Cloud Sovereignty in Europe: Between Vision and Pragmatism
Hosting in Europe ≠ Sovereignty
Just because your data is stored in a Frankfurt or Dublin data centre unfortunately does not mean it is safe from the influence of foreign legislation. What really matters are jurisdiction, actual enforcement rights, and effective control mechanisms.
We know that the US CLOUD Act obliges US providers to access data even when it is stored in Europe. That’s why the BSI warns: true cloud sovereignty requires full legal independence and transparent operating models, not just a server location.
Gaia-X was supposed to be the European blueprint for this vision. But sovereignty is not the sign on a data centre fence, it is governance, contracts, and architecture.
Europe wants to reclaim the cloud – but is it betting on the wrong horse?
The demand is undeniable: banks, insurers, public authorities, and many others, not only highly regulated industries, are searching for secure alternatives to US hyperscalers. When Gaia-X was launched in 2020 as a flagship project, it promised to be the model of a sovereign European cloud.
Five years later, the results are sobering: endless working groups, hundreds of pages of documentation, but hardly any tangible benefits. Even the French Cour des comptes (Court of Audit) spoke of “slow progress” and “a lack of impact.”
For CIOs and CFOs, this raises the uncomfortable question: is Gaia-X truly an innovation driver – or just a bureaucratic fig leaf while Europe becomes even more dependent on AWS, Azure & Co.?
Perhaps the future doesn’t lie in one grand design, but in pragmatic standards and smaller, interoperable ecosystems.
Should we get rid of US hyperscalers then?
All hyperscalers – independently of their jurisdiction - deliver speed, resilience, and global innovation power, exactly what modern banking IT urgently needs. As of October 2025, the US providers are noticeable ahead in terms of portfolio and services – but the European alternatives are closing the gaps. There are good reasons to host your applications
European regulators like the EBA or BaFin know this well. They don’t prohibit cloud adoption, they require control, auditability, and exit strategies.
This is why pragmatic architectures are emerging – such as data-centric approaches. Critical core systems remain on-prem or with European providers, while AI services, scaling, and analytics come from the hyperscaler cloud.
For CFOs and CIOs this means: regulation is not a “no” to the cloud, but a “yes, with clear guardrails.” And it’s precisely this “yes, but” that enables Europe’s financial sector to remain capable of action.
adorsys even see a slight trend of bringing selected services back to Europe.
💬 We’d love to hear your perspective:
Which providers do you currently see as viable alternatives to the US hyperscalers?
Will pragmatism always win over vision when it comes to digital sovereignty?
Is Gaia-X the right path forward – or is Europe still searching for its true model of cloud independence?
Sources
Federal Ministry for Economic Affairs and Energy: Gaia-X – a European Cloud Initiative (DE)
FDL (Libre Endowment Fund): On the French Court of Audit’s research into Gaia-X and further insights (FR)
EBA: Revised Guidelines on Outsourcing Arrangements (EN, PDF)
BaFin: Supervisory notice on outsourcing to cloud providers (DE, PDF)
ZenDiS – Whitepaper: “Recognizing Sovereignty-Washing in Cloud Services” (DE, PDF)
Keen to explore how adorsys can guide your company through technology innovation? Reach out to us here, our team will be delighted to discuss tailored solutions for your organisation.
