Synthèse de la propriété et de l’exposition au CLOUD Act.
Norwegian headless/hybrid CMS (Oslo, est. 2000); founder-owned, ISO 27001 + 9001 certified — but managed Enonic Cloud runs on Google Cloud + Azure + Fastly.
Enonic, dans la catégorie CMS headless, propose un hébergement dans l’UE avec Norway comme lieu d’hébergement, mais une maison mère ou un sous-traitant américain laisse une exposition matérielle au CLOUD Act.
Enonic (Enonic AS, Oslo, founded 2000) is ISO 27001:2022 + ISO 9001:2015 certified (annual external audit of the 93 InfoSec controls), GDPR-compliant with a named Data Privacy Officer, DORA-aligned, and publishes both a downloadable DPA and a public sub-processor list — strong governance posture. Norway is EEA/EFTA but not EU, and ownership is founder-led (Morten Øien Eriksen + Thomas Sigdestad) with no identified VC/PE/US capital — hence ownership_signal: other (clean Norwegian local-hero on paper). The procurement caveat is the managed Enonic Cloud stack itself: per its own third-party-suppliers page the production IaaS is Google Cloud Platform (US-owned, EU region) with Microsoft Azure for encrypted off-site backups (Sweden) and Fastly (US) as CDN — data-at-rest lives on US-owned hyperscaler infrastructure inside the EEA, which is textbook material CLOUD Act exposure despite the Norwegian cap table. The escape hatch is self-hosting the open-source Enonic XP runtime on EU-sovereign infra, which removes Google/Azure/Fastly entirely.
Le degré d'exposition des données clients aux autorités américaines au titre du CLOUD Act.
Où se situe le contrôle ultime de la société exploitante.
L'exposition dépend de votre mode d'exploitation.
Exploité par l'éditeur — les sous-traitants ci-dessous s'appliquent.
Le degré d'exposition des données clients aux autorités américaines au titre du CLOUD Act.
Déployez sur votre propre infrastructure UE et vous contrôlez l'hébergement et chaque sous-traitant.
Le degré d'exposition des données clients aux autorités américaines au titre du CLOUD Act.
Enonic (Enonic AS, Oslo, founded 2000) is Norway's largest Norwegian-owned CMS vendor — a hybrid headless / visual-editing content platform built on its open-source Enonic XP runtime, positioned directly against Optimizely, Contentful and Sanity. Founder-owned by Morten Øien Eriksen and Thomas Sigdestad with no identified VC or PE capital, it is one of the cleaner ownership stories in the category. Compliance posture is genuinely strong: ISO 27001:2022 (annually externally audited against all 93 controls) and ISO 9001:2015 certified, GDPR-compliant with a designated Data Privacy Officer, DORA-aligned, a publicly downloadable DPA, and a public sub-processor list. The important nuance for sovereignty buyers is the managed Enonic Cloud infrastructure: Enonic's own third-party-suppliers page lists the production IaaS as Google Cloud Platform (US-owned, EU region), Microsoft Azure for encrypted off-site backups (Sweden), Fastly (US) for CDN, plus Mailgun (DE), Auth0 and Zendesk (EU), and Slack (US) for community support. So while the company is Norwegian and bootstrapped, the hosted data at rest sits on US-owned hyperscalers within the EEA — material CLOUD Act exposure. Buyers who need true sovereignty can instead self-host the open-source XP runtime (GPL-3.0 with a linking exception) on Hetzner / OVH / Scaleway, which removes the US sub-processors from the data path. Pricing: a free tier (5 GB), with Professional and Enterprise tiers quoted on request (no public EUR price).
Contactez l’éditeur pour les tarifs par palier ou volume.
Voir la page tarifs ↗Italian developer-friendly headless CMS (Milan); 25K+ businesses; bootstrapped feel, no US PE.
Berlin GraphQL-native headless CMS (formerly GraphCMS, founded 2017); enterprise clients incl. Samsung, LEGO; mostly EU-funded.
Paris headless CMS / page-builder (founded 2013); Slice Machine + Next.js / Nuxt / SvelteKit focus; from €7/mo.