MariaDB Sovereignty: Why Your Database Is Your Biggest Sovereignty Risk
Your MariaDB database holds PII, financial records, health data, and application state. For Swiss organizations subject to GDPR, FINMA regulations, or internal data governance policies, the jurisdiction governing your database provider matters as much as the database technology itself.
Major cloud database services (Amazon RDS, Azure Database for MySQL, Google Cloud SQL) run on US-owned infrastructure under US law. Your production data, backups, and query logs are accessible under the CLOUD Act without Swiss judicial process, regardless of which region you select.
Running MariaDB on Swiss infrastructure solves the data residency question, but sovereignty is more than where data is stored. The EU Cloud Sovereignty Framework defines eight dimensions that determine whether your provider is truly sovereign.
Why MariaDB is a strong choice for sovereignty
MariaDB Server is fully open source (GPLv2), created by the original MySQL developers as a community-developed fork. Unlike Oracle MySQL (dual-licensed, Oracle-controlled) or proprietary databases like Microsoft SQL Server, MariaDB provides:
- No vendor lock-in: standard SQL, drop-in MySQL compatibility, runs on any Linux distribution
- Full code auditability: every line of MariaDB Server is inspectable
- Community development: stewarded by the MariaDB Foundation, no single vendor controls the codebase
- No licence surprises: GPLv2 guarantees the software remains free and open
VSHN operates MariaDB on Swiss infrastructure with up to 99.99% SLA. Combined with VSHN's Swiss ownership and operations, this creates a fully sovereign database platform.
Managed MariaDB sovereignty compared
| Dimension | AWS RDS MariaDB | Azure Database for MySQL | GCP Cloud SQL | VSHN Managed MariaDB |
|---|---|---|---|---|
| Ownership | Amazon (USA) | Microsoft (USA) | Google (USA) | VSHN AG (Switzerland) |
| Governing law | US law | US law | US law | Swiss law |
| CLOUD Act | Exposed | Exposed | Exposed | Not exposed |
| Licence | Proprietary service layer | Proprietary service layer | Proprietary service layer | Open source (MariaDB Server, GPLv2) |
| Key custody | AWS KMS | Microsoft-managed | Google-managed | Encrypted at rest via cloud provider; optional customer-controlled keys via Swiss HSM |
| Operations team | USA | USA | USA | Switzerland (Swiss-only option) |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026. Three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Managed MariaDB on cloudscale.ch, Exoscale, or customer infrastructure. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic — customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent, the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4: it requires fully EU/EEA-sourced hardware supply chains and open-source foundations, structural gaps shared by every cloud provider.
Try Swiss infrastructure: Servala (managed services, free trial), Exoscale (Swiss IaaS). Want help choosing? Contact us.
Get a sovereignty assessment for your database
Running MariaDB on Amazon RDS, Azure, or Cloud SQL? We assess your sovereignty profile against the EU framework and plan a migration to Swiss-hosted MariaDB, from CHF 80 per month with up to 99.99% SLA.