There's an immediate solution: local-first software.
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
I really like this idea but I have a few questions.
Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more.
So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be.
So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say.
I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now)
I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases.
When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers.
Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers.
I expect the same situation will happen to you. But I am just speculating.
A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance.
But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe.
At its heart, this is about Europe for Europe. People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. And there’s been a long line of foreign - American - businesses which have promised that European data will always stay on European soil. And it’s quite clear that promise was not always kept.
I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners.
> Some data sharing arrangement can be generated...
The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM).
Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening).
The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite.
That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof.
With permits and fees and accounting assistance you'd probably land around 1500 per year having a OÜ company in Estonia. If you aren't going to make more than that I don't really see the point of having a company, you might as well save up that amount in cash and hold it in case you personally become liable from whatever activity you want to do.
Edit/Update: After countless discussions in here and other (thanks to everyone for giving suggestions!)
I have decided to be transparent and here's what I will most likely do if I ever create a company.
I would firstly create an Indian company & operate it as such. I will try to be GDPR compliant from day one, and still use EU providers/privacy providing services instead of hyperscalers in general.
Instead of trying to get a legal thing which says EU first or India first, I will try to be privacy first, by open sourcing things or relying and contributing to either open source or at the very least source available licenses (so that people can indepdently audit, I prefer using open source but we will see how much monetizable it is, I am not looking for too much money as I am frugal but still I do want sustainability, I might start out source available and pledge to release it open source once the project might reach enough users let's say or I can earn "enough" with a proper definition)
So a big emphasis on privacy & sustainability. most EU cloud options are definitely green as well (like Netcup) so I can get that checkbox available as well most likely but there isn't any guarantee but still my point is I would still try to keep Climate change in mind as a factor hopefully too while still optimizing for a good enough price range.
I will also create a blog post probably highlighting all of this and also the fact that I am willing to go EU first if my product would focus on EU/actually trends with EU consumers/businesses & then I will establish an estonia company as people have said here and make my Indian company the subsidiary of my estonian company and use either a fin-tech solution either from the start of my Indian company which could support SEPA or other EU solutions or I will do it afterwards with a proper bank account/fin-tech support after I make an estonian company (which I would if my project can make say make some fixed amount of money most likely from EU customers such that the 1000 euros or more becomes a reasonable investment, or If I ever create a EU branch, my point is I will try to make the EU branch the head branch and Indian branch subsidiary and not vice versa hopefully though, currently please take what I am saying with a grain of salt as I can be wrong I usually am, I am just figuring out life :] and how to build and live off of building things that I myself would enjoy working on/the ideas around it like infrastructure decisions etc!)
My point is I am very much more open to work with sustainability/privacy goals with a more focus on open source and probably try not to take any VC funding hopefully and still be day one profitable & transparent/sustainable. Nothing's set in stone right now but hopefully I am able to explain what I think about these ideas.
This is a good thing and a required first step, but it's a drop in the sea.
All MacOS, iOS, Windows and Android are all produced by the USA. Virtually all chips as well.
It is foolish to assume there are not backdoors in every one of them.
Meaning we should assume the USA can shut down the entire Europe's IT if they really want to.
Then you got the authentication systems, security software (antivirus, proxies like cloudflare, crowdstrike and so on), the various Saas (docs editors, drives, ticket systems, chats...), the payment systems (including Visa and swift, but also Paypal, google pay, stripe, etc), the software stores, the root DNS, the SSL root certificates and a ton of network hardware.
Given the current political situation, it's a very bad spot to be in.
The cookie banner code is broken, it doesn't show on my browser, making the website not react to cursors when scrolling, and mouse clicks aren't handled.
I only knew there is a bad cookie banner when I've opened the website in another browser.
I absolutely appreciate and agree with the sentiment, but can't figure out what the proposition actually is. The thesis seems to be: "Here's a problem. We want to solve it." Aaaaaaaaaaaand ... that's it. Exactly how are you going to solve it? Or, if "exactly" is too much of an ask, could we at least have a "vaguely"? Seems like it needs more meat on the bones!
It says so on the tin. "Escape the chokehold of hyperscalers" is all that matters, really. Everything else will follow nicely from it. Compute density is so good these days, you don't even need major datacenter investment. There are modular DC designs that fit in a shipping container. You tow one around, connect power, fiber, cooling lines (to intercoolers in another shipping container) and that's it. You would be surprised how much can be accomplished with so very little. There are many advantages to this approach, like being able to bring up SCIF-equivalent inspectable spaces on the cheap, but considering we're all probably going to war sooner than later, it might as well become necessary. This is akin to how SAAB, and perhaps to a larger extent Ukraine, have changed airplane logistics.
Unless you're a hyperscaler yourself, hyperscaling is overrated.
willtemperley|1 month ago
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
concinds|1 month ago
Imustaskforhelp|1 month ago
Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more.
So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be.
So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say.
I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now)
I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases.
kevin061|1 month ago
When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers.
Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers.
I expect the same situation will happen to you. But I am just speculating.
A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance.
But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe.
josephg|1 month ago
I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners.
alephnerd|1 month ago
The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM).
Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening).
The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite.
That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof.
[0] - https://in.boell.org/en/2025/05/27/tapping-momentum-eu-india...
[1] - https://www.sentinelone.com/press/sentinelone-and-schwarz-di...
[2] - https://gruppe.schwarz/en/press/archive/2024/companies-of-sc...
[3] - https://spacetime.eu/blog/nuke-proof-alliance-launches-to-br...
cess11|1 month ago
Imustaskforhelp|1 month ago
I have decided to be transparent and here's what I will most likely do if I ever create a company.
I would firstly create an Indian company & operate it as such. I will try to be GDPR compliant from day one, and still use EU providers/privacy providing services instead of hyperscalers in general.
Instead of trying to get a legal thing which says EU first or India first, I will try to be privacy first, by open sourcing things or relying and contributing to either open source or at the very least source available licenses (so that people can indepdently audit, I prefer using open source but we will see how much monetizable it is, I am not looking for too much money as I am frugal but still I do want sustainability, I might start out source available and pledge to release it open source once the project might reach enough users let's say or I can earn "enough" with a proper definition)
So a big emphasis on privacy & sustainability. most EU cloud options are definitely green as well (like Netcup) so I can get that checkbox available as well most likely but there isn't any guarantee but still my point is I would still try to keep Climate change in mind as a factor hopefully too while still optimizing for a good enough price range.
I will also create a blog post probably highlighting all of this and also the fact that I am willing to go EU first if my product would focus on EU/actually trends with EU consumers/businesses & then I will establish an estonia company as people have said here and make my Indian company the subsidiary of my estonian company and use either a fin-tech solution either from the start of my Indian company which could support SEPA or other EU solutions or I will do it afterwards with a proper bank account/fin-tech support after I make an estonian company (which I would if my project can make say make some fixed amount of money most likely from EU customers such that the 1000 euros or more becomes a reasonable investment, or If I ever create a EU branch, my point is I will try to make the EU branch the head branch and Indian branch subsidiary and not vice versa hopefully though, currently please take what I am saying with a grain of salt as I can be wrong I usually am, I am just figuring out life :] and how to build and live off of building things that I myself would enjoy working on/the ideas around it like infrastructure decisions etc!)
My point is I am very much more open to work with sustainability/privacy goals with a more focus on open source and probably try not to take any VC funding hopefully and still be day one profitable & transparent/sustainable. Nothing's set in stone right now but hopefully I am able to explain what I think about these ideas.
BiteCode_dev|1 month ago
All MacOS, iOS, Windows and Android are all produced by the USA. Virtually all chips as well.
It is foolish to assume there are not backdoors in every one of them.
Meaning we should assume the USA can shut down the entire Europe's IT if they really want to.
Then you got the authentication systems, security software (antivirus, proxies like cloudflare, crowdstrike and so on), the various Saas (docs editors, drives, ticket systems, chats...), the payment systems (including Visa and swift, but also Paypal, google pay, stripe, etc), the software stores, the root DNS, the SSL root certificates and a ton of network hardware.
Given the current political situation, it's a very bad spot to be in.
self_awareness|1 month ago
I only knew there is a bad cookie banner when I've opened the website in another browser.
Have mercy, webmasters.
Piraty|1 month ago
netfortius|1 month ago
28304283409234|1 month ago
sirdvd|1 month ago
nkoren|1 month ago
tucnak|1 month ago
Unless you're a hyperscaler yourself, hyperscaling is overrated.
kevin061|1 month ago
sam_lowry_|1 month ago
AI slop again?
self_awareness|1 month ago