Why digital sovereignty is becoming a survival issue for Europe’s SMEs
On October 20, 2025, much of Europe’s digital economy briefly went offline. A widespread Amazon Web Services (AWS) outage rippled through the continent, disrupting everything from e-commerce checkouts and logistics software to banking systems and healthcare platforms.
For a few hours, millions of Europeans experienced what happens when a single U.S. cloud provider stumbles — and with it, countless services that underpin daily business life.
The outage was fixed later that day, but its symbolism ran deep. It wasn’t just a technical failure; it was a wake-up call. The incident exposed how profoundly Europe’s businesses — even those bound by European data-protection regulations — depend on U.S.-based cloud infrastructure for their most critical operations.
A day later, IONOS, Europe’s largest sovereign cloud provider, released a new survey that suddenly felt prescient. The YouGov study, commissioned by IONOS and conducted among roughly 4,500 decision-makers in small and medium-sized enterprises (SMEs) across Germany and several other European countries, found that digital sovereignty — the ability to retain control over data and IT infrastructure — has become a decisive factor when choosing cloud service providers.
According to the survey, more than 80% of respondents said they prefer IT partners that guarantee full control over their data and protection from access by foreign authorities.
“Digital sovereignty is no longer a political slogan; it’s a business necessity,” an IONOS spokesperson tells MoveTheNeedle.news. “Our survey shows that smaller companies increasingly recognize that control over data means control over their future.”
From convenience to control: the cloud dependency problem
Until recently, many SMEs approached cloud adoption primarily through the lens of price and scalability. Hyperscalers — global players like Amazon, Microsoft Azure, and Google Cloud — offered compelling packages: fast deployment, seamless integration, and global reach. But over time, the hidden costs of dependence have become harder to ignore.
“SMEs are becoming much more strategic about their IT,” the IONOS spokesperson says. “They are asking: where is my data stored, who has access to it, and under which jurisdiction does it fall? These are no longer abstract legal questions—they’re questions of operational survival.”
The October AWS outage illustrated that vulnerability in real time. When a single platform suffers a failure, thousands of dependent systems across Europe can go down at once — regardless of their location, ownership, or regulatory environment.
“This kind of incident exposes the risks of dependency on a single global provider,” says the IONOS spokesperson. “When companies entrust their data entirely to one hyperscaler, they are not just outsourcing infrastructure—they are outsourcing resilience.”
For smaller firms without redundant systems or multi-cloud strategies, even a short disruption can cripple operations — a sharp reminder that data sovereignty is not just about politics, but about business continuity. The questions shaping digital strategy are shifting from How fast can we scale? to How independent can we remain?
In the suvey, a clear majority of respondents said that data location and legal jurisdiction now weigh heavily in their procurement decisions. Among German SMEs, these concerns are particularly strong, reflecting the country’s long-standing data-protection culture and sensitivity to extraterritorial laws such as the U.S. CLOUD Act.
“Especially in times of geopolitical uncertainty, SMEs realize that digital dependence can quickly become a vulnerability,” the spokesperson says. “If access to data or infrastructure is compromised—whether through outages, sanctions, or legal conflicts—it can threaten the continuity of the entire business.”
That sentiment marks a cultural shift: from viewing cloud providers as neutral utilities to treating them as strategic dependencies — a mindset that could reshape Europe’s cloud infrastructure landscape in the years ahead.
Europe’s response: building a sovereign cloud ecosystem
Europe has long recognised this imbalance. Initiatives like GAIA-X, the European cloud federation project, and the EU Data Act aim to strengthen the continent’s ability to define its own digital infrastructure and data governance standards.
But where policymakers once led the sovereignty conversation, businesses are now catching up — out of necessity.
“What we see now is the convergence of two pressures,” the IONOS spokesperson elaborates. “Top-down regulation from the EU that demands transparency and data protection—and bottom-up demand from SMEs who want to ensure their data remains under European control.”
“These two forces are aligning to create a distinctly European cloud identity—one that values openness, security, and sovereignty.”
IONOS, one of GAIA-X’s founding members, has used this alignment to position itself as a European sovereign cloud alternative to U.S. hyperscalers. With data centres located entirely within the European Economic Area and strict adherence to GDPR compliance, it sells not just hosting capacity but jurisdictional confidence.
“We believe Europe’s strength lies in its values,” the spokesperson says. “Our customers know their data is stored and processed under EU law, subject to the GDPR, and protected from extraterritorial access.”
“For SMEs, digital sovereignty is not just about technology—it’s about trust. They want a partner who shares their values, not just their workload.”
The same flexibility that once made hyperscalers attractive — instant scalability and global reach — can also make them opaque. A European cloud provider like IONOS, by contrast, offers clarity and accountability, both legal and operational.
Multi-cloud and interoperability: building flexibility into the cloud
IONOS’s message is not isolationist. Rather, it argues for interoperability and portability: the ability to move data between providers without losing control.
“The goal is not to create closed systems,” the spokesperson says. “It’s to give customers freedom of choice and the ability to move data securely between platforms.”
That principle underpins Europe’s emerging multi-cloud and hybrid-cloud strategies. Instead of entrusting everything to one hyperscaler, companies can distribute workloads, balance risk, and ensure redundancy.
“Cloud sovereignty is not about building walls—it’s about building exits,” the spokesperson notes. “You should always know you can leave a platform without losing access to your data.”
In other words, sovereignty isn’t about isolation — it’s about freedom of movement in the digital realm.
From awareness to action: how SMEs are responding
The YouGov findings suggest that this new awareness is turning into concrete action. Nearly two-thirds of SMEs surveyed said they are reassessing their cloud strategies, and about a quarter are already diversifying providers or shifting sensitive workloads to European-based cloud services.
For many, however, the transition is gradual. Some are still tied to long-term contracts; others are unsure how to migrate data without disruption. This, IONOS argues, is where sovereign cloud providers can act as partners — offering not just infrastructure but guidance and education.
“We help customers map their dependencies, identify risks, and design migration paths,” the IONOS spokesperson explains. “Sovereignty is a journey, and we want to make that journey achievable for everyone—from startups to industrial SMEs.”
Resilience redefined: lessons from the AWS outage
The AWS outage in October 2025 underscored a simple truth: Europe’s digital backbone is still deeply reliant on American cloud infrastructure. For policymakers, that raises strategic concerns. For SMEs, it poses an immediate operational risk.
By releasing its survey the day after the outage, IONOS — intentionally or not — captured the mood across Europe’s business landscape: a recognition that control over data is control over destiny.
“Outages, cyber incidents, and geopolitical shocks have all shown how fragile digital supply chains can be,” the spokesperson concludes. “Sovereignty is the foundation of resilience. Without it, companies are not truly in control of their own destiny.”
For Europe’s small and mid-sized firms, the message is resonating. What began as a technical preference — where to host data — is evolving into a strategic posture. In an age where every supply chain, algorithm, and transaction depends on the cloud, digital sovereignty is no longer optional.