DeepL and the great surrender: Why Europe's flagship company is switching to US infrastructure – Image: Xpert.Digital
Europe's AI hope buckles: This is what's behind DeepL's drastic change in strategy
The CLOUD Act strikes: Are confidential translations at DeepL soon at risk?
DeepL breaks its most important promise: Why the German AI giant is suddenly switching to Amazon (AWS)
DeepL was long considered shining proof that Europe could not only keep pace technologically in the global AI race, but also do so while upholding the strictest data sovereignty. But now the Cologne-based flagship company is taking a drastic step: Data processing will be partially outsourced to the US giant Amazon Web Services (AWS). Those who do not agree to the new terms and conditions face termination. What DeepL considers an economically logical and necessary step towards global scaling, on closer inspection reveals itself to be a damning indictment of the European digital economy. Our comprehensive analysis reveals why DeepL's strongest selling point – absolute protection against US government access – is now showing cracks, how the US CLOUD Act undermines European data protection efforts, and why this move must serve as an urgent wake-up call for policymakers and businesses.
Related to this:
Europe translates itself out of the game
A dam break that was predicted
On May 20, 2026, a chapter in the history of the European digital economy will come to an end, a chapter long considered proof that data sovereignty and technological excellence are compatible. DeepL, the Cologne-based translation service that for years positioned itself as a privacy-friendly alternative to American tech giants, is partially outsourcing its data processing to Amazon Web Services (AWS). This decision is not merely a turning point in the corporate history of a single startup. It is a symptom that shines a light on the deep structural deficiencies of the European digital economy and a wake-up call that policymakers, businesses, and society alike should take seriously.
Anyone who hasn't objected to DeepL by May 19, 2026, has tacitly agreed to a fundamental change in data processing practices. Those who object will receive termination notices – no later than December 31, 2026. With this binary logic of either accept or leave, DeepL has left its customers with no real choice. What remains is the sobering realization: the strongest argument DeepL had for years against Google Translate, Microsoft Translator, and other competitors – namely, its exclusive processing of data on its own European servers – has fallen away.
How DeepL became a symbol of European digital strength
To understand the significance of this step, one must consider what DeepL has built over the past few years. The company was founded in 2016 as a spin-off from Linguee GmbH and established in 2017 by Jaroslaw Kutylowski as an independent AI translation service. What followed was one of the most impressive growth stories in the German startup scene. DeepL was profitable from the very beginning – a rarity in an industry where losses are considered a growth strategy.
In 2023, the company's valuation exceeded one billion euros for the first time. A $300 million funding round followed in May 2024, led by Index Ventures, with participation from ICONIQ Growth, Teachers' Venture Growth, IVP, Atomico, and WiL. This raised the company's valuation to two billion dollars, making DeepL the most valuable German AI company. Over 100,000 companies, governments, and institutions worldwide use the service, including Deutsche Bahn, Zendesk, Nikkei, and Coursera. More than 900 employees work for the Cologne-based company, which now supports 32 languages and is considered a technological leader in machine translation.
What made DeepL special wasn't just its translation quality, which is regularly rated as superior to Google Translate. It was the promise behind the technological achievement: highly accurate, secure translations, processed on European servers, without sharing data with US corporations, and in compliance with the General Data Protection Regulation (GDPR). For law firms, consulting firms, research institutions, government agencies, and anyone else who needs confidential texts translated, this promise was the decisive factor. DeepL was therefore less a product than a philosophy.
What the change to the terms and conditions means in concrete terms
DeepL's official communication aims to reassure customers. AWS is being integrated into the services as a sub-processor to improve reliability, scalability, and global reach. Data will remain encrypted both in transit and at rest. AWS will not control or access customer data in a usable form. Business customers will have the option of managing their own cryptographic keys and revoking data access at any time using BYOK (Bring Your Own Key) technology.
Technically, this is not a contradiction. Data can reside on AWS servers and still be processed in a way that prevents direct access to the content. DeepL also emphasizes that it continues to comply with all relevant certifications: the BSI C5 Type 2 certification, HIPAA, GDPR, ISO 27001, and SOC 2 Type 2. For cases where data is processed outside the European Economic Area, standard contractual clauses from the EU Commission have been implemented.
From a legal perspective, however, the situation is more complex than DeepL portrays it in its customer communications. While DeepL has indeed created a Transfer Impact Assessment (TIA) for AWS – dated February 2026 and comprising seven pages in tabular form – data protection experts consider the document more of a descriptive analysis than a genuine risk assessment. This is no small matter: Clause 14 of the EU Commission's Standard Contractual Clauses mandates a substantial risk assessment that evaluates the actual level of legal protection in the recipient country – and this is precisely where the real problem begins.
The CLOUD Act: The Sword Over the Data
The US CLOUD Act, signed by Donald Trump in March 2018, is one of the most consequential pieces of legislation for international data protection. The acronym stands for "Clarifying Lawful Overseas Use of Data Act" and regulates the conditions under which US law enforcement agencies may access data from US companies – even if that data is stored outside the US. The crucial implication: Data does not need to be transferred to the US for US authorities to request access. US companies that operate servers in Europe are nevertheless subject to the CLOUD Act.
Amazon is a US company. AWS servers may be located in Frankfurt, Dublin, or Paris – but Amazon remains the operator. This means that if US authorities lawfully contact AWS under the CLOUD Act, AWS is generally obligated to disclose data. While US courts can block this process if non-US citizens are affected, they are not required to do so. The General Data Protection Regulation (GDPR) offers no legally binding counterweight in this case. European data protection laws apply within the territory of the EU; US law applies globally through US companies.
In practical terms, this means that anyone who translates texts with DeepL without an enterprise subscription and without BYOK key management theoretically accepts the possibility that US authorities could gain access to this data. This is not a hypothetical scenario for paranoid privacy advocates. It is a legally defined risk that applies to everyone who runs confidential company texts, legal documents, internal communications, or sensitive business information through a translation tool. Universities and federal agencies have already begun revising DeepL's terms of service.
The structural dilemma: Scaling without infrastructure
DeepL is not an isolated case. The decision to rely on AWS infrastructure reflects a structural problem that is widespread in the European digital economy and affects almost all growing AI companies. The core of the problem can be summarized in one sentence: Europe has the ideas, the talent, and increasingly the money for AI – but not the infrastructure to operate this AI on a global scale.
More than 80 percent of critical digital technologies in Europe depend on non-European providers. This dependency is particularly pronounced in cloud infrastructures and AI models, which are dominated by US and Chinese companies. Seventy percent of the world's core AI models originate in the US, while Europe accounts for only 7 percent of global applications in software, the internet, and microchips. Only four of the world's 50 leading technology companies are headquartered in Europe.
The real bottleneck for AI scaling is graphics processing units (GPUs). Europe's entire public AI computing park currently comprises tens of thousands of GPU accelerators – a single large US data center already exceeds this capacity. Nvidia holds between 80 and 90 percent of the AI accelerator market; virtually all European AI projects, even those operating under the guise of digital sovereignty, run on Nvidia hardware. The EuroHPC JUPITER in Jülich – Europe's first exascale computer and a flagship of European computing infrastructure – operates with around 24,000 NVIDIA GH200 superchips.
So, if a company like DeepL wants to scale—beyond European borders, towards the American and Asian markets, where the decisive growth potential now lies—it quickly reaches the limits of what's available. AWS, Microsoft Azure, and Google Cloud offer the necessary capacity. European alternatives, most notably OVHcloud, Hetzner, and the Telekom Cloud, exist and are growing, but they don't yet provide the global reach and scalability that a company like DeepL needs for its operations. This decision is therefore not a failure of any single company, but a rationally understandable reaction to framework conditions that Europe has failed to create over decades.
The capital deficit as a driver of infrastructure dependency
A key reason for the lack of European infrastructure lies in chronically different levels of investment. Between 2020 and 2025, the US invested €1.33 trillion in venture capital, 34 percent of which went to AI. Europe invested €252 billion over the same period, of which only 18 percent went to AI startups. China, with US$425 billion and a 19 percent share in AI, falls in between. In large funding rounds exceeding €25 million, the participation of European investors drops to a mere 26 percent; the lion's share of late-stage growth financing comes from US and British investors.
This leads to a paradoxical situation: European AI startups scale with foreign capital and on foreign infrastructure. If Index Ventures, ICONIQ Growth, and Teachers' Venture Growth are DeepL's largest investors, then it should come as no surprise that the company will sooner or later become infrastructurally dependent on US providers. Capital and infrastructure come from the same source; in the long run, it's difficult to accept one without accepting the other. The investment backlog is also manifested in political clout. With its Action Plan for the AI Continent, the EU Commission presented an ambitious program in April 2025: 13 AI factories on European supercomputers, an InvestAI initiative with a total volume of €200 billion, including €20 billion for data center infrastructure, and the planning of AI gigafactories, each with over 100,000 GPUs. This sounds like a serious commitment. However, the first of these gigafactories is not expected to be operational until 2027. Until then, European companies decide every day which infrastructure they use – and the available capacity is currently almost entirely in US hands.
🎯🎯🎯 Data-driven B2B industry hub as a quasi-in-house solution
The quasi-in-house solution: How Xpert.Digital closes operational gaps in B2B marketing and sales – Smart Content-Driven Business - Image: Xpert.Digital
Xpert.Digital is a data-driven B2B industry hub led by Konrad Wolfenstein . The company acts as an external, quasi-in-house solution for industrial partners, closing operational gaps in marketing, content, and sales – without requiring additional resources on the client side.
More information here:
Why Gaia-X failed and what Europe now needs to build
Gaia-X and the misery of European infrastructure initiatives
Anyone wanting to discuss European digital sovereignty cannot ignore Gaia-X. Launched in 2019 as a prestigious German project, this cloud ecosystem was intended to give Europe its own sovereign data infrastructure and end its dependence on AWS, Azure, and Google Cloud. The initial list of participants was impressive: Bosch, Siemens, SAP, Deutsche Telekom, the Federation of German Industries (BDI), Bitkom, and numerous other companies and institutions joined the initiative. What followed was one of the most instructive analyses of failures in European digital policy.
European bureaucracy hampered the project from the outset. Worse still, the very US hyperscalers – Microsoft, Amazon, and Google – whose dominance Gaia-X was intended to counterbalance, were admitted as members. Founding member Nextcloud publicly withdrew, criticizing the initiative for being ground down in the slow-motion machinery of state-controlled innovation projects. Nevertheless, Gaia-X has not failed – it has merely fundamentally changed its objective. What began as an ambitious cloud platform project has become a framework for secure data spaces that coexists with the hyperscalers instead of competing against them. This is useful, but it is not what was originally envisioned.
The failure of the initial Gaia-X concept as an independent European cloud is symptomatic. The political will was there, but the coordination was lacking. The willingness to classify infrastructure as strategically critical and back it up with the corresponding investment volumes was absent. Instead, Europe resorted to regulation: the GDPR, the AI Act, the Data Act, the Digital Markets Act. These regulations are important and make sense. But they don't create servers, GPUs, or fiber optic connections. They regulate what can be done with existing infrastructure – not the existence of European infrastructure itself.
Related to this:
The geopolitical foundation: When tech companies become weapons
DeepL's decision comes at a time when the geopolitical dimension of digital dependencies is no longer abstract. Economists explicitly warn that the US government under Donald Trump could use technology companies as a political weapon in the economic conflict with Europe. What sounds like an extreme statement is, upon closer examination, a realistic description of possible escalation scenarios. The US has already demonstrated its use of tech export controls as a foreign policy instrument: The restrictions on the export of NVIDIA H100 chips to China in 2023 showed the global AI market how quickly computing power can become a bargaining chip in trade disputes.
Arthur Mensch, CEO of Mistral AI, one of the few European companies developing its own AI fundamental models, summed it up perfectly: Europe has only two years left to establish its own AI infrastructure – otherwise, it risks permanent dependence on American tech giants, leading to digital vassalage. If American providers monopolize the market, European players will have no options. Those who lack control over computing power cannot assert their own values. In a world where crucial digital services are imported from the US, Europe has no bargaining power with Washington.
The analysis hits the nail on the head. Sovereignty is not a declaration of intent – it is a physical fact. Anyone who routes their data through servers owned by a US company accepts that US law will govern that data flow. The CLOUD Act establishes an extraterritorial legal logic that cannot be fully neutralized by European data protection laws. This is not fear-mongering; it is a legal reality that European companies and institutions handling confidential data must adapt to.
What companies and users should do now
This leads to a differentiated consideration of data sensitivity when making specific usage decisions. For those who use DeepL to translate publicly available texts, marketing materials, or general business documents without confidential content, little will change in practice. The encryption remains, the quality remains, and the certifications remain in place.
The situation is different for those who chose DeepL specifically because of its European server architecture: law firms that need client correspondence translated, pharmaceutical companies that process clinical trial protocols, government agencies that translate internal documents into English, and research institutions that need to protect unpublished data. For these user groups, the situation will be fundamentally different after May 20, 2026. Using DeepL for such texts without an enterprise subscription and BYOK encryption would at least require critical review from a GDPR perspective.
What alternatives exist? Those requiring complete data sovereignty essentially have four options: first, using DeepL with an enterprise subscription and BYOK encryption, which at least partially restores control over data accessibility; second, switching to services like Proton Lumo, which explicitly rely on European data storage; third, using locally deployable translation models on one's own infrastructure; and fourth, using AI services based on open-weight models like those from Mistral, which can be operated entirely on-premises. None of these options is as convenient and practical for everyday use as DeepL in its current form – but that's the price of the lack of European infrastructure.
Germany's hesitancy and Telekom as a silver lining
Amidst these structural weaknesses, there are promising approaches. Deutsche Telekom launched its Industrial AI Cloud in Munich on February 4, 2026. With an investment of one billion euros, approximately 10,000 NVIDIA Blackwell GPUs, and a computing power of up to 0.5 exaFLOPS, this center is one of the most powerful sovereign AI data centers in Europe. It is powered by 100 percent renewable energy, adheres to strict German data protection standards, and is geared towards businesses, research institutions, and public organizations. The facility increases Germany's total AI computing capacity by around 50 percent.
This is substantial – but it's still a drop in the ocean on a global scale. Microsoft alone has announced plans to build $80 billion worth of AI-enabled data centers by 2025. The asymmetry between the private sector capacity the US is investing in AI infrastructure and that of Europe is so vast that even ambitious national initiatives won't be able to close the fundamental gap in the coming years. Europe doesn't need a single Telekom cloud in Munich. It needs ten, twenty, thirty such centers, networked, coordinated, and with a data protection architecture that can withstand even extraterritorial legal claims.
What politics should learn – and what it has so far avoided
The DeepL story contains a political lesson that extends far beyond the digital economy. Europe has taken a global leadership role in AI regulation in recent years. The EU AI Act is the world's first comprehensive AI regulatory framework. The GDPR has influenced global standards. The Digital Markets Act curbs the market power of the major platforms. All of this is correct and important. But regulation without corresponding infrastructure creates an imbalance. It results in strict rules for infrastructure that you don't own and don't fully control. This is like imposing strict environmental regulations on power plants located abroad.
The real consequence of the DeepL case is that Europe cannot win its race for digital sovereignty at the regulatory level. It has already won there, at least normatively. The competition is taking place at the infrastructure level: Who has the data centers? Who has the chips? Who has the energy capacity? Who has the broadband networks? These are the questions that will determine whether European AI companies like DeepL can scale on European soil in the future – or whether they will sooner or later follow the same path as DeepL is now.
With its AI Action Plan, the European Commission has at least identified the direction. The planned €200 billion for AI infrastructure, the AI gigafactories, the integration of EuroHPC into an AI-capable computing architecture – these are the right answers to the right questions. The challenge lies in speed. Every European AI company that scales today and cannot find European infrastructure is making a decision that will have a precedent for years to come. Once migrated to AWS, the effort required to move back is considerable. The moment companies make their infrastructure decisions is the moment that counts – not the moment the European gigafactory opens in 2027.
Loss of trust as economic damage
Beyond the technical and legal dimensions, the real economic damage of the DeepL decision is a loss of reputation that is difficult to quantify but highly real. DeepL has built its business model on trust for years. Not cheap trust, but expensive trust – the trust of institutions that pay for data protection and chose DeepL Pro because it was the secure, European alternative.
This trust has now been damaged, at the very least. The extent of the damage will become clear in the churn rates of the coming months. For the broader European AI market, this sends a problematic signal: even the flagship startup that had successfully combined profitability, technological excellence, and data privacy cannot escape the gravitational pull of the US infrastructure in the long run. This discourages investors who saw European data privacy as a differentiating factor and competitive advantage. It discourages customers who believed they were on the safe side with European providers.
The truly pressing question is not what DeepL should have done differently. DeepL acted rationally as a company: it is growing, it needs infrastructure, and it chose the infrastructure that meets global demands. The question is why, after years of discussion about digital sovereignty, Europe is unable to provide this infrastructure. And the answer is uncomfortable: because Europe regulates before it builds, because it prioritizes bureaucracy over investment, and because it still hasn't fully grasped the urgency of the technological race. DeepL is not the problem. DeepL is the reflection of a continent-wide failure.
Your global marketing and business development partner
☑️ Our business language is English or German
☑️ NEW: Correspondence in your native language!
Konrad Wolfenstein
I and my team are happy to be available to you as your personal advisor.
You can contact me by filling out the contact form here wolfenstein@xpert.digital:or simply call me at +49 7348 4088 965. My email address is
I'm looking forward to our joint project.
