PostgreSQL Sovereignty: Beyond "Hosted in Switzerland"
Major managed PostgreSQL services — Amazon RDS, Azure Database for PostgreSQL, Google Cloud SQL, EDB BigAnimal — run on US-owned infrastructure under US law. Your production data, backups, and query logs are accessible under the CLOUD Act without Swiss judicial process.
Running PostgreSQL on Swiss infrastructure solves the data residency question — but sovereignty is more than where data is stored. The EU Cloud Sovereignty Framework defines eight dimensions that determine whether your provider is truly sovereign.
Why PostgreSQL is a strong choice for sovereignty
PostgreSQL is fully open source (PostgreSQL License, similar to MIT/BSD), developed by a global community with no single corporate owner. Unlike Oracle Database (proprietary) or Microsoft SQL Server (proprietary), PostgreSQL gives you:
- No vendor lock-in — standard SQL compliance, runs on any operating system, supported by every cloud provider
- Full code auditability — every line of PostgreSQL is inspectable
- Community governance — developed by the PostgreSQL Global Development Group, not controlled by any corporation
- Mature extension ecosystem — PostGIS, pg_partman, TimescaleDB, and hundreds more, all open source
EDB Postgres Advanced Server adds enterprise features (Oracle compatibility, enhanced security, audit logging) on top of the open-source PostgreSQL core. VSHN operates both community PostgreSQL and EDB Postgres on Swiss infrastructure. Combined with VSHN's Swiss ownership and operations, this creates a fully sovereign database platform.
PostgreSQL sovereignty compared
| Dimension | Amazon RDS PostgreSQL | EDB BigAnimal | VSHN Managed PostgreSQL |
|---|---|---|---|
| Ownership | Amazon (USA) | EDB (USA) | VSHN AG (Switzerland) |
| Governing law | US law | US law | Swiss law |
| CLOUD Act | Exposed | Exposed | Not exposed |
| Data location | AWS EU regions available | AWS/Azure EU regions | Switzerland (cloudscale.ch, Exoscale, or your choice) |
| Source code | Proprietary service layer | Open core | Open source (PostgreSQL + EDB extensions) |
| Key management | AWS KMS | Cloud provider KMS | Customer-controlled via Managed OpenBao + Swiss HSM |
| Operations team | USA | USA | Switzerland (Swiss-only option) |
| Certifications | SOC 2, ISO 27001 | SOC 2 | ISO 27001, ISAE 3402 Type II |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026 — three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic — customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent — the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4, as it requires fully EU/EEA-sourced hardware supply chains and open-source foundations — structural gaps shared by every cloud provider.
Get a sovereignty assessment for your PostgreSQL setup
Running PostgreSQL on Amazon RDS or EDB BigAnimal? We assess your sovereignty profile against the EU framework and plan a migration to Swiss-hosted PostgreSQL with customer-controlled key management.