I pay eight euros a month for a server in Falkenstein, a Saxon town whose main exports are, as far as I can tell, a Hetzner data center park and woven twill, the cloth this corner of the Vogtland has turned out since the 1700s. It runs my mail, my photos, a feed reader, and a wiki nobody reads but me. I bring this up not because you should care about my cupboard, but because for a certain kind of European developer, that boring little box has quietly become a political statement, and I want to be honest about how small the statement is.
Here is the thing that turned the mood this year. On June 10, 2025, Anton Carniaux, director of public and legal affairs at Microsoft France, sat under oath before a French Senate commission of inquiry and was asked by its rapporteur, Dany Wattebled, whether he could guarantee that data belonging to French citizens would never be passed to US authorities without French approval. His answer, in French, was "Non, je ne peux pas le garantir, mais, encore une fois, cela ne s'est encore jamais produit," which I would translate as "No, I cannot guarantee it, but, again, it has never yet happened" (Senate transcript; The Register surfaced the exchange for English readers). Microsoft did not leave it there. Its public-sector technical director, Pierre Lagarde, told the same committee that since January 2025 a contractual guarantee keeps European customers' data inside the EU, whether at rest, in transit, or being processed. The committee's chair, senator Simon Uzenat, was unmoved, noting that Microsoft's transparency reports are "purely declarative," containing what the company chooses to put in them and attested by no outside control. That is the whole European sovereignty debate compressed into one hearing: the marketing says your data is safe on European soil, the lawyer says under oath that he cannot promise it, and the guarantee is only as good as an audit nobody outside the company gets to run.
The reason Carniaux cannot promise it has a name, the US CLOUD Act, signed in March 2018. It compels any provider under US jurisdiction to produce data on demand regardless of where on the planet that data physically sits (US Department of Justice). Data center in Frankfurt, corporate parent in Redmond: the law reaches through the German concrete to the American headquarters. And it does not stop at American-owned firms. By its own terms the statute binds any provider that does business in the United States, which sweeps in European companies the moment they open US operations. Layer on Schrems II, the July 2020 judgment in which the Court of Justice tore up the EU-US Privacy Shield and told everyone their standard contractual clauses now needed "supplementary measures," and you have the legal weather that European hosting sells against. The 2023 Data Privacy Framework patched the hole, and noyb, the privacy group run by Max Schrems, has already told the Commission it intends to sue the framework back open, arguing that after a recent US Supreme Court ruling the "basis for any EU-US data transfer deal is dead" (noyb).
So the case for leaving is genuine. The scale of the leaving is where you have to keep your head. Synergy Research Group's numbers for the third quarter of 2025 put AWS at 29 percent of worldwide cloud infrastructure spend, Microsoft Azure at 20, and Google Cloud at 13: the big three together holding 63 percent of a market running at $106.9 billion a quarter (Synergy). In Europe specifically, those same three American firms hold roughly 70 percent, and European providers, the whole lot of them, hold about 15 percent of their own home market, down from 29 percent in 2017 (Synergy).
The trap is reading that 15 percent as decline. It is not. According to that same Synergy analysis, European providers tripled their revenue between 2017 and 2024; the problem is that the European market grew roughly sixfold in the same window, to €61 billion, so the locals ran hard and still went backward in share. John Dinsdale, Synergy's chief analyst, put it about as bluntly as an analyst can: "The cloud market is a game of scale where aspiring leaders have to place huge financial bets... No European companies have come close to that set of criteria and the result is a market where the five leaders are all US companies." Among Europeans, SAP and Deutsche Telekom lead with about 2 percent each, then OVHcloud, Telecom Italia, Orange, and a long tail. Synergy also pegs US providers' capital spending inside Europe at roughly €10 billion a quarter, which is the part nobody putting up a sovereignty flag likes to mention: the hyperscalers, the giant American cloud companies, are also, by volume, Europe's biggest cloud builders.
Now the fun part, because the people actually voting with their credit cards are not moving trillion-dollar SAP estates, they are the developers, the startups, the sysadmins with a cupboard. Ask where their stuff lives and the same names come up.
OVHcloud is the giant, the only European provider operating at anything like hyperscaler physical scale: founded in Roubaix in 1999 by Octave Klaba, listed on Euronext Paris in 2021, and reporting 43 data centers, more than 450,000 servers, 1.6 million customers across 140-plus countries, and revenue of €993 million in fiscal 2024 (OVHcloud). It is also the company whose Strasbourg data center literally burned to the ground in March 2021, taking about 14,000 servers with it, which is the sort of thing that teaches you not to trust a single region, a lesson worth learning cheaply from someone else.
Hetzner is the German answer and the one I actually use: fixed monthly prices, absurd value, owned data center parks in Nuremberg, Falkenstein, and Tuusula outside Helsinki. Tellingly, when Hetzner went looking for growth it opened its first non-European locations in Ashburn, Virginia (2021) and Hillsboro, Oregon (2022), because dedication to Europe and serving your American users are two different problems. bunny.net is the one people reach for instead of Cloudflare, a Slovenian content delivery network (the layer that caches your site on machines close to your visitors) running 119 points of presence across six continents out of Ljubljana. In the Netherlands sit the workhorses: Leaseweb, in business since 1997 with more than 80,000 servers across four continents, and Worldstream, which runs its own data center in Naaldwijk and sells the bare metal (whole physical servers, rented one at a time) that a lot of other people's "clouds" invisibly run on. And for the purists there is Elastx in Stockholm, running deliberately unmodified, off-the-shelf OpenStack (the open-source software that powers a private cloud) across three green-powered Swedish data centers, on the theory that the surest way to avoid lock-in is to run software anyone else can also run.
What almost nobody does is go all the way. Cloudflare sits in front of a staggering share of European websites, mine included until recently, and Cloudflare is headquartered in San Francisco, which means CLOUD Act, same as the rest. DigitalOcean, whose basic virtual servers are the developer's default "droplet," is a New York company. Plenty of European software is a French app, on a German box, behind an American edge, backed up to an American object store (the cloud bucket where your files sit), and the sovereignty is only as strong as the weakest link in that chain. Purity is expensive and mostly imaginary.
The unglamorous force doing more than any manifesto is money. Hyperscaler egress fees, the toll you pay to get your own data back out, have long been the hidden moat: a few cents per gigabyte that turns leaving into a bill. The EU Data Act came for exactly that. It entered into force in January 2024, most of it applied from September 2025, and from January 12, 2027 it bans switching charges, including switching-related egress, outright (European Commission). The hyperscalers read the room and pre-empted it: Google in January 2024, then AWS and Microsoft that March, all waiving exit egress fees for customers who leave entirely. Read the fine print, though: that covers the data you take when you go, not the everyday egress of serving your users, and it does nothing about the proprietary APIs and formats that are the real lock-in. A cheap exit door is useless if your application only speaks one dialect.
Which is the honest place to land. The sovereignty pitch has a real legal core, confirmed under oath by Microsoft's own lawyer, and it has spawned actual politics: a EuroStack open letter to the Commission in March 2025, starting near 80 organizations and over 200 by May, demanding a "Sovereign Infrastructure Fund" and a "buy European" mandate (TechCrunch). It also has a large amount of theater. The hyperscalers now sell "sovereign" EU clouds that cannot legislate away the CLOUD Act no matter how many EU-resident staff run them, a gap that CISPE, the trade association for Europe's own cloud providers and therefore an interested party, calls sovereignty-washing (The Register).
I am not going to tell you Hetzner is going to dethrone AWS, because it is not, and "it will never work" is the most expensive sentence an engineer can say, so I will not say the reverse either. What I will say is smaller and true. For a huge share of ordinary workloads, a blog, a side project, a small SaaS, a backup, the European box is not a sacrifice, it is cheaper, it is legally cleaner, and it works. You do not have to move your company this weekend. Move one thing. Spin up a server in Falkenstein or Ljubljana, point something real at it, and see what actually breaks. In my experience the only thing that breaks is the assumption that you needed the big American logo in the first place.



