The Post-Brexit Case for Amsterdam Infrastructure

Before Brexit, UK companies operated inside the EU’s single digital market. EU GDPR applied to you as a member state entity, and your data flows across European borders were seamless. That changed on January 1, 2021.

Today, the UK is treated as a third country under EU law. The European Commission renewed its adequacy decision for the UK in December 2025, which allows personal data to continue flowing freely from the EU to the UK through at least December 2031. So at the data transfer level, things still work.

But adequacy doesn’t solve everything. If you’re a UK company that offers goods or services to EU residents, or monitors their behavior, you’re subject to EU GDPR as a non-EU entity. That comes with obligations that UK-based operations don’t automatically satisfy.

The most commonly overlooked one is Article 27.

The Article 27 Problem Most UK Companies Miss

Under Article 27 of the EU GDPR, any organization outside the EU that processes EU residents’ personal data must designate a representative within the EU. That representative serves as the formal point of contact for EU supervisory authorities and for data subjects exercising their rights.

This requirement applies regardless of company size. A two-person SaaS startup with EU customers is just as obligated as a 500-person company. The exemption is narrow: it only covers processing that is occasional, doesn’t involve sensitive data at scale, and poses minimal risk to individuals. Most SaaS products, e-commerce platforms, and analytics-heavy applications won’t qualify.

Penalties for failing to appoint a representative can reach up to €10 million or 2% of global annual turnover, whichever is higher. Regulatory enforcement has also been increasing. EU supervisory authorities have been actively auditing Article 27 compliance, and complaints from EU data subjects who can’t find a local contact point trigger investigations.

Hiring an Article 27 representative service covers the legal minimum. But it doesn’t address the underlying infrastructure question: where does your EU customers’ data actually live?

Why Data Residency Is a Separate Problem From Adequacy

Adequacy means data can flow between the EU and UK without restriction. It does not mean EU customers’ data has to leave the EU. These are two different things, and confusing them can cost you deals.

Enterprise customers, particularly in financial services, healthcare, and the public sector, increasingly require contractual confirmation that their data stays within EU jurisdiction. RFPs ask for it directly. Procurement teams in Germany, France, and the Netherlands have standard data residency clauses. If your infrastructure answer is “our servers are in London”, that’s no longer sufficient.

There’s also a forward-looking risk to consider. The renewed UK adequacy decision was adopted partly to allow assessment of the UK’s Data (Use and Access) Act 2025. UK reforms remain intentionally modest to preserve EU adequacy status, balancing innovation with regulatory alignment. If UK data protection law diverges significantly from EU standards in the future, the adequacy status that currently allows free data flows could come under pressure. Companies that have already moved EU customer data to EU infrastructure won’t have a problem. Those that haven’t will be scrambling.

Hosting EU customer data in Amsterdam removes the cross-border transfer question entirely. Data stays inside EU jurisdiction, processed under EU law, without any need for Standard Contractual Clauses or transfer impact assessments on that data.

Why Amsterdam and Not Frankfurt or Dublin

If you’ve decided EU infrastructure makes sense, you have choices. Frankfurt and Dublin are common defaults. Amsterdam is often overlooked by UK companies, which is worth examining, because geographically and operationally it’s the strongest option for a UK business serving European markets.

Latency from the UK is minimal. Amsterdam sits around 10ms from London. That’s comparable to or better than routing to Dublin, and significantly closer than Frankfurt for UK-origin traffic. For applications where UK engineering teams need to manage EU infrastructure, or where your UK and EU deployments need to stay in sync, that proximity matters.

Amsterdam is Europe’s internet hub. AMS-IX, the Amsterdam Internet Exchange, is one of the largest internet exchanges in the world. OpenMetal’s Amsterdam infrastructure provides direct access to 4 internet exchanges and over 210 carriers, ISPs, and CDNs. That connectivity profile means lower egress costs, more routing options, and better performance to customers across the continent than most single-datacenter alternatives.

Geographic reach from Amsterdam covers your full EU customer base. From Amsterdam, you can reach London in roughly 5 to 8ms, Paris in 8 to 12ms, Frankfurt in 6 to 10ms, and Brussels in 10 to 15ms. For a UK company whose EU customers are concentrated in Western Europe, Amsterdam puts you at the center of that market.

The regulatory environment is stable and predictable. The Netherlands has a mature data protection authority (the AP), well-established co-location infrastructure, and a business environment that’s straightforward for foreign companies to operate in. You don’t need a Dutch entity to host infrastructure there.

For a deeper look at Amsterdam’s strategic position across different customer geographies, see Why Crypto and Blockchain Teams Choose Amsterdam for European Infrastructure and Why Amsterdam Works for Companies Serving Both Africa and Europe.

What EU Infrastructure Without EU Operations Actually Looks Like

A common objection from UK SaaS founders and CTOs is that “EU infrastructure” sounds like it means EU entity formation, EU employment contracts, EU accountants, and EU legal counsel. It doesn’t.

Hosting infrastructure in Amsterdam through a provider like OpenMetal means you’re renting physical resources in an EU-jurisdiction data center. Your company remains UK-incorporated. You don’t need Dutch directors, a VAT registration, or a local subsidiary. The infrastructure is in the EU; your business isn’t.

What you do need:

• EU GDPR compliance posture for EU data subjects (lawful basis, privacy notices, subject rights processes). This is a legal and compliance requirement regardless of where you host.
• An Article 27 representative. A service provider in an EU member state who can receive correspondence from EU supervisory authorities on your behalf.
• Data processing agreements with your infrastructure provider that reflect EU GDPR obligations.

The infrastructure piece is operationally straightforward. OpenMetal’s Amsterdam private cloud deploys in hours, not weeks. You’re not building a data center. You’re provisioning a Cloud Core or a set of bare metal servers in a facility that already has the compliance certifications your customers will ask about.

The Facility: What You’re Actually Getting

OpenMetal’s Amsterdam infrastructure is housed in Digital Realty’s AMS3 facility, located 10 minutes from Schiphol Airport. For UK companies used to Tier 3 and Tier 4 facilities in London, the spec is comparable.

The facility operates with a 99.999% availability SLA, N+1 UPS and cooling redundancy, dual power feeds with generator backup, and 100% renewable energy. Security includes 24×7 on-site staff, biometric access controls, and CCTV with 90-day retention. Compliance certifications cover SOC 1 and SOC 2, PCI-DSS, ISO 27001, ISO 22301, and ISO 50001.

Full facility specs are available at the Amsterdam data center specifications page.

Infrastructure Options and What They’re Good For

UK companies typically arrive at Amsterdam with one of two needs: an OpenStack private cloud for multi-tenant workloads, or dedicated bare metal for applications that need consistent performance without hypervisor overhead. OpenMetal offers both from Amsterdam, with same-day deployment and fixed monthly pricing.

Hosted Private Cloud

If you want a full OpenStack environment without managing the underlying hardware yourself, OpenMetal’s hosted private cloud deploys from Amsterdam the same day. You get a production-ready private cloud powered by OpenStack and Ceph, with full root access, fixed monthly pricing, and no egress surprises. It’s a good fit for teams that need EU data residency and want to spin up VMs, object storage, and networking under one roof without the overhead of building an OpenStack cluster from scratch. Use the cloud deployment calculator to size your configuration.

Bare Metal Dedicated Servers

For teams that need single-tenant hardware with direct resource access and no hypervisor overhead, bare metal is available across a range of configurations in Amsterdam. All servers include 20Gbps private bandwidth, RAID 1 boot disks, and fixed monthly pricing.

Current Amsterdam options for both hosted private cloud and bare metal dedicated servers include:

Medium V4 at $619.20/month. The most accessible entry point for EU production workloads. Dual Intel Xeon Silver 4510 processors (24 cores/48 threads), 256GB DDR5 RAM, 6.4TB NVMe storage, and 2Gbps public egress. Well-suited for smaller production deployments where you need EU data residency without overprovisioning.

Large V4 at $1,173.60/month. A top seller and the configuration most UK teams reach for when running real EU customer workloads. Dual Intel Xeon Gold 6526Y processors (32 cores/64 threads), 512GB DDR5-5200 RAM, 12.8TB NVMe across two drives, and 4Gbps egress.

XL V4 at $1,987.20/month. The flagship configuration and another top seller. Dual Intel Xeon Gold 6530 processors (64 cores/128 threads), 1TB DDR5 RAM, 25.6TB NVMe across four drives, and 6Gbps egress. The right starting point for large OpenStack clusters, Kubernetes at scale, or data-intensive applications serving EU customers.

XL V4 High Frequency at $2,188.80/month. For latency-sensitive applications, this configuration uses dual Intel Xeon Gold 6544Y processors running at 3.6/4.1GHz base/boost, with 32 cores/64 threads, 1TB DDR5-5200 RAM, and 25.6TB NVMe. Worth evaluating for real-time analytics, trading infrastructure, or any workload where clock speed matters more than core count.

XXL V4 at $2,779.20/month. The same dual Xeon Gold 6530 processor configuration as the XL V4, but with 2TB DDR5 RAM, 38.4TB NVMe across six drives (up to 24 slots available), and 10Gbps egress. Built for workloads where memory and storage density are the primary constraint.

Storage Large V1 at $734.40/month. For teams that need to store large volumes of EU customer data economically, this configuration pairs dual Intel Xeon Silver 4210R processors with 128GB DDR4 RAM, 12x 12TB HDDs, and 4x 1.92TB NVMe, with 4Gbps egress.

Older hardware generations (V3, V2.x) are also available in Amsterdam at lower price points for teams where budget matters more than the latest silicon. The Large V2.1, for example, runs at $986.40/month with 512GB DDR4 RAM and dual 6.4TB NVMe drives. Still highly capable dedicated options at a great price point!

See the full bare metal pricing page for the complete Amsterdam lineup, and use the egress pricing calculator to model data transfer costs before you commit to an architecture.

The Window Before This Becomes Urgent

Right now, the EU’s adequacy decision for the UK provides a degree of regulatory buffer. Data can flow. The pressure is incremental. You feel it when you lose an enterprise deal to a competitor with EU infrastructure, or when a procurement team adds a data residency clause you can’t satisfy, or when a prospect’s legal team asks where their data lives and the answer is “London.”

That pressure increases if UK data protection law begins to diverge meaningfully from EU standards. The Data (Use and Access) Act 2025 introduced targeted changes, and while the UK government has kept reforms modest to protect adequacy status, the relationship between ICO guidance and EDPB guidance is already creating dual-compliance complexity for companies operating across both frameworks.

Companies that get EU infrastructure in place now are solving a problem before it becomes a crisis. The companies that wait are betting on regulatory stability that isn’t fully within their control.

What to Do Next

If you’re a UK SaaS company with EU customers still running everything out of a UK data center, the path forward is cleaner than it might look:

1. Identify which customer data is subject to EU GDPR. Any data from EU residents where you’re offering goods or services qualifies.
2. Determine whether your Article 27 representative requirement is met.
3. Evaluate the infrastructure gap between where that data lives now and where it needs to live for EU residency.

OpenMetal’s Amsterdam infrastructure is available to deploy immediately. View Amsterdam infrastructure and pricing to see Cloud Core configurations, bare metal options, and what a same-day EU deployment actually looks like.