ADR-001 — EU-provenance policy for borderline vendors
Architecture Decision Record explaining how vendors with mixed jurisdiction are classified in our catalogue.
Status: Accepted Date: 2026-05-26 Context: Digital Sovereignty Heatmap vendor-database cleanup (May 2026)
Context
Several well-known vendors have European origin but are now owned, headquartered, or operated from outside the EU. Listing them as "EU alternatives" without context misleads users; excluding them entirely loses signal. This ADR records the policy for six recurring borderline cases.
Decision
We introduce two additive vendor fields to encode provenance honestly instead of forcing a binary EU/non-EU bucket:
ultimate_parent_country(ISO-2): set when the operating HQ differs from the company that ultimately controls the entity (e.g. Mendix HQ NL, ultimate parent DE via Siemens; Tink HQ SE, ultimate parent US via Visa).sovereignty_modeenum:vendor-hosted-eu|self-host|oss-distributed|vendor-hosted-non-eu. Makes explicit how an EU-friendly outcome is achieved.
A future enhancement is eu_provenance (enum: eu-hq | eu-origin-us-now | eu-licensed-only) shown as a badge on the detail page. Tracked separately; not implemented yet.
Per-vendor decisions
| Vendor | Origin | Today | Decision |
|---|---|---|---|
| Optimizely (ex Episerver) | SE | Owned by Insight Partners (US), HQ moved | Exclude from EU alternatives. If listed, set headquarters_country=US, ultimate_parent_country=US. |
| Sitecore | DK | Owned by EQT (SE) — EU PE firm, but HQ moved to US | Include with headquarters_country=US, ultimate_parent_country=SE and explicit disclosure. |
| Talkdesk | PT | Now US-headquartered | Exclude. |
| Dashlane | FR | Now US-headquartered (New York) | Exclude. |
| Revolut | UK + LT bank license | Post-Brexit UK; LT licence is bank passport only | Include as eu-adjacent, headquarters_country=GB. Already in seed. |
| Yubico | SE + US | Operationally SE, marketing US | Include as headquarters_country=SE, mention dual presence in description. Not in seed yet — gated until added. |
Rationale
The sovereignty value proposition is jurisdictional: who can legally compel the vendor to hand over data, and under whose courts can the user enforce contracts. A US-incorporated entity with European employees is, for those purposes, US-incumbent. A UK entity post-Brexit is no longer covered by EU adequacy without a specific mechanism (UK-EU adequacy decision, currently extended).
Excluding misleadingly-EU vendors costs comprehensiveness; including them without disclosure costs credibility. The combination of ultimate_parent_country + sovereignty_mode + a future eu_provenance badge lets the database stay both broad and honest.
Consequences
- The scoring engine still keys on
headquarters_region(EU / US / OTHER), unchanged. Decisions above route vendors into the right bucket so scoring stays correct without a per-vendor allowlist. - The UI must surface
ultimate_parent_countryandsovereignty_modefor any record where they're set; otherwise this ADR is invisible to users and the data fields are dead weight. - New vendor additions in any of the six categories above must reference this ADR in the commit message.