There's an immediate solution: local-first software.
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
It used to be emailed around, and when you explained to people that "encrypted" email usually exposes your plaintext to relays they'd shrug. If they bothered with encryption at all, which most people and providers didn't until big tech started pushing the issue a decade ago.
How is that relevant to data storage, locality and access now? Secure endpoints don’t have to be managed by huge companies running data lakes which could be anywhere.
The current best security practices can be used by any organisation. I respect the engineering that Google have done. gRPC is excellent and local first software can absolutely use it, accessing data locality verified endpoints.
In my experience, the best practice for sharing "health data? Government data? Corporate data? Financial data?" within an organization is to use a secure cloud platform with native data sharing functionality. The original comment's suggestion for "local-first software" doesn't work, because organizations frequently need to forward private data between individual workstations and the staff are going to do it using email if you don't give them something better.
Health data can reside within your hospital's network. Government data within your government's network. Etc,...
I think the point is that your doctor or civil servant or local sushi shop shouldn't have to reach to AWS/GCP/Oracle each time they want to look up an MRI or building permit or loyalty points card status.
The data should reside exactly where they’re needed and nowhere else. For the UK NHS that’s probably in a UK data centre run by a UK company. Not AWS.
The fundamental problem with SaaS and pure server side applications is we do not know where the data are. With local first we can verify data locality.
Unfortunately the American companies are using their monopolies to price out everyone else. You're now in a situation where it's harder and harder to find people in the UK that can operate data centre services at the speed and quality of the cloud providers. The UK/EU needs it's own GCP/AWS/Azure alternatives. Unfortunately there's not really anyone close.
Sounds like you've already captiulated to big tech.
Governements could and absolutely should be subsidisng home-grown data centres. And taxing the hell out of every square metre of AWS and Google data centres. Why not have a data tax for foreign companies?
Sure! I'm just talking about data residence. They can transfer data over the internet (or some inter-hospital network) no problem. It's just a matter of "local-first".
What about it? My work place (university) also stores its data local (internal network/storage) because that is where it is needed 99.99% of the time and bandwidth costs money. On the off chance that someone needs to access something from the outside wie have an host of ways to do that.
We could also have everything on a cloud in a foreign country with a mad king, but what would be the benefits of that?
I really like this idea but I have a few questions.
Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more.
So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be.
So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say.
I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now)
I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases.
When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers.
Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers.
I expect the same situation will happen to you. But I am just speculating.
A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance.
But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe.
I don't really intend my services to be used by EU Govt's but rather just individuals/businesses even and if the EU govt. actually requires it at that point, I genuinely don't mind travelling to European and living there if things do come out as this (if EU provides me & maybe my family a visa ie) & am willing to cooperate consultancy work with EU govt. or others as well
My focus was on the more of a Eu-alternatives kind of thing. I want my idea of privacy to be aligned and EU seems perfect for that. I want to provide sustainability in an idea & can establish an EU company or partner up with one.
My question is that I would still live in India for the most part starting out & I might be unable to make an EU company in the start too but if I am required, then I will do so
Aside from this, I am willing to use only EU services internally for my product as well as I mentioned.
is there any way that I can still align myself with the EU-alternatives mission?
Might sound a bit strange but I want to come into Eu but I can't because immigration is hard/expenses and I want to come to Europe when I finally figure out things/have a decent product in the first place.
Some people told me to create an EU company which holds an Indian company as a consultancy firm and you can be part of both and manage to establish a Data sharing policy given that I can access EU data from Indian soil so If I can do something about it.
I am not really familiar with EU laws tho so I am interested to hear more from people actually interested.
I think (or maybe hope) that open source is going to be a large part of the European data sovereignty strategy.
America has had decades to privately run and develop their own software alternatives and everything (Windows, Office, Google) is extremely deeply established now and hard to compete against. I mean, can you imagine building a proprietary x86_64 operating system from scratch not based on Linux? And writing the code is just a small part of the work. You also need drivers from manufacturers like Realtek and Nvidia. You need people buying your product. You need marketing.
It's just not going to happen. Open source is the only way forward for EU, in my opinion.
And therefore, I think you will be able to contribute as much as you want to these open source efforts. Even testing and translations are already great initiatives, but if you can also write code, that's even better!
I am a bit more interested on the side of infrastructure though (having the idea in backburner playing with ways of having direct ssh firecracker vm's with docker images)
Usually I try to open source it & release it usually in permissive licenses (Full disclosure to experiment with ideas I use LLM's sometimes)
I don't really want Europe to replace America only now switching to India. Our ideals might match right now but y'know we live in a multi polarized world now and we just have to look for what's great for Europe from European perspective and so on & as an Indian, I appreciate it given that we have points of common interests regarding privacy.
So my point was that I already open source projects. But the reason I feel a lot of issues is that open source project -> actual deployment pipeline is still messy for the average person and this is the idea I was / still am targeting with firecracker vm's where someone can pay for an open source service to be deployed on vps for some time (Alright now a lot of options have come like sprites but i have been talking about from 2-3 months maybe 4 back when no implementation existed and even right now the one click button solution ui/ux I wanted to create still hasn't been created)
Like instead of being bound to your service with tos as a saas, I am hoping to treat each as a vps and the tos which would surround that which would be more permissive.
I was gonna build more on it but then ramflation happened so probably gonna have the idea internally till the bubble bursts or when its good enough (a big chunk of me not open sourcing it is that its really hacky and consists huge LLM help right now especially with gliderlabs/ssh library part & I don't want to create yet another AI slop)
I know hindi (the most widely spoken language in India) and I am down to provide some translations to Open source too
The issue with Open source without any offering is that (i have written about it) is that there is zero funding and incentive. Heck, I am the person who made a post about how to promote open source/fix this issue & After months of thinking, I kind of feel providing EU privacy friendly solution might be the best bet. (https://news.ycombinator.com/item?id=45558430) [Ask HN: Why are most people not interested in FOSS/OSS and can we change that]
A lot of it felt like a chicken and egg problem to me. People want better UI/UX but developers build for dev first and there needs to be a real incentive in most cases to have great UI/UX which might include some financial benefits plus open source still has some large issues in funding which is why I thought of the cloud idea as well (I want to establish a railway like pricing model where you get charged for what you use but its still reasonable and there can be a deploy to cloud option and developers who create open source projects gets the funding in first place or have a more flexible way to earn from their project, similar to BYOK but way more user friendly)
Anyways my point is that I feel deeply aligned with EU right now. I just want to ask for some EU laws given I am still living in Indian state right now and just more information about it.
At its heart, this is about Europe for Europe. People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. And there’s been a long line of foreign - American - businesses which have promised that European data will always stay on European soil. And it’s quite clear that promise was not always kept.
I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners.
I'd look at it in another way, hyperscalers exist due to code contributed from all around the world, often in the form of open source, Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward.
Clients of mine are on hyperscalers due to the ease of deployment,etc but they are focused on lock-in, if ease could be attained in combination with portability then an ecosystem could exist where mid-scaler providers (that exists in abundance in Europe) could have a better chance against the behemoths.
I believe this is one of the drivers for IBM Sovereign Core Announcement recently [0].
“ Technically, IBM Sovereign Core builds on open-source technology from the Red Hat ecosystem. The software uses OpenShift, among other things, and is designed to run on existing infrastructure. Organizations can deploy the platform in on-premises data centers, regional cloud environments, or through local service providers.”
> Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward.
Yes, I think this might be the actual way to help. Write opensource software that can be used by everyone. Including commercial products in the EU.
Google, Microsoft and Amazon have a moat because of how difficult it is to build viable competitors to their products. I'd love to see more opensource libraries and applications chip away at this. How hard would it be to build a self hosted google docs competitor?
> People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now.
Well, if Europe existed without them, then Europe likely wouldn't have ever home-grown all the advances from the more entrepreneurially-minded countries.
> Some data sharing arrangement can be generated...
The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM).
Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening).
The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite.
That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof.
> I don't know what you mean by India-wash though?
For examples - should EU-US digital services be impacted by larger diplomatic spat, as much of GCP's development and leadership is colocated in HYD, if needed leadership and operations could become part of Google Cloud India Pvt Ltd [0], so an "American" BigTech company like Google Cloud can continue to operate like normal. Most American (and Israeli) tech companies have an Indian subsidiary that can do such a motion.
> Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo
You can contribute OSS on your own, but from personal experience the EU is primarily looking to it's private sector players who themselves are largely using American (but developed in India) or Israeli closed source products under the hood, or at most open-core. A Stallman or Doctorow style open source advocate isn't getting much airtime in the corridors that matter.
Heck, this initiative is itself a lead-gen initiative by closed source SpaceTime [1].
> I hope it's nothing deregoratory
It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Heck, the much touted EU-Mercosur FTA has just been frozen barely a couple hours ago [3]
Now it does make sense, I do think that Europe should look at Open source more too and contribute as such.
I do agree with what you are saying but supposing the geopolitical spat between America and Europe, It doesn't make sense to me why European countries might trust Indian subsidiaries of American companies.
Sure they might sound sovereign but in reality, they aren't. SO what's the point?
Why not get Independent Indian developers and the startup culture established around it (Although one of the issues I feel with this approach is that VC capital does include America, personally I wish to stay away from much of VC money)
> It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Agreed.
I do feel like a reason why I wanted to establish EU company was to show my acknowledgement of Open source and privacy focus and to get more EU businesses interested. But right now, I feel like I am way more willing to have Open source or at the very least if restrictive, then creating source available software & still having an EU presence & an appreciation towards it.
But like, EU definitely needs to focus on Open source offerings more so than looking for EU alternatives in general which as you mention might be built using closed source products of American companies. It still doesn't effectively prevent the lock-in or worries in case of a geopolitical spat for EU in reality but only on the papers.
To be honest, I am open to open sourcing much of my products (ideologically) but the problems I feel in open source is that its hard to even make a developer salary comparatively even in India.
Open source definitely needs more funding. Probably EU can fund Open source without any bias could be great too?
> It doesn't make sense to me why European countries might trust Indian subsidiaries of American companies
Because most European companies are paying lip service to EU sovereignty because of how tightly coupled they are to the US. Look at how the EU-China spat led to Nexperia China's de facto decoupling which shut down the EU automotive industry for a couple months. It's even worse with regards to American dependency.
> Why not get Independent Indian developers and the startup culture established around it
Because the dependency then comes from India. An "Atmanirbhar" EU means having the capacity for self-reliance almost entirely within the EU and without a dependency on non-EU states like India or Israel.
> It still doesn't effectively prevent the lock-in or worries in case of a geopolitical spat for EU in reality but only on the papers
European companies (like all companies) don't care about open-source once they become dominant in a segment - for example ERP and SAP and SUSE Linux, and industrial systems.
> To be honest, I am open to open sourcing much of my products (ideologically) but the problems I feel in open source is that its hard to even make a developer salary comparatively even in India
That's the reality of OSS. There's a reason most OSS contributors for critical projects are employed by the organizations that heavily utilize that project (eg. Python and Google, OCaml and Jane Street).
Yeah I thought about it for a few hours. I don't intend on creating lip service so I am gonna probably try to go with the more reasonable & economically sound approach of having an Indian company instead right now as an Indian. You are right instead of trying to build an EU first, I will instead try to build a privacy first and if the objectives still align, hopefully I have shown that if privacy first means to have an EU parent company or any other scenario, I am open/curious/willing to do for privacy for the average user.
I do believe that open source has its value. I love Open source and Privacy first is only possible with OSS-first. I have always been interested in how to monetize Open source (https://news.ycombinator.com/item?id=45558430) where the reason I found most people aren't interested or weren't (not sure if the mood changed now that the geopolitical wind has changed completely) but the reason I found was that people wanted OSS to almost be perfect but the rough corners in OSS were usually for the most part because of lack of funding.
So, I will probably try out some ways of funding OSS or at the very least have it be in a source available license. Proprietory just doesn't align with my idea of privacy first.
So yea hopefully it makes sense and we can all create or use privacy preserving services.
At the end of the day, I just hope that OSS can find ways to be funded. Much of what I want to do wouldn't be a problem or wouldn't even exist (As I got much of ideas that I want to implement because OSS wasn't funded and I had made that thread on HN) and honestly I hope that one day OSS can be funded the way it truly deserves.
No worries. And honestly, my opinion is make your product an open-core product, but as an Indian founder you have no choice but to use the Indian and Indian-American VC network. Most cybersecurity and open-core VCs are either Indian-Americans or Indian nationals, so it's easier to go that path instead of the European path where valuations and deal terms are very anti-founder in nature.
With permits and fees and accounting assistance you'd probably land around 1500 per year having a OÜ company in Estonia. If you aren't going to make more than that I don't really see the point of having a company, you might as well save up that amount in cash and hold it in case you personally become liable from whatever activity you want to do.
Yea probably doesn't make sense for just starting out.
I think this might be the only option available right? Do you know of any other option perhaps cheaper than this?
I think I can only promise at this point that if project becomes worth it ie. makes reasonably lot more than >1500 per year then the project might migrate to as such.
I was seeing an estimates of 300$-400$ on internet and I assumed that was expensive (here, the MSME's don't even require a company formation itself & you get benefits of payment dispute collection & investment from govts directly and lower rate loans and you can get it all online just using aadhaar card which everyone has)
LLC's are a bit of a mess with accounting (I actually wanted to be chartered accountant during my middle school so I saw they make a bank in fees comparatively too) but its still pretty reasonable.
Anyways, what would be the best bet, would this still be the best bet or is there anything which can allow for something say cheaper/easier? Would say having an European co-founder might help comparatively in the fees/other options?
Estonia is the easiest option, they've aimed explicitly for attracting foreigners starting companies in their jurisdiction without actually moving there. I'm not aware of any similar regulations elsewhere in the EU, typically you need at least one local on the board or something like that.
If you squeeze it you could probably get down to 3-400 euros per year starting from the second year (due to one-time fees the first year) if you do your own books and taxes and whatnot, but just paying upfront for keeping things neat according to the local bureaucracy is likely a kind of convenience you'd want.
I'd say you should start buying some services from european infra and compute providers and see if your ideas make money. You can get away with very little if you get some storage and processing time through e.g. Scaleway or Hetzner, and with a bit of fiddling I expect them to sell to you regardless of whether you have a company or not. If you start making money enter some Hetzner auction and get real hardware, cost will be predictable and typically you get a lot for the money.
Agreed agreed, I already have the past time hobby of contacting cloud providers (usually European) for custom solutions and following lowendtalk and other forums and scraping and creating datasheets of data. SO I am pretty familiar with the whole process and honestly Hetzner's pretty good/one of the best :)
{Ovh is great but it has a one time setup fee for its dedicated, personally I love hetzner auctions for the most part too but Hetzner is a little restrictive in ban first policy and they are strict so for some workflows like creating a reseller etc., Hetzner does have some flaws but still one of the best companies and their support's really feels good as well!}
Thanks for your response, I will look into the estonia thing later if I would need to seriously pivot to EU for any reason.
Currently thinking that I can use wise or anything to accept SEPA bank payments and other if need be.
Edit/Update: After countless discussions in here and other (thanks to everyone for giving suggestions!)
I have decided to be transparent and here's what I will most likely do if I ever create a company.
I would firstly create an Indian company & operate it as such. I will try to be GDPR compliant from day one, and still use EU providers/privacy providing services instead of hyperscalers in general.
Instead of trying to get a legal thing which says EU first or India first, I will try to be privacy first, by open sourcing things or relying and contributing to either open source or at the very least source available licenses (so that people can indepdently audit, I prefer using open source but we will see how much monetizable it is, I am not looking for too much money as I am frugal but still I do want sustainability, I might start out source available and pledge to release it open source once the project might reach enough users let's say or I can earn "enough" with a proper definition)
So a big emphasis on privacy & sustainability. most EU cloud options are definitely green as well (like Netcup) so I can get that checkbox available as well most likely but there isn't any guarantee but still my point is I would still try to keep Climate change in mind as a factor hopefully too while still optimizing for a good enough price range.
I will also create a blog post probably highlighting all of this and also the fact that I am willing to go EU first if my product would focus on EU/actually trends with EU consumers/businesses & then I will establish an estonia company as people have said here and make my Indian company the subsidiary of my estonian company and use either a fin-tech solution either from the start of my Indian company which could support SEPA or other EU solutions or I will do it afterwards with a proper bank account/fin-tech support after I make an estonian company (which I would if my project can make say make some fixed amount of money most likely from EU customers such that the 1000 euros or more becomes a reasonable investment, or If I ever create a EU branch, my point is I will try to make the EU branch the head branch and Indian branch subsidiary and not vice versa hopefully though, currently please take what I am saying with a grain of salt as I can be wrong I usually am, I am just figuring out life :] and how to build and live off of building things that I myself would enjoy working on/the ideas around it like infrastructure decisions etc!)
My point is I am very much more open to work with sustainability/privacy goals with a more focus on open source and probably try not to take any VC funding hopefully and still be day one profitable & transparent/sustainable. Nothing's set in stone right now but hopefully I am able to explain what I think about these ideas.
I absolutely appreciate and agree with the sentiment, but can't figure out what the proposition actually is. The thesis seems to be: "Here's a problem. We want to solve it." Aaaaaaaaaaaand ... that's it. Exactly how are you going to solve it? Or, if "exactly" is too much of an ask, could we at least have a "vaguely"? Seems like it needs more meat on the bones!
It says so on the tin. "Escape the chokehold of hyperscalers" is all that matters, really. Everything else will follow nicely from it. Compute density is so good these days, you don't even need major datacenter investment. There are modular DC designs that fit in a shipping container. You tow one around, connect power, fiber, cooling lines (to intercoolers in another shipping container) and that's it. You would be surprised how much can be accomplished with so very little. There are many advantages to this approach, like being able to bring up SCIF-equivalent inspectable spaces on the cheap, but considering we're all probably going to war sooner than later, it might as well become necessary. This is akin to how SAAB, and perhaps to a larger extent Ukraine, have changed airplane logistics.
Unless you're a hyperscaler yourself, hyperscaling is overrated.
The cookie banner code is broken, it doesn't show on my browser, making the website not react to cursors when scrolling, and mouse clicks aren't handled.
I only knew there is a bad cookie banner when I've opened the website in another browser.
I have ublock origin. It's impossible to use the internet without it. Removing the top layer works for fixing mouse clicks, but in cases like these I rather just drop the whole website without reading.
I mean, if a project is not able to get a functioning website, then well...
This is a good thing and a required first step, but it's a drop in the sea.
All MacOS, iOS, Windows and Android are all produced by the USA. Virtually all chips as well.
It is foolish to assume there are not backdoors in every one of them.
Meaning we should assume the USA can shut down the entire Europe's IT if they really want to.
Then you got the authentication systems, security software (antivirus, proxies like cloudflare, crowdstrike and so on), the various Saas (docs editors, drives, ticket systems, chats...), the payment systems (including Visa and swift, but also Paypal, google pay, stripe, etc), the software stores, the root DNS, the SSL root certificates and a ton of network hardware.
Given the current political situation, it's a very bad spot to be in.
There's an immediate solution: local-first software.
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
Cool. That covers approximately 0% of the data out there. What about your health data? Government data? Corporate data? Financial data?
How do you think all of that data used to be managed before we decided the best thing was to trust big tech with everything?
With lot of errors and huge cost.
It used to be emailed around, and when you explained to people that "encrypted" email usually exposes your plaintext to relays they'd shrug. If they bothered with encryption at all, which most people and providers didn't until big tech started pushing the issue a decade ago.
How is that relevant to data storage, locality and access now? Secure endpoints don’t have to be managed by huge companies running data lakes which could be anywhere.
The current best security practices can be used by any organisation. I respect the engineering that Google have done. gRPC is excellent and local first software can absolutely use it, accessing data locality verified endpoints.
In my experience, the best practice for sharing "health data? Government data? Corporate data? Financial data?" within an organization is to use a secure cloud platform with native data sharing functionality. The original comment's suggestion for "local-first software" doesn't work, because organizations frequently need to forward private data between individual workstations and the staff are going to do it using email if you don't give them something better.
Health data can reside within your hospital's network. Government data within your government's network. Etc,...
I think the point is that your doctor or civil servant or local sushi shop shouldn't have to reach to AWS/GCP/Oracle each time they want to look up an MRI or building permit or loyalty points card status.
"local" is a relative term here.
You don’t want hospitals to share data in case you are in another city and have to go to the hospital?
The data should reside exactly where they’re needed and nowhere else. For the UK NHS that’s probably in a UK data centre run by a UK company. Not AWS.
The fundamental problem with SaaS and pure server side applications is we do not know where the data are. With local first we can verify data locality.
Here in Finland our government decided that best place to store national election related data (including the votes) is AWS data center in Sweden.
Looking forward to Jeff deciding which party wins next year!
Unfortunately the American companies are using their monopolies to price out everyone else. You're now in a situation where it's harder and harder to find people in the UK that can operate data centre services at the speed and quality of the cloud providers. The UK/EU needs it's own GCP/AWS/Azure alternatives. Unfortunately there's not really anyone close.
Sounds like you've already captiulated to big tech.
Governements could and absolutely should be subsidisng home-grown data centres. And taxing the hell out of every square metre of AWS and Google data centres. Why not have a data tax for foreign companies?
Sure! I'm just talking about data residence. They can transfer data over the internet (or some inter-hospital network) no problem. It's just a matter of "local-first".
What about it? My work place (university) also stores its data local (internal network/storage) because that is where it is needed 99.99% of the time and bandwidth costs money. On the off chance that someone needs to access something from the outside wie have an host of ways to do that.
We could also have everything on a cloud in a foreign country with a mad king, but what would be the benefits of that?
I really like this idea but I have a few questions.
Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more.
So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be.
So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say.
I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now)
I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases.
I think you will probably find great difficulty.
When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers.
Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers.
I expect the same situation will happen to you. But I am just speculating.
A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance.
But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe.
I don't really intend my services to be used by EU Govt's but rather just individuals/businesses even and if the EU govt. actually requires it at that point, I genuinely don't mind travelling to European and living there if things do come out as this (if EU provides me & maybe my family a visa ie) & am willing to cooperate consultancy work with EU govt. or others as well
My focus was on the more of a Eu-alternatives kind of thing. I want my idea of privacy to be aligned and EU seems perfect for that. I want to provide sustainability in an idea & can establish an EU company or partner up with one.
My question is that I would still live in India for the most part starting out & I might be unable to make an EU company in the start too but if I am required, then I will do so
Aside from this, I am willing to use only EU services internally for my product as well as I mentioned.
is there any way that I can still align myself with the EU-alternatives mission?
Might sound a bit strange but I want to come into Eu but I can't because immigration is hard/expenses and I want to come to Europe when I finally figure out things/have a decent product in the first place.
Some people told me to create an EU company which holds an Indian company as a consultancy firm and you can be part of both and manage to establish a Data sharing policy given that I can access EU data from Indian soil so If I can do something about it.
I am not really familiar with EU laws tho so I am interested to hear more from people actually interested.
I think (or maybe hope) that open source is going to be a large part of the European data sovereignty strategy.
America has had decades to privately run and develop their own software alternatives and everything (Windows, Office, Google) is extremely deeply established now and hard to compete against. I mean, can you imagine building a proprietary x86_64 operating system from scratch not based on Linux? And writing the code is just a small part of the work. You also need drivers from manufacturers like Realtek and Nvidia. You need people buying your product. You need marketing.
It's just not going to happen. Open source is the only way forward for EU, in my opinion.
And therefore, I think you will be able to contribute as much as you want to these open source efforts. Even testing and translations are already great initiatives, but if you can also write code, that's even better!
I am a bit more interested on the side of infrastructure though (having the idea in backburner playing with ways of having direct ssh firecracker vm's with docker images)
Usually I try to open source it & release it usually in permissive licenses (Full disclosure to experiment with ideas I use LLM's sometimes)
I don't really want Europe to replace America only now switching to India. Our ideals might match right now but y'know we live in a multi polarized world now and we just have to look for what's great for Europe from European perspective and so on & as an Indian, I appreciate it given that we have points of common interests regarding privacy.
So my point was that I already open source projects. But the reason I feel a lot of issues is that open source project -> actual deployment pipeline is still messy for the average person and this is the idea I was / still am targeting with firecracker vm's where someone can pay for an open source service to be deployed on vps for some time (Alright now a lot of options have come like sprites but i have been talking about from 2-3 months maybe 4 back when no implementation existed and even right now the one click button solution ui/ux I wanted to create still hasn't been created)
Like instead of being bound to your service with tos as a saas, I am hoping to treat each as a vps and the tos which would surround that which would be more permissive.
I was gonna build more on it but then ramflation happened so probably gonna have the idea internally till the bubble bursts or when its good enough (a big chunk of me not open sourcing it is that its really hacky and consists huge LLM help right now especially with gliderlabs/ssh library part & I don't want to create yet another AI slop)
I know hindi (the most widely spoken language in India) and I am down to provide some translations to Open source too
The issue with Open source without any offering is that (i have written about it) is that there is zero funding and incentive. Heck, I am the person who made a post about how to promote open source/fix this issue & After months of thinking, I kind of feel providing EU privacy friendly solution might be the best bet. (https://news.ycombinator.com/item?id=45558430) [Ask HN: Why are most people not interested in FOSS/OSS and can we change that]
A lot of it felt like a chicken and egg problem to me. People want better UI/UX but developers build for dev first and there needs to be a real incentive in most cases to have great UI/UX which might include some financial benefits plus open source still has some large issues in funding which is why I thought of the cloud idea as well (I want to establish a railway like pricing model where you get charged for what you use but its still reasonable and there can be a deploy to cloud option and developers who create open source projects gets the funding in first place or have a more flexible way to earn from their project, similar to BYOK but way more user friendly)
Anyways my point is that I feel deeply aligned with EU right now. I just want to ask for some EU laws given I am still living in Indian state right now and just more information about it.
At its heart, this is about Europe for Europe. People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. And there’s been a long line of foreign - American - businesses which have promised that European data will always stay on European soil. And it’s quite clear that promise was not always kept.
I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners.
I'd look at it in another way, hyperscalers exist due to code contributed from all around the world, often in the form of open source, Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward.
Clients of mine are on hyperscalers due to the ease of deployment,etc but they are focused on lock-in, if ease could be attained in combination with portability then an ecosystem could exist where mid-scaler providers (that exists in abundance in Europe) could have a better chance against the behemoths.
I believe this is one of the drivers for IBM Sovereign Core Announcement recently [0].
“ Technically, IBM Sovereign Core builds on open-source technology from the Red Hat ecosystem. The software uses OpenShift, among other things, and is designed to run on existing infrastructure. Organizations can deploy the platform in on-premises data centers, regional cloud environments, or through local service providers.”
* Disclaimer: I’m an IBMer
[0]. https://www.techzine.eu/news/privacy-compliance/137981/ibm-l...
> Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward.
Yes, I think this might be the actual way to help. Write opensource software that can be used by everyone. Including commercial products in the EU.
Google, Microsoft and Amazon have a moat because of how difficult it is to build viable competitors to their products. I'd love to see more opensource libraries and applications chip away at this. How hard would it be to build a self hosted google docs competitor?
> People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now.
Well, if Europe existed without them, then Europe likely wouldn't have ever home-grown all the advances from the more entrepreneurially-minded countries.
> Some data sharing arrangement can be generated...
The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM).
Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening).
The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite.
That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof.
[0] - https://in.boell.org/en/2025/05/27/tapping-momentum-eu-india...
[1] - https://www.sentinelone.com/press/sentinelone-and-schwarz-di...
[2] - https://gruppe.schwarz/en/press/archive/2024/companies-of-sc...
[3] - https://spacetime.eu/blog/nuke-proof-alliance-launches-to-br...
Thanks, good to see EU and India make a deal, might help my idea personally.
But this is the first time I hear someone mention "India-wash" American services exports?
What do you mean in this context? I hope it's nothing deregoratory but I am simply confused by this term.
Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo.
I don't know what you mean by India-wash though?
> I don't know what you mean by India-wash though?
For examples - should EU-US digital services be impacted by larger diplomatic spat, as much of GCP's development and leadership is colocated in HYD, if needed leadership and operations could become part of Google Cloud India Pvt Ltd [0], so an "American" BigTech company like Google Cloud can continue to operate like normal. Most American (and Israeli) tech companies have an Indian subsidiary that can do such a motion.
> Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo
You can contribute OSS on your own, but from personal experience the EU is primarily looking to it's private sector players who themselves are largely using American (but developed in India) or Israeli closed source products under the hood, or at most open-core. A Stallman or Doctorow style open source advocate isn't getting much airtime in the corridors that matter.
Heck, this initiative is itself a lead-gen initiative by closed source SpaceTime [1].
> I hope it's nothing deregoratory
It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Heck, the much touted EU-Mercosur FTA has just been frozen barely a couple hours ago [3]
[0] - https://www.bloomberg.com/profile/company/2026164D:IN
[1] - https://spacetime.eu/blog/nuke-proof-alliance-launches-to-br...
[2] - https://www.france24.com/en/tv-shows/business/20250916-mario...
[3] - https://www.reuters.com/world/eu-lawmakers-vote-whether-laun...
Oh alright! Now things are more clear!
Now it does make sense, I do think that Europe should look at Open source more too and contribute as such.
I do agree with what you are saying but supposing the geopolitical spat between America and Europe, It doesn't make sense to me why European countries might trust Indian subsidiaries of American companies.
Sure they might sound sovereign but in reality, they aren't. SO what's the point?
Why not get Independent Indian developers and the startup culture established around it (Although one of the issues I feel with this approach is that VC capital does include America, personally I wish to stay away from much of VC money)
> It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Agreed.
I do feel like a reason why I wanted to establish EU company was to show my acknowledgement of Open source and privacy focus and to get more EU businesses interested. But right now, I feel like I am way more willing to have Open source or at the very least if restrictive, then creating source available software & still having an EU presence & an appreciation towards it.
But like, EU definitely needs to focus on Open source offerings more so than looking for EU alternatives in general which as you mention might be built using closed source products of American companies. It still doesn't effectively prevent the lock-in or worries in case of a geopolitical spat for EU in reality but only on the papers.
To be honest, I am open to open sourcing much of my products (ideologically) but the problems I feel in open source is that its hard to even make a developer salary comparatively even in India.
Open source definitely needs more funding. Probably EU can fund Open source without any bias could be great too?
> It doesn't make sense to me why European countries might trust Indian subsidiaries of American companies
Because most European companies are paying lip service to EU sovereignty because of how tightly coupled they are to the US. Look at how the EU-China spat led to Nexperia China's de facto decoupling which shut down the EU automotive industry for a couple months. It's even worse with regards to American dependency.
> Why not get Independent Indian developers and the startup culture established around it
Because the dependency then comes from India. An "Atmanirbhar" EU means having the capacity for self-reliance almost entirely within the EU and without a dependency on non-EU states like India or Israel.
> It still doesn't effectively prevent the lock-in or worries in case of a geopolitical spat for EU in reality but only on the papers
European companies (like all companies) don't care about open-source once they become dominant in a segment - for example ERP and SAP and SUSE Linux, and industrial systems.
> To be honest, I am open to open sourcing much of my products (ideologically) but the problems I feel in open source is that its hard to even make a developer salary comparatively even in India
That's the reality of OSS. There's a reason most OSS contributors for critical projects are employed by the organizations that heavily utilize that project (eg. Python and Google, OCaml and Jane Street).
Yeah I thought about it for a few hours. I don't intend on creating lip service so I am gonna probably try to go with the more reasonable & economically sound approach of having an Indian company instead right now as an Indian. You are right instead of trying to build an EU first, I will instead try to build a privacy first and if the objectives still align, hopefully I have shown that if privacy first means to have an EU parent company or any other scenario, I am open/curious/willing to do for privacy for the average user.
https://news.ycombinator.com/view?id=46712907
I do believe that open source has its value. I love Open source and Privacy first is only possible with OSS-first. I have always been interested in how to monetize Open source (https://news.ycombinator.com/item?id=45558430) where the reason I found most people aren't interested or weren't (not sure if the mood changed now that the geopolitical wind has changed completely) but the reason I found was that people wanted OSS to almost be perfect but the rough corners in OSS were usually for the most part because of lack of funding.
So, I will probably try out some ways of funding OSS or at the very least have it be in a source available license. Proprietory just doesn't align with my idea of privacy first.
So yea hopefully it makes sense and we can all create or use privacy preserving services.
At the end of the day, I just hope that OSS can find ways to be funded. Much of what I want to do wouldn't be a problem or wouldn't even exist (As I got much of ideas that I want to implement because OSS wasn't funded and I had made that thread on HN) and honestly I hope that one day OSS can be funded the way it truly deserves.
have a nice day man!
No worries. And honestly, my opinion is make your product an open-core product, but as an Indian founder you have no choice but to use the Indian and Indian-American VC network. Most cybersecurity and open-core VCs are either Indian-Americans or Indian nationals, so it's easier to go that path instead of the European path where valuations and deal terms are very anti-founder in nature.
With the right metrics, you could end up at YC.
With permits and fees and accounting assistance you'd probably land around 1500 per year having a OÜ company in Estonia. If you aren't going to make more than that I don't really see the point of having a company, you might as well save up that amount in cash and hold it in case you personally become liable from whatever activity you want to do.
Yea probably doesn't make sense for just starting out.
I think this might be the only option available right? Do you know of any other option perhaps cheaper than this?
I think I can only promise at this point that if project becomes worth it ie. makes reasonably lot more than >1500 per year then the project might migrate to as such.
I was seeing an estimates of 300$-400$ on internet and I assumed that was expensive (here, the MSME's don't even require a company formation itself & you get benefits of payment dispute collection & investment from govts directly and lower rate loans and you can get it all online just using aadhaar card which everyone has)
LLC's are a bit of a mess with accounting (I actually wanted to be chartered accountant during my middle school so I saw they make a bank in fees comparatively too) but its still pretty reasonable.
Anyways, what would be the best bet, would this still be the best bet or is there anything which can allow for something say cheaper/easier? Would say having an European co-founder might help comparatively in the fees/other options?
Estonia is the easiest option, they've aimed explicitly for attracting foreigners starting companies in their jurisdiction without actually moving there. I'm not aware of any similar regulations elsewhere in the EU, typically you need at least one local on the board or something like that.
If you squeeze it you could probably get down to 3-400 euros per year starting from the second year (due to one-time fees the first year) if you do your own books and taxes and whatnot, but just paying upfront for keeping things neat according to the local bureaucracy is likely a kind of convenience you'd want.
I'd say you should start buying some services from european infra and compute providers and see if your ideas make money. You can get away with very little if you get some storage and processing time through e.g. Scaleway or Hetzner, and with a bit of fiddling I expect them to sell to you regardless of whether you have a company or not. If you start making money enter some Hetzner auction and get real hardware, cost will be predictable and typically you get a lot for the money.
Agreed agreed, I already have the past time hobby of contacting cloud providers (usually European) for custom solutions and following lowendtalk and other forums and scraping and creating datasheets of data. SO I am pretty familiar with the whole process and honestly Hetzner's pretty good/one of the best :)
{Ovh is great but it has a one time setup fee for its dedicated, personally I love hetzner auctions for the most part too but Hetzner is a little restrictive in ban first policy and they are strict so for some workflows like creating a reseller etc., Hetzner does have some flaws but still one of the best companies and their support's really feels good as well!}
Thanks for your response, I will look into the estonia thing later if I would need to seriously pivot to EU for any reason.
Currently thinking that I can use wise or anything to accept SEPA bank payments and other if need be.
Edit/Update: After countless discussions in here and other (thanks to everyone for giving suggestions!)
I have decided to be transparent and here's what I will most likely do if I ever create a company.
I would firstly create an Indian company & operate it as such. I will try to be GDPR compliant from day one, and still use EU providers/privacy providing services instead of hyperscalers in general.
Instead of trying to get a legal thing which says EU first or India first, I will try to be privacy first, by open sourcing things or relying and contributing to either open source or at the very least source available licenses (so that people can indepdently audit, I prefer using open source but we will see how much monetizable it is, I am not looking for too much money as I am frugal but still I do want sustainability, I might start out source available and pledge to release it open source once the project might reach enough users let's say or I can earn "enough" with a proper definition)
So a big emphasis on privacy & sustainability. most EU cloud options are definitely green as well (like Netcup) so I can get that checkbox available as well most likely but there isn't any guarantee but still my point is I would still try to keep Climate change in mind as a factor hopefully too while still optimizing for a good enough price range.
I will also create a blog post probably highlighting all of this and also the fact that I am willing to go EU first if my product would focus on EU/actually trends with EU consumers/businesses & then I will establish an estonia company as people have said here and make my Indian company the subsidiary of my estonian company and use either a fin-tech solution either from the start of my Indian company which could support SEPA or other EU solutions or I will do it afterwards with a proper bank account/fin-tech support after I make an estonian company (which I would if my project can make say make some fixed amount of money most likely from EU customers such that the 1000 euros or more becomes a reasonable investment, or If I ever create a EU branch, my point is I will try to make the EU branch the head branch and Indian branch subsidiary and not vice versa hopefully though, currently please take what I am saying with a grain of salt as I can be wrong I usually am, I am just figuring out life :] and how to build and live off of building things that I myself would enjoy working on/the ideas around it like infrastructure decisions etc!)
My point is I am very much more open to work with sustainability/privacy goals with a more focus on open source and probably try not to take any VC funding hopefully and still be day one profitable & transparent/sustainable. Nothing's set in stone right now but hopefully I am able to explain what I think about these ideas.
On a .org domain....
...and on Cloudflare. So much for European Sovereignty.
And yet you participate in society. Curious!
Your vacuous drivel belongs on reddit.
I absolutely appreciate and agree with the sentiment, but can't figure out what the proposition actually is. The thesis seems to be: "Here's a problem. We want to solve it." Aaaaaaaaaaaand ... that's it. Exactly how are you going to solve it? Or, if "exactly" is too much of an ask, could we at least have a "vaguely"? Seems like it needs more meat on the bones!
Well, then join and help! I joined, waiting for you there :)
It says so on the tin. "Escape the chokehold of hyperscalers" is all that matters, really. Everything else will follow nicely from it. Compute density is so good these days, you don't even need major datacenter investment. There are modular DC designs that fit in a shipping container. You tow one around, connect power, fiber, cooling lines (to intercoolers in another shipping container) and that's it. You would be surprised how much can be accomplished with so very little. There are many advantages to this approach, like being able to bring up SCIF-equivalent inspectable spaces on the cheap, but considering we're all probably going to war sooner than later, it might as well become necessary. This is akin to how SAAB, and perhaps to a larger extent Ukraine, have changed airplane logistics.
Unless you're a hyperscaler yourself, hyperscaling is overrated.
The cookie banner code is broken, it doesn't show on my browser, making the website not react to cursors when scrolling, and mouse clicks aren't handled.
I only knew there is a bad cookie banner when I've opened the website in another browser.
Have mercy, webmasters.
install ublock-origin, right-click on the element, choose the new 'block element...' option, preview, verify, create .done.
I have ublock origin. It's impossible to use the internet without it. Removing the top layer works for fixing mouse clicks, but in cases like these I rather just drop the whole website without reading.
I mean, if a project is not able to get a functioning website, then well...
The site looks horrible in dark theme of multiple android browsers I tried, so I'll have to search for a TL;DR somewhere
This is a good thing and a required first step, but it's a drop in the sea.
All MacOS, iOS, Windows and Android are all produced by the USA. Virtually all chips as well.
It is foolish to assume there are not backdoors in every one of them.
Meaning we should assume the USA can shut down the entire Europe's IT if they really want to.
Then you got the authentication systems, security software (antivirus, proxies like cloudflare, crowdstrike and so on), the various Saas (docs editors, drives, ticket systems, chats...), the payment systems (including Visa and swift, but also Paypal, google pay, stripe, etc), the software stores, the root DNS, the SSL root certificates and a ton of network hardware.
Given the current political situation, it's a very bad spot to be in.
There seems to be a scrolling problem with this site.
AI slop again?
I have the same problem. I think it's related to some disabled autoplay setting.
Cookie banner problem as the sibling comment says.
So much for EU-something, riddled with EU-problems.