The Lidl Cloud: How Europe's Largest Retailer Is Building a Sovereign Hyperscaler — and What It Means for Your Migration Strategy

Europe's largest retailer just broke ground on a €11 billion data center. Not to sell groceries online. Not to optimize supply chains. But to become Europe's first homegrown hyperscaler and challenge AWS, Azure, and Google Cloud on their own turf.

The Schwarz Group — the parent company behind Lidl and Kaufland — is building a 200MW, 100,000-GPU data center campus in Lübbenau, Germany, on the site of a decommissioned coal power plant south of Berlin. The first phase is scheduled for completion by the end of 2027. It is backed by €175 billion in annual retail revenue, strategic partnerships with SAP, Google, and German AI company Aleph Alpha, and an explicitly stated mission to end Europe's dependence on American cloud infrastructure.

For European companies currently evaluating their Microsoft 365 dependency, considering open-source alternatives like Nextcloud or Alfresco, or simply wondering whether a credible European IaaS/PaaS provider will ever exist — this changes the conversation entirely.

What This Article Covers

This article examines what STACKIT, the Schwarz Group's cloud platform, actually offers today, what the Lübbenau data center will enable, and critically — whether this represents a viable path for European organizations looking to reduce or eliminate their dependency on US-based Big Tech platforms. I assess STACKIT as an Azure/AWS replacement, evaluate its relevance for self-hosted platforms like Nextcloud and Alfresco, and explore the emerging sovereign workplace ecosystem forming around it.

From Supermarket Aisles to Server Racks

Running 14,200 stores across 32 countries generates enormous volumes of sensitive data. When the Schwarz Group evaluated where to host it all, it concluded that no existing European cloud provider could meet its security and sovereignty requirements — and using AWS or Azure meant accepting the US CLOUD Act.

So they built their own. What started as an internal cloud platform in 2018 became STACKIT GmbH in 2023, then part of Schwarz Digits — a dedicated IT division employing around 7,500 people and generating €1.9 billion in annual revenue. The division also includes XM Cyber (cybersecurity), an investment in Aleph Alpha (AI), and partnerships with Wire (secure communications) and SAP.

The Lübbenau data center scales this internal capability into a genuine European hyperscaler serving external customers.

What STACKIT Offers Today

STACKIT provides a solid IaaS and PaaS foundation: virtual machines, block and object storage, networking, managed Kubernetes (SKE), Cloud Foundry, and managed databases (PostgreSQL, MongoDB, OpenSearch). For organizations running workloads on Azure VMs or AWS EC2, this is directly comparable. For teams using Azure Kubernetes Service or AWS EKS, SKE is a credible alternative.

The critical gap is SaaS. STACKIT does not offer its own productivity suite — it is the infrastructure layer, not a drop-in replacement for Microsoft 365 or Google Workspace. The service catalog has perhaps 20-30 services compared to Azure's 200+, and the global presence is limited to Germany and Austria.

However, STACKIT is building a sovereign application ecosystem through partnerships — and this is where the strategy gets interesting.

The Sovereign Workplace Ecosystem

Rather than building an M365 competitor from scratch, Schwarz Digits has assembled a portfolio of partnerships:

Google Workspace on STACKIT — hosted on STACKIT infrastructure with client-side encryption. The Schwarz Group is migrating its own 575,000 employees to this instance. It is a pragmatic improvement over American-controlled infrastructure, but it is not true digital sovereignty. Google remains a US company subject to the CLOUD Act and FISA Section 702. The keys to the data may be European; the keys to the software are not. For organizations pursuing genuine sovereignty, this is a stepping stone, not a destination.

Wire — Swiss-German end-to-end encrypted messaging using the MLS protocol. Already used by the Schwarz Group for board-level communications. Purpose-built for high-assurance scenarios and federated cross-organization communication.

openDesk — the German government-backed open-source workplace suite (Nextcloud, Collabora Online, Element, OpenProject) available as SaaS on STACKIT. Primarily targeted at the public sector.

SAP on STACKIT — through the RISE with SAP program, organizations can run S/4HANA on STACKIT infrastructure within European jurisdiction.

PhariaAI — Aleph Alpha's sovereign AI suite running natively on STACKIT, enabling organizations to train and deploy AI models without proprietary knowledge leaking into external training data.

Can an M365 Company Migrate to STACKIT?

Yes — but it requires honest planning, not wishful thinking. Microsoft 365 is an integrated ecosystem where SharePoint, Teams, Exchange, OneDrive, Power Platform, Entra ID, and Purview are deeply intertwined. You cannot simply lift it and drop it onto STACKIT. You need to decompose it and find sovereign replacements for each capability.

Document management and file storage — this is the most mature replacement path. Nextcloud Hub or Alfresco on STACKIT (VMs, Kubernetes, managed PostgreSQL backends) can replace SharePoint and OneDrive. Your files, metadata, and database all reside on GDPR-compliant infrastructure with no CLOUD Act exposure. STACKIT does not offer these as managed SaaS, so you deploy and manage the application yourself or use a partner.

Email — this is the single biggest gap. Exchange Online is where Microsoft shines brightest, and STACKIT offers no managed email service. Self-hosting email (Open-Xchange, Zimbra) on STACKIT VMs means owning the entire operational burden — spam filtering, deliverability, backup, high availability, security patching, 24/7 monitoring. The savings from leaving Microsoft get consumed by the engineers needed to run it. For most organizations, email should be the last workload to migrate, not the first.

Team communication — if you are already migrating to Nextcloud, start with Nextcloud Talk. It is included at no additional cost, supports encrypted video/audio calls, chat, screen sharing, and integrates natively with Nextcloud files, calendar, and tasks. For most internal communication, Talk is more than sufficient. Consider Wire as an additional layer only if you need high-assurance communications — board-level discussions, cross-organization federation, or regulatory scenarios where MLS protocol guarantees matter. Some organizations run both.

Identity and access management — organizations deeply integrated with Entra ID will need Keycloak or Univention Corporate Server on STACKIT. This is often the hidden blocker.

Compliance and governance — Microsoft Purview has no single open-source equivalent. Retention policies, classification, eDiscovery, and audit trails need to be reconstructed using Nextcloud's or Alfresco's built-in capabilities, potentially supplemented by dedicated GRC tooling.

The Realistic Migration Path

The realistic path is a phased sovereignty transition over 12–24 months:

1. Assess and classify — Map your M365 and Azure estate. Classify every workload by sovereignty sensitivity.
2. Migrate infrastructure — Move Azure VM and container workloads, databases, and networking to STACKIT.
3. Migrate documents — Extract documents, metadata, permissions, and version history from SharePoint Online to Nextcloud or Alfresco on STACKIT. This is the hardest phase.
4. Transition the productivity stack — Enable Nextcloud Talk, replace OneDrive with Nextcloud file sync, add Wire only if needed.
5. Rebuild compliance — Reconstruct retention policies, classification schemes, and audit trails.
6. Email (when ready) — Keep Exchange Online until a managed sovereign email service emerges.

Why the €11 Billion Matters

The single biggest risk with European cloud alternatives has always been sustainability — companies fear investing in a migration to a provider that might fail or stop growing. The Schwarz Group's commitment, backed by €175 billion in annual retail revenue, fundamentally changes the risk calculus. This is not a venture-funded startup. The €8.5 billion allocated to IT infrastructure (primarily GPUs) positions STACKIT not just as an alternative hosting provider, but as a platform for AI training and inference at European scale — increasingly critical as the EU AI Act requires demonstrable control over training data and model behavior.

What This Means for European Companies

For regulated industries (pharma, finance, healthcare, defense): The combination of STACKIT + SAP + sovereign Google Workspace + Wire + PhariaAI creates, for the first time, a complete sovereign technology stack that can meet GDPR, NIS2, DORA, and industry-specific compliance requirements without US cloud dependency.

For companies running SharePoint and M365: STACKIT is not a platform you migrate SharePoint to directly. But it is the infrastructure that makes a migration to Nextcloud or Alfresco genuinely viable at enterprise scale, with the security and compliance backing large organizations require.

For any European company worried about the CLOUD Act or unpredictable US policy changes: STACKIT offers an insurance policy. Even if you do not migrate today, a credible European hyperscaler means you have a realistic exit path.

Planning the Information Architecture Is the Real Work

The technology choice is only half the migration. The other half is information architecture: deciding where every document type, metadata schema, permission model, and retention policy lands on the target platform before you move a single file.

This is where migrations go wrong. Organizations arrive at the target platform without a clear plan for how their information should be structured. The result is a disorganized pile of files that technically migrated but practically broke every governance workflow the business depended on.

For regulated industries, this is not just an inconvenience — it is a compliance failure. GxP-regulated documents must maintain chain of custody. Retention policies must survive the transition. Sensitive and controlled documents must arrive in the correct location with the correct access controls, or the migration itself becomes a regulatory event.

The Caveats

Scale and maturity. STACKIT generated €1.9 billion in 2024, compared to AWS's $100+ billion. The service catalog is lean and the partner ecosystem is young.

Vendor concentration risk. Moving from Microsoft dependency to Schwarz Group dependency is a dependency shift, not elimination. The use of open-source technologies (OpenStack, Kubernetes) at STACKIT's core mitigates this — your workloads should be portable.

Migration complexity is real. Leaving M365 requires organizational commitment, budget, change management, and patience. Companies should not underestimate the effort, but they should also not let complexity become a reason for inaction.

Conclusion: The European Cloud Just Got Real

For years, "European digital sovereignty" has been a policy aspiration more than a practical reality. Gaia-X generated more PowerPoint decks than usable infrastructure. European cloud providers remained regional players with limited scale.

The Schwarz Group's €11 billion entry changes this. Not because STACKIT is ready to replace Azure today — it is not — but because for the first time, there is a European actor with the financial muscle, strategic commitment, and growing technical capability to build hyperscaler-grade infrastructure within European jurisdiction.

Start planning now. Map your M365 estate. Classify your data by sovereignty sensitivity. Evaluate STACKIT alongside other European providers. And engage a migration partner who understands both the source platform and the regulatory landscape. The question is no longer whether European companies can leave Big Tech — it is whether they will start planning before circumstance forces their hand.