Suveränitet

Sovereignty isn’t a badge — it’s where your keys live.

Everyone says "sovereignty" now. But EU data on an American-run stack isn't sovereignty. Here's the strong form — and why the difference decides who can compel your data.

Over the past year, every cloud provider in Europe has discovered the word “sovereignty”. It’s on landing pages, in sales decks and in tender responses. The problem is that most of them mean the weak form: your data happens to sit in a data center within the EU’s borders. That’s a good start. It isn’t sovereignty.

Sovereignty isn’t about where the bits rest on a disk. It’s about who can compel them — which jurisdiction applies, who owns the hardware, which law binds the company behind it, and where the encryption keys are actually held. Data in Frankfurt on a stack operated by an American company is still subject to US law through the parent. Geography is not jurisdiction.

The weak form and the strong form

Let’s be concrete. The weak form of sovereignty answers one question: where is my data stored? The strong form answers four:

  • Jurisdiction — which law binds the company running the cloud, all the way up the ownership chain?
  • Ownership — who owns the iron? Rented capacity on someone else’s stack inherits that stack’s vulnerabilities.
  • Control plane — is the software that governs the cloud open and auditable, or a black box under foreign control?
  • Key custody — where do the encryption keys live? Whoever holds the keys holds the data.

Where your keys live is as sovereign as where your data lives. Often more.

— from Kepler’s trust model

Kepler is built for the strong form, not to tick a box. We’re Swedish-owned and incorporated in the EU. We own our own servers in our own racks in Falkenberg. The control plane is OpenStack — open source, immune to supply-chain demands from outside the EU. And the keys are held in EU-based OpenBao.

Where the keys live

This is the part most people skip. You can store all your data inside the EU and still lose control if key management sits with a provider under foreign jurisdiction. Encryption only protects if the counterparty can’t demand the key.

With us, keys are injected and held in EU-resident OpenBao. No key material leaves the jurisdiction, and we can show it in the product — not just claim it in a PDF. You can generate a residency and access report per region or for the whole account:

# Export a residency and access report for the whole account
kep trust report --scope account --format pdf

# ...or everything as code, for your own review
kep export --format tf --out ./kepler-account

EU Data Act tailwind. The requirement for “switching” and low technical barriers means exportability is no longer a courtesy — it’s regulation. We built “export everything as code” from day one, so portability is built in, not bolted on.

Why open source in the control plane matters

A closed control stack is one vendor decision away from becoming a risk. If the software that provisions your resources is subject to a non-EU law, in practice so is your infrastructure. An open control plane removes that leverage: the code is auditable, portable and not anyone else’s to switch off.

What it means in practice

For you, building: you get a cloud where jurisdiction, ownership, control plane and keys all point the same way — toward the EU, toward Sweden, toward you. No hidden leverage, no parent-company law that outweighs your contract. And because everything is exportable as code, you’re never locked in; you stay because you want to, not because you have to.

That’s the difference between a badge on a landing page and a property you can verify. We chose the harder build on purpose — because it’s the only one that holds when the question is actually asked.

Bygg på ett moln du faktiskt äger.

Ingen bindningstid. En körande VM innan du betalar en krona.