Italian sovereign cloud (Aruba S.p.A.), 4 Italian DCs (Arezzo/Bergamo/Rome), ACN-qualified up to AI3/QC3 for public administration.
- FROM
- €1/Mt.
- CLOUD ACT
- NONE
Zusammenfassung aus Eigentümerschaft und CLOUD-Act-Risiko.
Swiss public cloud (Akenes SA, A1 Digital member), 6 EU/CH zones, ISO 27001 + FINMA + TISAX, Swiss-data-residency guarantee.
Exoscale aus der Kategorie Cloud & Hosting ist ein europäischer Dienst mit Switzerland als Hosting-Standort und höchstens geringfügigem, vorübergehendem US-Bezug nach dem CLOUD Act.
Lausanne-based Swiss public cloud (Akenes SA, member of Austrian Telekom A1 Group's A1 Digital), founded 2011, with ISO/IEC 27001:2022 + ISO 27017 + ISO 27018 + FINMA Circular 2018/3 + TISAX + DORA-ready, six EU/EEA + CH data-centre zones in Geneva, Zurich, Vienna ×2, Frankfurt, and Zagreb, and a Swiss-data-residency guarantee for workloads placed in Swiss zones; AWS appears as an archival sub-processor on the customer-data path, which is the sole reason a minor CLOUD Act flag applies. Compute, object storage and SKS workloads stay on the EU/CH stack with no US dependency.
Wie stark Kundendaten US-Behörden nach dem CLOUD Act (Clarifying Lawful Overseas Use of Data Act) ausgesetzt sind.
Wo die letztliche Kontrolle über das Betreiberunternehmen liegt.
Exoscale is a Swiss public cloud operated by Akenes SA (Boulevard de Grancy 19A, 1006 Lausanne; CHE-423.524.322), founded in 2011 and a member of A1 Digital, the digital subsidiary of A1 Telekom Austria Group, the largest telecoms group in Central and Eastern Europe. The product covers compute, storage, AI/GPU instances, Kubernetes (SKS), DBaaS (PostgreSQL, MySQL, Redis, OpenSearch, Kafka, Valkey), and object storage across six European data-centre zones: Switzerland (Geneva CH-GVA-2 and Zurich CH-DK-2), Austria (Vienna AT-VIE-1 and AT-VIE-2), Germany (Frankfurt DE-FRA-1), and Croatia (Zagreb HR-ZAG-1). Pricing is billed by the second at a flat rate across all zones, with no upfront commitment.
Compliance is enterprise-grade and built specifically for regulated workloads. Exoscale carries ISO/IEC 27001:2022, ISO 27017, ISO 27018, the Swiss FINMA Circular 2018/3 outsourcing framework (essential for Swiss financial-services customers), TISAX (German automotive supply-chain security), DORA-readiness for EU financial-services operational resilience, and the full Cloud Security Alliance 100-control-point framework. Operating under Swiss law and the Swiss Federal Data Protection Act, the company explicitly guarantees that "data uploaded in one of our Swiss zones is stored in Switzerland only": no cross-border transfers. The Swiss zones are housed in Equinix-managed facilities with strict physical-access controls; decommissioned drives are destroyed or cryptographically locked. Switzerland's EU adequacy decision (Art. 45 GDPR) keeps transfers between CH and EU jurisdictions legally clean without SCCs.
Sub-processors are deliberately minimal: Aiven Oy (Helsinki, FI) handles DBaaS orchestration; Adyen (NL) and PostFinance / PayPal cover payments; Matomo (NZ-incorporated, EU-self-hostable) handles portal analytics; Mailchimp is used for newsletters but no permanent email storage; AWS appears solely as an archival sub-processor, the only US-owned dependency, holding the CLOUD Act flag at minor rather than none. Compute, Storage, and SKS currently have no third-party processors listed. The EU GDPR representative is A1 Digital International GmbH (Lassallestrasse 9, Vienna, AT). Best fit: Swiss financial-services (FINMA-regulated), DACH automotive supply-chain (TISAX), regulated public-sector buyers, and EU companies that want Swiss data residency with EU/CH adequacy clarity.
Archival sub-processor; customer-data backups/archives at rest (US-owned); sole reason for the minor CLOUD Act flag, kept off the live customer workloads
Newsletter delivery with no permanent email storage; ancillary, off the customer-data path
Payment processing; ancillary, off the customer-data path
Payment processing; ancillary, off the customer-data path
Orchestration of data infrastructure services instances (DBaaS) running on Exoscale Compute
Portal/website analytics; ancillary, EU-self-hostable, off the customer-data path
Payment processing; ancillary, off the customer-data path
| Vendor | Country | Purpose | Owner |
|---|---|---|---|
| Amazon Web Services, Inc. | United States | Archival sub-processor; customer-data backups/archives at rest (US-owned); sole reason for the minor CLOUD Act flag, kept off the live customer workloads | US |
| Mailchimp (Intuit Inc.) | United States | Newsletter delivery with no permanent email storage; ancillary, off the customer-data path | US |
| PayPal | United States | Payment processing; ancillary, off the customer-data path | US |
| Adyen N.V. | Netherlands | Payment processing; ancillary, off the customer-data path | EU |
| Aiven Oy | Finland | Orchestration of data infrastructure services instances (DBaaS) running on Exoscale Compute | EU |
| InnoCraft Ltd (Matomo) | New Zealand | Portal/website analytics; ancillary, EU-self-hostable, off the customer-data path | non-US |
| PostFinance AG | Switzerland | Payment processing; ancillary, off the customer-data path | EU |
Italian sovereign cloud (Aruba S.p.A.), 4 Italian DCs (Arezzo/Bergamo/Rome), ACN-qualified up to AI3/QC3 for public administration.
Swedish OpenStack public + compliant cloud (Cleura, ex-City Network, Iver-owned), ISO 27001/27017/27018, EU-only residency.
Französische souveräne PaaS/IaaS: Apps und Managed-Datenbanken auf EU-Infrastruktur, sekundengenau abgerechnet.