Risk indicator, not a GDPR compliance verdict. Point-in-time assessment based on public web stack signals.Methodology & LimitationsCorrect listing / submit response
Category
Hosting: GDPR Assessment & EU Alternatives
Compare hosting providers like AWS, Google Cloud and Azure for GDPR compliance and EU-hosted alternatives.
25 curated vendors6 EU/EEA15 USA4 Provider review
Last updated:
Providers in this category
Sorted by jurisdiction: EU first
Each entry links to a dedicated profile with GDPR verdict, ownership chain, data categories, migration plan and FAQ.
EU- & EWR-Anbieter
Recommended6 providers · DSGVO-Baseline · kein Drittlandtransfer
US-Anbieter
15 providers · Jurisdiktion USA · CLOUD Act betroffen
- 🇺🇸Acquia Cloud PlatformAcquia, Inc.
- 🇺🇸Acquia Cloud Site FactoryAcquia, Inc.
- DPF🇺🇸Amazon Web ServicesAmazon Web Services Inc.
- 🇺🇸CloudwaysDigitalOcean, LLC (Cloudways)
- 🇺🇸Fly.ioFly.io, Inc.
- DPF🇺🇸Google CloudAlphabet Inc.
- 🇺🇸HerokuSalesforce (Heroku)
- 🇺🇸ImpervaImperva, Inc. (Tochter von Thales SA, FR)
- 🇺🇸Microsoft AzureMicrosoft Corp.
- DPF🇺🇸NetlifyNetlify Inc.
- 🇺🇸PantheonPantheon Systems, Inc.
- 🇺🇸RenderRender Inc.
- DPF🇺🇸VercelVercel Inc.
- 🇺🇸WebflowWebflow Inc.
- 🇺🇸WP EngineWP Engine, Inc.
Anbieterprüfung
4 providers · Jurisdiktion noch nicht eindeutig bestimmt
Frequently asked questions about Hosting
hosting
Which GDPR-compliant Hosting providers are there?
Which GDPR-compliant Hosting providers are there?
In the Sovereignty Scan we currently list 6 EU/EEA providers and 0 providers from the UK/Switzerland in the hosting area. EU providers are directly subject to GDPR with no third-country transfer; the UK and Switzerland have adequacy decisions from the EU Commission. Each recommendation includes the hosting region, ownership chain, and a brief migration plan.
Are US providers in the hosting space automatically non-GDPR-compliant?
Are US providers in the hosting space automatically non-GDPR-compliant?
Not automatically. However, US providers are subject to the CLOUD Act and FISA 702. Government access remains legally possible, even with EU hosting. For each of the 15 US providers in this category, Schrems II requires standard contractual clauses plus a Transfer Impact Assessment. The EU-US Data Privacy Framework (DPF) simplifies the transfer but does not eliminate the CLOUD Act.
How do I choose the right Hosting alternative?
How do I choose the right Hosting alternative?
Three criteria matter: (1) the registered seat and parent company of the provider, (2) the hosting region (ideally EU/EEA), and (3) the subprocessor list. Many EU providers use US subprocessors for email delivery or hosting and are therefore still exposed to the CLOUD Act. On each vendor profile in this category you will find these three points plus a migration estimate in business days.
What distinguishes a real EU alternative from an ‘EU region’ of a US provider?
What distinguishes a real EU alternative from an ‘EU region’ of a US provider?
An ‘EU region’ of a US provider (e.g., AWS Frankfurt, Salesforce EU) is physically located in the EU but belongs to a US corporation and thus falls under US law. A genuine EU alternative has its legal seat and parent company in the EU, EU hosting, and no US subprocessors in the contract chain. Only the second option rules out the CLOUD Act.
Next Step
Which Hosting providers are running on your website?
60 seconds, no login. The Sovereignty Scan lists all detected tools with jurisdiction, ownership chain and matching EU alternative.