Skip to content
OS Domains
Compliance

AWS SES European alternatives in 2026: real Schrems II compliance for transactional email

Honest comparison of European-incorporated alternatives to AWS SES. What Schrems II actually requires, why the AWS European Sovereign Cloud is not a complete answer, and which providers fit different volume profiles.

Authored by: OS Domains Engineering · · 15 min read · 2,927 words
AWS SES GDPR Schrems II European Cloud Migration

Replacing AWS SES with a European provider has gone from a “nice to have” position for European senders to a procurement requirement during 2024-2026. The reasons are layered: the CLOUD Act tension that Schrems II surfaced, the EUR 264 billion that European companies spend annually on US hyperscalers (a sovereignty vulnerability that European policymakers now treat as strategic), the specific deficiencies of “EU sovereign cloud” offerings from US providers, and the practical operational need for sub-processors that pass European procurement reviews without lawyer-hours.

This is the article we wanted to read three years ago when we started building European email infrastructure. It covers what the regulatory environment actually requires, which “European” alternatives are actually European in any meaningful jurisdictional sense, and how to evaluate the tradeoffs honestly.

€264B
Annual EU spend on US hyperscaler cloud
European Parliament study, 2025
74%
Listed EU companies dependent on US email/productivity
European Parliament study, 2025
€7.1B
Cumulative GDPR fines issued since 2018
Enforcement tracker, Q1 2026
$0.10
AWS SES base price per 1K emails
Plus EU egress, monitoring, and operational overhead

Why AWS SES is operationally fine but compliance-problematic

AWS SES is genuinely a good service. It runs at hyperscale, the API is mature, the documentation is comprehensive, the pricing at $0.10/1K emails is hard to beat on raw cost. We have nothing against the engineering. The problem is structural and legal, not technical.

The structural problem is the CLOUD Act, the US federal law passed in 2018 that requires US-incorporated companies to produce data on demand from US authorities, regardless of where that data is physically stored. Amazon Web Services, Inc. is a Delaware corporation. AWS Europe SARL (the contracting entity for European customers) is a Luxembourg subsidiary, but its parent is still subject to US law. When a European DPA reviewing your sub-processor list under GDPR Article 28 looks at this chain, the conclusion is the same regardless of which AWS region you select: data accessibility extends to US authorities through the corporate structure.

AWS launched the European Sovereign Cloud in 2024 in response to exactly this concern. The architecture has independent EU-only operations, a separate corporate entity (AWS European Sovereign Cloud GmbH, German-incorporated), and EU-only personnel handling operations. It is a serious effort. It also does not include SES at this writing — the Sovereign Cloud is rolling out services region-by-region, and SES is not in scope for Q2 2026.

The four meaningful tiers of “European” alternatives

The market has more options than people realize, but they cluster into four tiers based on what kind of compliance position they actually deliver.

Tier 1: European corporations with EU-only operations

These are vendors incorporated in an EU/EEA member state with all operations and sub-processors in the EU/EEA. No US parent. No US sub-processor. CLOUD Act does not reach. This is the cleanest position for procurement.

Examples for transactional email:

  • Scaleway TEM (France) — French cloud provider, transactional email service launched 2023.
  • Mailjet (France) — Established player, owned by Pathwire (Sinch) but operates with French entity contracting and French/EU data centers. The Sinch parent introduces some complexity for ultra-strict procurement but the contracting entity remains French.
  • Brevo / Sendinblue (France) — Marketing-focused but offers transactional API.
  • OVHcloud Email Pro (France) — Less feature-complete than dedicated email services but useful for senders already in OVHcloud.
  • OS Domains (Austria) — Our own service. Disclosure: this is our blog. We are listed because we fit the criteria.

Tier 2: European corporations with mixed sub-processor chains

These are EU-incorporated vendors whose own infrastructure is in the EU but who use one or more US-headquartered sub-processors for specific functions (typically CDN, monitoring, or analytics). They satisfy the front-door GDPR requirement but require Schrems II analysis on the sub-processor chain.

Examples: most “European” SaaS that uses Cloudflare for CDN or Datadog for monitoring fits here. The sender needs to do the Schrems II analysis on those sub-processors, which is workable but adds procurement friction.

Tier 3: US corporations with EU-region operations

These are US-headquartered vendors offering EU-region hosting. SendGrid EU, Mailgun EU, Postmark, Twilio. These satisfy the data-at-rest argument but the parent corporate jurisdiction means CLOUD Act applies. Procurement reviews will flag this as residual risk requiring justification.

Tier 4: Hyperscaler “sovereign cloud” offerings

AWS European Sovereign Cloud, Microsoft Cloud for Sovereignty, Google Cloud Sovereign Controls. These are designed specifically to address Schrems II. They are not yet feature-complete for email. As of Q2 2026, none of them includes a full transactional email service. Watch this space — when Amazon Sovereign Cloud SES ships, the calculus changes.

Comparing the realistic European options

For senders who actually want to migrate, the practical choice narrows quickly. Pricing reflects Q2 2026 published rates.

Provider Country Pricing model Strengths Weaknesses
Scaleway TEM France 🇫🇷 €0.40 per 1K
(after 300/mo free)
Pure French sovereignty
Simple SMTP + REST API
Integrates with Scaleway stack
Newer service (2023)
Limited template features
No dedicated IP option
Mailjet France 🇫🇷 €11/mo (15K)
€73/mo (150K)
Mature platform since 2010
Good templating system
Full API + SMTP
Dedicated IP option
Sinch (Swedish) parent introduces complexity
UI feels dated
Brevo (Sendinblue) France 🇫🇷 €19/mo (10K)
€55/mo (100K)
Marketing-first feature set
Good for senders who do both transactional + marketing
French legal entity contracting
Marketing-leaning UI for transactional users
Limited bare-SMTP performance
OVHcloud Email Pro France 🇫🇷 From €1/mo per mailbox
No per-email pricing
Cheap for low-volume
Integrated with OVH stack
SecNumCloud-eligible
Not a real transactional email service
No deliverability tooling
OS Domains Email API EU Austria 🇦🇹 €99/mo (500K)
€299/mo (1M)
€999/mo (5M)
SendGrid v3 + Mailgun v4 API compat
7 EU PoPs + Panama
Schrems II ready by design
Managed DMARC included on Pro+
Newer to market than Mailjet
Smaller community
Disclosure: that is us
AWS SES (for reference) US 🇺🇸 $0.10 per 1K
(after 62K/mo free if hosted)
Cheapest by raw price
Mature, broad ecosystem
Integrates with all AWS
CLOUD Act exposure
Procurement friction
Shared IP pool reputation
No built-in deliverability

Tier 1 European options for senders who need clean Schrems II compliance. Pricing approximate Q2 2026; verify current rates with each vendor.

The total cost story beyond the per-email rate

A common mistake when comparing AWS SES to European alternatives is to focus on the per-email price. SES is $0.10 per 1K. Most European options are €0.40 per 1K or higher. On the surface SES wins by 4×.

The real cost includes the operational pieces that SES does not include:

IP reputation management. SES uses shared IP pools by default. Your reputation depends on the worst sender sharing the pool that day. Dedicated IPs are available at $24.95/month each — which evaporates the price advantage at any meaningful volume.

Deliverability monitoring. Not included with SES. Adding GlockApps or similar costs $79-$199/month minimum.

Bounce categorization beyond the basics. SES gives you hard/soft bounces. Sophisticated suppression logic (block-after-N-bounces, reputation tier rules, ISP-specific retry logic) is your problem to build.

Compliance documentation. SES gives you a generic AWS DPA. For procurement reviews, you may need vendor-specific documentation — incident response procedures, sub-processor list, audit reports. AWS provides this through their compliance portal but you do the legwork.

Procurement time. This is real and quantifiable. We have seen European procurement reviews of US email vendors take 4-12 weeks of legal time. At €200/hour internal cost, that is €30K-€90K of soft cost on top of the contract value.

Realistic annual cost comparison (1M emails/month sender) All hidden costs included: dedicated IPs, monitoring, compliance time
0€ 3750€ 7500€ 11250€ 15000€ 1200€ AWS SES (basic) 6500€ AWS SES (with extras) 11000€ Mailjet Diamond 12000€ OS Domains Pro 15000€ AWS Sov Cloud (proj.)
Pure SES is cheapest at the per-email level. Once dedicated IPs, deliverability monitoring, and compliance documentation are included, the price gap narrows substantially. AWS Sovereign Cloud SES pricing is projected based on the Sovereign Cloud premium pattern observed for other AWS services.

Migration: what actually happens

We have led 30+ AWS SES → European provider migrations during 2024-2026. The process is not complicated but the details matter.

Phase 1: Inventory (week 1)

What does your application actually use SES for? Common patterns:

  • Single-purpose: only transactional notifications. Easy to migrate.
  • Multi-purpose: transactional + marketing + alerting. Harder; may want different providers per use case.
  • Tightly coupled: SES events feed into Lambda, S3, and SNS for analytics pipeline. Hardest; need to rebuild the event pipeline at the new provider.

Phase 2: Authentication setup (week 1-2)

DKIM and SPF for the new sending domain. If you keep the same From address, just update DNS. If you move to a sending sub-domain (recommended for dedicated reputation), set up mail.example.com as the new sender and update applications.

Phase 3: IP warming if applicable (weeks 2-6)

For dedicated IP setups, the new IP needs reputation building. Send small volumes initially, ramp gradually. This is a 4-6 week process. For shared IP setups, skip this step.

Phase 4: Cutover (week 6-8)

Switch DNS / config to the new provider. Monitor closely for 7-10 days. Keep AWS SES account live (no deletion) for 30 days as rollback option.

Phase 5: AWS cleanup (week 12)

After confidence period, delete SES configuration sets, release dedicated IPs, close the SES account. Save the cost.

The Schrems II analysis (what to put in your DPIA)

If you are a European sender doing the formal compliance work, the Data Protection Impact Assessment template needs specific elements. Here is what we recommend, having reviewed dozens.

For each email sub-processor:

  1. Corporate jurisdiction: Where is the contracting entity incorporated? Where is the ultimate parent?
  2. Data residency: Where is data at rest? Where does data travel during normal operations?
  3. Sub-processor chain: Who do they use? Where are those sub-processors?
  4. Lawful access exposure: Which government access regimes can compel data production?
  5. Mitigations: What technical and organizational measures reduce exposure?
  6. Residual risk: What remains? Is it acceptable for the data type?

For AWS SES, the honest answer to (4) includes US CLOUD Act, US FISA Section 702, and US National Security Letter authorities. The mitigations include encryption (but AWS holds the keys for managed services), audit logging (but does not prevent compelled access), and contractual commitments (but cannot override federal law). The residual risk is real and procurement reviews will note it.

For an EU-incorporated alternative, the answer to (4) is the EU member state’s law plus EU regulations. The exposure is qualitatively different: the US extraterritorial reach is removed, replaced with EU-internal legal process which is more predictable and auditable.

The AWS European Sovereign Cloud went live in 2026, and it changes the question without closing it

On 15 January 2026 the AWS European Sovereign Cloud reached general availability, with its first region in Brandenburg, Germany. This is not a rebranded EU region. It is a separate partition with its own console, its own identity and billing systems, its own root certificate authority, four dedicated German legal entities, EU-resident-only operations, and a €7.8 billion investment behind it, with expansion announced for Belgium, the Netherlands, and Portugal. The Sovereign Cloud Addendum commits that personnel outside the EU have no technical means to access customer content, and that AWS will redirect government data requests to the customer rather than answering them directly. As structural sovereignty work goes, it is the most serious move any hyperscaler has made.

The part it does not close is ownership. The German entities operating the partition remain wholly owned by Amazon.com, Inc., a United States corporation, and the CLOUD Act’s “possession, custody, or control” test points at the parent in Seattle regardless of where the bytes sit or who runs the consoles. Whether a US order against the parent would actually reach data inside the partition is legally unsettled, and “unsettled” is the word that reads badly in a data protection impact assessment. For most senders the Sovereign Cloud is a credible answer. For the buyer whose procurement language requires a provider “not subject to third-country law with extraterritorial reach,” an EU-incorporated provider with no US parent in the chain settles the question by structure rather than by contract. The distinction is whether your compliance rests on a written commitment from a US-owned entity or on the simple absence of a US parent that could be compelled.

Frequently asked questions

Does the AWS European Sovereign Cloud solve Schrems II for email?

It goes most of the way and stops at the ownership question. The partition is operated by EU residents on isolated infrastructure with contractual commitments against non-EU access, but the operating entities are still owned by a US parent, so the CLOUD Act exposure is reduced rather than removed. Whether that is sufficient depends on your risk appetite and what your auditor will sign off on.

Is AWS SES even available on the Sovereign Cloud partition?

Service availability on the partition rolls out over time and lags the mainstream regions, so confirm SES presence and feature parity on the partition before planning a migration onto it, rather than assuming the catalog matches the Frankfurt or Ireland regions you already use.

What is the simplest setup that removes the CLOUD Act question entirely?

An email provider incorporated in the EU with no US parent, no US sub-processors in the sending path, and data residency in a named member state. That configuration does not reduce the third-country exposure, it removes the third country from the chain, which is the difference between a strong contractual answer and a structural one.

Bottom line

AWS SES is operationally excellent and compliance-problematic for European senders post-Schrems II. The “European Sovereign Cloud” effort from AWS is sincere but not yet a complete answer for transactional email. EU-incorporated alternatives have matured enough to be production-grade choices.

For most European senders sending 100K-10M emails monthly, the migration is a 6-8 week project that pays for itself in procurement friction reduction within the first year. For senders below 100K, the simplest path is often Brevo or Mailjet on a published plan. For senders above 10M, the calculus typically favors a dedicated managed service with SLA contractual commitments — which is where our Email API EU product fits, but several other Tier 1 European providers are equally legitimate choices.

The most expensive option is to do nothing while procurement reviews stack up and your European clients quietly route their work to vendors who already cleared their compliance review.

Want help applying this?

The fastest path from this article to results.

These articles are not theory. They are the operational playbook we use for our own clients. If your situation matches what is described here, the next 30 minutes on a call decide whether we are the right fit.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment