| ▲ | Nukeproof: Manifesto for European Data Sovereignty(nukeproof.org) |
| 81 points by jamesblonde 5 hours ago | 34 comments |
| |
|
| ▲ | willtemperley 2 hours ago | parent | next [-] |
| There's an immediate solution: local-first software. Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider. With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security. |
| |
| ▲ | concinds 2 hours ago | parent [-] | | Cool. That covers approximately 0% of the data out there. What about your health data? Government data? Corporate data? Financial data? | | |
| ▲ | willtemperley an hour ago | parent | next [-] | | How do you think all of that data used to be managed before we decided the best thing was to trust big tech with everything? | | |
| ▲ | SpicyLemonZest 33 minutes ago | parent [-] | | It used to be emailed around, and when you explained to people that "encrypted" email usually exposes your plaintext to relays they'd shrug. If they bothered with encryption at all, which most people and providers didn't until big tech started pushing the issue a decade ago. | | |
| ▲ | willtemperley 10 minutes ago | parent [-] | | How is that relevant to data storage, locality and access now? Secure endpoints don’t have to be managed by huge companies running data lakes which could be anywhere. The current best security practices can be used by any organisation. I respect the engineering that Google have done. gRPC is excellent and local first software can absolutely use it, accessing data locality verified endpoints. |
|
| |
| ▲ | jszymborski an hour ago | parent | prev [-] | | Health data can reside within your hospital's network. Government data within your government's network. Etc,... I think the point is that your doctor or civil servant or local sushi shop shouldn't have to reach to AWS/GCP/Oracle each time they want to look up an MRI or building permit or loyalty points card status. "local" is a relative term here. | | |
| ▲ | moi2388 an hour ago | parent [-] | | You don’t want hospitals to share data in case you are in another city and have to go to the hospital? | | |
| ▲ | willtemperley an hour ago | parent | next [-] | | The data should reside exactly where they’re needed and nowhere else. For the UK NHS that’s probably in a UK data centre run by a UK company. Not AWS. The fundamental problem with SaaS and pure server side applications is we do not know where the data are. With local first we can verify data locality. | | |
| ▲ | reeredfdfdf 7 minutes ago | parent [-] | | Here in Finland our government decided that best place to store national election related data (including the votes) is AWS data center in Sweden. Looking forward to Jeff deciding which party wins next year! |
| |
| ▲ | jszymborski an hour ago | parent | prev [-] | | Sure! I'm just talking about data residence. They can transfer data over the internet (or some inter-hospital network) no problem. It's just a matter of "local-first". |
|
|
|
|
|
| ▲ | 28304283409234 an hour ago | parent | prev | next [-] |
| On a .org domain.... |
| |
|
| ▲ | Imustaskforhelp 3 hours ago | parent | prev | next [-] |
| I really like this idea but I have a few questions. Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more. So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be. So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say. I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now) I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases. |
| |
| ▲ | kevin061 3 hours ago | parent | next [-] | | I think you will probably find great difficulty. When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers. Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers. I expect the same situation will happen to you. But I am just speculating. A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance. But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe. | | |
| ▲ | Imustaskforhelp 3 hours ago | parent [-] | | I don't really intend my services to be used by EU Govt's but rather just individuals/businesses even and if the EU govt. actually requires it at that point, I genuinely don't mind travelling to European and living there if things do come out as this (if EU provides me & maybe my family a visa ie) & am willing to cooperate consultancy work with EU govt. or others as well My focus was on the more of a Eu-alternatives kind of thing. I want my idea of privacy to be aligned and EU seems perfect for that. I want to provide sustainability in an idea & can establish an EU company or partner up with one. My question is that I would still live in India for the most part starting out & I might be unable to make an EU company in the start too but if I am required, then I will do so Aside from this, I am willing to use only EU services internally for my product as well as I mentioned. is there any way that I can still align myself with the EU-alternatives mission? Might sound a bit strange but I want to come into Eu but I can't because immigration is hard/expenses and I want to come to Europe when I finally figure out things/have a decent product in the first place. Some people told me to create an EU company which holds an Indian company as a consultancy firm and you can be part of both and manage to establish a Data sharing policy given that I can access EU data from Indian soil so If I can do something about it. I am not really familiar with EU laws tho so I am interested to hear more from people actually interested. | | |
| ▲ | kevin061 3 hours ago | parent [-] | | I think (or maybe hope) that open source is going to be a large part of the European data sovereignty strategy. America has had decades to privately run and develop their own software alternatives and everything (Windows, Office, Google) is extremely deeply established now and hard to compete against. I mean, can you imagine building a proprietary x86_64 operating system from scratch not based on Linux? And writing the code is just a small part of the work. You also need drivers from manufacturers like Realtek and Nvidia. You need people buying your product. You need marketing. It's just not going to happen. Open source is the only way forward for EU, in my opinion. And therefore, I think you will be able to contribute as much as you want to these open source efforts. Even testing and translations are already great initiatives, but if you can also write code, that's even better! | | |
| ▲ | Imustaskforhelp 3 hours ago | parent [-] | | I am a bit more interested on the side of infrastructure though (having the idea in backburner playing with ways of having direct ssh firecracker vm's with docker images) Usually I try to open source it & release it usually in permissive licenses (Full disclosure to experiment with ideas I use LLM's sometimes) I don't really want Europe to replace America only now switching to India. Our ideals might match right now but y'know we live in a multi polarized world now and we just have to look for what's great for Europe from European perspective and so on & as an Indian, I appreciate it given that we have points of common interests regarding privacy. So my point was that I already open source projects. But the reason I feel a lot of issues is that open source project -> actual deployment pipeline is still messy for the average person and this is the idea I was / still am targeting with firecracker vm's where someone can pay for an open source service to be deployed on vps for some time (Alright now a lot of options have come like sprites but i have been talking about from 2-3 months maybe 4 back when no implementation existed and even right now the one click button solution ui/ux I wanted to create still hasn't been created) Like instead of being bound to your service with tos as a saas, I am hoping to treat each as a vps and the tos which would surround that which would be more permissive. I was gonna build more on it but then ramflation happened so probably gonna have the idea internally till the bubble bursts or when its good enough (a big chunk of me not open sourcing it is that its really hacky and consists huge LLM help right now especially with gliderlabs/ssh library part & I don't want to create yet another AI slop) I know hindi (the most widely spoken language in India) and I am down to provide some translations to Open source too The issue with Open source without any offering is that (i have written about it) is that there is zero funding and incentive. Heck, I am the person who made a post about how to promote open source/fix this issue & After months of thinking, I kind of feel providing EU privacy friendly solution might be the best bet. (https://news.ycombinator.com/item?id=45558430) [Ask HN: Why are most people not interested in FOSS/OSS and can we change that] A lot of it felt like a chicken and egg problem to me. People want better UI/UX but developers build for dev first and there needs to be a real incentive in most cases to have great UI/UX which might include some financial benefits plus open source still has some large issues in funding which is why I thought of the cloud idea as well (I want to establish a railway like pricing model where you get charged for what you use but its still reasonable and there can be a deploy to cloud option and developers who create open source projects gets the funding in first place or have a more flexible way to earn from their project, similar to BYOK but way more user friendly) Anyways my point is that I feel deeply aligned with EU right now. I just want to ask for some EU laws given I am still living in Indian state right now and just more information about it. |
|
|
| |
| ▲ | josephg 3 hours ago | parent | prev | next [-] | | At its heart, this is about Europe for Europe. People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. And there’s been a long line of foreign - American - businesses which have promised that European data will always stay on European soil. And it’s quite clear that promise was not always kept. I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners. | | |
| ▲ | whizzter 3 hours ago | parent | next [-] | | I'd look at it in another way, hyperscalers exist due to code contributed from all around the world, often in the form of open source, Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward. Clients of mine are on hyperscalers due to the ease of deployment,etc but they are focused on lock-in, if ease could be attained in combination with portability then an ecosystem could exist where mid-scaler providers (that exists in abundance in Europe) could have a better chance against the behemoths. | |
| ▲ | philipallstar 3 hours ago | parent | prev [-] | | > People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. Well, if Europe existed without them, then Europe likely wouldn't have ever home-grown all the advances from the more entrepreneurially-minded countries. |
| |
| ▲ | alephnerd an hour ago | parent | prev | next [-] | | > Some data sharing arrangement can be generated... The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM). Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening). The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite. That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof. [0] - https://in.boell.org/en/2025/05/27/tapping-momentum-eu-india... [1] - https://www.sentinelone.com/press/sentinelone-and-schwarz-di... [2] - https://gruppe.schwarz/en/press/archive/2024/companies-of-sc... [3] - https://spacetime.eu/blog/nuke-proof-alliance-launches-to-br... | | |
| ▲ | Imustaskforhelp 33 minutes ago | parent [-] | | Thanks, good to see EU and India make a deal, might help my idea personally. But this is the first time I hear someone mention "India-wash" American services exports? What do you mean in this context? I hope it's nothing deregoratory but I am simply confused by this term. Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo. I don't know what you mean by India-wash though? | | |
| ▲ | alephnerd 27 minutes ago | parent [-] | | > I don't know what you mean by India-wash though? For examples - should EU-US digital services be impacted by larger diplomatic spat, as much of GCP's development and leadership is colocated in HYD, if needed leadership and operations could become part of Google Cloud India Pvt Ltd [0], so an "American" BigTech company like Google Cloud can continue to operate like normal. Most American (and Israeli) tech companies have an Indian subsidiary that can do such a motion. > Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo You can contribute OSS on your own, but from personal experience the EU is primarily looking to it's private sector players who themselves are largely using American (but developed in India) or Israeli closed source products under the hood, or at most open-core. A Stallman or Doctorow style open source advocate isn't getting much airtime in the corridors that matter. Heck, this initiative is itself a lead-gen initiative by closed source SpaceTime [1]. > I hope it's nothing deregoratory It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2]. [0] - https://www.bloomberg.com/profile/company/2026164D:IN [1] - https://spacetime.eu/blog/nuke-proof-alliance-launches-to-br... [2] - https://www.france24.com/en/tv-shows/business/20250916-mario... |
|
| |
| ▲ | cess11 2 hours ago | parent | prev [-] | | With permits and fees and accounting assistance you'd probably land around 1500 per year having a OÜ company in Estonia. If you aren't going to make more than that I don't really see the point of having a company, you might as well save up that amount in cash and hold it in case you personally become liable from whatever activity you want to do. | | |
| ▲ | Imustaskforhelp 2 hours ago | parent [-] | | Yea probably doesn't make sense for just starting out. I think this might be the only option available right? Do you know of any other option perhaps cheaper than this? I think I can only promise at this point that if project becomes worth it ie. makes reasonably lot more than >1500 per year then the project might migrate to as such. I was seeing an estimates of 300$-400$ on internet and I assumed that was expensive (here, the MSME's don't even require a company formation itself & you get benefits of payment dispute collection & investment from govts directly and lower rate loans and you can get it all online just using aadhaar card which everyone has) LLC's are a bit of a mess with accounting (I actually wanted to be chartered accountant during my middle school so I saw they make a bank in fees comparatively too) but its still pretty reasonable. Anyways, what would be the best bet, would this still be the best bet or is there anything which can allow for something say cheaper/easier? Would say having an European co-founder might help comparatively in the fees/other options? |
|
|
|
| ▲ | nkoren 4 hours ago | parent | prev | next [-] |
| I absolutely appreciate and agree with the sentiment, but can't figure out what the proposition actually is. The thesis seems to be: "Here's a problem. We want to solve it." Aaaaaaaaaaaand ... that's it. Exactly how are you going to solve it? Or, if "exactly" is too much of an ask, could we at least have a "vaguely"? Seems like it needs more meat on the bones! |
| |
| ▲ | kevin061 3 hours ago | parent | next [-] | | Well, then join and help! I joined, waiting for you there :) | |
| ▲ | tucnak 3 hours ago | parent | prev [-] | | It says so on the tin. "Escape the chokehold of hyperscalers" is all that matters, really. Everything else will follow nicely from it. Compute density is so good these days, you don't even need major datacenter investment. There are modular DC designs that fit in a shipping container. You tow one around, connect power, fiber, cooling lines (to intercoolers in another shipping container) and that's it. You would be surprised how much can be accomplished with so very little. There are many advantages to this approach, like being able to bring up SCIF-equivalent inspectable spaces on the cheap, but considering we're all probably going to war sooner than later, it might as well become necessary. This is akin to how SAAB, and perhaps to a larger extent Ukraine, have changed airplane logistics. Unless you're a hyperscaler yourself, hyperscaling is overrated. |
|
|
| ▲ | self_awareness 3 hours ago | parent | prev | next [-] |
| The cookie banner code is broken, it doesn't show on my browser, making the website not react to cursors when scrolling, and mouse clicks aren't handled. I only knew there is a bad cookie banner when I've opened the website in another browser. Have mercy, webmasters. |
| |
| ▲ | Piraty 2 hours ago | parent [-] | | install ublock-origin, right-click on the element, choose the new 'block element...' option, preview, verify, create .done. | | |
| ▲ | self_awareness 2 hours ago | parent [-] | | I have ublock origin. It's impossible to use the internet without it. Removing the top layer works for fixing mouse clicks, but in cases like these I rather just drop the whole website without reading. I mean, if a project is not able to get a functioning website, then well... |
|
|
|
| ▲ | sam_lowry_ 2 hours ago | parent | prev [-] |
| There seems to be a scrolling problem with this site. AI slop again? |
| |
| ▲ | self_awareness 2 hours ago | parent [-] | | I have the same problem. I think it's related to some disabled autoplay setting. | | |
| ▲ | sam_lowry_ an hour ago | parent [-] | | Cookie banner problem as the sibling comment says. So much for EU-something, riddled with EU-problems. |
|
|
