Alternativa apenas UE a DigitalOcean.
DigitalOcean is the developer-first US cloud — competitive pricing, clean UX, and an Amsterdam region that lulls many EU teams into thinking the residency question is solved. It is not: DigitalOcean LLC is a Delaware company, its Amsterdam datacenter is operated under US corporate control, and the CLOUD Act applies. The good news is that the migration from DigitalOcean to a true EU-jurisdictional provider (Hetzner, OVH, Scaleway) is one of the cleanest in this guide — DigitalOcean's API surface is small, and most workloads moved off it report lower bills and equal or better performance.
"Região UE" não é soberania. Quatro perguntas decidem.
Residência de dados diz onde os bits ficam. Soberania diz qual sistema jurídico pode forçar o acesso. A resposta tem de valer nos quatro pontos — caso contrário a stack não é soberana.
Onde os dados estão fisicamente armazenados?
Não "na nuvem" — qual datacenter, em qual país, sob qual jurisdição.
Quem mais está no seu caminho de dados?
Cada fornecedor que toca os dados: o CDN, o relay de e-mail, o rastreador de erros, o pipeline de analytics.
Quais leis podem forçar a divulgação?
Um fornecedor com sede nos EUA está sujeito ao FISA 702 e ao CLOUD Act — mesmo quando os dados estão em Frankfurt.
Quem detém realmente as chaves de cifragem?
Se o provedor de nuvem tem tanto os dados quanto as chaves, ele pode lê-los — independentemente de qualquer DPA.
Falha em jurisdição e custódia de chaves.
Bits na UE, casa-mãe nos EUA, subprocessadores americanos no caminho predefinido, chaves geridas pelo fornecedor.
Passa nos quatro.
Hospedado na UE em infraestrutura com sede europeia. Zero subprocessadores americanos no caminho padrão. Chaves do cliente ou de KMS europeu. Nomeados no seu DPA Artigo 28.
Porque é que as equipas estão a sair DigitalOcean
DigitalOcean exits we have run almost always come from one trigger: a customer audit (B2B SaaS) or compliance review where "DigitalOcean Amsterdam" was found to be insufficient under Schrems II, and the client either had to add expensive supplementary measures (BYOK encryption that defeats the managed-service value) or migrate. Migrating is usually the cheaper option. The technical work is light because DigitalOcean's product set is intentionally minimal, which makes the EU mapping uncomplicated.
DigitalOcean serviços e os seus equivalentes apenas na UE
Uma migração não é "trocar uma caixa por outra". O mapeamento abaixo é o que executamos para clientes que saem de DigitalOcean por motivos Schrems II — plena jurisdição UE, sem casa-mãe US no caminho dos dados.
| DigitalOcean serviço | Alternativa apenas UE | Nota de engenharia |
|---|---|---|
| Droplets | Hetzner Cloud, OVH Public Cloud, Scaleway Instances, IONOS Compute | Hetzner Cloud has the closest UX equivalent and significantly better price/performance. Most clients see 40–60% cost reduction on equivalent VM specs. |
| Spaces (object storage) | OVH Object Storage, Wasabi EU, Bunny Storage, self-hosted MinIO on Hetzner | S3-compatible across all options; the migration is one endpoint change in the SDK config. |
| Managed Databases (PostgreSQL, MySQL, Redis) | OVH Managed Databases, Aiven (FI), Scaleway Managed DB, self-managed on Hetzner | For PostgreSQL, OVH and Aiven are competitive on features. Self-managed is often cheaper and acceptable for smaller workloads. |
| App Platform (PaaS) | Scaleway Serverless Containers, self-hosted Coolify on EU compute, Dokku on Hetzner | App Platform has no direct sovereign equivalent at PaaS level. Coolify (open-source self-hosted) gives a Heroku-like UX on EU infrastructure. |
| Kubernetes (DOKS) | Scaleway Kapsule, OVH Managed Kubernetes, IONOS K8s, self-managed K3s on Hetzner | Helm charts and YAML transfer cleanly. Talos Linux on Hetzner bare metal is our preferred high-trust pattern. |
| Load Balancers | Hetzner Cloud Load Balancer, OVH Load Balancer, self-managed HAProxy / Caddy | For most use cases the managed LB on EU providers is sufficient; for advanced rules, HAProxy on a small VM is the standard pattern. |
| Volumes (block storage) | Hetzner Volumes, OVH Block Storage, Scaleway Block Storage | Standard NVMe-backed block storage on all EU options; performance is comparable or better. |
| DNS (DigitalOcean DNS) | Hetzner DNS (free), Bunny DNS, deSEC | Migration is a zone export and re-import; a few minutes of work. |
| Floating IPs | Hetzner Cloud Floating IPs, OVH Failover IPs, Scaleway Flexible IPs | All providers offer the equivalent failover-IP pattern. |
| CDN (DigitalOcean CDN) | Bunny.net, KeyCDN | DigitalOcean's CDN is built on third parties; moving direct to Bunny is simpler and cheaper. |
| Monitoring (DO Monitoring) | Self-hosted Prometheus + Grafana on EU compute, Grafana Cloud EU | A small monitoring VM on Hetzner is what we deploy for clients post-migration. |
| Container Registry | Self-hosted Harbor on EU infra, Scaleway Container Registry, GitLab CR (EU instance) | Harbor is the production-grade open-source registry; we operate it for clients. |
Como migramos de DigitalOcean
Uma migração típica de mid-market decorre em três fases. Os números abaixo assumem uma equipa de engenharia de 6 a 10 pessoas e uma stack de aplicação moderadamente complexa.
Inventory & dependencies
List every Droplet, Database, Space and App Platform deployment. Identify any DigitalOcean-specific APIs or doctl automations that need rewriting. Output: clean migration plan with no surprises.
Soft dependencies first
DNS, Spaces and CDN moved first. Database replicas pre-staged on EU managed service. Container registry moved to Harbor. Monitoring on EU Prometheus.
Compute & DB cutover
Droplets reprovisioned on Hetzner with same images. Database cutover with logical replication. App Platform workloads moved to Coolify or DOKS replaced with Scaleway Kapsule. Load Balancer cutover with DNS shift.
5-year TCO on DigitalOcean exits we have run: typically 40–60% cheaper, with the largest savings on compute (Hetzner is often half the price for equivalent specs) and managed databases. Where DigitalOcean has the edge is App Platform UX, which the EU sovereign stack replaces with Coolify or self-managed PaaS.
Perguntas frequentes
DigitalOcean has datacenters in Amsterdam and Frankfurt — does that satisfy GDPR?
Residency yes, sovereignty no. The Amsterdam DC is owned and operated by DigitalOcean LLC, a US-controlled entity. The CLOUD Act allows US authorities to compel disclosure of data anywhere globally. For Schrems II–conscious workloads, that exposure is not addressed by the datacenter location.
How does Hetzner compare on uptime and reliability vs DigitalOcean?
In our operational experience, both run at "four nines" or better at the platform level for typical workloads. Hetzner has occasionally had longer single-incident outages historically; DigitalOcean has had a higher frequency of smaller incidents. Neither difference is meaningful for most application architectures.
What about App Platform replacement specifically?
App Platform is genuinely useful for small teams that don't want to operate infrastructure. Coolify (self-hosted, open-source) gives a comparable Heroku/App Platform UX on Hetzner or any EU compute. For teams that want managed: Scaleway Serverless Containers comes closest in the EU sovereign space.
Can we migrate gradually or does it have to be all-at-once?
Gradual is the norm. Run both providers in parallel via DNS-level traffic split, migrate workload-by-workload, decommission DigitalOcean once the last service is moved. Typical elapsed time: 4–8 weeks for mid-market workloads, 2–4 weeks for small ones.
How long does a DigitalOcean exit take?
For a typical workload (5–20 Droplets, 1–2 managed databases, Spaces, DNS): 3–6 weeks elapsed time. With a managed-infrastructure partner driving it: 2–4 weeks. The technical work is light; the schedule is determined by validation gates and team availability.
Will the migration create downtime?
No, when done properly. Database migration uses logical replication so the cutover is a single DNS or connection-string change. Compute migration uses blue-green at the load balancer or DNS level. Object storage uses dual-write during the migration window. Zero-downtime is the standard expectation.
Planeie a sua saída de DigitalOcean.
Chamada de scoping de 30 minutos. Mapeamos a sua stack contra alternativas apenas UE, estimamos o esforço de migração e dizemos-lhe se é a decisão certa.