Article

Sovereign Clouds for Germany: reclaiming control without sacrificing public cloud benefits

Public clouds have become the backbone of modern organizations. However, as adoption deepens, a critical question emerges: how much control is being handed over and for which workloads is this loss of control unacceptable? Regulatory mandates regarding third-country data transfers (Schrems II) and tightened operational resilience requirements (NIS2, DORA) have shifted digital sovereignty from a strategic preference to a legal necessity. For the public sector, digital sovereignty is also the bedrock of a functioning democracy. This article explores why Sovereign Clouds offer a secure alternative to traditional Public Clouds, provides an overview of market-leading solutions for Germany, and shows how Reply’s experts can guide you toward greater independence.

Why are organizations rethinking their cloud strategies?

For years, the objective was clear: migrate to the cloud as fast as possible to gain agility and innovation. Today, companies are taking a more nuanced approach. While collaboration platforms require openness, sensitive data - such as customer records or intellectual property - demands the highest level of protection. This shift isn't a retreat from the Public Cloud, but a response to stricter regulations. The Schrems II ruling demonstrated that contractual assurances from US providers alone are insufficient; data protection must be technically enforceable.

Simultaneously, NIS2 and DORA are raising the bar for risk management and IT security. In the public sector, there is also the political mandate to shield critical infrastructure from geopolitical dependencies. Organizations are reacting with greater strategic depth: some are adopting a cloud repatriation approach by moving sensitive workloads back to on-premises data centers, while others are turning to Sovereign Clouds to combine high security with cloud scalability.

What is a Sovereign Cloud and what does it actually guarantee?

Sovereign Clouds are architectures designed to give organizations the highest practicable degree of control over their digital assets, ensuring compliance with local regulations and protecting against foreign jurisdictional interference. However, sovereignty in the cloud is not a binary state.

Depending on the criticality of the workloads, organizations can choose from different levels between isolation and control. Modern sovereign cloud offerings allow organizations to implement sovereignty modularly, applying stricter guarantees where they are needed most, rather than enforcing a single standard across the entire estate.

For which workloads is a Sovereign Cloud most relevant?

Not every workload requires a Sovereign Cloud. However, it is essential in three specific high-risk scenarios:

Manufacturers protecting trade secrets

Production processes, proprietary formulas, and technical specifications are core competitive advantages. Sovereign Clouds secure this data through advanced technical controls, such as hardware-based isolation and exclusive key management, that go beyond standard public cloud offerings.

Public administrations handling citizen data

Identity, tax, and health records are subject to stringent legal protection requirements. Standard public clouds often fall short of meeting these mandates in full due to potential exposure to foreign jurisdictions. Sovereign environments guarantee strict data residency and legal shielding.

Regulated industries with confidentiality and resilience duties

Doctors, lawyers, and financial institutions are bound by professional secrecy laws and strict regulations such as NIS2 or DORA. Sovereign Clouds provide the technical and contractual guarantees necessary to use cloud solutions in full compliance with these obligations.

What are the tradeoffs?

Now that the case for sovereignty is clear, it is equally important to understand its constraints. Sovereignty is not a binary choice; it is a spectrum. The more autonomy an organization demands over its data, operations, and infrastructure, the more constraints it accepts regarding the breadth and pace of available cloud services. In a fully sovereign environment, managed AI platforms, cutting-edge serverless offerings, and globally optimized services may be limited or delayed compared to the standard public cloud.

This is not a flaw, but a design principle: control and innovation exist in a deliberate tension. The goal is not to maximize sovereignty across the board, but to apply it precisely where the criticality of the workloads demands it. Reply helps organizations navigate this balance, ensuring that sovereignty is deployed strategically rather than dogmatically, so that critical assets remain protected, while innovation continues where it matters most.

How do I find the right Sovereign Cloud for my business in Germany?

From on-premise infrastructure and private cloud setups to hybrid models and fully managed Sovereign Cloud platforms, there is a wide spectrum of approaches to strengthening digital sovereignty - each addressing different dimensions, from legal and jurisdictional control to operational independence and supply-chain resilience. Choosing the right approach depends on how deeply sovereignty guarantees must be integrated into the architecture. For organizations that decide on a dedicated sovereign cloud platform, the market offers a growing number of providers with different strengths and trade-offs. Reply supports organizations in selecting, implementing, and integrating the solution that fits their specific requirements.

Broadly, three architecture models have emerged: hyperscalers cooperating with local partners who manage keys, access, and support; national providers operating a hyperscaler's stack in a fully isolated, sometimes air-gapped environment; and hyperscalers building dedicated European infrastructure from the ground up, with physical and logical separation from their global network. Each model strikes a different balance between platform maturity and depth of sovereignty.

Here is an overview of the key players.

AWS European Sovereign Cloud: Scalability meets EU control

The AWS European Sovereign Cloud is designed for organizations that want the innovation of a global hyperscaler without compromising on European control. Physically and logically separated from the global AWS infrastructure, all data remains within the EU. Operations and support are handled exclusively by EU-based personnel. Storm Reply helps customers transfer the agility and speed they expect from AWS into this protected space while maximizing the benefits of sovereignty.

Oracle Sovereign Cloud: Full control for mission-critical workloads

The AWS European Sovereign Cloud is designed for organizations that want the innovation of a global hyperscaler without compromising on European control. Physically and logically separated from the global AWS infrastructure, all data remains within the EU. Operations and support are handled exclusively by EU-based personnel. Storm Reply helps customers transfer the agility and speed they expect from AWS into this protected space while maximizing the benefits of sovereignty.

Microsoft Cloud Continuum for Sovereignty: Enterprise-grade sovereignty on Azure

The Microsoft Cloud Continuum enables organizations to leverage the full breadth of Azure services while maintaining strict control over data residency and access. Built on the EU Data Boundary, all customer data remains within the EU/EFTA region. Advanced encryption options (including External Key Management and Confidential Computing) and the Sovereign Landing Zone ensure that compliant environments can be deployed and monitored at scale. Cluster Reply supports customers from workload classification and landing-zone configuration through identity management, security hardening, and audit-ready operations, migration, and development of new solutions.

STACKIT: Sovereignty "Made in Germany"

STACKIT, the Sovereign Cloud of the Schwarz Group, is based on open standards like Kubernetes and OpenStack, ensuring auditability and portability. All data remains in German data centers, operated by personnel subject to German jurisdiction. Within the Reply Group, Liquid Reply utilizes this infrastructure to build cloud-native landscapes that integrate compliance requirements directly into automated processes.

Delos Cloud: The foundation for German administration in SAP environments

Delos Cloud is a German company backed by SAP and designed specifically to meet the strict requirements of the German public sector. This Sovereign Cloud instance is based on Microsoft technology and meets the strict criteria of the BSI C5 attestation, specifically designed for data subject to official secrecy. Especially for the public sector and operators of critical infrastructure (KRITIS), the platform, supported by Syskoplan Reply, enables the modernization of complex SAP systems and the development of applications with maximum regulatory control.

Open Source: Maximum autonomy

The highest level of sovereignty is achieved through independent, open-source software. Whitehall Reply assists companies in implementing open standards and portable data formats. This ensures true interoperability, prevents vendor lock-in, and builds the foundation for a long-term, independent IT strategy.

How is this technically enforced?

The platforms above each implement sovereignty differently, but beneath the provider-specific architectures, two foundational technologies determine how effectively data sovereignty is enforced in practice:

External Key Management

These models allow organizations to manage encryption keys outside the cloud provider's infrastructure using external Hardware Security Modules (HSMs). However, not all key management models guarantee the same level of provider exclusion. With Customer-Managed Keys (CMK), the customer controls a key within the provider's key management system. Bring Your Own Key (BYOK) goes further: the customer generates the key externally and imports it, retaining a copy. Hold Your Own Key (HYOK) provides the strongest guarantee. The key material never enters the provider's environment at all, and every cryptographic operation is performed externally. When evaluating a provider's sovereignty claims, it is critical to verify which model is actually implemented.

Confidential Computing

Confidential Computing uses hardware-based Trusted Execution Environments (TEE) to ensure that data remains encrypted even during processing. Code and data inside a TEE are isolated from the host operating system, the hypervisor, and the cloud operator. This closes the last remaining gap: data is protected not only at rest and in transit, but also in use. TEEs also address a limitation that encryption alone cannot solve: even when data is encrypted, providers can still observe unencrypted metadata: who accessed the data, when, from where, and which resources were involved. Confidential Computing significantly reduces this exposure by shielding the processing context itself.

Together, these mechanisms create a technical guarantee that no unauthorized party, including the cloud provider itself, can access sensitive data at any point in its lifecycle. Spike Reply helps organizations design and implement these cryptographic controls – from HSM integration and key management architecture to confidential computing rollouts across hybrid environments.

How can AI be further secured in this context?

Proprietary generative AI systems, over which we have no control, are creating a new dimension of digital dependency. The core idea of AI is to offload decision-making and cognitive processes to a system that requires your most sensitive secrets to deliver the best results. The current geopolitical landscape significantly limits the list of systems that can be trusted with this.

For example, through our partnership with French AI pioneer Mistral AI, we offer our customers not just sovereign and open AI models, but a complete ecosystem that provides a strong foundation for building applications, compliant with the EU AI Act. Sail Reply focuses on consulting and implementing tailored, AI-supported processes in highly specialized environments.

How does Reply guide you on your path to cloud sovereignty?

It starts with clarity. In a Sovereign Cloud Readiness Assessment, Reply evaluates your current cloud landscape, identifies regulatory exposure, and maps data flows against jurisdictional requirements, creating a clear picture of where you stand today and where sovereignty gaps exist. Based on this analysis, Reply designs an elaborated segmentation architecture:

sensitive workloads – such as personal data processing or AI inference on confidential inputs – are routed through sovereign cloud partitions, while less sensitive workloads leverage the standard public cloud for maximum agility and full AI capabilities. The result is a strategy that balances both worlds: keeping innovation where useful and applying deeper sovereignty only where the workload and the regulatory perimeter require it.

Let’s design your individual path to cloud sovereignty together.

Frequently Asked Questions

You may also be interested in

Confidential Computing

Article

Local data centers for global management of customer data

Case Study

Sovereign Cloud use in the credit insurance sector

Case Study

Federated Learning

Best Practice

Cloud Computing

Offering