Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)A
Posts
1
Comments
32
Joined
1 mo. ago

Software engineer/manager from Latvia. Interested in digital sovereignty and EU alternatives to big tech. Building solo projects, one of which is euvetted.com - a directory of European and privacy-first SaaS alternatives to major US tools, with hosting region, ownership and CLOUD Act data per listing. Affiliate-funded (probably will be in future)

  • Yeah, that is a great feature, I would use it myself.

    There's two sides to it really: one is finding a single EU platform that swallows a few of your tools at once (Proton covers mail, calendar, drive, pass and VPN in one account; Infomaniak's kSuite is close to a Workspace replacement) and the other is just building a clean EU bundle across your whole stack.

    I've got curated "stacks" pages that do a rough static version, but the tick-your-tools-and-see-what-covers-them thing isn't built yet. Probably the version people would actually use though. Will definitely build it soon.

  • Thank you! Will review that one

  • Thanks for digging in properly, this is exactly the kind of feedback I was hoping for!

    On the data centre thing - yes, fair point. Right now each listing has one hosting country, the EU region I checked, not the full "every region this vendor runs." So for OVH I've got the EU side, but I'm not flagging that you could spin up in their US or Canada region by accident. Should fix that. Two things that help though: I keep ownership and hosting separate on purpose: OVH's French, so even their US datacentres sit under a French parent, which is a different animal from a US company that just offers an EU region. And EU/EEA is the actual bar for me, not "Europe" loosely - UK and Canada don't count even though everyone lumps them in.

    DNS and registrars - yeah, not there, blind spot. Part of it is what you said: Bunny and Gcore are umbrella shops where DNS is one product of twenty, so they don't slot in cleanly. CloudNS is the easy one. If you've still got the registrar list you clicked through, I'd take it and I'd want to check who actually owns what before listing, Gcore especially.

    TLD ownership is a great shout though. "Your precious .dev is Google's" most people have no clue. I already do write-ups like that (did one on CLOUD Act exposure), so mapping the new gTLDs fits perfectly. Might build it.

  • Thanks, really appreciate it! Right now I don't track payment methods as a field, so that's an honest gap.

    What do you thing would actually be useful to see: just "accepts SEPA / direct debit / invoice" as a yes/no, or specifically European options like Bancontact, SOFORT and so on? I'd rather capture the thing people actually look for than guess.

  • Thank you! Yes, I am currently working on expanding categories. Currently it has more business related stuff but that's not the only direction I am planing.

  • Thank you!

  • A few things that didn't fit in the post: The hardest part wasn't finding EU tools. It was going through the sub-processor lists. Plenty of vendors publish a nice "hosted in the EU" page, then quietly list a US analytics, support, or infrastructure provider in the DPA annex. That's why I treat the sub-processor list as more telling than the hosting claim itself.

    So a question for you: which category do you most wish had a genuinely clean option? And which tool are you still stuck using? That's exactly the gap I want to fill next.

  • Switched a few tools myself this year and the annoying part was never deciding to - it was checking each option actually held up. Hosting region is the easy bit; the sub-processor list is where the US services tend to hide. Took way longer than it should. The intent in these surveys is real, the tooling to act on it just isn't there yet.

  • The four-tier procurement model is the most concrete part here, but probably also the hardest to implement well, because “European provider” is not a simple yes/no category.

    From reviewing around 180 EU and privacy-focused tools, I saw the same pattern repeatedly: a vendor can be EU-headquartered but US-funded, EU-owned but hosted on AWS or GCP, or open source but still using US sub-processors. Any of these can bring back the same “kill switch” or CLOUD Act exposure the top tier is meant to avoid.

    So the model depends heavily on the definition of “sovereign.” If it only means “EU-registered company,” many providers in the top tier may still have US ownership, funding, or infrastructure underneath.

    If it means ownership, hosting, and sub-processors all need to check out, then the real pool of qualifying providers is much smaller than it looks. But it's totally possible to build using complete sovereign providers, it's just in some cases the quality is a bit behind. I’m curious where the final criteria will land.

  • The tricky part is that “reducing reliance on non-EU providers” is often not visible from the outside.

    A tool may be headquartered in the EU but predominantly funded from the US, or hosted in the EU but owned by a US parent company. In such cases, it may still fall within the reach of the US CLOUD Act.

    When I reviewed around 180 “European” SaaS alternatives, roughly one in six turned out to be EU-headquartered but mostly US-funded. That means sovereignty needs to be assessed at the ownership and sub-processor level, not only by looking at where the service is hosted.