Cloud Sovereignty: Which Providers Meet Our Requirements?
Introduction
Cloud services are essential today for businesses, organizations, and public institutions. Choosing the right cloud provider for our cloud demo project is not just a technical or economic decision, but also has legal, security, and geopolitical implications.
In this article, I analyze how Hetzner, AWS, Azure, and Google Cloud differ in terms of price, data protection, legal control, automation, sustainability, and political influence. A particular focus is on the question of cloud sovereignty:
- Who has access to the data?
- What are the legal risks?
- Which providers are truly GDPR compliant?
- What are the financial impacts of choosing a cloud provider?
Data Centers in Germany
A key criterion for data protection and sovereignty is the physical storage of data within the EU or Germany.
Locations of cloud providers in Germany:
- Hetzner: Data centers in Falkenstein and Nuremberg
- AWS: Data centers in Frankfurt and Berlin
- Azure: Data centers in Frankfurt and Berlin
- Google Cloud: Data center in Frankfurt
✅ All four providers have multiple data centers in Germany and the EU.
Automation with OpenTofu/Terraform
Automation is essential for the efficient operation of a cloud infrastructure.
- Hetzner: Official OpenTofu/Terraform provider
- AWS: Official OpenTofu/Terraform provider
- Azure: Official OpenTofu/Terraform provider
- Google Cloud: Official OpenTofu/Terraform provider
✅ All cloud providers compared support Terraform and are compatible with OpenTofu.
Sustainability: Use of Renewable Energy?
Sustainability is increasingly important for cloud providers. Significant progress has been made – all major providers now utilize renewable energy:
- ✅ Hetzner: Uses 100% renewable energy for all data centers.
- ✅ AWS: Since 2023, all AWS data centers are powered entirely by renewable energy.
- ⌛ Azure: Plans to power all cloud services with renewable energy by 2025.
- ⌛ Google Cloud: Aims to operate around the clock (24/7) on carbon-free energy by 2030.
Conclusion: All providers use renewable energies – Hetzner and AWS are already at 100%, Azure will follow by 2025, and Google is in the planning stages.
Price Comparison
So far, all providers seem to be more or less on par, or at least on their way there. However, one of the most decisive factors for many clients remains the price. After all, the cloud is often chosen to reduce costs and to reinvest the savings in product development, staff, and other areas of the company.
A direct cost comparison shows that Hetzner is extremely cheaper than the international providers.
| Instance | Hetzner | AWS | Azure | Google Cloud |
|---|---|---|---|---|
| 2 vCPU, 4GB RAM | 4,51 € | 60,22 € | 66,43 € | 47,14 € |
| 4 vCPU, 8GB RAM | 7,50 € | 113,30 € | 132,85 € | 94,28 € |
| 8 vCPU, 16GB RAM | 21,26 € | 226,60 € | 265,70 € | 188,56 € |
We see a price increase sometimes far more than ten times! Even in our small demo project, there is a significant difference: While the costs at Hetzner are below €100 per month, we pay well over €1,000 per month at the international cloud providers.
Savings in the five to six-digit range quickly add up – funds that could be sensibly invested in the further development of one's own company, instead of expanding the financing of billion-dollar providers.
📌 Also true: Long-term contracts (1 year +) with fixed server binding and full upfront payment reduce costs at the big providers by about 50%. But who can say for sure today that they will want to keep exactly these servers with exactly this scaling unchanged for several years?
And which company takes the risk of paying such sums in full in advance?
Even with these discounts, international providers are still at least five times more expensive than Hetzner.
Do you want to test the Hetzner cloud without obligation and free of charge?
Here you will receive €20 starting credit for testing the Hetzner cloud and can find out if it is also a suitable platform for you:
Is it enough that the servers are located in Germany?
No! What's crucial is not just the physical location, but who controls the infrastructure. Additional factors come into play that can be business-critical for many companies.
Legal Control & Third-Party Access
A common misconception is that data is automatically secure if stored in Germany or the EU. However, the crucial legal factor is not the server's location but the jurisdiction of the cloud provider.
| Provider | Applicable Law | Third-Party Access |
|---|---|---|
| Hetzner ✅ | Only German and EU law (GDPR, BDSG) |
No external accesses by third countries possible |
| AWS, Azure, Google Cloud ❌ | US law (Cloud Act, FISA, Patriot Act) |
US authorities can view data, regardless of where it is stored |
Example: Microsoft vs. US Government
Microsoft fought for years against a US authority's order to access emails stored on a server in Ireland. The US Cloud Act (2018) clarified that US providers must release data regardless of where it's stored.
Implications for companies:
- Even if your data is stored in Frankfurt or Berlin, it can be accessed by US authorities if stored with AWS, Azure, or Google Cloud.
- European companies could violate GDPR by storing personal data in US clouds.
➡ Hetzner is the only option in this comparison that operates entirely under German and European law and does not allow access by third countries.
Intelligence Influences & Backdoors
Government access is not the only threat to cloud data. US cloud providers work closely with intelligence agencies, potentially creating backdoors for mass surveillance.
| Provider | Intelligence Access | Security Restrictions |
|---|---|---|
| Hetzner ✅ | No known intelligence entanglements |
No open risks from state actors |
| AWS, Azure, Google Cloud ❌ | Collaboration with US intelligence agencies (CIA, NSA, FBI) |
Possible surveillance & data breaches |
Example: PRISM Surveillance Program (Snowden Revelations)
In 2013, Edward Snowden revealed that the NSA had direct access to the systems of major US technology companies including Google, Microsoft, Amazon, and Apple as part of the PRISM program, which required these companies to hand over data.
Why does this affect the cloud?
- AWS, Azure, and Google Cloud collaborate with the US government and have long-term cloud contracts with intelligence agencies and the Pentagon.
- AWS is a primary provider for the CIA & NSA and operates a dedicated secret cloud infrastructure for the CIA.
➡ Hetzner has no known collaboration with intelligence agencies and operates exclusively under German data protection law.
Political Risks & Lockdowns
Another issue with international cloud providers is their political dependency. Sanctions, geopolitical tensions, or legislative changes can lead to sudden restrictions or blockages of services.
Examples of Politically Motivated Cloud Lockdowns:
- Google Cloud and AWS blocked Russian companies in 2022 after the outbreak of the Ukraine war, even if they hosted GDPR-compliant data in the EU. These companies lost access to their services and data without warning.
- In 2010, AWS turned off WikiLeaks servers. Amazon AWS was hosting WikiLeaks' servers but suddenly decided to shut down the platform, reportedly under pressure from the US government.
- From 2018 to 2020, companies from Iran and Venezuela lost access to cloud services overnight, even if they only dealt with European customers.
➡ Hetzner is subject only to German law and cannot be pressured by US sanctions or geopolitical crises.
Who Really Controls Your Data?
✅ Hetzner offers the highest data sovereignty because:
- No access by US authorities (no Cloud Act, no FISA, no Patriot Act)
- No intelligence access by NSA or CIA
- No risk of political blockades or sanctions
- Most affordable provider with 100% renewable energy
📌 AWS, Azure, & Google Cloud are heavily influenced by US laws and politics. Data is not entirely secure there, even if stored in Germany.
Those who want to work securely and independently in the cloud should carefully consider the legal and political risks. Only European providers like Hetzner offer true data sovereignty without external influence.
What are the advantages of major cloud providers?
There are compelling reasons why many companies opt for AWS, Azure, or Google Cloud. These large providers offer:
- A variety of pre-configured services for AI, machine learning, big data, or IoT.
- Global availability, with data centers on nearly every continent, which is relevant for internationally active companies.
- Seamless integration into existing enterprise environments, such as connections to Microsoft 365 or Google Workspace.
- A large partner ecosystem tailored to corporate requirements.
These aspects will be explored in more detail in my next post, as the choice of the right cloud provider depends heavily on individual requirements.
Conclusion
Hetzner offers genuine data sovereignty because:
- ✅ No access by US authorities (no Cloud Act, no FISA)
- ✅ Most cost-effective provider in comparison
- ✅ 100% renewable energy
- ✅ No risk from geopolitical decisions
📌 Not all clouds are the same. If data protection, cost, and independence are important, Hetzner is the logical choice in our comparison set.
Which Cloud Fits You?
💬 What are your experiences with cloud providers? Do you rely on European providers like Hetzner, or do you prefer the flexibility and global features of AWS, Azure, or Google Cloud?
🔹 Let me know! Comment your opinion or share this post with colleagues facing the same decision.
📌 Stay tuned for the next article where I'll examine the strengths of the major providers!
Want to try it out?
Secure a non-binding €20 starting credit to test the Hetzner Cloud:
Member discussion