RabbitMQ Sovereignty: Beyond "Hosted in Switzerland"
Major managed message broker services (Amazon MQ, CloudAMQP on US-owned infrastructure) run under US law. Your message queues, event streams, and application communications are accessible under the CLOUD Act without Swiss judicial process.
Running RabbitMQ on Swiss infrastructure solves the data residency question. However, sovereignty is more than where data is stored. The EU Cloud Sovereignty Framework defines eight dimensions that determine whether your provider is truly sovereign.
RabbitMQ and the licence question
RabbitMQ is licensed under the Mozilla Public License 2.0 (MPL-2.0). MPL-2.0 is a copyleft licence that applies per-file, not per-project. This means the copyleft obligation covers only the MPL-2.0 licensed files themselves, not the entire project or your application code that uses RabbitMQ.
This is a deliberate design choice by Mozilla: MPL-2.0 ensures the core code remains open while allowing organisations to build proprietary services on top. There is no re-licensing risk and no GPL-style requirement to open-source your application. RabbitMQ remains fully open source under the Mozilla Public License with no dual-licensing or service restriction clauses.
VSHN operates RabbitMQ on Swiss infrastructure under MPL-2.0 terms. The same sovereignty guarantees apply regardless of whether you deploy via Managed Server or self-service through Servala.
RabbitMQ sovereignty compared
| Dimension | Amazon MQ | CloudAMQP | VSHN Managed RabbitMQ |
|---|---|---|---|
| Ownership | Amazon (USA) | 84codes AB (Sweden) | VSHN AG (Switzerland) |
| Governing law | US law | Swedish law | Swiss law |
| CLOUD Act | Exposed | Not directly exposed (runs on US hyperscalers) | Not exposed |
| Data location | AWS EU regions | AWS/GCP/Azure EU regions | Switzerland (cloudscale.ch or your choice) |
| Source code | Uses RabbitMQ, proprietary service layer | Open source (uses RabbitMQ) | Open source (MPL-2.0) |
| Operations team | USA | Sweden | Switzerland (Swiss-only option) |
| Certifications | SOC 2, ISO 27001 | SOC 2 | ISO 27001, ISAE 3402 Type II |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026. Three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic: customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent. This is the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4, as it requires fully EU/EEA-sourced hardware supply chains and open-source foundations. These structural gaps are shared by every cloud provider.
Try Swiss infrastructure: Servala (managed services, free trial), Exoscale (Swiss IaaS). Want help choosing? Contact us.
Get a sovereignty assessment for your messaging infrastructure
Running Amazon MQ or CloudAMQP and concerned about jurisdictional risk? We assess your sovereignty profile against the EU framework and plan a migration to Swiss-hosted RabbitMQ.