仅欧洲替代方案 Google Cloud Platform.
Google Cloud is the smallest of the three US hyperscalers in EU market share but has the strongest data-engineering brand. That brand is the migration challenge: BigQuery, Vertex AI, Spanner and the rest of the GCP catalog are excellent tools, and there is no like-for-like EU sovereign replacement for some of them. The honest answer is that for most mid-market workloads — web applications, APIs, e-commerce — the EU sovereign stack is a clean fit. For specialised data-engineering or ML workloads, the conversation is more nuanced. We will tell you which category yours falls in.
"欧盟区域"不等于主权。四个问题决定一切。
数据驻留告诉你数据在哪里。主权告诉你哪个法律体系可以强制访问。四个答案都必须成立——否则该技术栈就不主权。
数据物理存储在哪里?
不是"在云中"——而是哪个数据中心、在哪个国家、受哪个司法管辖区管辖。
您的数据路径中还有谁?
每一个接触数据的供应商:CDN、邮件中继、错误追踪、分析管道。
哪些法律可以强制披露?
美国总部的供应商受 FISA 702 和 CLOUD Act 管辖——即使数据存放在法兰克福。
谁实际持有加密密钥?
如果云供应商同时持有数据和密钥,无论 DPA 如何,他们都能读取数据。
在司法管辖权和密钥托管上失败。
欧盟数据、美国母公司、默认路径中的美国次级处理者、供应商管理的密钥。
四项全部通过。
托管在欧盟、由欧盟总部基础设施提供。默认路径中零美国次级处理者。客户持有或欧盟 KMS 密钥。在您的第 28 条 DPA 中按名称列出。
为什么团队正在退出 Google Cloud Platform
GCP exits we have scoped tend to come from one of two angles: a regulated workload that started small on GCP and now needs Schrems II compliance to grow, or a B2B SaaS whose enterprise customers (German banks, French government, Dutch healthcare) explicitly required no US-jurisdictional processor in the contract. The 2024 EU-US Data Privacy Framework legal challenges added a third trigger — leadership-level concern about another transfer-mechanism reversal. T-Systems Open Sovereign Cloud is a Google Cloud licensee operated under DT, which improves the documentation but inherits Google technology.
Google Cloud Platform 服务及其仅欧盟等效方案
迁移不是"换一个盒子"。下面的映射是我们为离开以下平台的客户运行的 Google Cloud Platform 基于 Schrems II — 完全欧盟司法管辖权,数据路径中没有美国母公司。
| Google Cloud Platform 服务 | 仅欧盟替代方案 | 工程说明 |
|---|---|---|
| Compute Engine (GCE) | Hetzner Cloud, OVH Public Cloud, IONOS, Scaleway Instances | Per-vCPU pricing dramatically lower on EU providers; reserved instances unnecessary at typical scale. |
| Cloud Storage | OVH Object Storage, Wasabi EU, Bunny Storage, self-hosted Ceph or MinIO | S3-compatible APIs across all of these; SDK changes are minimal. |
| Cloud SQL | OVH Managed Databases, Aiven (FI), self-managed PostgreSQL/MySQL with replication | Logical replication enables zero-downtime cutover. Aiven has a strong EU presence and Schrems II–conscious tooling. |
| GKE (managed Kubernetes) | Scaleway Kapsule, OVH Managed K8s, IONOS K8s, or self-managed Talos / K3s on Hetzner | GKE Autopilot has no direct equivalent; for most workloads, managed K8s is sufficient. Talos on bare metal is our preferred high-trust setup. |
| Cloud Run | Scaleway Serverless Containers, self-hosted Knative on EU K8s | Knative is the upstream of Cloud Run; the migration is essentially a redeploy onto an EU-hosted Knative cluster. |
| BigQuery | ClickHouse on EU infra, DuckDB for analytical workloads, Snowflake EU (note: US parent) | No 1:1 sovereign equivalent at BigQuery scale. ClickHouse self-hosted is the production pattern; for true Schrems II, this is the workload most clients keep on a documented hybrid. |
| Cloud Pub/Sub | NATS, Apache Kafka, RabbitMQ self-hosted on EU compute | Kafka is the standard pattern for high-volume event streams; NATS is lighter-weight. |
| Cloud Functions | Scaleway Serverless Functions, OpenFaaS or Knative on EU K8s | Functions migration is mechanical; cold-start performance on EU sovereign options is competitive. |
| Cloud DNS | Hetzner DNS, Bunny DNS, deSEC | Standard zone migration via AXFR or zone export. |
| Cloud CDN / Cloud Armor | Bunny.net, KeyCDN, OVH Anti-DDoS | Bunny offers WAF rules and DDoS protection at the edge with EU-only POPs option. |
| IAM / Cloud Identity | Keycloak, Authentik, FreeIPA on EU infra | OIDC/SAML migration is well-trodden; Workspace identity is a separate decision. |
| Cloud Operations (Stackdriver) | Self-hosted Prometheus + Grafana + Loki + Tempo, Grafana Cloud EU | OpenTelemetry instrumentation makes the application-side migration trivial. |
| Vertex AI / model APIs | Mistral AI (FR), Aleph Alpha (DE), self-hosted Llama / Qwen / DeepSeek on EU GPUs | Mistral hosts in FR with EU-jurisdictional endpoints. For training, Hetzner / Scaleway GPU instances are competitive. |
| Firestore / Firebase | PostgreSQL with row-level security, Supabase (US parent — flag), self-hosted Pocketbase or Appwrite | Firestore real-time sync is the hardest piece to replace; for document workloads, PostgreSQL + LISTEN/NOTIFY usually fits. |
我们如何迁移离开 Google Cloud Platform
典型的中端市场迁移分三个阶段进行。以下数字假设一个 6-10 人的工程团队和中等复杂的应用程序技术栈。
Audit & data-engineering scope
Inventory GCP services, classify by sovereignty necessity. Special attention to BigQuery and Vertex usage — these define the migration shape. Output: phased plan plus the explicit decision on data-engineering workloads.
Edge, soft dependencies, IAM staging
Cloud DNS, CDN, monitoring and Cloud Storage moved first. Keycloak deployed alongside Cloud Identity for parallel-run. Pre-stage compute on Hetzner / Scaleway.
Core cutover + analytics decision
GCE/GKE workloads cut over with blue-green. Cloud SQL replicated and switched. BigQuery either migrated to ClickHouse or kept on a documented hybrid with personal data scrubbed at the boundary. Vertex AI workloads moved to Mistral or self-hosted equivalents.
5-year TCO on GCP exits we have run: 30–50% cheaper for predictable workloads. The exception is BigQuery-heavy analytics — there the operational saving of GCP often justifies keeping it on a hybrid (with personal-data anonymisation at the boundary) rather than migrating.
常见问题
Does GCP "Sovereign Controls" or T-Systems Open Sovereign Cloud solve the issue?
Sovereign Controls (formerly Google Cloud Sovereign) adds operational separation: EU-resident staff, encryption key control, audit logging. It does not change the underlying jurisdiction — Google LLC remains the technology owner. T-Systems Open Sovereign Cloud uses GCP technology under licence with DT operations; same caveat at the technology layer. For most Schrems II analyses, both are improvements but not full sovereignty.
Can we keep BigQuery and migrate everything else?
Yes, and this is a common pattern. The discipline: scrub or anonymise personal data at the ingestion boundary so what enters BigQuery is no longer subject to GDPR. Document the boundary in your DPA. We have implemented this pattern for several mid-market analytics workloads.
What is the realistic ML/AI alternative?
Mistral AI (FR) for foundation models with comparable quality to GPT-4-class on European jurisdiction. Aleph Alpha (DE) for sovereign-by-design LLM workloads. For training, Hetzner GPU servers or Scaleway H100 instances cover most use cases. The gap vs Vertex AI is in tooling polish, not raw capability.
How does GKE migration compare to AKS or EKS?
Mechanically similar — Helm charts, manifests and CI/CD pipelines transfer cleanly. GKE-specific addons (Workload Identity, GKE-managed cert-manager) need replacement with standard equivalents. Plan 1–2 weeks for the K8s addon migration.
How long does a GCP exit take?
For a mid-market application (GCE, Cloud SQL, GKE, Cloud Storage, no BigQuery): 10–14 weeks elapsed time. With a managed-infrastructure partner: 6–10 weeks. BigQuery in scope adds 4–8 weeks depending on the migration target.
What about Workspace (Gmail, Docs, Drive)?
Workspace is a separate conversation from GCP infrastructure. Many clients run a hybrid: GCP infrastructure replaced, Workspace kept with documented exposure. The mailbox.org migration path for Workspace is well-supported.