Versa unveils managed sovereign SASE service for EU data

Versa has launched a managed "Sovereign SASE-as-a-Service" offering designed to keep networking and security processing, operational control, and logging within a single legal jurisdiction as data-handling and cross-border access rules tighten.

The service is generally available and aimed at organisations that need security inspection and policy enforcement to remain inside national or regional boundaries, rather than relying on infrastructure that spans multiple countries. It targets enterprises of all sizes in regulated sectors with data residency and governance requirements.

Digital sovereignty has become a board-level issue across Europe and other regions, driven by regulatory fragmentation, geopolitical tension, and growing data flows linked to AI. EU frameworks such as GDPR, NIS2, and DORA have increased scrutiny of where data is processed, who controls it, and how it is protected. Many organisations have focused on where applications and stored data reside, but network traffic inspection and security policy enforcement can still occur elsewhere.

Sovereignty gaps

Secure access service edge (SASE) combines networking and security functions delivered through cloud-based points of presence and security services. In many deployments, user traffic reaches a local point of presence but is then forwarded to other regions for content and threat inspection. This architecture can create cross-border "hairpinning", where traffic leaves the country for processing and returns later. Metadata and security logs can also be generated and stored outside the jurisdiction.

Some providers localise inspection in a limited set of countries while keeping operational control and management outside the region where data is processed. That separates where data is inspected from where the service is administered. Versa argues that sovereignty requires control over the data plane, control plane, and management plane, as well as control over where logs are stored.

"Many enterprises invested in sovereign cloud strategies, only to discover that secure access to their applications and data was still governed outside their jurisdiction," said Kelly Ahuja, Chief Executive Officer at Versa. "Deploying a cloud SASE provider's appliance on customer premises does not make a solution sovereign. True sovereignty requires clarity on where access is secured, where policy is enforced, and who governs data while it is in motion."

Versa has previously delivered sovereign SASE designs through service provider deployments. It cited Swisscom's beem service in Switzerland as an example of a sovereign architecture used in a carrier setting.

Managed model

The new offering packages this approach as a fully managed service, aimed at jurisdictions where customers require the entire operational stack to remain under local legal and infrastructure control. Versa initially highlighted availability in Germany and the wider DACH region.

The service keeps the data plane, control plane, management plane, and logging on EU-hosted and EU-controlled infrastructure, and operates independently of Versa's global cloud infrastructure in the region. Contracting and operations for the EU service run through Versa Networks B.V., a Netherlands-based legal entity.

The move to a managed model reflects a broader shift in how enterprises buy networking and security services. Building a sovereign architecture in-house typically requires specialist skills, dedicated infrastructure, and ongoing operational capacity. A managed service reduces internal demands while keeping processing and administration aligned with local rules.

"Delivering sovereign SASE as a managed service represents a structural shift in the market. Until now, sovereign architectures were largely limited to national operators or organizations with the resources to build and operate their own infrastructure. A managed model lowers the barrier for regulated enterprises that require jurisdictional alignment without taking on that operational burden," said Jim Frey, Principal Analyst for Enterprise Networking at Omdia.

Cloud limits

Sovereign cloud initiatives from hyperscalers have focused on where workloads run and where data is stored. Network security processing adds another layer of complexity, since traffic can traverse multiple regions during inspection, policy enforcement, and logging. Companies also face questions about who can access management systems and operational data.

Forrester Research has described digital sovereignty as moving beyond niche compliance and becoming a risk management concern. "Once a blurred compliance and privacy-related discussion for techies, digital sovereignty is now a top risk management concern across the board," said Dario Maisto, Senior Analyst at Forrester Research. "Organisations across Europe are increasingly concerned about overdependence on hyperscalers for infrastructure, AI, and data services."

Channel partners and managed security providers are also looking for ways to meet EU requirements without redesigning their service stacks. "Many of our enterprise customers are looking for the SASE capabilities they trust, but delivered in a way that meets strict EU sovereignty and GDPR requirements. Versa's Sovereign SASE-as-a-Service approach allows us to address those needs without changing the underlying platform or operating model, which is exactly what the market is asking for," said Boris Wetzel, Managing Director and Founder at Choin.

Versa said the service would broaden access to sovereign SASE beyond national operators and large organisations with in-house infrastructure teams, with Germany and the DACH region as early deployment and operations priorities.