This month the Dutch cabinet blocked the sale of Solvinity, the company that hosts DigiD, to an American buyer. The same week, Tweakers went around asking what a "sovereign cloud" actually is. Nobody could give a straight answer.
Gartner said it plainly at a conference in May: a fully sovereign cloud can only exist if you are American or Chinese. Those are the only two places that make every layer of the stack. The chips, the routers, the storage. So the honest answer to "is your cloud sovereign?" is no. Not ours, and not anyone's outside the United States or China.
That is why we don't go along with the sovereignty hype. The questions underneath it are real, though, and we would rather have an honest conversation about them.
A word that means everything
Right now several Dutch public bodies are each writing their own definition. DICTU has one. The Ministry of Economic Affairs is drafting another for the cabinet, promised to parliament for the first half of 2026. The Algemene Rekenkamer, the national audit office, uses another. The VNG, for the municipalities, has one going into public consultation in June. The EU has a framework with eight points, and it is mandatory only for the Commission's own tenders.
Champagne has a legal definition. It has to come from one region in France. Swiss watches have one too, down to the share of the cost that must be incurred in Switzerland. "Sovereign cloud" has none of that. The American hyperscalers all sell one anyway. A label that fits everyone tells you nothing.
What we can't promise
Our servers run on Intel and AMD. The drives and storage are foreign-made too, though a disk mostly sits there and holds bytes. The network gear is what moves your traffic, so that is where the choice matters more: we are moving ours to MikroTik, built in Latvia, inside the EU. Even then the chips on those boards come from Asia. We don't make our own silicon, and almost nobody does. (Neither are the coffee beans, for that matter. Sovereignty has limits.)
We are also not a hyperscaler. Three locations in the Netherlands, not thirty regions across the planet. No global edge network, no infinite elastic scale at three in the morning, and no infinite bill to match. If that is what you need, we are not the fit, and we will tell you so.
The hardware we run, we own. A lot of it is refurbished, racked and maintained by us. Not VMs rented by the hour from a company that answers to a foreign court.
Which risks are you managing?
Take the word away and what's left is risk management. Which risk are you actually trying to manage? A few plain questions decide it, and these we can answer.
Who can legally reach your data? This is the one that matters most, and the one the marketing skips. A provider owned by an American company answers to the American CLOUD Act, which lets US authorities demand data from US firms even when the servers sit in Amsterdam. The Algemene Rekenkamer said it without hedging: servers of American companies on EU soil are no guarantee for the sovereignty of the data. We are a Dutch company with Dutch owners. There is no foreign parent for a foreign court to lean on.
Where does your data physically live? Ours is in Naaldwijk and Amsterdam, on machines we own and rack ourselves. You can know which building. That sounds more obvious than it is, and most clouds can't clear that bar.
Can you leave? Two years ago the Auditdienst Rijk warned that the government had no real exit plan for its cloud contracts. The Rekenkamer found the same: the state moved to the cloud without thinking the way out through. It is your data. We hand it back in a form you can use, and we tell you up front how that works.
The honest version
None of that needs the word "sovereign". It needs you to know who can reach your data, where it physically lives, and how you walk away if you ever want to. Those are risk-management questions, and the answers are yours to weigh. We would rather answer them than sell you a label the government can't define yet either.
Running a Java platform and want straight answers about where your data sits and who can reach it? Talk to us.