CockroachDB Sovereignty: Distributed SQL Without Distributed Jurisdiction
CockroachDB is designed for geo-distributed resilience — surviving data centre failures without downtime. But if your distributed database runs on US-owned infrastructure, your resilience comes with a jurisdictional risk: the CLOUD Act allows US authorities to access your data regardless of which region it's stored in.
Running CockroachDB on Swiss infrastructure with a Swiss operator gives you the resilience benefits without the jurisdictional exposure.
Why CockroachDB is a strong choice for sovereignty
CockroachDB's architecture aligns well with sovereignty requirements:
- Source-available (BSL, converts to Apache 2.0 after 3 years) — source code is auditable
- Multi-region by design — keep all replicas within Swiss jurisdiction while maintaining high availability
- PostgreSQL-compatible — standard SQL wire protocol, no proprietary query language
- No cloud dependency — runs on any Kubernetes cluster, not tied to a specific cloud provider
- Granular data placement — zone configs can pin data to specific regions or data centres
Distributed database sovereignty compared
| Dimension | CockroachDB Cloud (US) | Google Spanner | Amazon Aurora | Azure Cosmos DB | VSHN Managed CockroachDB |
|---|---|---|---|---|---|
| Ownership | Cockroach Labs (USA) | Google (USA) | Amazon (USA) | Microsoft (USA) | VSHN AG (Switzerland) |
| Governing law | US law | US law | US law | US law | Swiss law |
| CLOUD Act | Exposed | Exposed | Exposed | Exposed | Not exposed |
| Data location | Configurable | Configurable | Configurable | Configurable | Switzerland by default |
| Source code | BSL (source available) | Proprietary | Proprietary | Proprietary | BSL (source available) |
| SQL compatibility | PostgreSQL wire protocol | Google SQL | MySQL/PostgreSQL | Multiple APIs | PostgreSQL wire protocol |
| Vendor lock-in | Low (standard SQL) | High (proprietary) | Medium (AWS ecosystem) | High (proprietary API) | Low (standard SQL, portable) |
| Operations team | USA | USA | USA | USA | Switzerland (Swiss-only option) |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026 — three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic — customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent — the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4, as it requires fully EU/EEA-sourced hardware supply chains and open-source foundations — structural gaps shared by every cloud provider.
Get a sovereignty assessment for your database setup
Need distributed SQL without jurisdictional risk? We assess your sovereignty profile against the EU framework and plan a migration to Swiss-hosted CockroachDB.