European tech companies are facing a tricky situation, using popular American cloud services like AWS and Google Cloud, but worrying about keeping control of their data in Europe. With rising geopolitical tensions, more practitioners are asking: should we be less dependent on American tech giants? It’s got some European developers and businesses rethinking how they handle their data and build their systems.
Ahead of the InfoQ Dev Summit in Munich, Markus Ostertag, Elena van Engelen-Maslova, Erik Steiger, and Katharine Jarmul discussed the topic in a recent “Sovereign Clouds, Hyperscalers and European Alternatives” podcast.
While the current environment has created a complex decision-making landscape for European developers and cloud architects, the panelists agree that there is no one-size-fits-all solution and organisations must carefully balance different concerns based on their specific data sensitivity, regulatory requirements, and business needs. Some workloads will benefit from the innovation and capabilities of US hyperscalers, while others might need the regulatory comfort of European-based providers.
US Providers or European Ones?
Markus Ostertag, chief AWS technologist at adesso and AWS Hero, notes that digital sovereignty doesn’t necessarily mean complete independence from US cloud providers today, but rather building resilience against specific scenarios while investing in European alternatives for the long term:
Digital sovereignty doesn’t mean autarky. It’s more about how I am as an organization resilient against specific scenarios.
The panelists agree that the discussion often becomes polarized between US hyperscalers and European alternatives. Ostertag adds:
Either you are on the side of US hyperscalers or you are on the side of this we need to be you first, or America first. It seems like there is no gray zone in between. I don’t get that.
The discussion reveals that practitioners often struggle with unclear boundaries around data control, primarily when European data centers are operated by US companies using US-designed infrastructure.
Can Europe Close the Gap?
The panelists acknowledge that US cloud providers have nearly two decades of market presence and massive investments, making it hard for newer European providers to close the gap, lacking the deep feature integration that enables rapid development and innovation. Advanced analytics platforms, serverless computing, and tightly integrated security services often have no direct equivalents in smaller providers. Erik Steiger, senior software and AI engineer, comments:
There are good bare metal servers that we can use in the EU. The problem is all the services that are missed on top (…) We need good alternatives that are very convenient that have the privacy of the European Union built in. And this is lacking at the moment.
Katharine Jarmul, privacy and security expert and author of “Practical Data Privacy”, suggests that European providers should focus on different approaches rather than simply trying to replicate existing US cloud services and catch-up efforts:
Do we slow down innovation to build something different? I would argue that we make innovation when we build something different (…) The future of innovation isn’t playing catch-up and thinking acceleration, and thinking I have to get to where AWS is. The future of innovation is thinking about how we could do it smarter and differently than what was done before, because you will never innovate if you play catch-up.
The speakers highlight a chicken-and-egg problem affecting the market, with large enterprises not migrating to European providers due to missing features, and European smaller providers struggling to develop those capabilities without revenue from enterprise customers. This creates a challenging environment where startups face pressure to use European providers, but lack the necessary tools and services to compete effectively.
What about Encryption?
The panelists explain that encryption complexity contributes to this misalignment. Most practitioners lack deep cryptographic knowledge, making it difficult to evaluate different approaches or understand their security implications. Jarmul argues:
Encryption is difficult because most people don’t understand how encryption works, and most people haven’t ever had a chance to work with cryptographers, and so it’s a real problem.
Does Sovereign Mean Slowing Down?
The panelists engage in a discussion about whether sovereignty requirements necessarily slow innovation. One perspective suggests that building cloud-agnostic architectures requires additional development effort and may prevent organizations from leveraging productivity-enhancing cloud-specific features.
The practitioners discuss the fundamental tension between development velocity and architectural flexibility. Elena van Engelen, senior software engineer and author of the “Kotlin Crash Course”, comments:
The immediate thing that we could look at is architecture. If we make sure that the way we use our cloud uses the architecture, which makes it easier to move to something else, then we already give ourselves a cushion.
Organizations must decide whether to accept what is often perceived as vendor lock-in for immediate productivity benefits or invest in portability that may slow current development but provide future options. Van Engelen suggests:
Separate your cloud-specific code or infrastructure code from your core business logic. But don’t avoid cloud’s features, because you don’t want to slow down your innovation.
What about European Data Centers?
The panelists acknowledge that building competitive data center infrastructure requires substantial investment and government support. Building modern data centers requires well-understood technical knowledge, but the substantial investment needed creates significant challenges for European providers and institutions. Most European data center projects partner with American cloud companies because it speeds up deployment and reduces costs. However, these partnerships create dependencies that could limit options in the future. Jarmul adds:
If the EU wants sovereignty, first off, we got to define what sovereignty means. And then, got to invest, and currently, there is a push towards less investment.
Infrastructure alone is insufficient, and data centers must be paired with the software platforms and services that developers need. Ostertag adds:
There is no lock-in. It’s technology, it’s software. You can build every software differently; it just takes time, resources, and, in the end, money.
The panel converges on the importance of avoiding both overreaction and complacency. Digital sovereignty should be understood as building resilience against specific scenarios rather than achieving complete autarky.
Van Engelen recommends separating cloud-specific code from core business logic where practical, enabling greater flexibility without necessarily avoiding cloud features entirely. Jarmul encourages practitioners to stay curious about emerging European alternatives and new design patterns, even if they are not immediately viable: local-first design may offer innovative approaches to common problems.
With the future likely involving a hybrid approach combining global hyperscaler capabilities with emerging European alternatives, practitioners must understand trade-offs and prepare for multiple scenarios while continuing to build innovative solutions.
Join us on October 15-16 in Munich for dedicated sessions and further discussions on sovereign clouds and reliable deployment options in Europe.
