I know there are a dozen of different "EU Alternatives" websites/catalogs already and some of them are actually great for discovering European brands and software. But they never show you what's inside: you only get a name, a logo, a few lines long pitch and then you're on your own.
So after doing some due diligence I've built a more detailed one. Whether you just want a European Dropbox/Google Analytics/1Password etc or you need to know your customers' data won't leave the EU, the idea is the same: give you what you need after the name, not just the name.
Two features I have that surface-level lists do not:
- I show the exposure, not just the "European" label. That word hides the part that matters. A company can have a Berlin office, a "hosted in the EU" banner, and still route your data through a US analytics provider or sit on US-owned cloud - at which point US law reaches it regardless of where the rack is. So for every listing I check, and link the source for:
- Where the data is actually hosted - the data-centre region, not the HQ on the about page.
- The sub-processor list - the one nobody reads. Pretty EU hosting page up front, US tooling quietly in the DPA annex.
- CLOUD Act exposure - US parent or US hyperscaler storage means US jurisdiction, full stop.
- Who owns the company - "EU-founded, US-funded" is a different animal from "EU-owned". Ownership and hosting are shown as separate signals so you decide which one you care about.
- A proper feature matrix. Not "here are five alternatives, good luck" - an actual side-by-side, so you can see which tool genuinely replaces the US one feature-for-feature and which is wishful thinking.
Everything is from public sources only - the vendor's own DPA, sub-processors page, the company registry, legal notice etc. Each point has a link to original page and last verification date. Vendor's self-attestation is not taken on faith.
One number that fell out of doing this for more than 200 tools: a little more than 30% are completely clear of US Cloud Act exposure with no US parent and no significat sub-processors.
On money: the site earns nothing right now. There are a couple of affiliate links added already and it's disclosed everywhere they appear plus listed in full on the transparency page. That's the whole monetisation plan: affiliate links, nothing hidden. Listing order is editorial - no commission logic anywhere in how stuff is sorted.
What I would be happy to hear from you: what's missing? Did I get any assessments wrong? If you see something - let me know and I will fix it right away.
Disclaimer: I'm affiliated. I built and run this site. It currently has a couple of affiliate links live; how it's funded is documented in full at https://euvetted.com/transparency
In effort not to create a large amount of work or overhead, I think the key concern is more what is considered sovereign - these large shops have core presence and edge presence. It is not uncommon that an edge use the features of the core which crosses countries; when I worked in a multinational, our Sydney DC was an edge to the Hong Kong DC core (think like a monitoring or backup system) so your data actually flowed through HKG pipes because Sydney is insanely expensive to have a DC in (size/space).
Spirit in my comment was more to that - spinning up in US by accident is a "given" to me, kinda obvious. An edge DC routing through a core DC in another country, well that's a different matter. Can be invisible to the end user.
ICANN has a nice page, lets you filter it by country or whatever. There are a million of them, and some of them "feel sketchy" but many seem like generic, boring registrars.
https://www.icann.org/en/contracted-parties/accredited-registrars/list-of-accredited-registrars
I then used the DNSPerf data to dig into that layer, tl;dr 90% (guessing) are US controlled. I actually found more out there than what's on this list but it's really comprehensive of the big players in the DNS space.
https://www.dnsperf.com/
My "investigation" was all manual, dig through publicly available information and follow my nose. The DNS perf listing is actually how I even learned Bunny and Gcore existed.