Sovereign and EU-hosted deployments shorten the procurement conversation by removing the data-residency objection before it comes up. When a security questionnaire opens with a question you have already answered, the procurement team’s read on you shifts from “another US-hosted AI vendor” to “a vendor who understood the question.” Three procurement objections surface in order: data residency, training-pool exposure, and audit coverage. Each has a short answer if the vendor has done the infrastructure work.
What “EU-hosted” actually has to mean
“We have a data centre in Frankfurt” is not a sufficient answer, and a procurement team that has run this process before knows it. The questions arrive in a specific order:
-
Where does customer data rest? Opero runs on infrastructure in Germany, Denmark and Ireland under GDPR jurisdiction. Single-country pinning is configurable at contract time and enforced at the infrastructure layer.
-
Where does it transit? Customer data does not leave EU territory in transit during retrieval, inference, or action execution. No traffic routes through US-based infrastructure.
-
Who has read access? Retrieval is filtered by user permissions; each customer runs in a dedicated tenant with no cross-customer pooling of corpus, conversation history, or metadata.
-
What happens if a non-EU authority subpoenas your infrastructure provider? The infrastructure is in EU jurisdiction; sovereign on-prem deployment is available for stricter mandates.
Most “EU-hosted” claims survive question 1 and break on question 2.
The training-pool objection
“Do you train on our data?” Most LLM vendors’ honest answer is: we say no in the contract, but the operational architecture would permit it. The architecture that closes this question has a different shape.
Opero does not train on customer data. There is no training pool. When a technician asks a question, the Knowledge Agent retrieves the relevant chunks from your corpus and passes them to the model as context at retrieval time. Your data is in the prompt, not in the model weights. A fragment of one customer’s service manual cannot surface in another customer’s answer because the retrieval draws from a per-tenant corpus — there is no shared index across customers.
The procurement team can verify this by asking two questions: does your inference pipeline write anything back to a training data store, and what is your subprocessor’s model-training policy for data processed via API? Both questions have short answers when the architecture is right. When they don’t, the conversation gets long, and long procurement conversations about training-pool exposure rarely close well.
Audit log as procurement currency
“Show me what your system did six weeks ago for this user on this document.” That question ends procurement conversations in one of two ways: the vendor opens a log and walks through the answer, or the vendor explains why they can’t do that. The first vendor gets the contract.
Every retrieval, every cited source, every outbound action — PO draft, ticket update, work-order note — is logged with the calling user, timestamp and model version. The log is append-only and scoped to your tenant. When a procurement auditor asks what happened on a specific date, the log shows which user triggered the query, which documents were retrieved, what version of the model responded, and what action — if any — was written back to the ERP.
The log is replayable. You can reconstruct the exact retrieval that generated a given answer, which makes it usable in a formal audit rather than an informal retrospective. “We have logs” is a much shorter conversation than “let me check.”
Where to start next week
For procurement teams reviewing AI vendors: ask the egress question and the training-pool architecture question — in that order. The answers separate vendors faster than any security questionnaire. For vendors preparing for the security review: lead with the audit-log demo. Data residency is table stakes in the EU market; audit replay closes the meeting. Full operational-trust framing is in Operational trust. Hosting-region details and the subprocessor posture are on the Trust page.