The European Cloud Situation at the end of 2025
As the year draws to an end now is a good time to review where we are with Europe’s cloud situation, and what has been achieved. One thing is certain, a lot has happened, and also quite a lot has become clearer.
tl;dr: Great strides have been made in 2025, especially in convincing people that something must be done, and outlining what that might be. Industry buyers are not going to lead us since they mostly care about next quarter’s results. Governments will have to show us the way, but they are ill-equipped to do so. Meanwhile, Europe’s cloud/hosting providers are also not leading the charge. Initiatives like the EuroStack have outlined this odd situation with great clarity, and are providing pressure on decision makers to do things. Governments meanwhile are good at formulating policy, but bad at following it themselves. However, the financial industry is just as hooked on US clouds as governments are, and there is legislation on the books that tells them they should fix this. Regulators can likely force banks to do the right thing, and thus forge a path for governments to follow later on. Who should be driving all this is unclear however, but I’ve added some thoughts. In addition, there are “no regret” steps that could be taken right now.
As usual, I want to thank the many proofreaders & experts who commented on draft versions of this post. Please don’t think I’m doing this all on my own!. If you’d like to be notified of new posts like these, please subscribe to my tracking-free newsletter.
At the beginning of this year people were still telling themselves US clouds were safe to use for European governments & vital services. I wrote about this in February in a post called It is no longer safe to move our governments and societies to US clouds. Back then this was quite a controversial take, but with the developments over at the International Criminal Court, and Microsoft’s admission that they can’t protect European data against US snooping, it has now become common wisdom: Governments and vital services need to look elsewhere.
The US clouds did not take this news lying down and came up with “sovereign” versions of themselves, but by operation of US laws, these are not sanction proof, and can never be. It is very disappointing to see otherwise serious people believe these fairy tales.
Photo by Markus Spiske on Unsplash
Meanwhile, a lot was said about what “Europe” could do, where we should always be careful what we mean when we say Europe. Do we mean the EU, or member states, or more broadly EU companies?
Of note is the EuroStack initiative, which made tremendous strides in pointing out our situation, and exhorting everyone to finally do something. There was the letter “European Industry Calls for Strong Commitment to Sovereign Digital Infrastructure”, plus the white paper “Deploying the Eurostack: What’s needed now”.
The EuroStack outlines the necessary triad, “Buy European”, “Sell European” and “Fund European”. To this I added a suggested coherent European/non-US cloud strategy: building railroads for the cloud economy, intended to be congruent with the EuroStack narrative.
I followed this up with an idea for European Cloud Modules, which are things we could build, open source, in a distributed fashion so as to enable the creation of more capable commercial clouds in Europe.
Now, this seems like a somewhat roundabout way to go about things. Why doesn’t Europe simply build its own Amazon or Azure?
Buyers are not actually interested (in 2025)
This is where the story takes a dark turn. Although over two hundred large companies have co-signed the EuroStack letter, this does not mean something will be happening soon.
European governments and enterprises are bound hand and foot to US cloud service providers. They rarely even manage to switch a service from one US supplier to another US supplier. This is because they have decided to base themselves on services which are specific to Amazon, Azure or Google. I wrote about this in ‘The cloud’ is not just servers. ‘Going to the cloud’ could also mean locking into a forever sub-contractor.
Governments and enterprises have oddly embraced this, and are now convinced there is no life at all outside the big three clouds, and that nothing can be done about this. This has become a self fulfilling prophecy.
So even if you’d show up with a perfectly fine European cloud that offers the same sort of things as (say) AWS, companies and governments would not flock to it.
Even though it is by now clear something should be done, government IT procurement is very much divorced from government political policies. These reside in different buildings and frequently also in different parts of the country. Or put differently, IT procurement will keep on buying what they had been buying, no matter what parliaments and ministries are talking about. As a case in point, the Dutch government has a pretty stringent cloud policy, which in practice is ignored entirely. They do make nice plans though!
Something similar may well go for giant industrial groups, who also have group policies and then working company realities.
Meanwhile, at least parts of the European policy world are fooling themselves that action is not that necessary. The assumption is that a Joe Biden-style president must surely return to the US, and that there therefore is no need to do anything drastic. Other parts of the EU policy scene, like over at the launch of the Digital Commons European Digital Infrastructure Consortium appear to be a lot more realistic.
However, quite a lot of the nascent government enthusiasm for doing things appears to be regulatory in nature. What if we could tame the US suppliers? Or what if we could outlaw some of their practices with a few more acts, might that not entice our industry to do the right thing? This all has historically not worked that well. Compare the GDPR, which (rightfully!) outlawed a lot of business models, but we then allowed US companies to continue operating here based on those now illegal practices.
There are small encouraging signs however. Many governments say they want to do something. Some have said they are actually going to do something. And Schleswig-Holstein, a German state, has actually gone live for 80% of their staff with a sovereign solution. So it can be done, but S-H is one of the very few places we can point to that are actually doing it. Several Austrian ministries are also making great strides.
Enterprise
The situation within (large scale) enterprise companies is that no one there is rewarded for averting future theoretical risk. For now they are all-in on US clouds, and there is no (career) benefit for advocating for anything else. If a European public company were to announce it was taking a financial charge to prepare for digital autonomy, shareholders would revolt (unless it averts a risk to this quarter’s results!).
Industry appears to regard Azure and Microsoft as if they are water companies or electricity providers. As if the cloud comes from highly regulated utilities which will always be there. But this is not the case of course.
From multiple industry operators, I have now heard an even more cynical take. If all of Europe’s industry relies on US clouds, and eventually something goes wrong, we’ll all go down together, and no one specifically gets blamed! While cynical, this also rings true.
In short, there is very little practical demand for European cloud functionalities, not from governments, not from industry.
With the notable exception of places like Airbus which are close enough to governments that they do care (a bit).
Sellers are also not that interested
Europe has rather good providers of servers, storage and network bandwidth. Americans come buy this from us even. Simple web hosting also works very well here. This is the lower end of the stack.
European suppliers will often complain that governments and enterprises are not using their clouds. This is quite delusional since the European suppliers are not selling what AWS/Azure/Google are selling. Not even close! I wrote about this in the piece Dear hosters, you are selling wood, not furniture .
Creating a European Amazon equivalent is a lot of work, both “Airbus” and “IKEA” style difficult: it requires high tech skills, and there is a LOT of ground to cover. And no one is interested in an IKEA that has a smaller catalog. You need to bring the whole IKEA.
Because this is all so hard, it may be that the European hosting industry has decided it is better to say that there’s no need to do it. Look at our fine servers! A powerful form of cognitive dissonance.
Now, there are a few initiatives, like Evroc and perhaps StackIt, but both of these aren’t there yet, and I’m not sure what their actual goals are. These do not appear to be “replicate the full AWS IKEA experience”. Also, StackIt has teamed up with Google, which appears a bit strange.
There are also feel-good announcements like this European Sovereign Cloud Pledge from something called European Sovereign Tech Industry Alliance, although it appears they haven’t yet managed to launch a website for this ESTIA. I do hope the 11 members, consisting of large telecommunication companies, some defense giants, plus some cloud/hosting players, manage to get something going, but I would not hold my breath.
Now, it is possible to build modern IT solutions based on containers, servers, storage, networking and some none too advanced and proprietary services. We have these in Europe. And for longer term sustainability, this might even be a better idea, since operators are then not tying their tax agency to a single (foreign) cloud service provider any for the next few decades, which would be bad.
However, this requires operators to skill up again, and this would have to be a very conscious decision. It is not enough for European hosting companies to claim that they are selling what AWS and Azure are selling! Because 1) the aren’t and 2) that doesn’t make it clear operators will have to start doing more of the work again.
In short, industry is so far not taking up the challenge of actually trying to compete with US cloud providers.
Now, it has been suggested to launch a vast fund that would disburse hundreds of billions of euros to somehow “plug the gap”. However, if we do the math, spending that kind of money means hiring the entire European IT industry, something which does not seem realistic. Also, it is not easy to turn money into innovation. We can’t just buy/fund ourselves out of this mess. However, by procuring better things from Europe, governments could drive innovation in the right direction.
As a case in point, the European car industry has sunk billions into software development. Over 5500 people plug away on Volkswagen car software (!), and it is hard to tell what these people are doing, since the results are far from good. Spending lots of money does not necessarily get you great software!
Which leaves us where?
Large scale enterprise & governments are not practically that interested in European sovereign solutions, despite lofty words. And suppliers are also still mostly at the talking stage – if that.
Various initiatives, like the EuroStack, have been pointing out this terrible situation in no uncertain terms. Policy makers that aren’t getting it are “getting their hair washed” as they say in Italian.
And while this is all justified, it does not on its own get us closer to a solution. At a high level, both industry and governments are now aware they need to do something. But they are facing a confused industry that is not coming up with services that governments can procure right now to replace what they were getting from the US. And industry also shows no coherent signs of delivering that anytime soon. (And maybe they shouldn’t - being locked in to a European cloud behemoth is also not that great).
It is an exceptionally strange situation that we find ourselves in. Both buyers and sellers don’t actually want to move, yet there is much talk of the need to do something.
To change this would require coalition building within industry, making them see the light, while simultaneously trying to convince governments to actually buy something. And crucially, to buy things that would not tie them down to any specific European company.
This is rather ungrateful work that is going to take a decade+ of talking. It requires more than pointing out to people that they should be doing the right thing. It requires patient standards setting. And since GAIA-X, we know that such an effort can definitely fail. It requires nurturing change and where possible helping it along. It could possibly mean actually authoring better common software, for industry to use.
A key problem is that change will have to start with governments. They should lead us out of this mess, since enterprise buyers definitely are not going to do it. But governments have a very hard time adhering to their own policies (and laws even). In addition, there is not a lot of expertise to go round within the decision making parts of governments.
A few ways out, cloud modules, and DORA
Over the past year, I’ve drafted some ideas that are good to do anyhow, like the European Cloud Modules which could be the railroad on which to build a better future. These are “no regret” initiatives that could move the needle a lot, at very low cost.
Recently, multiple people have independently found out that there is existing legislation that could force progress.
Europe’s vast financial industry is regulated heavily. And also fined heavily if they don’t stick to the rules. Governments/regulators are good at telling them what to do. The financial industry also has ample resources to do things.
National banks and the European Central Bank have been sounding the alarm on the utter and total digital dependency of Europe’s financial industry on just a handful of (American) cloud providers.
A relevant act is the EU Digital Operational Resilience Act or DORA. In there we find some very strong requirements:
(72) … Therefore, in line with the expectations of the resolution authorities, those financial entities should ensure that the relevant contracts for ICT services are resolution resilient.
Article 28(6):
Financial entities shall ensure that they are able to exit contractual arrangements without:
(a) disruption to their business activities,
(b) limiting compliance with regulatory requirements,
(c) detriment to the continuity and quality of services provided to clients.Exit plans shall be comprehensive, documented and, in accordance with the criteria set out in Article 4(2), shall be sufficiently tested and reviewed periodically.
Now, to adhere to this regulation, a bank needs to have an alternate platform ‘ready to go’ (or at least ‘ready to be tested’). It seems unlikely they actually have something like that, especially in light of recital 72, which should be read in the context of the Amsterdam Trade Bank going under because of US sanctions, sanctions that were so heavy-handed that Microsoft even refused to provide a copy of the bank’s data that the Amsterdam court needed to wind up the bank. That situation does not spell ‘resolution resistant’.
According to regulators, banks (and insurers) are currently in the danger zone where it comes to their digital dependencies. Banks are in quite a similar position as governments here.
There are a number of key differences however. Governments & their regulators have shown no qualms over telling financial institutions what to do, and to fine them heavily (to the tune of billions) if they don’t. Governments have a far harder time regulating themselves than they have regulating financial institutions.
Secondly, governments are bound by procurement legislation which currently makes it nearly illegal to demand anything other than the most standard US cloud solution. Work has started on changing procurement rules, but expect this to take a while and be tied up in court for ages. Banks however can decide to drop a billion euros on a new European cloud provider without any hassle, since they aren’t tied to things like the WTO Government Purchase Agreement.
One possible way out for Europe is therefore to enforce the DORA on banks. Banks are used to cooperating in various coalitions, and I’m sure they could work out a set of desired European Financial Cloud Requirements, and succeeding in procuring these. They have billion euro level fines to motivate them to solve these problems.
And once there are companies that can deliver such European Financial Cloud Services, I’m sure governments can line up to buy stuff there as well. All the better if they all do so based on something like the European Cloud Modules I dreamed up earlier!
In this indirect way, I think we could move on from the clarity that initiatives like the EuroStack have provided in 2025. And hopefully in 2026 we can build on that by getting highly regulated industries to show us the way.
Key for this to work is that regulators and the ECB thoroughly understand software and cloud operations, otherwise their regulatory efforts might not survive court challenges.
What else?
This is going to be a long term project, I’m afraid. Here are some things that would be good to start meanwhile:
- Argue that governments should regain technical skills. As it stands, especially at higher levels, technical knowledge is very scarce. And this leads to buying the most middle of the road standard (US) solutions. I sometimes worry that top management is assuming that with AI, soon they won’t need experts anymore anyhow
- Specifically regulators will need to get on top of things!
- The Dutch Digitization Strategy (NDS) also has some good words
- Push for rapid EU procurement reform so governments are at least allowed to buy European tech because it is European
- Make sure there is funding for foundational software. This proposal for an EU Sovereign Tech Fund, based on the German Sovereign Tech Agency looks good.
- Use places like the new Digital Commons European Digital Infrastructure Consortium to connect and promote successful government sovereign projects
- Use this to setup services we lack right now in Europe, and make sure we run them ourselves. End the scourge of government press conferences streamed on YouTube alongside conspiracy advertisements! Let’s get ourselves a digital commons Eutube.
- Find ways to get industry to care about digital sovereignty. The Dutch “ABRO” for suppliers of national security relevant services may be useful.
Maybe this could all be guided from a single place or foundation. But more likely this will be a more distributed effort. A few talking or “doing” clubs on their own can not get Europe to change its ways. We need a broad coalition.
Finally
Worryingly, there is no clear magic trick or solution for Europe’s cloud woes. It continues to be an odd situation where neither buyers nor sellers are making tangible moves yet. But I hope that in 2026 we can continue our efforts to improve things. Perhaps industry will start to care, perhaps some governments (Denmark?) break away from the pack.
The needle was moved in 2025, so I am confident we can continue this progress next year!
If you’d like to be notified of new posts like these, please subscribe to my tracking-free newsletter.