Skip to content
Enterprise
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial
Datargo OneEnterprise Single-pane-of-glass cockpit for enterprises. All modules from one source. Learn more
Flagships
Datargo Monitor Availability and security posture. Datargo CRM Support hub for every brand.
Operations & commerce
Datargo ID SSO and MFA for the whole suite. Datargo ERP GoBD-compliant commercial core.
Trust & crypto
NextPKINew Certificate lifecycle, 47-day ready.
Bundle of the month
Reliability Bundle

Datargo Monitor + NextPKI as a single billed package. NIS2 evidence and certificate lifecycle from one cockpit.

Learn more
By outcome
Reliability & security NIS2 evidence from monitoring + incident. Customer service hub Live chat, tickets, multi-brand. Identity & SSO One identity for all modules.
By compliance
NIS2-Evidence Evidence at the press of a button. DORA resilience Financial sector, register of information. ISO 27001 & GoBD Annex A controls and e-invoicing.
By size
Solo & indie team Productive in 5 minutes. Mid-market SSO, audit trail, multi-brand. Enterprise & public sector Hundreds of seats, region pinning.
Sovereignty Kit
NIS2 evidence package

Ready-made Datargo Monitor and Datargo CRM controls, mapped against NIS2 obligations. Start straight into the pilot.

Read the NIS2 whitepaper
Learn
Documentation Module guides, API reference, quick start. Best-practice guides NIS2 setup, multi-brand Datargo CRM, SSO rollout. Blog Release notes, compliance news, roadmap.
Trust
Trust Center Hosting, certificates, sub-processors. Status-Page Live availability of all Datargo modules. Legal & privacy DPA, sub-processor list.
Customers
Customer stories Case studies from finance, public, tech. Partner program System integrators, implementers, MSPs. Events & webinars it-sa, EIC, NIS2 roadshows.
From the cockpit
47-day TLS from 2029

NextPKI is already prepared for the new CA/B Forum reality. Whitepaper and migration guide available now.

Read the whitepaper
Platform Datargo Monitor Datargo CRM Datargo ID Datargo ERP NextPKI
Datargo One Pricing Compliance
Language
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial Book a call
Skip to content
EU Sovereignty

Data Sovereignty After the Data Privacy Framework: Why EU Hosting Becomes an Architecture Question

02.06.2026 · 3 min read

The EU-US Data Privacy Framework remains valid for now, but is under review. Why hosting location, operator control and key sovereignty are not compliance checkboxes but architecture decisions with a long half-life.

Anyone transferring personal data to the United States has relied since 2023 on the adequacy decision for the EU-US Data Privacy Framework (DPF). In September 2025 the General Court of the European Union (EuG) dismissed a challenge against it, leaving the framework a valid legal basis. But the matter is not closed: in late October 2025 an appeal was lodged with the Court of Justice (Case C-703/25 P). Another reversal, a “Schrems III”, is not ruled out.

This uncertainty is no cause for panic, but a good occasion to lift a question from the compliance level to the architecture level.

Why this is more than a checkbox

The comfortable way to handle data transfers is to treat them as a contractual matter: as long as a valid decision or standard contractual clauses are in place, the transfer is covered. That is legally true, but it misjudges the actual risk. Every legal basis for third-country transfers has been provisional for years. Safe Harbor fell in 2015, the Privacy Shield in 2020, and the current framework is under judicial review. Anyone aligning their architecture to a legal basis that wobbles every few years builds in a dependency they do not control.

The more robust question is not “is the transfer covered” but “does the transfer happen at all”. Data that does not leave the EU and is not subject to third-country access needs no adequacy decision.

Three architecture decisions

Hosting location. Where the data physically resides is the first and most visible decision. A data centre in Frankfurt rather than a US region is the foundation, but not sufficient on its own, because location alone says nothing about control.

Operator control. What matters is who has legal and actual access to the data and the infrastructure. A server located in the EU but operated by a company subject to a third-country law with far-reaching disclosure duties only solves the problem halfway. The question of the operator’s applicable law therefore belongs to the architecture, not just the contract.

Key sovereignty. Whoever holds the keys controls access. Encryption in which only the customer holds the keys makes third-party access technically ineffective, even if it were legally compelled. Key sovereignty shifts control from a promise to a technical property.

Sovereignty as a default, not a retrofit

These three decisions are hard and expensive to change after the fact. They belong at the start of an architecture, not in a project that only kicks off once a court overturns the next decision. This is exactly what sovereignty by design means: not the after-the-fact securing of a transfer, but a design that makes the problematic transfer unnecessary in the first place.

In our platform, EU hosting in Frankfurt is the default, not the premium option. The point itself, though, is independent of any provider: whoever settles location, operator control and key sovereignty early makes themselves independent of the next judicial turn.

The Data Privacy Framework may survive the current review or it may not. An architecture that does not depend on the answer is the calmer choice either way.

Back to the blog

Datargo Datargo

The European Business Operations Platform. Monitoring, customer service, identity, accounting, and certificates in one sovereign suite. Auditable by design. Made in Germany.

EU hosting, Frankfurt GDPR-native Made in Germany
Platform
  • Datargo One
  • Datargo Monitor
  • Datargo CRM
  • Datargo ID
  • Datargo ERP
  • NextPKI
Solutions
  • Reliability & Posture
  • Customer service hub
  • Identity & SSO
  • Commerce & GoBD
  • Scaling
Compliance
  • NIS2 evidence
  • DORA resilience
  • ISO 27001 mapping
  • GoBD & e-invoicing
  • Sovereignty
Industries
  • Financial services
  • Public sector
  • Health & pharma
  • Industry & TISAX
  • SaaS & tech
Resources
  • Trust Center
  • Documentation
  • Status page
  • Customer stories
  • Partner program
  • Blog
Company
  • Datargo One for enterprises
  • Start your 90-day trial
  • Book a call
  • Contact
  • Careers
© 2026 Datargo GmbH. All rights reserved.
Imprint Privacy Terms DPA SLA Sub-processorsDORA / NIS2
Germany · English

Datargo® and Databurg® are registered trademarks of Datargo GmbH. All other product names, logos, and trademarks mentioned are the property of their respective owners.

Cookies & optional features. Datargo uses technically necessary cookies. Optionally we enable comfort features such as our live-chat support, an in-house Datargo service that processes personal data in the process. You can accept everything or keep only the necessary cookies.

More in the privacy policy