EU Service Selection¶
For every common integration need, the EU-founded option and why. This is the reference map for all service selection decisions at GE.
The Selection Principle¶
When choosing a service provider, the evaluation order is:
- EU-headquartered, EU-operated — first choice, always
- EU-headquartered, mixed operations — acceptable with contractual EU-only processing guarantee
- Non-EU headquartered, EU region — only when no EU alternative exists, with sovereignty warning documented
- Non-EU headquartered, no EU option — rejected unless no alternative exists and data is non-sensitive
Provider Map¶
Payments¶
| Provider | HQ | Why |
|---|---|---|
| Mollie | Netherlands (Amsterdam) | EU-native payment processor. iDEAL, SEPA, credit cards, Klarna, Apple Pay, Google Pay. GDPR-first. No US parent company. PCI DSS Level 1. API-first design. |
Avoid: Stripe (US — San Francisco), PayPal (US — San Jose), Adyen (NL, but listed on Euronext Amsterdam — acceptable alternative if Mollie does not cover a use case).
Email — Transactional¶
| Provider | HQ | Why |
|---|---|---|
| Brevo | France (Paris) | Formerly Sendinblue. EU-native transactional email, marketing automation, SMS. GDPR-compliant with EU-only processing. |
| Mailjet | France (Paris) | EU-native transactional email. Owned by Sinch (Sweden) since 2019 — parent company also EU. Strong API, good deliverability. |
Avoid: SendGrid (US — Twilio), Mailgun (US — Sinch acquired but Mailgun HQ remains US), Amazon SES (US).
Analytics¶
| Provider | HQ | Why |
|---|---|---|
| Plausible | EU (Estonia entity, team distributed in EU) | Privacy-first, cookie-free analytics. No personal data collected. Open source. Self-hostable. EU-operated infrastructure. |
Alternatives: Matomo (NZ-founded but open source, self-hostable in EU — acceptable when self-hosted), Fathom (Canada — less ideal).
Avoid: Google Analytics (US — data sent to Google servers), Mixpanel (US), Amplitude (US), Hotjar (acquired by Contentsquare, FR — acceptable).
Search¶
| Provider | HQ | Why |
|---|---|---|
| Meilisearch | France (Paris) | Open-source search engine. EU-native. Self-hostable. Typo-tolerant, fast, developer-friendly. Cloud offering with EU data centers. |
Avoid: Algolia (US — San Francisco), Elasticsearch Cloud (US — Elastic NV is Dutch-incorporated but US-operated).
Note: Elasticsearch is open source and self-hostable — acceptable when self-hosted on EU infrastructure.
SMS¶
| Provider | HQ | Why |
|---|---|---|
| Bird | Netherlands (Amsterdam) | Formerly MessageBird. EU-native CPaaS. SMS, WhatsApp, voice, email. GDPR-compliant. EU data processing. |
Avoid: Twilio (US — San Francisco), Vonage (US — now part of Ericsson, Swedish parent but US operations).
CDN¶
| Provider | HQ | Why |
|---|---|---|
| bunny.net | Slovenia (Ljubljana) | EU-native CDN with 34 EU PoPs. GDPR-compliant. Routing filters for EU-only traffic. DNS service included. Edge storage available. Developer-friendly pricing. |
Features for sovereignty:
- EU-only routing filter — ensures traffic never leaves the EU
- 34 PoPs covering every EU member state
- Edge storage with EU-only replication option
- Company and infrastructure fully within EU jurisdiction
Avoid: Cloudflare (US — San Francisco), AWS CloudFront (US), Fastly (US), Akamai (US).
Cloud / Compute¶
| Provider | HQ | Why |
|---|---|---|
| UpCloud | Finland (Helsinki) | EU-native cloud provider. Data centers in Helsinki, Amsterdam, Frankfurt, London, Madrid, Warsaw. High-performance block storage. GDPR-compliant. |
Alternatives:
- Hetzner (Germany, Gunzenhausen) — excellent price/performance, "Made in Germany" cloud, strong EU sovereignty
- Scaleway (France, Paris) — part of Iliad Group, EU-native, full cloud stack including Kubernetes
- Exoscale (Switzerland/EU, A1 Digital) — Swiss hosting with EU GDPR compliance, strong data sovereignty guarantees
Avoid: AWS (US), Google Cloud (US), Microsoft Azure (US), DigitalOcean (US). Even in EU regions, these are CLOUD Act exposed.
DNS¶
| Provider | HQ | Why |
|---|---|---|
| TransIP | Netherlands (Leiden) | EU-native domain registrar and DNS provider. Part of team.blue group (also EU). GDPR-compliant. API for automation. |
Alternatives:
- bunny.net DNS — included with CDN, EU-native
- Gandi (France, Paris) — EU-native registrar and DNS
Avoid: Cloudflare DNS (US), Route 53 (US — AWS), Google Cloud DNS (US). DNS resolution through US providers means query metadata flows through US infrastructure.
CMS (Headless)¶
| Provider | HQ | Why |
|---|---|---|
| Strapi | France (Paris) | EU-native headless CMS. Open source. Self-hostable. API-first. REST and GraphQL. Strong ecosystem. |
Avoid: Contentful (Germany-founded but US-operated — Berlin + SF, evaluate carefully), Sanity (US — San Francisco), Prismic (France — acceptable alternative).
Accounting / Invoicing¶
| Provider | HQ | Why |
|---|---|---|
| Exact Online | Netherlands (Delft) | EU-native accounting platform. Strong in Benelux. GDPR-compliant. API available. |
| Moneybird | Netherlands (Enschede) | EU-native online invoicing and bookkeeping. Dutch market focused. Simple, developer-friendly API. |
Avoid: QuickBooks (US — Intuit), Xero (NZ), FreshBooks (US).
Object Storage¶
| Provider | HQ | Why |
|---|---|---|
| Scaleway Object Storage | France (Paris) | S3-compatible. EU-native. Data centers in Paris and Amsterdam. |
| UpCloud Object Storage | Finland (Helsinki) | EU-native. S3-compatible API. |
| bunny.net Storage | Slovenia (Ljubljana) | Edge storage with EU-only replication. |
Avoid: AWS S3 (US), Google Cloud Storage (US), Azure Blob Storage (US).
Container Registry¶
| Provider | HQ | Why |
|---|---|---|
| Self-hosted | (GE infrastructure) | GE runs its own container registry on EU infrastructure. No external dependency. |
If external needed:
- Scaleway Container Registry (France) — EU-native
- GitLab Container Registry (Netherlands entity, Gitlab B.V.) — acceptable with EU-hosted GitLab instance
Avoid: Docker Hub (US), GitHub Container Registry (US — Microsoft), AWS ECR (US), Google Artifact Registry (US).
Monitoring / Observability¶
| Provider | HQ | Why |
|---|---|---|
| Self-hosted (Prometheus + Grafana) | (GE infrastructure) | Open source, self-hosted on EU infrastructure. No data leaves GE's control. |
If managed needed:
- Grafana Cloud (Sweden/US — Grafana Labs is US-incorporated but Swedish-founded, EU data residency available. Evaluate carefully.)
Avoid: Datadog (US), New Relic (US), Splunk (US).
When US Services Are Acceptable¶
In rare cases, no EU alternative exists or the EU alternative is technically inadequate. US services may be used under these conditions:
- No EU alternative exists for the specific capability
- Data is non-sensitive (no PII, no client data, no credentials)
- A sovereignty warning is documented in the service selection record
- Julian (Compliance) approves the exception in writing
- A migration plan exists to switch to an EU alternative when one becomes available
Examples of acceptable US service use¶
- npm registry — Package metadata only, no client data. Packages are cached on EU infrastructure after first download.
- GitHub — Code hosting. Code is not client data. Self-hosted GitLab (EU) is the migration target.
- LLM APIs (Anthropic, OpenAI) — Used for agent execution. Client data is never sent to LLM APIs without explicit consent and data anonymization. This is an active area of evaluation.
Service Selection Checklist¶
For every new service integration:
[ ] Company HQ location verified (EU = pass)
[ ] Data processing locations documented
[ ] Sub-processors listed and locations verified
[ ] GDPR DPA (Data Processing Agreement) signed
[ ] Data flow mapped (see data-flow.md)
[ ] CLOUD Act exposure assessed
[ ] Contract includes EU-only processing guarantee
[ ] Julian (Compliance) has reviewed and approved
[ ] Alternative migration plan documented (if US service)
Ownership¶
| Role | Agent | Responsibility |
|---|---|---|
| Compliance Officer | Julian | Service assessment, approval, audit |
| Infrastructure | Arjan | Infrastructure provider selection |
| Network Engineer | Stef | DNS and network provider selection |
| Edge Specialist | Karel | CDN provider selection |