Cloud-Native Sovereignty: CNCF Platforms on Swiss Infrastructure
Cloud-native technologies (Kubernetes, containers, and the wider CNCF ecosystem) are open source by design. That matters for sovereignty: you can run your entire application platform in Switzerland, on auditable open-source software, without depending on a single hyperscaler's proprietary control plane.
When you build on a hyperscaler's managed Kubernetes and proprietary services, your control plane, identity, and data flow through US infrastructure, governed by US law, and accessible under the CLOUD Act without Swiss judicial process. Your workloads stay outside foreign jurisdiction only when the platform itself runs on Swiss soil.
Sovereignty is more than where servers are located. The EU Cloud Sovereignty Framework defines eight dimensions that determine whether your provider is truly sovereign.
Why cloud-native strengthens sovereignty
Unlike hyperscaler-locked platforms from AWS, Google, or Microsoft, a CNCF-based stack gives you:
- No vendor lock-in: standard Kubernetes APIs run portably across any provider or on-premises
- Full auditability: every component is open source and inspectable
- No data exfiltration: workloads and state stay on your infrastructure, period
- Community-governed: the CNCF, not a single vendor, governs the project roadmaps
- Provider flexibility: move between Swiss providers or your own data center without rewrites
VSHN deploys and operates cloud-native platforms on Swiss Kubernetes clusters. Combined with VSHN's Swiss ownership and operations, this creates a fully sovereign application platform.
Cloud-native sovereignty compared
| Dimension | AWS EKS | Azure AKS | Google GKE | VSHN Managed Kubernetes |
|---|---|---|---|---|
| Ownership | Amazon (USA) | Microsoft (USA) | Google (USA) | VSHN AG (Switzerland) |
| Governing law | US law | US law | US law | Swiss law |
| CLOUD Act | Exposed | Exposed | Exposed | Not exposed |
| Data location | Regional (US-controlled) | Regional (US-controlled) | Regional (US-controlled) | Switzerland (Cloudscale, Exoscale, or your choice) |
| Platform stack | Proprietary control plane | Proprietary control plane | Proprietary control plane | Open source (vanilla Kubernetes, CNCF) |
| Operational access | Amazon has access | Microsoft has access | Google has access | VSHN has operational access only for authorized support |
| Operations team | USA | USA | USA | Switzerland (Swiss-only option) |
| Certifications | SOC 2, ISO 27001 | SOC 2, ISO 27001 | SOC 2, ISO 27001 | ISO 27001, ISAE 3402 Type II |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026. Three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic — customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent, the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4: it requires fully EU/EEA-sourced hardware supply chains and open-source foundations, structural gaps shared by every cloud provider.
Try Swiss infrastructure: APPUiO (managed Kubernetes, free trial), Exoscale (Swiss IaaS). Want help choosing? Contact us.
Get a sovereignty assessment for your cloud-native platform
If you're running on hyperscaler-managed Kubernetes or evaluating sovereign alternatives, we can assess your current setup against the EU framework and design a cloud-native platform that keeps your workloads and data under Swiss jurisdiction.