European IAM compared: zero-access beats EU hosting
Many European IAM platforms promise compliance simply because they host data inside the European Union. LoginMaster goes further: with its Tenant-Cloud architecture, personal data stays exclusively on your tenant and the cloud operates only on encrypted, pseudonymized data. Not even the provider can access your users' identities.
EU hosting is not data sovereignty
Hosting data in a European data center reduces some risks, but it does not remove them. If the IAM provider can still read, process or export your users' identities and credentials, the risk surface remains: improper admin access, an extra-EU request to a parent company or a provider compromise all expose personal data.
The real dividing line is not where data lives, but who can access it. With LoginMaster's zero-access model, personal data never leaves the customer's tenant and the cloud only works on encrypted, pseudonymized data: sovereignty is guaranteed by the architecture, not by a contract clause.
Zero-access vs EU hosting
How LoginMaster's zero-access model behaves compared with a typical European IAM that merely hosts data inside the EU.
| Criterion | LoginMaster (zero-access) | IAM with EU hosting only |
|---|---|---|
| Where personal data lives | Exclusively on the customer's tenant | On the provider's cloud (in the EU) |
| Provider access to user data | Technically impossible (encrypted, pseudonymized) | Possible: the provider processes cleartext data |
| Cryptographic isolation | Per tenant and per project, dual-signature | Often shared multi-tenant |
| Data sovereignty | Guaranteed by architecture | Relies on contracts and SLAs |
| Exposure to extra-EU requests | No cleartext data to hand over | Risk if the parent company is outside the EU |
| GDPR and NIS2 compliance | By design: native minimization and encryption | To configure and prove case by case |
| Credential protection | Argon2 with split-salt on the tenant side | Hashing handled by the provider |
| Pricing model | Per tenant and project, unlimited users | Typically per active user |
What makes the zero-access model different
Four architectural traits that no IAM based on plain EU hosting can offer.
Data only in the tenant
User names, emails and attributes stay on the customer's tenant. The cloud never keeps a cleartext copy, so it cannot become the point of leakage.
Zero-knowledge cloud
The cloud operates only on encrypted, pseudonymized data. Even if the provider is compromised, personal data stays unintelligible.
Per-tenant and per-project isolation
Every tenant and project has dedicated cryptographic keys and dual-signature tokens: no mixing between different customers.
Verifiable sovereignty
Protection is guaranteed by the architecture, not by a contractual promise: you can demonstrate it to auditors, DPOs and end customers.
Why it matters for regulated sectors
Less risk, less to prove
If the provider cannot access personal data, much of the GDPR and NIS2 scrutiny around third-party access is simplified: there is no cleartext processing to justify.
Resilience to extra-EU requests
There is no cleartext data in the cloud to hand over in response to requests from authorities or parent companies outside the EU: sovereignty does not depend on the provider's jurisdiction.
Trust for your B2B customers
You can give your customers the technical guarantee that their users' data never passes in cleartext through your identity provider, a concrete selling point in regulated tenders.
Native compliance, not bolt-on
Data minimization, encryption and pseudonymization are part of the architecture, not add-on modules to enable and keep aligned with regulations.
Evaluate LoginMaster for your case
We'll show you how the zero-access model applies to your compliance scenario and your data sovereignty requirements.
Frequently asked questions about European IAM
EU hosting is a useful but not sufficient requirement. GDPR requires minimization, access control and limitation of processing: if the IAM provider can read personal data in cleartext, it remains a controller or processor with access to the data, along with the related obligations and risks. The zero-access model removes that access at the root.
It means the platform provider has no technical ability to access end users' personal data. With LoginMaster's Tenant-Cloud architecture, identifying data stays on the customer's tenant and the cloud only processes encrypted, pseudonymized data.
cidaas and Engity are European IAMs that host data in the EU, but the provider still processes identities in cleartext. LoginMaster adds a further layer: personal data never leaves the customer's tenant, so sovereignty is guaranteed by the architecture and not just by data center location.
No. LoginMaster offers SSO, adaptive MFA, provisioning via API and SDKs, SIEM integration and access governance. Features operate on encrypted, pseudonymized data in the cloud and on cleartext data only inside the customer's tenant, without giving up any capability.
NIS2 requires access control, supply chain risk management and attack surface reduction. A provider that cannot access personal data reduces third-party supplier risk and makes it easier to demonstrate controls to auditors.
It is verifiable. Because protection derives from the Tenant-Cloud architecture and per-tenant encryption, you can demonstrate to DPOs, auditors and end customers that personal data does not live in cleartext on the provider's cloud, regardless of contract clauses.