Vendor database cleaned up and expanded
Nine records with incorrect headquarters information corrected, 27 new European vendors added, and the schema extended with sovereignty metadata so each vendor's positioning is explicit and honest.
Read ADR-001 on EU provenance →Added
- 27 new EU vendors — including Didomi, Axeptio and consentmanager.net (consent management), Dynatrace and Pandora FMS (monitoring), Make.com and SeaTable (low-code), memoQ, Phrase TMS and Wordbee (translation), Trade Republic (fintech), Aircall (helpdesk) and Nedap Healthcare.
- Three new per-vendor metadata fields: ultimate parent company (e.g. Wrike is owned by Symphony Industrial), sovereignty mode (vendor-hosted-eu / self-host / oss-distributed / vendor-hosted-non-eu) and a sharper EU classification (EU-27 / EEA / EFTA / EU-adjacent).
- Nine invariant tests in CI that prevent regressions — no EU sentinel without a sovereignty mode, no duplicate (name, category) pairs, no non-HTTPS websites, etc.
Changed
- Hologic, Carestream Health, Wrike and WordPress (self-host) moved from EU to US — these are US incumbents, not European alternatives.
- RustDesk (China), Logseq (Singapore) and Synology Drive on-prem (Taiwan) corrected to the developer's actual country; sovereign only when used locally or self-hosted.
- Bitrix24 corrected to Cyprus (legal entity) with explicit disclosure of Russian origin.
- Wire (Switzerland), Directus (US, BSL-licensed) and SumUp (UK post-Brexit) reclassified.
- 57 Swiss vendors tagged EFTA, 29 Norwegian/Icelandic as EEA, 4 Ukrainian as EU-adjacent.
Removed
- Misleading and duplicate records removed: a second Epic record labelled EU (real HQ is Verona WI), a duplicate SumUp and Directus entry, a duplicate SoftMaker Office, and Adyen/Mollie from the ERP category (they are payment processors, not ERP systems).