Choosing an EU Cloud Provider in 2026

AWS, Azure, and GCP account for roughly two thirds of global cloud spending. All three operate EU data centers and offer data residency options, but as US companies they are potentially subject to US jurisdiction through laws like the CLOUD Act of 2018. The exact reach of this law over data held by foreign subsidiaries remains legally contested, but the concern has driven all three to launch sovereign cloud initiatives, following a common pattern: adding European control on top of US-owned infrastructure.

AWS launched its European Sovereign Cloud in January 2026 in Brandenburg, Germany, operated by German subsidiaries with EU-resident staff and an independent advisory board. The infrastructure has its own root certificate authority, keeping metadata and encryption keys within the EU. However, these subsidiaries remain wholly owned by Amazon.com, Inc.

Google takes a partner-operated approach. In Germany, T-Systems (Deutsche Telekom) acts as a data trustee, holding encryption keys outside Google's infrastructure. In France, Thales co-founded S3NS, a separate French legal entity operating its own dedicated infrastructure under French law, pursuing SecNumCloud certification. Google personnel reportedly have no access to the S3NS environment.

Microsoft declared its EU Data Boundary complete in February 2025 for Azure, Microsoft 365, Dynamics 365, and Power Platform, with limited exceptions for global security operations. For stronger separation, Microsoft has national partner clouds: Bleu (Orange + Capgemini) in France and Delos Cloud (SAP subsidiary) in Germany. Microsoft's own chief legal officer in France reportedly acknowledged before the French Senate that the company cannot fully guarantee EU data is safe from CLOUD Act requests.

Whether the CLOUD Act can compel a US parent to force a foreign-incorporated subsidiary to hand over data has not been definitively resolved by a court. This remains genuinely unsettled law.

A growing number of European companies offer cloud infrastructure that is built, operated, and legally domiciled entirely within the EU. These providers vary in scale and specialization, but they share one advantage: there is no US parent company in the corporate chain.

The European cloud market is maturing. While no single EU provider currently matches the full breadth and depth of services offered by AWS, Azure, or GCP, the situation is improving steadily. Core capabilities around compute, storage, networking, and container orchestration are reliable and production-ready across multiple EU providers.

Specialized services like advanced AI/ML pipelines, extensive serverless ecosystems, or proprietary database engines may still require a US hyperscaler or a multi-cloud approach. But for many workloads, particularly those involving personal data of EU residents, an EU-native cloud provider offers a clearer legal framework and simpler compliance posture.

The sovereign cloud initiatives from US hyperscalers represent a middle ground: familiar tooling with added European controls. Whether these programs offer sufficient sovereignty depends on your organization's risk assessment and regulatory requirements. For the strictest interpretation of data sovereignty, an EU-owned and operated provider remains the most straightforward path.