Multi-Cloud Strategy Without US Hyperscalers: Building Resilience on European Infrastructure

Search for "multi-cloud strategy" and you will find hundreds of guides, frameworks, and architecture diagrams. They all share one assumption: your clouds are AWS, Azure, and GCP. The entire multi-cloud industry — the tooling, the consultancies, the analyst reports — is built around distributing workloads across American hyperscalers.

According to Gartner, over 92% of large enterprises now operate in a multi-cloud environment. The Flexera 2026 State of the Cloud Report found that 97% of IT professionals plan to adopt multi-cloud within one year. But "multi-cloud" in practice usually means "we run some things on AWS and some things on Azure." It does not mean resilience from a single country's jurisdiction. It does not mean independence from providers subject to the same extraterritorial laws. And it does not mean data sovereignty.

This article explores what a genuine EU-only multi-cloud looks like — which providers, which tools, which regulatory drivers, and which trade-offs. Not because US hyperscalers are bad products (they are excellent products), but because building resilience on infrastructure that is all subject to the US CLOUD Act and FISA 702 is not actually multi-cloud in any meaningful sense. It is multi-vendor, single-jurisdiction.

European regulation is not yet mandating multi-cloud. But it is, piece by piece, creating conditions where multi-provider strategies become the path of least resistance for compliance.

DORA (Digital Operational Resilience Act), applicable since January 17, 2025, is the strongest push. DORA requires financial entities to conduct ICT concentration risk assessments before entering contracts with new cloud vendors. It mandates tested failover for critical functions — not just documentation, but demonstrated resilience. It requires data portability evidence proving you are not locked into a single provider. And it demands documented fallback procedures for non-redundant functions, capable of sustaining operations during outages of 15 hours or more. Regulators acknowledge that not every function needs full dual-cloud redundancy, but the direction is unmistakable.

NIS2 (Directive (EU) 2022/2555), applicable since October 2024, classifies cloud computing as an essential service and requires operators to manage supply chain risks, including evaluating provider concentration. Article 21 mandates that entities assess their ICT providers' security posture, audit rights, and SLAs — all of which become easier to enforce when you have alternatives.

The EU Data Act, applicable since September 2025, directly targets switching barriers. It mandates that cloud providers allow customers to switch at any time with a maximum of two months' notice. Egress fees must be cost-covering now and will be eliminated entirely by January 2027. IaaS providers must ensure "functional equivalence" when transitioning and provide open interfaces with sufficient documentation for interoperability. The Data Act does not mandate multi-cloud, but it removes the economic barriers that made single-provider lock-in rational.

Taken together, these three regulations — DORA for financial services, NIS2 for essential services, and the Data Act for everyone — create a regulatory environment where concentration risk is a liability, switching must be feasible, and resilience must be demonstrated. For organisations in scope of any of these, an EU-only multi-cloud strategy is not just a sovereignty play. It is a compliance strategy.

The first question is whether enough European providers exist to build a credible multi-cloud. The answer, as of 2026, is yes — with caveats.

Provider	HQ	EU Data Centre Countries	Key Strength
OVHcloud	France	France, Germany, Poland, UK, Italy	Broadest EU footprint (44 DCs); SecNumCloud-qualified; selected for ECB digital euro
Hetzner	Germany	Germany (23 DCs), Finland (12+ DCs)	Best price-performance; 100% renewable energy
Scaleway	France	France, Netherlands, Poland	Best developer experience; managed Kubernetes (Kapsule); excellent Terraform support
STACKIT	Germany	Germany, Austria	Backed by Schwarz Group (EUR 130B revenue); sovereign by design; managed K8s, databases
UpCloud	Finland	Finland, Sweden, Denmark, Norway, Netherlands, Spain, Poland, UK, Germany	Widest Nordic coverage; zero egress fees
ELASTX	Sweden	Sweden (3 AZs)	OpenStack-based; ISO 27001/27017/27018 certified
IONOS	Germany	Germany, UK, Spain	Component-based pricing; managed Kubernetes

Between these providers, you can place workloads in France, Germany, Finland, Sweden, Denmark, Norway, Netherlands, Poland, Austria, Spain, Italy, and the UK. That is genuine geographic redundancy across multiple EU jurisdictions, none of them subject to the CLOUD Act. For comparison, spreading workloads across AWS eu-west-1, Azure West Europe, and GCP europe-west1 gives you three buildings owned by three companies that are all headquartered in the United States and all subject to the same extraterritorial data access laws.

STACKIT deserves particular attention. Owned by the Schwarz Group — parent of Lidl and Kaufland, Europe's largest retailer with EUR 130 billion in annual revenue — STACKIT was spun out as an independent company in September 2024. It offers managed Kubernetes, managed databases (PostgreSQL, MongoDB, MariaDB, Redis), AI model serving, and stores data exclusively in Europe. The Schwarz Group built it because they could not find an existing cloud provider that met their own sovereignty requirements — and now they sell it to everyone else.

The viability of any multi-cloud strategy depends on the infrastructure-as-code and orchestration tooling available. If each provider requires bespoke deployment scripts, multi-cloud becomes multi-headache. The good news is that all major EU providers support Terraform and Kubernetes. The bad news is that the quality of support varies significantly.

A hands-on Terraform test by Wolk.work in January 2026 compared the onboarding experience across EU providers:

Provider	Terraform Rating	Onboarding Time	Notes
Scaleway	5 / 5	<20 minutes	Credential flow includes Terraform examples; comprehensive official provider
OVHcloud	3 / 5	~30 minutes	Requires multiple Terraform providers (OVH + OpenStack + AWS for S3)
Hetzner	2 / 5	~45 minutes	Official hcloud provider lacks object storage; requires MinIO provider for S3

The key finding: all four providers tested (including T-Systems) qualify as EU-native with no US parent company and no CLOUD Act exposure. But the developer experience gap between Scaleway and Hetzner for IaC workflows is substantial. If Terraform-driven multi-cloud is your goal, Scaleway is the most polished starting point.

For Kubernetes, the landscape is more even. Scaleway offers Kapsule (managed Kubernetes), OVHcloud has its Managed Kubernetes Service, IONOS provides managed Kubernetes, and STACKIT has its own Kubernetes Engine (SKE). Hetzner does not offer managed Kubernetes, but its VMs are popular for self-managed clusters. Open-source tools like KubeFed (Kubernetes Cluster Federation), Cluster API, and Rancher (owned by SUSE, headquartered in Germany) enable cross-provider cluster management without depending on a hyperscaler control plane like Google Anthos or Azure Arc.

The practical architecture for an EU multi-cloud Kubernetes deployment looks like this: run a primary cluster on Scaleway Kapsule or OVHcloud Managed Kubernetes, a failover cluster on a second EU provider, use Terraform or OpenTofu for infrastructure provisioning across both, and manage cross-cluster networking with a service mesh like Consul or Cilium. It requires more operational investment than a single-provider setup, but it delivers genuine resilience against both provider outages and jurisdictional risk.

Multi-cloud only works if you can move workloads and data between providers without rebuilding everything. Europe is actively legislating this into existence.

The EU Data Act is the most consequential instrument. Beyond banning egress fees by 2027, it requires cloud providers to offer open interfaces free of charge with documentation sufficient for interoperability. IaaS providers must ensure "functional equivalence" during transitions. These are not aspirational goals — they are legal obligations with enforcement mechanisms.

GAIA-X, the European federated data infrastructure initiative, has moved from concept to implementation. With 350+ members across companies, associations, and universities, GAIA-X now has 10 commercial Digital Clearing Houses operating worldwide. Its technical framework defines interoperability standards for data sharing across providers and jurisdictions. Critics question whether GAIA-X has stalled, but the clearing house infrastructure is operational and the "Danube" release of the GAIA-X Core Engine is under development.

The IPCEI-CIS (Important Project of Common European Interest for Cloud Infrastructure and Services) involves 19 companies from 7 Member States building the first interoperable European data processing ecosystem — a multi-provider cloud-to-edge continuum. And the EURO-3C project, announced at MWC Barcelona in March 2026 with EUR 75 million in Horizon Europe funding, is building a federated Telco-Edge-Cloud infrastructure spanning more than 70 nodes across 13 European countries, with 87 organisations in the consortium including BT, Deutsche Telekom, Orange, Vodafone, and Swisscom.

The direction is clear: Europe is building the regulatory framework, the technical standards, and the physical infrastructure for cloud interoperability. An EU multi-cloud strategy today aligns with where EU policy is heading over the next three to five years.

An EU-only multi-cloud is viable, increasingly well-supported by regulation and tooling, and genuinely reduces jurisdictional concentration risk. But it is not without costs.

Managed service gaps. No EU provider offers equivalents to DynamoDB, BigQuery, SageMaker, or Lambda. Scaleway and STACKIT have managed Kubernetes and databases, but the breadth is nowhere near a hyperscaler's catalogue. If your architecture depends on proprietary managed services, an EU multi-cloud requires either self-managing those capabilities (PostgreSQL instead of Aurora, self-hosted ML pipelines instead of SageMaker) or accepting a hybrid approach where specific workloads remain on hyperscalers.

Operational overhead. Managing relationships, billing, monitoring, and incident response across multiple smaller providers is harder than having a single hyperscaler account manager. There are no EU equivalents to AWS Organizations or Azure Management Groups for cross-account governance. You will need third-party or open-source tooling for unified observability (Grafana, Prometheus) and cost management.

Geographic limits. EU providers are concentrated in Western and Northern Europe. If you need data centres in Asia, South America, or Africa, you will either need to accept latency or use a hyperscaler for those regions while keeping EU data on EU infrastructure. OVHcloud has the broadest non-European footprint (Canada, US, Australia, Singapore, India) but it is still far behind hyperscaler coverage.

Talent and documentation. Your engineering team knows AWS. The documentation, Stack Overflow answers, and community knowledge for hyperscalers is orders of magnitude larger. Hiring an engineer with Scaleway Kapsule experience is harder than hiring one with EKS experience. This is a real cost that gets underestimated in TCO calculations.

None of these trade-offs are deal-breakers. They are engineering decisions. For organisations in regulated industries, handling sensitive data, or serving EU customers, the sovereignty and compliance benefits of an EU multi-cloud increasingly outweigh the operational overhead. For a global consumer application with no regulatory pressure, the calculus is different. The right answer depends on your threat model, your regulatory obligations, and how much you value infrastructure independence. For more on the regulatory landscape, see our analysis of DORA and NIS2, and for the financial case, our European cloud pricing comparison.