a huge part of the problem. And I doubt there ever will be because who would even build it?
Lidl's cloud (Stackit, run by Schwarz Group) isn't a joke - they have serious engineering and are already selling to enterprise customers in Germany. Dismissing it because the parent company sells groceries is the same reasoning people used to laugh at Amazon building AWS. Retail IT scales.
Writing software is one thing. Running it at scale, at 3am, when everything's on fire, is another. The people who can do both are a much smaller group.
I know Cyso Cloud (previously Fuga Cloud - still Netherlands-hosted) lets you host K8S applications, and has S3-compatible storage. Is that what you mean with "cloud"?
OVH has full managed Kubernetes, object storage, DBaaS, serverless functions. Been there since ~2018. Same with Scaleway. The VPS framing is outdated by half a decade.
I see a lot of conversation here about provider feature parity, but my hope is that sovereignty doesn't have to be strictly about the region or company you choose. For me, the strongest form of sovereignty can come at a lower level. That is, running on an open-source stack you can pick up and run somewhere else should you need to. If your data and workloads live on standard Kubernetes with Postgres, object storage and the usual Prometheus/Grafana/Loki, then no single provider (EU or otherwise) actually has you over a barrel. As the article points out, the "AWS Europe is a separate subsidiary" argument does nothing if the software still ships from the USA.
Shameless plug: We started our company[0] on this basis, i.e. managed Kubernetes on bare metal in EU DCs. We run everything on open source tooling, provide DevOps engineering time to our customers' engineering teams, take on the migration risk ourselves, and offer response-time SLAs. So yes I'm biased, but I did this because I do actually really believe in this approach.
So I'd flip it around. Perhaps building a sovereign hyperscaler is the wrong approach. I'd say we need workloads that aren't welded to any one provider in the first place. And open source tools have come a very long way since EC2 first came online.
> If your data and workloads live on standard Kubernetes with Postgres, object storage and the usual Prometheus/Grafana/Loki, then no single provider (EU or otherwise) actually has you over a barrel.
I’ve heard this refrain most of my career - and believed it at one point. But the bytes themselves are heavy and hard to move.
Multiple projects I’ve worked on in my career would have had to _physically move_ the data (plane, train, semi) if they wanted to migrate - there was no reasonable way to get the data out of the datacenter over network on any reasonable timeframe.
This was not a thing one year ago, but now it is really part of the conversation. In our company the goal is to reduce by two thirds our expenses in digital services by focusing on self hosting and European alternatives. Is it inconvenient? Mildly so, but for most things there are alternatives available once you start looking into them
I feel the article is a bit roundabout, but eventually gets to the point: "Sovereignty" is not (mainly) about physical location, it's about which legal entity controls the data and whether or not that entity is subject to US jurisdiction and could be forced to disclose the data to US companies or agencies, in violation of EU law.
Which is mightily funny because in the opening paragraph the article equates "anti-free movement" with "problematic baggage". It's a problem if people can't move freely in and out of Europe, but not data -- that's our red line!
For me (as an EU citizen), sovereignty is about being independent of companies operating under law that I have no control of (can't vote in the US) and is veeery unpredictible (Trump administration). I don't want to wake up one day I find out my bill tripped because of some tax imposed on EU or completely cut off, because the president woke up in bad mood that morning. EU is very fat from perfect, but for me it is still closer to home, and I truly root for any EU company that tries to take on the US behemoths. I moved everything from GCP and AWS to Hetzner, and am moving from Github to Codeberg.
Unfortunately, it's realty hard. The US giants have offerings that no one in EU has and I am investing huge amounts of time into working around them (e.g. Windows and MacOS CI runners on Github - try to get this for free in EU). I'm fine with paying a bit for this, but even then it's a huge hassle to set it up to be able to get CI checks for my projects on Windows/MacOS. And it's not cheap either. I can afford it, but it is still very expensive.
And therein lies the problem. As long as people are unwilling to pay for services, the winning services will always be the most predatory ones that make their money by selling their users to other companies.
I’m not sure why Europeans always bring Trump in here when it comes to this topic, except perhaps he, successfully it appears, woke many of them up from the slumber of dependency on global supply chains, of course, that Americans have been talking about for quite some time.
You can’t vote in American elections, true, but you also can’t vote for the Ayatollah or Saudi Prince who controls your oil supply, the Brazilian president where your rubber comes from, or a Chinese Communist Party official who manufactures your stuff, nor do you vote for elections in other EU countries and I’d argue your EU vote is but an abstract concept of a vote.
You’ve never had control (no country fully does), and so, are you only now waking up to that fact and have been goaded out of a once peaceful slumber? If so you should probably thank Donald Trump, sadly enough. But I’d stop focusing on him when the US is by far the least of Europe’s collective concerns.
He said exactly why: because Trump's policies are unpredictable. Before that, there was no problem, really. Of course, it's a political movement and Trump is much a symptom as a disease, but you're saying we should thank him for bringing about this unpredictability — because now we can see that unpredictability is possible? There's something seriously loopy about that argument. It's like asking one to thank the burglars because they woke them from their peaceful slumber of safety...
Such heresy is detrimental to EU sovereignty... next you're going to remind people that some states are in the EU despite their citizens having opposed going in there.
TBH, EU member states can be plenty oppressive when they want to, so - why not just take it to the next level and have all-European overlords?
There's literally an entire section in the Treaty of the EU on the exact criteria to leave the EU. A country has literally _left_ the EU. Nobody is being held hostage to stay in the EU.
"Despite their citizens having opposed going in there." Can you point to a vote to invoke Article 50 that was not honored by the EU? Can you point to a country getting admission into the EU without a vote from their people?
That's a rather odd point. One country has left the EU due to a very narrow 'exit' vote, so it's not anyone's prison. Across surveys the EU enjoys broad support, often even more so than the national government.
Clearly not everyone loves the EU but the majorities are very much in favour (and certainly this is the case among the people who actually understand politics, economics, etc.).
> I really dislike the term because it’s laden with all sorts of militaristic and anti-free movement and all sorts of other problematic baggage
Then call it "Digital Sovereignty" instead. That's what we call it in the Netherlands.
> but it’s the term the industry is using
OK, and? Sounds like it is time to push back. It's like talking about "lower" and "higher" education. Just call it practical and theoretical education instead. Much more descriptive; doesn't talk down to people we seriously need in the coming decades.
This is such a dumb topic to me - and I work closely to this issue. The blog post talks about criminal surveillance and gag order possibilities - but has no examples of these being meaningfully applied. Eu govt also spies on citizens.
Obviously the true political point is the geopolitical security risk of depending on another country. There's some truth there but really all countries depend on all others and the way to balance it is to use and grow the trading leverage you do have, not trying to shore up your weaknesses.
The "all countries depend on all others" point only holds if the dependencies are symmetric. The US-EU relationship isn't — US cloud providers operate under CLOUD Act jurisdiction, which is unilateral. The EU has no equivalent extraterritorial reach. That asymmetry is exactly what the sovereignty argument is about, and dismissing it as geopolitical theater misses the structure of the problem.
The EU's "E-Evidence framework" allows authorities in any member state to compel entities doing business in any part of the EU to produce and/or preserve communications data, completely by-passing cross-border barriers.
_e.g._ Victor Orban could have wiretapped any communication within the EU. Supporter by an EU directive
> Victor Orban could have wiretapped any communication within the EU. Supporter by an EU directive
Don't spread such bullshit FUD.
The E‑Evidence package contains multiple legal and procedural safeguards:
1. Judicial authorisation
2. Scope limits
3. Proportionality and necessity tests
4. Channels for challenge and review
5. Data-protection rules
6. Natinoal enforcements and remedies
Cross-border orders must be issued as European Production Order (EPO) or European Preservation Order (EPO‑PR).
The Regulation defines what can be optained and when. And wiretapping (i.e. content and traffic) is striclty limited to serious offences. Blanket mass surveillance is EXPLICITLY NOT POSSIBLE.
A judge is required for sensitive categories, e.g. wiretapping. And factual grounds must be provided demonstrating necessity.
The Regulation EXPLICITLY requires that orders be necessary and proportionate for criminal investigation
The member state where the service provider (or its EU representative) is established is notified when an EPO/EPO‑PR is sent, giving an additional oversight channel and the enforcing authority a role in examining objections.
The CJEU remains a backstop on top of national authorities.
> came to Netherlands for a short visit and oh my god how much better the food is
I really don't want to know what the food is like where you came from, but it may be a WMD test or something. You should get human rights activists and lawyers working on it.
What, like electronic payments using phones running American operating systems? With the bonus that you have two new gatekeepers that can lock your citizens out (Apple and Google).
But how often does the CLOUD Act actually get invoked against EU-hosted data in practice? I see it cited constantly in these discussions but never see real case counts. If invocations are rare, the risk calculus looks very different from what sovereignty advocates imply.
I would argue that these aren't even "cloud providers", they are just VPS providers. Which is fine, but it's not the same thing.
There really isn't any European "cloud" service at all, which is a huge part of the problem. And I doubt there ever will be because who would even build it?
It would cost billions and billions of euros just to be "not AWS" (but worse in every way except location). Who is investing in that?