Alternative UE-uniquement à DigitalOcean.
DigitalOcean is the developer-first US cloud — competitive pricing, clean UX, and an Amsterdam region that lulls many EU teams into thinking the residency question is solved. It is not: DigitalOcean LLC is a Delaware company, its Amsterdam datacenter is operated under US corporate control, and the CLOUD Act applies. The good news is that the migration from DigitalOcean to a true EU-jurisdictional provider (Hetzner, OVH, Scaleway) is one of the cleanest in this guide — DigitalOcean's API surface is small, and most workloads moved off it report lower bills and equal or better performance.
Une "région UE" n'est pas la souveraineté. Quatre questions tranchent.
La résidence des données indique où sont les bits. La souveraineté indique quel système juridique peut contraindre à l'accès. La réponse doit tenir sur les quatre points — sinon la stack n'est pas souveraine.
Où les données sont-elles physiquement stockées ?
Pas "dans le cloud" — quel datacenter, dans quel pays, sous quelle juridiction.
Qui d'autre est dans votre chemin de données ?
Chaque fournisseur qui touche les données : le CDN, le relais e-mail, le tracker d'erreurs, le pipeline analytics.
Quelles lois peuvent contraindre à la divulgation ?
Un fournisseur dont le siège est aux États-Unis relève du FISA 702 et du CLOUD Act — même lorsque les données se trouvent à Francfort.
Qui détient réellement les clés de chiffrement ?
Si le fournisseur cloud détient à la fois les données et les clés, il peut les lire — quel que soit le DPA.
Échoue sur la juridiction et la garde des clés.
Bits en UE, maison mère américaine, sous-traitants américains dans le chemin par défaut, clés gérées par le fournisseur.
Réussit sur les quatre.
Hébergé en UE sur une infrastructure au siège européen. Zéro sous-traitant américain dans le chemin par défaut. Clés détenues par le client ou par un KMS européen. Nommés dans votre DPA Article 28.
Pourquoi les équipes partent DigitalOcean
DigitalOcean exits we have run almost always come from one trigger: a customer audit (B2B SaaS) or compliance review where "DigitalOcean Amsterdam" was found to be insufficient under Schrems II, and the client either had to add expensive supplementary measures (BYOK encryption that defeats the managed-service value) or migrate. Migrating is usually the cheaper option. The technical work is light because DigitalOcean's product set is intentionally minimal, which makes the EU mapping uncomplicated.
DigitalOcean services et leurs équivalents UE-uniquement
Une migration n'est pas "échanger une boîte contre une autre". La cartographie ci-dessous est ce que nous exécutons pour les clients qui quittent DigitalOcean pour des raisons Schrems II — pleine juridiction UE, pas de maison mère US dans le chemin des données.
| DigitalOcean service | Alternative UE-uniquement | Note d'ingénierie |
|---|---|---|
| Droplets | Hetzner Cloud, OVH Public Cloud, Scaleway Instances, IONOS Compute | Hetzner Cloud has the closest UX equivalent and significantly better price/performance. Most clients see 40–60% cost reduction on equivalent VM specs. |
| Spaces (object storage) | OVH Object Storage, Wasabi EU, Bunny Storage, self-hosted MinIO on Hetzner | S3-compatible across all options; the migration is one endpoint change in the SDK config. |
| Managed Databases (PostgreSQL, MySQL, Redis) | OVH Managed Databases, Aiven (FI), Scaleway Managed DB, self-managed on Hetzner | For PostgreSQL, OVH and Aiven are competitive on features. Self-managed is often cheaper and acceptable for smaller workloads. |
| App Platform (PaaS) | Scaleway Serverless Containers, self-hosted Coolify on EU compute, Dokku on Hetzner | App Platform has no direct sovereign equivalent at PaaS level. Coolify (open-source self-hosted) gives a Heroku-like UX on EU infrastructure. |
| Kubernetes (DOKS) | Scaleway Kapsule, OVH Managed Kubernetes, IONOS K8s, self-managed K3s on Hetzner | Helm charts and YAML transfer cleanly. Talos Linux on Hetzner bare metal is our preferred high-trust pattern. |
| Load Balancers | Hetzner Cloud Load Balancer, OVH Load Balancer, self-managed HAProxy / Caddy | For most use cases the managed LB on EU providers is sufficient; for advanced rules, HAProxy on a small VM is the standard pattern. |
| Volumes (block storage) | Hetzner Volumes, OVH Block Storage, Scaleway Block Storage | Standard NVMe-backed block storage on all EU options; performance is comparable or better. |
| DNS (DigitalOcean DNS) | Hetzner DNS (free), Bunny DNS, deSEC | Migration is a zone export and re-import; a few minutes of work. |
| Floating IPs | Hetzner Cloud Floating IPs, OVH Failover IPs, Scaleway Flexible IPs | All providers offer the equivalent failover-IP pattern. |
| CDN (DigitalOcean CDN) | Bunny.net, KeyCDN | DigitalOcean's CDN is built on third parties; moving direct to Bunny is simpler and cheaper. |
| Monitoring (DO Monitoring) | Self-hosted Prometheus + Grafana on EU compute, Grafana Cloud EU | A small monitoring VM on Hetzner is what we deploy for clients post-migration. |
| Container Registry | Self-hosted Harbor on EU infra, Scaleway Container Registry, GitLab CR (EU instance) | Harbor is the production-grade open-source registry; we operate it for clients. |
Comment nous migrons depuis DigitalOcean
Une migration typique de mid-market se déroule en trois phases. Les chiffres ci-dessous supposent une équipe d'ingénierie de 6 à 10 personnes et une stack applicative modérément complexe.
Inventory & dependencies
List every Droplet, Database, Space and App Platform deployment. Identify any DigitalOcean-specific APIs or doctl automations that need rewriting. Output: clean migration plan with no surprises.
Soft dependencies first
DNS, Spaces and CDN moved first. Database replicas pre-staged on EU managed service. Container registry moved to Harbor. Monitoring on EU Prometheus.
Compute & DB cutover
Droplets reprovisioned on Hetzner with same images. Database cutover with logical replication. App Platform workloads moved to Coolify or DOKS replaced with Scaleway Kapsule. Load Balancer cutover with DNS shift.
5-year TCO on DigitalOcean exits we have run: typically 40–60% cheaper, with the largest savings on compute (Hetzner is often half the price for equivalent specs) and managed databases. Where DigitalOcean has the edge is App Platform UX, which the EU sovereign stack replaces with Coolify or self-managed PaaS.
Questions fréquemment posées
DigitalOcean has datacenters in Amsterdam and Frankfurt — does that satisfy GDPR?
Residency yes, sovereignty no. The Amsterdam DC is owned and operated by DigitalOcean LLC, a US-controlled entity. The CLOUD Act allows US authorities to compel disclosure of data anywhere globally. For Schrems II–conscious workloads, that exposure is not addressed by the datacenter location.
How does Hetzner compare on uptime and reliability vs DigitalOcean?
In our operational experience, both run at "four nines" or better at the platform level for typical workloads. Hetzner has occasionally had longer single-incident outages historically; DigitalOcean has had a higher frequency of smaller incidents. Neither difference is meaningful for most application architectures.
What about App Platform replacement specifically?
App Platform is genuinely useful for small teams that don't want to operate infrastructure. Coolify (self-hosted, open-source) gives a comparable Heroku/App Platform UX on Hetzner or any EU compute. For teams that want managed: Scaleway Serverless Containers comes closest in the EU sovereign space.
Can we migrate gradually or does it have to be all-at-once?
Gradual is the norm. Run both providers in parallel via DNS-level traffic split, migrate workload-by-workload, decommission DigitalOcean once the last service is moved. Typical elapsed time: 4–8 weeks for mid-market workloads, 2–4 weeks for small ones.
How long does a DigitalOcean exit take?
For a typical workload (5–20 Droplets, 1–2 managed databases, Spaces, DNS): 3–6 weeks elapsed time. With a managed-infrastructure partner driving it: 2–4 weeks. The technical work is light; the schedule is determined by validation gates and team availability.
Will the migration create downtime?
No, when done properly. Database migration uses logical replication so the cutover is a single DNS or connection-string change. Compute migration uses blue-green at the load balancer or DNS level. Object storage uses dual-write during the migration window. Zero-downtime is the standard expectation.
Planifiez votre sortie de DigitalOcean.
Appel de cadrage de 30 minutes. Nous cartographions votre stack par rapport aux alternatives UE-uniquement, estimons l'effort de migration et vous disons si c'est le bon choix.