There's a growing conversation in Ireland and across the EU about data sovereignty — where business data lives, who has legal access to it, and what happens when those answers don't align with GDPR or client expectations.
We've had this conversation with founders, enterprise procurement teams, and public sector clients. The ask is rarely "use no US tech." It's more nuanced than that: can you build this in a way that keeps our data in the EU, and can you demonstrate that?
The answer, almost always, is yes.
The actual concern
The Schrems II ruling in 2020 invalidated the EU-US Privacy Shield. Its replacement — the EU-US Data Privacy Framework — restored some stability, but it remains politically fragile. Regulators across the EU are more active than they were five years ago, and enterprise and public sector clients in regulated industries (healthcare, finance, legal, government) increasingly ask about data residency as part of procurement.
Being able to answer clearly is a commercial advantage, not just a compliance checkbox.
What "EU data sovereignty" actually means in practice
It doesn't mean your entire stack has to be EU-native. It means being deliberate about where your data lives — particularly personal data, sensitive business data, and anything subject to sectoral regulation.
In practice, that usually means one of three approaches depending on the project:
EU-native providers — Hetzner (Germany), OVHcloud (France), Scaleway (France). Great price-to-performance, data stays in the EU by design, no legal ambiguity. Our default for greenfield projects where client requirements are not specified.
Major cloud, EU regions — AWS eu-west-1 (Ireland), GCP europe-west, Azure North Europe. The big providers all have robust EU data residency options with appropriate DPAs. For clients who need enterprise SLAs, existing vendor relationships, or specific managed services, this is often the right call. The data stays in the EU; you get the ecosystem.
Hybrid — EU infrastructure for compute and storage, with US SaaS tools used only where data exposure is low and EU alternatives are not mature enough. Analytics is an easy swap (Plausible instead of Google Analytics). AI APIs are harder — that's an area where EU-native options are still catching up.
The trade-offs
EU-first has real trade-offs worth being honest about. Hetzner's managed services ecosystem is narrower than AWS. Some EU SaaS tools have rougher developer experiences. A full EU-native stack takes more architectural decisions upfront.
That's exactly why it's worth having a technical partner who's made these trade-offs before and can help you navigate them — rather than discovering them mid-build.
When clients ask us about this
We start by asking three questions: What data are you handling? Who are your clients and what are their expectations? What does your current stack look like?
From there, we identify which components carry the most risk, what the switching cost looks like, and whether a phased migration or a clean greenfield architecture makes more sense.
Sometimes the answer is a full EU-native stack on Hetzner. Sometimes it's AWS eu-west-1 with the right configuration and a DPA in place. Sometimes it's a light audit that reveals the current setup is already fine.
There's no one-size-fits-all answer — but there's always a clear path once you know what you're optimising for.
If EU data residency is a requirement for your next project, or you're not sure whether it should be, get in touch.
