№ 003 · · 6 min read

The Case for Sovereign Stacks

Why the cloud is not a strategy, it is a liability you haven't priced yet

infrastructuresovereigntydata-privacyagentic-ai

There is a conversation happening in boardrooms across Europe that did not exist three years ago. It goes roughly like this: We have built our entire data infrastructure on AWS. Our AI workloads run on Azure. Our customer data lives in Google Cloud. And now our legal team is telling us that this is a problem.

They are right. It is a problem. But not for the reasons most people think.

The compliance argument is the wrong argument

The usual framing of cloud sovereignty is a compliance story. GDPR. Schrems II. The EU AI Act. Data residency requirements for financial services. These are real constraints, and they matter. But they are the wrong reason to build a sovereign stack.

The right reason is operational independence. The ability to make architectural decisions without asking a vendor for permission. The ability to run your AI workloads without your inference costs being subject to someone else’s pricing committee. The ability to know, with certainty, where your data is and who can access it.

Compliance is the floor. Sovereignty is the ceiling.

What changed in 2025

Three things converged that made sovereign stacks practical for organisations that are not hyperscalers themselves.

First, the hardware got cheap. Hetzner’s CX52 gives you 16 vCPUs and 32 GB RAM for €35/month. An NVIDIA L40S for inference workloads is now available through Hetzner Cloud at prices that would have been unimaginable in 2022. The cost argument for cloud — we can’t afford to run this ourselves — stopped being true for most medium-sized organisations around mid-2024.

Second, the software matured. Ollama made local LLM inference a one-command operation. LangGraph gave agentic AI a state management model that actually survives production. Coolify made self-hosted PaaS deployments as simple as Heroku. The operational overhead that used to justify cloud dependency has been systematically eliminated.

Third, the legal risk became undeniable. The US Cloud Act means that any data stored with a US-headquartered provider can be accessed by US law enforcement without notifying the data subject or the data controller. This is not a theoretical risk. It is a structural feature of the current legal landscape.

The architecture of a sovereign stack

Here is what a practical sovereign stack looks like for a mid-sized European organisation running agentic AI workloads in 2026:

┌─────────────────────────────────────────────────────────┐
│  Hetzner Cloud (DE/FI)  ·  EU-based, German law         │
│                                                         │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐     │
│  │  Inference  │  │  Data Store │  │  Orchestr.  │     │
│  │  Ollama +   │  │  PostgreSQL │  │  LangGraph  │     │
│  │  L40S GPU   │  │  + DuckDB   │  │  + n8n      │     │
│  └─────────────┘  └─────────────┘  └─────────────┘     │
│                                                         │
│  ┌─────────────────────────────────────────────────┐   │
│  │  Coolify (self-hosted PaaS)                     │   │
│  │  Caddy (reverse proxy + TLS)                    │   │
│  └─────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────┘

This is not a thought experiment. This is a stack I have deployed in production for clients in financial services and healthcare, where the alternative was either accepting US Cloud Act exposure or not running AI workloads at all.

The total monthly cost for a stack that handles 50,000 LLM inference requests per day, stores 2TB of structured data, and runs 15 concurrent agentic workflows: approximately €800/month. The equivalent on AWS, with comparable performance, would be €6,000–8,000/month.

The objections

“We can’t hire the people to run this.” You don’t need a team of SREs. You need one person who understands Linux, Caddy, and Docker. Coolify handles the deployment complexity. Hetzner handles the hardware. The operational surface area is smaller than most people assume.

“We lose the managed services.” You lose some managed services. You gain others. Managed PostgreSQL on Hetzner is excellent. Managed Kubernetes is available. What you lose is the proprietary lock-in: the vendor-specific AI services, the proprietary data formats, the APIs that only work within one cloud ecosystem.

“What about reliability?” Hetzner’s SLA is 99.9%. That is the same number AWS publishes for most services. The difference is that when Hetzner has an outage, it is a hardware problem. When AWS has an outage, it takes down half the internet simultaneously, as we have seen repeatedly.

The agentic AI dimension

This is where sovereign stacks become not just strategically sensible but operationally necessary.

Agentic AI systems — systems that take actions in the world, not just generate text — have a fundamentally different data profile than traditional applications. They accumulate context. They make decisions based on historical interactions. They have access to tools that can read and write data across your organisation.

Running these systems on infrastructure you do not control is not just a privacy risk. It is a security risk. Every agent action, every tool call, every piece of context that flows through an inference endpoint is potentially visible to the infrastructure provider.

The pattern I use: inference runs on self-hosted Ollama with a quantised model appropriate to the task. Tool calls are logged to a local PostgreSQL instance. Agent state is managed by LangGraph with a local checkpoint store. The entire system is air-gapped from external APIs except for specific, audited integration points.

This is not harder than running the same workload on Azure OpenAI. It is different. And the difference matters.

What to do next

If you are running AI workloads on hyperscaler infrastructure and you have not done a sovereignty audit, do one. The questions are simple:

  1. Where does your inference traffic go? Who can read it?
  2. Where is your training data stored? Under what legal jurisdiction?
  3. If your primary cloud provider raised prices 40% tomorrow, what would you do?
  4. If a US court issued a subpoena for your customer data, would you know?

The answers to these questions determine whether cloud dependency is a risk you have consciously accepted or a risk you have simply not noticed yet.

Sovereign stacks are not for everyone. But for European organisations running sensitive AI workloads, they are increasingly the only defensible architecture. The question is not whether to move. It is how fast.