Enonic

Enonic (Enonic AS, Oslo, founded 2000) is Norway's largest Norwegian-owned CMS vendor — a hybrid headless / visual-editing content platform built on its open-source Enonic XP runtime, positioned directly against Optimizely, Contentful and Sanity. Founder-owned by Morten Øien Eriksen and Thomas Sigdestad with no identified VC or PE capital, it is one of the cleaner ownership stories in the category. Compliance posture is genuinely strong: ISO 27001:2022 (annually externally audited against all 93 controls) and ISO 9001:2015 certified, GDPR-compliant with a designated Data Privacy Officer, DORA-aligned, a publicly downloadable DPA, and a public sub-processor list. The important nuance for sovereignty buyers is the managed Enonic Cloud infrastructure: Enonic's own third-party-suppliers page lists the production IaaS as Google Cloud Platform (US-owned, EU region), Microsoft Azure for encrypted off-site backups (Sweden), Fastly (US) for CDN, plus Mailgun (DE), Auth0 and Zendesk (EU), and Slack (US) for community support. So while the company is Norwegian and bootstrapped, the hosted data at rest sits on US-owned hyperscalers within the EEA — material CLOUD Act exposure. Buyers who need true sovereignty can instead self-host the open-source XP runtime (GPL-3.0 with a linking exception) on Hetzner / OVH / Scaleway, which removes the US sub-processors from the data path. Pricing: a free tier (5 GB), with Professional and Enterprise tiers quoted on request (no public EUR price).