Scaleway 1: Why European Businesses Are Moving Away from AWS
AWS holds roughly a third of the global cloud market. Its infrastructure is reliable, its documentation is strong, and its range of services is genuinely impressive. None of that is really in question.
The issue is not whether AWS is good at what it does. The real question is whether a US company, regardless of where it physically stores your data, is the right fit for European businesses operating under GDPR, handling sensitive personal data, or working in regulated industries.
More and more, the answer is no.
The Problem Is Not Geography. It Is Jurisdiction.
AWS operates data centres in Ireland and Frankfurt. Many European companies chose AWS on the basis that data stored in Ireland or Germany would fall under European law. That assumption is only partly true.
The CLOUD Act, short for the Clarifying Lawful Overseas Use of Data Act, was signed into US law in 2018. It gives US federal authorities the legal power to compel American companies to hand over data stored anywhere in the world. Where the data is physically located does not change that. What matters is the nationality of the company holding it. Post 3 in this series goes into the legal mechanics in detail.
AWS is an American company. Amazon Web Services EMEA SARL, its European entity, is a subsidiary of Amazon.com, Inc. The parent company is subject to US law, which means the CLOUD Act can reach any data AWS holds, regardless of where it is stored.
This is not just a theoretical concern. In June 2025, Microsoft’s French subsidiary confirmed under oath at a French Senate hearing that it could not guarantee the sovereignty of data stored on its infrastructure against requests from US authorities, even when that data was stored in France, on French servers, through a French subsidiary. AWS is in the same position.
AWS European Sovereign Cloud Does Not Fully Resolve This
In January 2026, AWS launched the AWS European Sovereign Cloud, or ESC, as a new offering aimed at addressing GDPR and data sovereignty concerns. It is set up as a separate legal entity, operated from Germany, with EU resident staff and EU based governance.
That is a meaningful step. But it does not change the core issue: ESC is still ultimately owned and controlled by Amazon.com, Inc., which is an American company subject to US federal law. Whether the CLOUD Act can reach data held in ESC remains a legal question that has not been clearly settled by a European court.
For businesses that need a clear answer, rather than a probable one, AWS ESC still does not fully provide it.
What SEAL-3 Certification Means
The EU Sovereignty Effectiveness Assurance Level, or SEAL, framework gives organisations a standard way to measure how protected a cloud provider is from non European legal interference. The scale runs from SEAL 0, which means no meaningful sovereignty controls, to SEAL 4, which represents the highest level of protection.
SEAL 3 means the provider is legally and operationally outside US jurisdiction. There is no US parent company, no US domiciled controlling shareholder, and no contracts with US entities that could create legal exposure. In practical terms, data held by a SEAL 3 provider cannot be compelled by US federal authorities under the CLOUD Act.
In April 2026, the EU Commission awarded a €180 million sovereign cloud contract to four SEAL 3 certified providers. Scaleway was one of them (alongside STACKIT, OVHcloud, and CleverCloud). AWS was not, and cannot be, as long as it remains an American company.
Who Scaleway Is
Scaleway is part of the Iliad Group, a French telecommunications company founded and majority owned by Xavier Niel. It is fully European owned, with no US parent company, no US investors in controlling positions, and no legal exposure to the CLOUD Act.
Scaleway operates nine availability zones across three regions: Paris (PAR1, PAR2, PAR3), Amsterdam (AMS1, AMS2), and Warsaw (WAW1, WAW2, WAW3). It offers compute, object storage, managed databases, Kubernetes, serverless functions, messaging, DNS, monitoring, and more. In other words, it provides the full range of services most businesses would need when moving from AWS.
It is not a stripped back alternative. It is a full stack cloud platform that just happens to be entirely European.
Who Is Moving - And Why Now
The organisations moving from AWS to Scaleway, and to other SEAL 3 providers, include public sector bodies, financial services firms, healthcare companies, legal services providers, and any business handling data where regulatory compliance is not optional.
The timing is not accidental. The EU Commission’s sovereign cloud contract in April 2026 sent a clear message: at the highest level, European institutions now see cloud sovereignty as an infrastructure requirement rather than a nice to have. That message is already shaping procurement decisions across both the public sector and regulated private industries.
For businesses processing the personal data of EU residents, GDPR already brings obligations around data transfers and access from third countries. The CLOUD Act creates a tension with those obligations that no data processing agreement with AWS can fully remove.
The Rest of This Series
The following six posts focus on the practical side of moving from AWS to Scaleway: how the services compare, what the cost differences look like, how a migration is typically structured, and how to get started. For readers who want a fuller legal and technical explanation, Post 3 goes deeper into the CLOUD Act.
Ready to Have a Conversation?
If you have read this series and recognised your organisation in it, the next step is simple. Get in touch. We will have a chat, ask a few questions, and give you an honest view of what is involved. No charge. No obligation.
Back to: Migrate from AWS to Stackit Series
