Italian sovereign cloud (Aruba S.p.A.), 4 Italian DCs (Arezzo/Bergamo/Rome), ACN-qualified up to AI3/QC3 for public administration.
- FROM
- €1/mo
- CLOUD ACT
- NONE
A single roll-up of ownership and CLOUD Act exposure.
German sovereign cloud built by Schwarz Digits (Lidl/Kaufland parent), 4 EU DCs, EU Cloud III €180M winner with SEAL-3 highest rating.
STACKIT, in the Cloud & hosting category, is an EU-owned service with Germany as its hosting location and no identified CLOUD Act exposure.
STACKIT (Bad Friedrichshall, German Schwarz Digits, the IT arm of privately-held Schwarz Group, parent of Lidl and Kaufland) is built explicitly as a sovereign-cloud alternative to AWS/Azure/GCP: ISO 27001 + BSI C5 + EUCS-aligned + DORA-ready, four EU data centres (Neckarsulm DC01, Ellhofen DC08, Ostermiething Austria DC10, fifth Lübbenau under construction), winner of the European Commission's €180M Cloud III tender (April 2026, SEAL-3 highest sovereignty rating) and the Dutch Ministry of Justice & Security SLM Rijk framework; EU-owned and EU-hosted with no CLOUD Act exposure.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Where ultimate control over the operating company sits.
STACKIT is the sovereign cloud built by Schwarz Digits, the IT and digital division of the privately-held Schwarz Group, parent of the European discount-retail giants Lidl and Kaufland. Headquartered in Bad Friedrichshall, Germany (Am Campus 1, 74177), STACKIT runs four European data centres at Neckarsulm (DC01, Schwarz Group HQ campus), Ellhofen (DC08, Heilbronn region), Ostermiething (DC10, Salzburg, Austria), and a fifth facility under construction in Lübbenau, Germany. The Schwarz Group has invested approximately €11B in STACKIT, making it one of the most heavily-capitalised European cloud-sovereignty bets and a structurally different proposition from VC-funded EU cloud upstarts: the parent retailer is a private German Stiftung-controlled group with €146B annual turnover, with no PE or US-VC exposure on the cap table at any layer.
Sovereignty positioning is the entire product thesis. STACKIT markets itself as "100% European DNA" with the trio "Skalierbar. Sicher. Souverän" (scalable, secure, sovereign). The compliance footprint covers ISO 27001, BSI C5, EUCS (European Cybersecurity Certification Scheme for cloud services, ENISA), DORA-ready ICT-third-party status for regulated financial services, GDPR, and the Schwarz Group's own ES³ (European Sovereign Stack Standard) internal sovereignty measurement framework. The procurement validation came in two moves during 2026: (1) selection as one of four winners of the European Commission's €180M Cloud III sovereign-cloud framework (April 2026), with the highest SEAL-3 rating signifying engineering against supply-chain disruptions originating outside the EU; and (2) selection by the Dutch Ministry of Justice and Security under the SLM Rijk framework as a sovereign cloud alternative.
The product surface spans 11+ categories: infrastructure (compute, block/object storage, networking), managed databases, managed Kubernetes, AI workloads, and colocation. Pricing is via a configurable STACKIT Calculator; specific entry-tier figures were not captured at audit but the product is positioned mid-market to enterprise rather than indie/SMB. Best fit: EU public-sector procurement (post-Cloud III tender), DORA-regulated financial services, large EU corporates needing a non-VC-funded sovereign cloud, and any organisation aligning with Gaia-X or the EU Tech Sovereignty Package. Together with Hetzner, OVHcloud, and Scaleway, STACKIT forms the four-pillar EU hyperscaler-alternative stack on this directory.
Italian sovereign cloud (Aruba S.p.A.), 4 Italian DCs (Arezzo/Bergamo/Rome), ACN-qualified up to AI3/QC3 for public administration.
Swedish OpenStack public + compliant cloud (Cleura, ex-City Network, Iver-owned), ISO 27001/27017/27018, EU-only residency.
French sovereign PaaS/IaaS: deploy apps and managed databases on EU infrastructure, billed per second.