Localign
Back to all insights

Starting a company EU-first: hurdles and lessons

Casper RutjesCR
Casper Rutjes
January 15, 2026
5 min read
Sovereign cloud
Infrastructure

"Sovereign cloud" is a term that is showing up more and more in Europe, often as a consultancy buzzword - somewhere between public and private cloud. Adding yet another adjective usually does not make it any clearer. That is why we prefer a different label: EU-first.

EU-first concept illustration

But that can also quickly sound like marketing, so it deserves context. For us, it is a fundamental choice: not "bolting on" European rules, expectations, and protections afterwards, but starting with them from day one. Not EU-washed, but EU-grounded. And it can be done - we want to prove it can. Only: it is harder than most people think.

  • What public, private, and sovereign cloud really mean
  • How we arrived at our EU-first approach
  • What lessons we have learned so far (and what we still run into)

Public, private, and sovereign cloud: layering software in a digital logistics chain

To explain this properly, it helps to start with the basics: every AI product consists of a stack of software (a software stack). That stack contains multiple layers, each with its own role. With AI, you often deal with the application, tools, models, data, and infrastructure.

AI software stack examples

In practice, the discussion about "cloud" is thus rarely about a single isolated layer. It is almost always about the entire chain: where each part of the stack runs, who manages which layer, and under which legal regime your data - and your operational dependencies - fall.

It helps to see this as a digital logistics chain. Just like in a physical product chain, multiple parties together enable one end product: from raw materials to intermediate goods, assembly, distribution, and ultimately sales. In software that chain is less visible, but it is still there.

Public cloud

Public cloud means: you use a shared cloud environment from an external provider, where that provider manages and standardizes a large portion of the underlying layers. You rent capacity and services (compute, storage, databases, identity, AI APIs) from a catalog.

Private cloud

Private cloud means: the cloud-like way of working (self-service, automation, elasticity) but in an environment that is dedicated to one organization: on-prem or at a hosting provider, with more self-management and customization.

Sovereign cloud

Sovereign cloud is not primarily about technology, but about governability and jurisdiction: you organize your stack so that you can demonstrably operate within an agreed sovereign framework, with control over data, access, and dependencies, and with clear legal and operational safeguards.

A practical rule of thumb:

  • Public is about shared infrastructure and managed services.
  • Private is about a dedicated environment and more self-management.
  • Sovereign is about auditable boundaries: data, access, governance, and jurisdiction - re-evaluated per link.

Choosing EU-first: easier said than done

So do you simply choose EU companies? Unfortunately: no. For a long time Europe lived with the assumption that the world would naturally move toward our worldview. Physically we import made in China, but digitally we import almost everything made in USA on a far more pervasive and deeper level: cloud, platforms, identity, email, analytics. Essentially everything that matters.

If you want to work EU-first, you run into a few hard realities:

  • The pool of truly EU providers is growing, but remains very limited.
  • Within that pool, only a small group is truly sovereign end-to-end.

Our mission: EU-first in practice

We are building an AI company that is EU-first - not as a statement, but as a design principle. For us that means: for each link in the chain we look again at what is happening under the hood, we consciously choose where we accept risk and where we draw boundaries, and above all: we are fully transparent about it.

In our product (the AI stack) we take Europe as the default, per layer. Only then comes the trade-off: is there a European option that is functional and sovereign enough? If not, only then do we look at US or Chinese tooling - but on our terms.

Our order is simple:

  1. EU option first (sovereign where possible).
  2. Not EU but open source? Then we run it ourselves on EU infrastructure.
  3. Closed-source models and APIs? Then we minimize the dependency: as little data as possible, anonymize where we can, and design the prompt and flow so the outcome is structurally in the user's favor.
Localign EU-first stack

Our EU-first tooling choices

Below are a few concrete choices we have made so far - not because this is the perfect stack, but because you only learn by working with real links in the chain:

Hostnet (NL) - Registrar & DNS

Domains and DNS with a Dutch registrar.

TransIP (NL) - Private cloud / infrastructure

Initial compute, storage, and networking in a Dutch private cloud.

Mailbox.org (DE) - Workspace

Email, calendar, storage, office, and video calling in one EU service.

Heylogin (DE) - Identity & passwords

Zero-knowledge password manager with FIDO2 / biometric login.

Odoo (Suite) - CRM / accounting / projects

We use Odoo as a suite, but run it on EU infrastructure we select and control.

Gitea (Open source) - Version control

Our own Git for code, issues, and pull requests.

Langfuse (DE) - Prompt monitoring & evaluation

Observability for prompts, traces, and evaluations, operated in-house.

Matomo (Open source) - Web analytics

Privacy-friendly analytics we host ourselves.

There is no ideal cloud, no magical sovereign sticker, and no ready-made EU stack. What does exist are choices, and taking responsibility for those choices, layer by layer and vendor by vendor. This is how we build our product: EU-first, not perfect, but principled.