Real data sovereignty

European IAM compared: zero-access beats EU hosting

Many European IAM platforms promise compliance simply because they host data inside the European Union. LoginMaster goes further: with its Tenant-Cloud architecture, personal data stays exclusively on your tenant and the cloud operates only on encrypted, pseudonymized data. Not even the provider can access your users' identities.

EU hosting is not data sovereignty

Hosting data in a European data center reduces some risks, but it does not remove them. If the IAM provider can still read, process or export your users' identities and credentials, the risk surface remains: improper admin access, an extra-EU request to a parent company or a provider compromise all expose personal data.

The real dividing line is not where data lives, but who can access it. With LoginMaster's zero-access model, personal data never leaves the customer's tenant and the cloud only works on encrypted, pseudonymized data: sovereignty is guaranteed by the architecture, not by a contract clause.

Zero-access vs EU hosting

How LoginMaster's zero-access model behaves compared with a typical European IAM that merely hosts data inside the EU.

CriterionLoginMaster (zero-access)IAM with EU hosting only
Where personal data livesExclusively on the customer's tenantOn the provider's cloud (in the EU)
Provider access to user dataTechnically impossible (encrypted, pseudonymized)Possible: the provider processes cleartext data
Cryptographic isolationPer tenant and per project, dual-signatureOften shared multi-tenant
Data sovereigntyGuaranteed by architectureRelies on contracts and SLAs
Exposure to extra-EU requestsNo cleartext data to hand overRisk if the parent company is outside the EU
GDPR and NIS2 complianceBy design: native minimization and encryptionTo configure and prove case by case
Credential protectionArgon2 with split-salt on the tenant sideHashing handled by the provider
Pricing modelPer tenant and project, unlimited usersTypically per active user

What makes the zero-access model different

Four architectural traits that no IAM based on plain EU hosting can offer.

Data only in the tenant

User names, emails and attributes stay on the customer's tenant. The cloud never keeps a cleartext copy, so it cannot become the point of leakage.

Zero-knowledge cloud

The cloud operates only on encrypted, pseudonymized data. Even if the provider is compromised, personal data stays unintelligible.

Per-tenant and per-project isolation

Every tenant and project has dedicated cryptographic keys and dual-signature tokens: no mixing between different customers.

Verifiable sovereignty

Protection is guaranteed by the architecture, not by a contractual promise: you can demonstrate it to auditors, DPOs and end customers.

Why it matters for regulated sectors

Less risk, less to prove

If the provider cannot access personal data, much of the GDPR and NIS2 scrutiny around third-party access is simplified: there is no cleartext processing to justify.

Resilience to extra-EU requests

There is no cleartext data in the cloud to hand over in response to requests from authorities or parent companies outside the EU: sovereignty does not depend on the provider's jurisdiction.

Trust for your B2B customers

You can give your customers the technical guarantee that their users' data never passes in cleartext through your identity provider, a concrete selling point in regulated tenders.

Native compliance, not bolt-on

Data minimization, encryption and pseudonymization are part of the architecture, not add-on modules to enable and keep aligned with regulations.

Evaluate LoginMaster for your case

We'll show you how the zero-access model applies to your compliance scenario and your data sovereignty requirements.

Frequently asked questions about European IAM

EU hosting is a useful but not sufficient requirement. GDPR requires minimization, access control and limitation of processing: if the IAM provider can read personal data in cleartext, it remains a controller or processor with access to the data, along with the related obligations and risks. The zero-access model removes that access at the root.

It means the platform provider has no technical ability to access end users' personal data. With LoginMaster's Tenant-Cloud architecture, identifying data stays on the customer's tenant and the cloud only processes encrypted, pseudonymized data.

cidaas and Engity are European IAMs that host data in the EU, but the provider still processes identities in cleartext. LoginMaster adds a further layer: personal data never leaves the customer's tenant, so sovereignty is guaranteed by the architecture and not just by data center location.

No. LoginMaster offers SSO, adaptive MFA, provisioning via API and SDKs, SIEM integration and access governance. Features operate on encrypted, pseudonymized data in the cloud and on cleartext data only inside the customer's tenant, without giving up any capability.

NIS2 requires access control, supply chain risk management and attack surface reduction. A provider that cannot access personal data reduces third-party supplier risk and makes it easier to demonstrate controls to auditors.

It is verifiable. Because protection derives from the Tenant-Cloud architecture and per-tenant encryption, you can demonstrate to DPOs, auditors and end customers that personal data does not live in cleartext on the provider's cloud, regardless of contract clauses.