The Shopping List for Europe's Core Cloud Providers
This is an opinionated take. It reflects what we believe European organisations should demand from the cloud providers that form their backbone.
By Jurg van Vliet
·
Europe will have three to five general-purpose cloud providers with pan-European presence and true scale. Not twenty. Not one. A small number of providers — rooted in France, Germany, the Nordics, Eastern Europe, and perhaps a fifth entrant — each operating ten or more regions worldwide. They will be distinctly European in ownership, governance, and values. Some will become global powerhouses. An organisation building its cloud backbone will pick one or two of them.
Behind this handful of core providers, dozens of niche and specialty clouds will thrive — Kubernetes-first platforms, green computing, sovereign hosting for regulated industries, GPU farms for AI workloads. That ecosystem matters. But the backbone needs breadth.
Why Kubernetes-Native Changes the Game
Most cloud comparisons dwell on managed databases, AI services, and serverless functions. That misses the point. When you run Kubernetes-native, you bring your own data layer, your own observability, your own service mesh. The provider supplies infrastructure primitives — compute, network, storage — and stays out of the way.
This matters because it reframes the competitive landscape — and the economics. Hyperscalers charge a premium on commodities — compute, storage, network — because those margins subsidise their managed services. When you replace RDS with CloudNativePG, you stop paying for the service but you still pay the inflated commodity price. A provider that does not offer managed services does not need to recover that cost. The numbers bear this out: a comparable Kubernetes setup on Scaleway costs 65% less than AWS, and on STACKIT 57% less. That gap is not efficiency — it is business model.
And it is very hard for a hyperscaler to change. Repricing commodities would cannibalise the revenue that funds their service catalogue. European providers, unburdened by that catalogue, can price infrastructure for what it costs. The gap between a managed service and a Kubernetes operator is trust. Once organisations trust the operator, the hyperscaler's service catalogue stops being a moat — and its pricing becomes a tax.
Yes, this filters out enterprises still running VMware and SAP on bare metal. Intentionally. This article is for organisations that have made the Kubernetes-native choice — or are about to.
Europe Can Lead, Not Just Catch Up
The temptation is to frame European cloud as a follower trying to replicate what AWS built. That is the wrong frame. Europe can define the next generation of cloud infrastructure.
Regulation as product. GDPR, NIS2, DORA, the EU AI Act — European providers live inside this regulatory reality. Instead of treating compliance as overhead, they can embed it as a platform feature: data residency as a primitive, audit trails as infrastructure, sovereignty as a toggle. No hyperscaler can do this natively because their architecture spans jurisdictions by design.
Open source as moat. CloudNativePG, Cilium, Flux — the critical Kubernetes infrastructure stack is European-led. Investment in open source creates ecosystem lock-in without vendor lock-in. That is the opposite of the hyperscaler model, and it is Europe's single greatest strategic advantage in cloud.
Sustainability as standard. European energy regulations and carbon pricing give EU providers a structural incentive to build efficient infrastructure. Waste heat reuse, renewable-powered data centres, and energy-proportional computing are niche curiosities today. They will be competitive requirements globally.
Federation over centralisation. What if European providers did not each need to build the full stack alone? Exoscale's eight zones across six countries paired with Scaleway's three-AZ regions through a standard interconnect layer would be more powerful than either alone. This is what Gaia-X promised but failed to deliver technically. The opportunity remains.
The Hard Floor: Regions and Zones
At least three EU regions. At least three availability zones per region. Independent power, cooling, and networking in each zone. This is the minimum topology for a resilient, sovereign deployment. Every successful public cloud — AWS, Azure, GCP — converged on this architecture, and it is default Kubernetes.
Without it, you cannot place workloads close to users across the continent. You cannot survive a zone failure without downtime. You cannot run synchronous database replication across zones — which needs sub-2ms latency, only achievable within a region. Every other requirement builds on this foundation.
Between regions, expect 5-10ms latency for close neighbours (Frankfurt to Amsterdam around 8ms) and 10-25ms for more distant pairs (Paris to Stockholm, Frankfurt to Warsaw). Synchronous replication across regions is impractical; asynchronous replication with well-designed failover is the pattern.
Today, only one European provider meets this bar fully: Scaleway, with three regions (Paris, Amsterdam, Warsaw), each offering three availability zones. OVHcloud has the geographic spread but only Paris has three zones. STACKIT has three zones in Germany but only two regions, focused on DACH. The gap is real.
P0 — Non-Negotiable
These requirements define whether a provider qualifies at all.
Managed Kubernetes. Upstream CNCF-conformant. Control plane spans availability zones with HA guarantees. No restrictions on Custom Resource Definitions — operators like CloudNativePG, cert-manager, and Flux must install and run without interference. The CNI must support Kubernetes NetworkPolicy (Cilium preferred). No blocking or throttling of admission webhooks. Sufficient etcd capacity for GitOps-scale CRD counts. Latest stable Kubernetes available within 30 days of upstream release, with n-2 version support and managed rolling upgrades with rollback.
Compute. Diverse instance types: general purpose, compute-optimised, memory-optimised, and GPU. ARM nodes for cost and energy efficiency on stateless workloads.
Networking. VPC with private subnets for full tenant isolation. Cross-region VPC peering so clusters talk privately without touching the public internet. Cloud-native load balancers (L4 and L7) integrated with Kubernetes Service and Ingress. Managed authoritative DNS with health checks and failover. DDoS protection at the network level, included — not an upsell. Private interconnect for dedicated links to on-premise or other providers.
Storage. Block storage with a CSI driver — SSD-backed, with volume snapshots and online expansion. Topology-aware storage classes so pods and their volumes land in the same zone. S3-compatible object storage for backups, artifacts, and WAL archiving. Encryption at rest with customer-managed keys.
Identity. OIDC integration for kubectl, CI/CD pipelines, and service accounts. Scoped IAM per cloud resource — separate keys for storage, registry, and DNS, not a single god credential.
Operations. API-first: a complete Terraform or OpenTofu provider, plus REST APIs for every resource. If you cannot codify it, you cannot operate it at scale. Exportable audit logging for API calls and authentication events. No egress fees between zones, and low inter-region rates. Transparent control plane pricing — free or predictable, not $73 per month per cluster.
P1 — Expected at Scale
These matter as you grow from one cluster to ten, and from one team to many.
- Private OCI-compliant container registry, per-project, with pull credentials integrated into the cluster
- IPv4 and IPv6 dual-stack — native, not bolted on
- Pod Security Standards with enforce and audit modes
- RBAC mapped to an external identity provider
- Automated service account key rotation
- Programmatic billing API per project, cluster, and namespace
P2 — Differentiators
Nice to have. Often solved at the platform layer rather than by the provider.
- Node autoscaling with scale-to-zero and sub-two-minute node readiness
- Spot and preemptible instances for batch and CI workloads
- Bare metal nodes for latency-sensitive or hardware-isolated workloads
- Bring-your-own-IP for BGP anycast or IP reputation continuity
- Multi-attach (RWX) volumes for shared storage
- Geo-replicated container registry
- Built-in vulnerability scanning and image retention policies
The Scorecard
We assessed all European providers we could find that offer managed Kubernetes and general-purpose IaaS. Here is where they stand against the hard requirements.
The Contenders
| Provider | HQ | Regions | 3-AZ Regions | Managed K8s | Cross-Region VPC | IaC Coverage |
|---|---|---|---|---|---|---|
| Scaleway | FR | 3 (PAR, AMS, WAW) | 3 of 3 | CNCF | No | Good |
| OVHcloud | FR | 15+ | 1 (Paris) | CNCF | vRack (L2) | Partial |
| STACKIT | DE | 2 (DE, AT) | 1 (DE) | CNCF | Unverified | Good |
| Open Telekom Cloud | DE | 2 (DE, NL) | 1 (DE) | Yes | Yes | Good |
| Ionos | DE | 4 (DE, ES, UK) | Partial | Yes | Limited | Partial |
| Exoscale | CH | 8 zones, 6 countries | 0 | CNCF | No | Good |
| UpCloud | FI | 10 EU locations | Unverified | Yes | Unverified | Partial |
Scaleway leads on the hard floor: three regions, three zones each, CNCF-certified Kubernetes, strong Terraform coverage, free mutualized control plane. The gap: no cross-region VPC peering. Germany expansion is announced.
OVHcloud has the broadest geographic reach and anti-DDoS included by default. Cross-region networking works through vRack (L2 extension). But only Paris qualifies as a true 3-AZ region, and operational maturity on Kubernetes lags behind the marketing. The Strasbourg fire of 2021 is a reminder that geographic spread means nothing without proper zone isolation.
STACKIT is backed by Schwarz Group (Lidl/Kaufland), giving it financial depth. Three zones in Germany, but the Austria region is still building out. DACH-focused — no pan-European ambition yet.
Exoscale takes an interesting approach: eight zones across six countries (Germany, Austria, Switzerland, Bulgaria, Croatia), each a standalone location. Great geographic diversity, but no multi-AZ regions means no zone-level HA within a single cluster. Swiss jurisdiction is a sovereignty advantage. Notably, Exoscale appears to be among the first European providers — possibly the first — to integrate Karpenter as a native add-on, with scale-to-zero and sub-minute node provisioning included in its managed Kubernetes offering. For workloads that do not need multi-AZ resilience (batch, CI/CD, GPU inference), this is smart positioning: resource-conscious infrastructure for a resource-conscious continent. In a federated model, Exoscale's footprint becomes very attractive.
Open Telekom Cloud has strong enterprise credentials via Deutsche Telekom, but is built on Huawei technology — a sovereignty concern that cuts both ways. Chinese cloud providers entering the European market with local subsidiaries and data residency is a scenario that merits attention, not dismissal.
The Niche Players
These providers serve specific markets well but lack the breadth or geographic reach for a pan-European backbone:
| Provider | HQ | Focus |
|---|---|---|
| Hetzner | DE | Price leader, no native managed K8s |
| Civo | UK | Kubernetes-first, 90-second clusters |
| Infomaniak | CH | Swiss sovereignty, K8s launched Jan 2026 |
| plusserver | DE | Gaia-X / Sovereign Cloud Stack |
| Cleura | SE | Regulated industries, OpenStack-based |
| Elastx | SE | Stockholm 3-AZ, OpenStack-based |
| SysEleven | DE | MetaKube, German market |
| gridscale | DE | DE/NL/AT/CH, mid-market |
| Leafcloud | NL | Green computing, waste heat reuse |
The Coming of Age Moment
There is a black swan that would accelerate everything: a US executive order or trade action restricting data flows to European cloud services. The Privacy Shield was already invalidated. The Data Privacy Framework is politically fragile. If it falls, European organisations will need sovereign alternatives overnight — and the providers who meet the requirements in this article will see demand spike faster than they can build capacity.
This is not a threat. It is the defining moment for the European cloud ecosystem. The question is not whether it will happen, but whether European providers will be ready when it does.
Some will argue that a hyperscaler could simply create a legally separate European entity and achieve sovereignty certification. Europeans have heard this before. They are tired of subsidising structures designed to circumvent the intent of their own regulations. The market is moving past "sovereign enough for the auditor" toward genuine European ownership and control.
What This Means
An organisation does not need a hyperscaler's service catalogue. It needs three regions, three zones, solid networking, and an API for everything.
The race is on. Scaleway is ahead on architecture. OVHcloud has the data centres but needs to build out zones. STACKIT needs to look beyond DACH. The providers that close these gaps first will anchor Europe's cloud backbone. The ones that do not will remain — valuable, but niche.
The provider that delivers this — sovereign, performant, and boring — wins.
#kubernetes #iaas #sovereignty #cloudprovider #infrastructure #europeancloud