Alternative UE-uniquement à Alibaba Cloud.
Alibaba Cloud (Aliyun) is the largest cloud provider in Asia and the third-largest globally. Alibaba Group Holding Limited is incorporated in the Cayman Islands but operationally and effectively controlled from China. The PRC National Intelligence Law (2017) Article 7 obliges Chinese organisations to "support, assist and cooperate with state intelligence work" — which is the Chinese equivalent of the US CLOUD Act and arguably broader. The Frankfurt and London regions of Alibaba Cloud are EU-located but PRC-controlled. For EU buyers needing Schrems II–style sovereignty, Alibaba Cloud raises a third-country exposure that is legally even less defensible than US providers.
Une "région UE" n'est pas la souveraineté. Quatre questions tranchent.
La résidence des données indique où sont les bits. La souveraineté indique quel système juridique peut contraindre à l'accès. La réponse doit tenir sur les quatre points — sinon la stack n'est pas souveraine.
Où les données sont-elles physiquement stockées ?
Pas "dans le cloud" — quel datacenter, dans quel pays, sous quelle juridiction.
Qui d'autre est dans votre chemin de données ?
Chaque fournisseur qui touche les données : le CDN, le relais e-mail, le tracker d'erreurs, le pipeline analytics.
Quelles lois peuvent contraindre à la divulgation ?
Un fournisseur dont le siège est aux États-Unis relève du FISA 702 et du CLOUD Act — même lorsque les données se trouvent à Francfort.
Qui détient réellement les clés de chiffrement ?
Si le fournisseur cloud détient à la fois les données et les clés, il peut les lire — quel que soit le DPA.
Échoue sur la juridiction et la garde des clés.
Bits en UE, maison mère américaine, sous-traitants américains dans le chemin par défaut, clés gérées par le fournisseur.
Réussit sur les quatre.
Hébergé en UE sur une infrastructure au siège européen. Zéro sous-traitant américain dans le chemin par défaut. Clés détenues par le client ou par un KMS européen. Nommés dans votre DPA Article 28.
Pourquoi les équipes partent Alibaba Cloud
Alibaba Cloud usage in EU mid-market is concentrated in specific patterns: cross-border e-commerce serving Chinese consumers, EU subsidiaries of Chinese parent companies, or companies that adopted Aliyun for genuinely China-specific compute and now find the EU side under regulatory pressure. The triggers we see for migration: EU customers (B2B) refusing data processing through Aliyun, NIS2 essential-entity classification flagging PRC providers as supply-chain risk, or board-level concern after the 2024 EU regulatory tightening on Chinese cloud and AI providers. The EU sovereign stack handles the EU-side workloads cleanly; China-specific workloads remain on a documented hybrid where appropriate.
Alibaba Cloud services et leurs équivalents UE-uniquement
Une migration n'est pas "échanger une boîte contre une autre". La cartographie ci-dessous est ce que nous exécutons pour les clients qui quittent Alibaba Cloud pour des raisons Schrems II — pleine juridiction UE, pas de maison mère US dans le chemin des données.
| Alibaba Cloud service | Alternative UE-uniquement | Note d'ingénierie |
|---|---|---|
| Elastic Compute Service (ECS) | Hetzner Cloud, OVH Public Cloud, Scaleway Instances, IONOS | Standard VM migration. Image rebuild from CentOS/Aliyun Linux to Rocky/Alma/Debian. Most application stacks transfer without changes. |
| Object Storage Service (OSS) | OVH Object Storage, Wasabi EU, Bunny Storage, MinIO self-hosted | OSS supports S3-compatible API; the migration is endpoint config plus data sync. |
| ApsaraDB RDS | OVH Managed Databases, Aiven (FI), Scaleway Managed DB, self-managed PostgreSQL/MySQL | RDS uses MySQL/PostgreSQL/SQL Server underneath; migration via logical replication or dump/restore depending on size. |
| Container Service for Kubernetes (ACK) | Scaleway Kapsule, OVH Managed K8s, Talos on Hetzner | ACK is upstream Kubernetes with Aliyun-specific addons; standard nginx-ingress and cert-manager replace ACK-specific equivalents. |
| Function Compute (FaaS) | OpenFaaS, Knative on EU K8s, Scaleway Serverless Functions | Function migration is mechanical; runtime models port cleanly. |
| Server Load Balancer (SLB) | Hetzner Cloud LB, OVH Load Balancer, HAProxy self-managed | Standard L4/L7 load balancing on all EU options. |
| Anti-DDoS Pro | OVH Anti-DDoS (included), Bunny.net DDoS, NaWas (NL DDoS scrubbing) | OVH and NaWas (operated by SIDN, NL) have credible large-scale DDoS scrubbing under EU jurisdiction. |
| Web Application Firewall | Bunny WAF, ModSecurity / Coraza, F5 NGINX Plus | Rule sets transfer; OWASP Top 10 coverage is standard everywhere. |
| CDN | Bunny.net, KeyCDN | For EU-only delivery, Bunny is the standard target; for serving Chinese mainland traffic, Aliyun CDN remains the practical choice for that specific traffic. |
| Alibaba Cloud DNS | Hetzner DNS, Bunny DNS, deSEC | Standard zone migration. |
| Tablestore (NoSQL) | ScyllaDB self-hosted, Cassandra on EU compute, PostgreSQL with appropriate indexing | For wide-column workloads, ScyllaDB is the modern open-source pattern. |
| PolarDB | PostgreSQL or MySQL on EU managed services, or self-managed | PolarDB is MySQL/PostgreSQL-compatible; logical replication handles the migration. |
Comment nous migrons depuis Alibaba Cloud
Une migration typique de mid-market se déroule en trois phases. Les chiffres ci-dessous supposent une équipe d'ingénierie de 6 à 10 personnes et une stack applicative modérément complexe.
Audit + traffic-region split
Inventory Aliyun services and classify by traffic region: serving Chinese mainland users (may stay on Aliyun, document exposure for EU data), serving EU users (priority migration to sovereign EU stack). Output: phased plan with explicit boundary.
EU-facing workloads cutover
EU traffic gradually shifted to the EU sovereign stack. Database replicas pre-staged. Storage sync. Edge migrations to Bunny.net.
Decommission EU side of Aliyun
Final cutover of EU workloads. Aliyun account scoped down to China-mainland-only workloads if those remain. EU customer DPAs updated to reflect new processor list.
Aliyun-to-EU cost comparison varies more than US migrations. For pure compute, EU sovereign stack is competitive or cheaper. For Aliyun-specific managed services (PolarDB at scale, Tablestore), the migration may not be cost-driven but compliance-driven. The strongest case is regulatory: GDPR penalties for inadequate Schrems II–style safeguards on PRC providers can dwarf any infrastructure cost difference.
Questions fréquemment posées
What is the legal regime that makes Alibaba Cloud problematic for EU data?
Three primary instruments: the PRC Cybersecurity Law (2017) requires storage of certain data within China and grants government access; the Data Security Law (2021) extends data-handling obligations and allows extraterritorial application; Article 7 of the National Intelligence Law (2017) compels cooperation with state intelligence work. The combined effect is that PRC-controlled entities are required to provide access to data on government request. For GDPR purposes, this is a third-country transfer with high regulatory exposure.
But Alibaba Cloud International is registered in Singapore — does that change things?
Marginally. Alibaba Cloud Singapore is a subsidiary of Alibaba Group Holding Limited (Cayman Islands) which is operationally controlled from Hangzhou. The same parent jurisdiction analysis that affects US subsidiaries applies here, with the additional consideration that PRC laws have explicit extraterritorial provisions.
We need to serve customers in mainland China — how does that work?
A documented hybrid: Aliyun (or another PRC provider) for China-mainland-served traffic, EU sovereign stack for EU-served traffic, with a strict boundary on personal data. The boundary is documented in the DPA and reviewed quarterly. Many of our cross-border e-commerce clients run exactly this pattern.
Are there sovereign EU alternatives for the China-specific services?
For services that exist specifically because of China-side traffic patterns (PolarDB-X for cross-region active-active in PRC, Aliyun CDN for mainland delivery), there are no EU sovereign equivalents because the use case is China-specific. For everything else (compute, storage, basic managed databases), the EU sovereign stack covers it cleanly.
How long does an Alibaba Cloud exit take?
For typical EU-side workloads (compute, RDS, OSS, ACK): 8–14 weeks elapsed time. For mixed cross-border workloads where the China side stays: 6–10 weeks for the EU-side migration only. The hybrid model often takes longer to design than execute.
What about Huawei Cloud or Tencent Cloud?
Same legal analysis as Alibaba Cloud. All three are PRC-controlled entities subject to the same combination of Cybersecurity Law, Data Security Law and National Intelligence Law obligations. From a Schrems II perspective, the analysis is materially identical.
Planifiez votre sortie de Alibaba Cloud.
Appel de cadrage de 30 minutes. Nous cartographions votre stack par rapport aux alternatives UE-uniquement, estimons l'effort de migration et vous disons si c'est le bon choix.