This is my first blog post about European public cloud services. With all the issues we have seen since the beginning of this year, this is an important subject for organizations operating inside the EU. So I am starting this series on European cloud providers with a deep dive into Cleura.
The Need for Change
In recent years, the global business landscape has shifted dramatically, exposing the risks of depending on a single cloud provider—especially those headquartered outside the EU. With rising geopolitical tensions, particularly between the US and Europe, and growing scrutiny around data sovereignty, more organizations are rethinking their cloud strategy and looking for trusted European alternatives.
Regulations like the General Data Protection Regulation (GDPR), the NIS2 Directive, and key legal decisions such as the Schrems II ruling place strict requirements on how and where data is stored. The invalidation of the EU-US Privacy Shield and concerns around the U.S. CLOUD Act, potentially allowing U.S. authorities to access data stored by American companies even if the data resides in Europe, have raised red flags for businesses operating in the EU.
The European Data Protection Board (EDPB)’s further tightening of cross-border data transfer rules reinforces this point: for many organizations, storing data within the EU isn’t just good practice; it’s legally required.
That’s why companies prioritize sovereign cloud alternatives like Cleura Cloud, which are designed to meet EU regulatory demands while offering the performance, flexibility, and control enterprises need.
Beyond regulatory compliance, companies seek cloud alternatives for multiple reasons:
- Cost-efficiency: Competitive pricing and clearer billing models.
- Avoiding Vendor Lock-in: Freedom to migrate workloads seamlessly between providers.
- Enhanced Security and Compliance: Local providers often understand regional compliance needs better.
- Local Support and Responsiveness: Immediate, culturally attuned support and technical assistance.
| Category | EU Cloud Providers (e.g., Cleura) |
Non-EU Cloud Providers (Hyperscalers) |
|---|---|---|
| Data Sovereignty | All data stored and processed within the EU | Data may be stored across global regions |
| Legal Jurisdiction | Fully under EU laws (GDPR, NIS2, Schrems II) | Subject to U.S. laws (e.g., CLOUD Act) |
| Compliance | GDPR, ISO 27001, ISO 27017, ISO 27018, C5 | Requires complex agreements for EU alignment |
| Data Transfer Risk | No cross-border transfer risks | Transatlantic transfer risks, legal exposure |
| Transparency | OpenStack APIs, clear billing, open standards | Opaque pricing, proprietary platforms |
| Vendor Lock-In | Avoided with open APIs and compatibility | High switching costs and complexity |
| Support & Responsiveness | Local EU-based teams, fast SLA response | Global queues, potentially delayed EU support |
| Ideal For | Regulated industries, governments, EU-based orgs | Large-scale global workloads |
Rising Challenges Driving Cloud Strategy Changes
Escalating Cyber Threats
Ransomware attacks continue to rise, with global incidents increasing by 73% in 2023 alone. The average data breach cost climbed to $4.88 million in 2024, making security one of the most urgent concerns for IT leaders. Traditional backup solutions are no longer enough; modern ransomware strains target backups and leverage zero-day exploits to cause maximum disruption.
To protect against this, organizations need:
- Immutable backups with versioning and WORM policies
- Air-gapped disaster recovery systems
- Security-by-design infrastructure
Many hyperscalers follow a shared responsibility model, which can leave gaps in protection. This reality is pushing more businesses to seek providers like Cleura, which offers security features as part of the core architecture—not as add-ons.
Regulatory Fragmentation
Compliance is no longer a one-size-fits-all problem. Industry-specific regulations require tailored cloud strategies:
- Healthcare: HIPAA and the EU Medical Device Regulation (MDR) demand encrypted storage, data residency, and strict access control mechanisms.
- Finance: PCI-DSS and PSD2 compliance require audit-ready logging, secure APIs, and fraud prevention capabilities.
- Public Sector: Frameworks such as Sweden’s IaaS guidelines and Germany’s C5 attestation require sovereign infrastructure operated by EU entities.
Cleura Cloud meets these demands by offering compliant infrastructure hosted in Tier III-certified EU data centers, backed by ISO 27001, 27017, and 27018 certifications.
Vendor Lock-In and Cloud Cost Surprises
Cloud cost visibility is another growing issue. Hyperscalers often rely on:
- Opaque pricing models
- High egress fees
- Unpredictable costs for API usage and storage tiers
A 2023 study revealed that enterprises waste up to 35% of their cloud budget due to a lack of cost governance and hidden fees. Proprietary platforms also make migration complex and expensive, increasing lock-in risk.
Cleura’s open architecture, based on OpenStack and S3-compatible object storage, avoids these traps by offering full transparency, open APIs, and no hidden egress charges. This allows organizations to scale with confidence and flexibility.
Introducing Cleura Cloud
Cleura, formerly known as City Network, is a Swedish cloud infrastructure provider with over 20 years of experience delivering secure, compliant, and open-source-based cloud services. Founded in 2002 and headquartered in Karlskrona, Sweden, Cleura is now part of Iver, a leading Nordic IT services company. This strong regional foundation positions Cleura as one of the most trusted European alternatives to global hyperscalers.
Focused on data sovereignty, regulatory compliance, and vendor neutrality, Cleura offers a robust Infrastructure-as-a-Service (IaaS) platform built on OpenStack. It enables organizations to avoid vendor lock-in, meet stringent EU regulations, and operate critical workloads within a fully sovereign European cloud environment.
Key Technologies and Offerings
Cleura offers a versatile range of deployment models designed to meet the needs of organizations across sectors, from startups to regulated enterprises:
- Cleura Compliant Cloud: Purpose-built for industries such as healthcare, finance, and the public sector, this deployment model meets strict European compliance standards, including GDPR. It provides high availability across multiple availability zones and is ideal for workloads that require full data residency within the EU.
- Cleura Public Cloud: A flexible and scalable cloud environment tailored for developers, startups, and small to medium-sized businesses. It supports rapid prototyping and deployment, while still ensuring data stays within the EU and remains compliant.
- Cleura Private Cloud: A dedicated cloud solution offering full control and customization. Enterprises can choose to deploy it in Cleura’s certified data centers or within their own infrastructure, ensuring both isolation and compliance.
Cleura’s platform is powered by OpenStack, and integrates modern, open technologies to provide full control, portability, and automation:
- Virtual Machines: Fully customizable and dynamically scalable compute instances, billed per second, designed to support a broad spectrum of production and development workloads.
- Container Orchestration: Managed Kubernetes clusters provisioned via Gardener, enabling automation, scaling, and lifecycle management of containerized applications.
- Cloud Storage Solutions: High-performance block storage and scalable object storage, designed for durability, redundancy, and compliance with data protection standards.
- Database as a Service (DBaaS): Managed relational databases with built-in monitoring, high availability, and simplified operations, allowing teams to focus on development rather than maintenance.
Compliance, Security, and Disaster Recovery
Cleura Cloud is specifically designed with regulatory compliance and data sovereignty at its core. It strictly adheres to GDPR requirements and is fully certified under ISO 27001:2022, ISO 9001, and ISO 14001. These certifications ensure a secure and controlled environment for processing and storing data, making it suitable for organizations in regulated industries such as healthcare, finance, and the public sector.
Unlike global hyperscalers, which often involve third-country data transfers, Cleura guarantees EU-only data residency, eliminating exposure to foreign surveillance laws like the U.S. CLOUD Act. Customers benefit from custom DPAs, no third-country subprocessors, and MSB Class 3 protection (as recognized in Sweden), offering a compliance framework that goes beyond the minimum legal baseline.
From an infrastructure perspective, Cleura delivers built-in resilience and availability through its network of geographically separated availability zones located in Stockholm, Karlskrona, and Frankfurt. These zones are interconnected by high-bandwidth, low-latency fiber, allowing customers to architect robust high-availability or cross-site disaster recovery (DR) configurations.
Their DR solution adds another layer of protection: when enabled, Cleura automatically creates daily snapshots of virtual servers and storage volumes, retained for 10 days. These immutable backups allow for point-in-time recovery in the event of accidental deletion, system corruption, or cyberattacks. This snapshot-based recovery model offers both operational flexibility and rapid restoration with minimal RPO/RTO, without the need for additional third-party tools.
With its security-by-design approach and tailored compliance offerings, Cleura empowers organizations to confidently deploy critical workloads in the cloud while maintaining complete control over where data lives and who has access to it.
Backup as a Service and Protection Against Ransomware
Ransomware continues to be one of the most critical threats to cloud workloads. Traditional backup strategies, which often depend on external agents or third-party storage, are no longer sufficient. Cleura’s Backup as a Service (BaaS) is built to directly address this challenge by offering integrated protection that aligns fully with EU compliance frameworks.
Cleura automatically manages immutable, snapshot-based backups of virtual servers and volumes when enabled. These backups are stored within the same secure EU-resident infrastructure, ensuring that sensitive data remains entirely within European borders. With daily automated retention for 10 days and behavior similar to WORM (Write Once, Read Many), Cleura’s backup system helps prevent ransomware from corrupting or deleting restore points.
In the event of an incident, whether caused by a cyberattack, human error, or system failure, organizations can quickly recover to a specific point in time with a low Recovery Time Objective (RTO). The recovery process is streamlined and does not require additional third-party tools.
Cleura’s BaaS is closely integrated with its disaster recovery architecture. This enables organizations to combine multi-zone availability, redundant storage, and segmented access controls into a cohesive, secure recovery solution. The result is a high level of resilience that mimics air-gapped protection within a compliant cloud environment.
By offering BaaS as a built-in service, Cleura allows organizations to strengthen their defense against ransomware, maintain data integrity, and meet strict regulatory requirements with ease and confidence.
Real-World Use Cases: How Organizations Leverage Cleura Cloud
MediTuner: Compliant Infrastructure for Digital Health
MediTuner, the developer of the AsthmaTuner app, needed a cloud platform capable of processing sensitive healthcare data securely. By choosing Cleura Compliant Cloud, MediTuner ensured full GDPR compliance with EU-based data residency. Their workloads benefit from:
- Scalable infrastructure for mobile health applications
- Strict data segregation and access controls
- Deployment in Tier III-certified environments, with no risk of cross-border data transfers
This setup provides a secure and compliant foundation for deploying health services to patients and healthcare providers.
Boost.ai: Supporting AI Workloads with Regional Compliance
Boost.ai integrated Cleura Compliant Cloud into its infrastructure to expand across Europe while meeting regional data laws. From a technical standpoint, this enabled:
- Hosting of conversational AI models close to end-users
- Integration with OpenStack APIs for managing infrastructure via automation
- Use of multi-cloud deployments while ensuring EU-based storage for sensitive customer data
With Cleura, Boost.ai maintains performance and data control while operating in regulated markets.
Clavister: Delivering Cloud-Based Cybersecurity at Scale
Clavister uses Cleura Cloud to run its Cybersecurity as a Service (CSaaS) platform, including features like Multi-Factor Authentication as a Service (MFAaaS) and Passwordless VPN. Technically, Cleura supports Clavister by offering:
- Kubernetes orchestration for deploying scalable security microservices
- Encrypted backups and secure object storage for audit and compliance
- A vendor-neutral OpenStack environment, allowing full platform control
Cleura provides the foundation for delivering modern, containerized security solutions across Europe with minimal operational friction.
Register for a free trial HERE.
Check Cleura Compliant Cloud Pricing.
Check Cleura Public Cloud Pricing
Conclusion
As regulatory pressures increase and geopolitical uncertainty reshapes the digital landscape, relying on a one-size-fits-all cloud strategy is no longer a viable option—especially when using providers that operate outside the EU legal framework. The urgency to comply with evolving data laws such as GDPR, NIS2, and DORA, along with the legal implications of foreign surveillance acts like the U.S. CLOUD Act, has prompted organizations across sectors to rethink where and how they manage their cloud workloads.
For businesses operating in regulated industries or handling sensitive data, maintaining data sovereignty, compliance assurance, and operational resilience has become non-negotiable. EU-based cloud solutions that offer transparent infrastructure, strict security controls, and regionally governed compliance frameworks are now the clear path forward.
Cleura Cloud stands out in this environment as a fully sovereign, vendor-neutral platform purpose-built for organizations that demand trust, flexibility, and full regulatory alignment. Backed by OpenStack technology and supported by multiple EU data centers, Cleura offers a mature IaaS platform with managed Kubernetes, object and block storage, database services, integrated backup, and multi-AZ disaster recovery.
Whether you’re securing healthcare data, scaling AI workloads, or delivering government services, Cleura gives you the tools to confidently build in the cloud—while staying within European legal, technical, and ethical boundaries.
Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter(yes for me is not X but still Twitter).
