EU sovereignty and dmarced

Many European organizations are re-evaluating their dependence on US-based infrastructure and providers. Political tensions, legal uncertainty, and laws like the CLOUD Act have made “where is this service really operated?” a practical question — not an abstract one.

If EU sovereignty matters to you, this article explains where dmarced stands today and where we’re going.

EU-based ownership

dmarced is owned and operated by the Luxembourg-based company Wierk S.à r.l., with Luxembourgish beneficiaries, and operated by EU citizens under EU law.

You contract directly with Wierk S.à r.l. where wierk is the seller, the billing entity, and the company responsible for operating the service.

EU data residency

Today, monitoring and operational data processed and reported on by dmarced resides in the EU.

That includes:

  • DMARC aggregate reports
  • DNS and IP address monitoring facts and history
  • Parsed and derived reporting data
  • Account configuration and identification

Billing is handled by Stripe, which manages billing details on our behalf. dmarced does not store credit card numbers or payment credentials directly, and Stripe acts as a payment processor, not the seller of record.

We currently rely on Amazon's cloud

dmarced was originally built on Amazon Web Services (AWS) in the Frankfurt region.

That choice was deliberate and pragmatic. As a small team, AWS’s serverless infrastructure allowed us to:

  • Ship a reliable platform quickly without compromising on security
  • Scale safely without managing servers
  • Reduce cost by paying only for what we use
  • Run the platform serverless, without idle infrastructure consuming energy
  • Focus on DMARC, not infrastructure engineering

For an early-stage platform, this trade-off made sense. However, even when workloads are hosted in the EU, US-based cloud providers remain subject to US jurisdiction. For some customers, that supply-chain dependency alone is a concern.

We take that concern seriously. EU sovereignty means more than “EU data centers.” It means reducing reliance on non-EU providers wherever feasible.

Our vision: EU-operated infrastructure, end to end

We’ve made a clear decision to reduce US dependencies across the platform.

We are actively working on:

  • Moving from serverless infrastructure to Kubernetes, reducing vendor lock-in
  • Hosting exclusively with EU-based operators
  • Operating outside the reach of US jurisdiction where possible

This transition includes:

  • Data storage
  • Inbound and outbound email processing
  • Web servers
  • Domains and DNS
  • SSL certificates

This is not a lift-and-shift. Some AWS-managed components need to be replaced with our own solutions, and parts of the platform need to change to support the new environment.

That takes time, especially for sensitive systems like inbound email handling.

Timeline

Our goal is to complete this transition during 2026.

What this means for you

If US infrastructure dependency is a problem for you, it won’t remain one with dmarced:

  • Your monitoring and operational data stays in the EU
  • The company operating dmarced is based in the EU
  • Our infrastructure roadmap is explicitly aligned with EU sovereignty concerns
  • The transition will be designed to happen without service disruption or data loss
  • You won’t need to change anything or take action as a customer

If you have any questions or concerns, feel free to reach out to support@dmarced.eu.

Learn