6 min read
Schwarz Digits, the IT subsidiary of the Lidl Group, aims to become Germany’s first home-grown hyperscaler with StackIT. That’s a bold claim in a market currently dominated by AWS, Microsoft and Google. The more pressing question isn’t who shouts it loudest, but who can back it up with resilient infrastructure, BSI certification and real industrial workloads.
Key Takeaways
- Three providers are already production-ready: StackIT, IONOS Cloud and the Open Telekom Cloud are already running at banks, law firms and in regulated environments. The rest of the “digital sovereignty” debate is pure marketing.
- The German federal government has spoken: In the €250 million Germany-Stack AI Cloud tender, not a single US hyperscaler made the shortlist. StackIT supplies the BSI-certified infrastructure layer there.
- ES³ makes sovereignty measurable: Schwarz Digits’ new standard rates cloud offerings across four maturity levels. Combined with BSI C5:2026 and C3A, the promise becomes an auditable criterion.
Related:The Germany-Stack goes live / The lock-in is wobbling
What separates a hyperscaler from a good data centre
The term “hyperscaler” has become overused. A tidy data centre running VMware underneath doesn’t cut it. What sets AWS, Azure and Google apart are three things: elastic scaling across regions, a deep catalogue of managed services from object storage to model platforms, and an ecosystem of APIs and partners that turns the underlying infrastructure into the de-facto standard environment.
Most European alternatives that brand themselves as “sovereign” fall short on this benchmark. They deliver reliable IaaS, but the service catalogue and partner ecosystem remain thin. Sovereignty without substance ultimately becomes a compliance checkbox without a solid operational foundation. For architects, that means the first stop is the service roadmap and reference workloads-only then the data-protection white paper.
StackIT: Schwarz Digits means business
Of the German hopefuls, StackIT has the strongest tail-wind. Behind the cloud sits the Schwarz Group, one of Europe’s largest cloud consumers. Running your own logistics at petabyte scale means you’ve already solved the scaling problems of a hyperscaler before selling the solution to others.
The decisive proof arrived in May 2026. In the award of the €250 million federal AI Cloud-Germany-Stack-no US provider made the winning consortium. StackIT, teamed with SVA and Codesphere, supplies the BSI-certified infrastructure layer. Zero-trust and Bring Your Own Key were hard tender requirements, not optional extras. A federal contract of this size is the most credible reference any sovereign provider can currently cite.
IONOS and Deutsche Telekom are already delivering today
StackIT isn’t alone in production readiness. IONOS Cloud, United Internet’s subsidiary, is the most price-aggressive player in the field. Its Compute Engine starts at roughly €0.015 per vCPU-hour, undercutting comparable AWS configurations. For cost-sensitive workloads in regulated environments, that’s a compelling argument.
The Open Telekom Cloud from T-Systems has been serving banks and public-sector clients for years. Together with StackIT and IONOS, it forms the small circle of providers that actually carry real loads in regulated operations at law firms, financial institutions and healthcare. Stripped to the bone, when people talk about German hyperscalers they’re talking about these three names-everything else is still on the roadmap.
ES³: a framework against sovereignty-washing
The biggest problem in the sovereignty debate has long been its lack of precision. Every provider defined the term in a way that suited their own solution. This is exactly where the European Sovereign Stack Standard comes in-ES³ for short-which Schwarz Digits is championing. It evaluates IT services across four maturity levels, from basic to future-proof, and translates sovereignty into a measurable Sovereignty Maturity Level from 1 to 4.
In doing so, ES³ complements official frameworks. BSI C5:2026 assesses security, the new C3A catalogue goes further by examining genuine operator and data sovereignty, and the EUCS framework provides the European umbrella. For architects, 2026 will be the first year when it becomes tangible which sovereignty level a given offering actually delivers. A provider that avoids ES³ or C3A evaluation has, in all likelihood, already answered the question.
What this means for your cloud decision
The choice is rarely a binary one between US hyperscalers and sovereign alternatives. A pragmatic, tiered approach is more realistic: run non-critical workloads where service depth and price are right, and place regulated or business-critical loads with a provider that can demonstrate a robust sovereignty level.
Three questions should precede every tender. First: is there documented ES³ or C3A classification-not just a marketing promise? Second: which comparable industry workloads are already running there in production, with references you can verify? Third: what does the exit strategy look like if things don’t work out? If you get solid answers to these three points, you’ve found an operator. If you only receive brochures, you’ve met a vendor.
Frequently Asked Questions
Is StackIT already a true hyperscaler?
Not yet in the sense of AWS or Azure, judged by service depth and ecosystem. StackIT is production-ready and prominently referenced through the Germany-Stack mandate, but it continues to expand its service catalogue. The ambition is set; the path is under way.
What’s the difference between ES³ and BSI C5?
BSI C5:2026 certifies the information-security posture of a cloud. ES³ and the complementary C3A catalogue go beyond that by evaluating digital sovereignty-operator control, data ownership, and insulation from non-EU access. C5 answers “how secure is it?” ES³ answers “how sovereign is it?”
Why is IONOS so much cheaper?
IONOS operates its own data centres with a lean service structure and deliberately positions itself on price. The result is roughly €0.015 per vCPU-hour. The trade-off is a narrower managed-services catalogue compared with US hyperscalers.
Can I combine US hyperscalers with sovereign clouds?
Yes-that’s the common approach. Non-critical workloads run on AWS or Azure, while regulated or business-critical loads sit with a sovereign provider. The key is rigorous data classification and a realistic exit plan for every part of the landscape.
Who stands behind the Germany-Stack?
In May 2026, the German federal government awarded around €250 million for a sovereign AI cloud delivered as a Platform-as-a-Service. The contract is split between two consortia: T-Systems with SAP, and a group comprising SVA, Schwarz Digits, and Codesphere. StackIT supplies the BSI-certified infrastructure for that project.
Editor’s Reading Picks
- KRITIS in the Cloud: What Secures the Migration
- FinOps: Realistically Cut Cloud Costs by 30 Percent
- The Cheap Cloud Chip with the Expensive Exit
More from the MBF Media Network
Source of header image: Unsplash / Lightsaber Collection
Image source: Unsplash / Lightsaber Collection