vLLM Sovereignty: Open-Source Inference on Swiss Infrastructure
vLLM is open source under the Apache 2.0 license. That matters for sovereignty: you can run high-throughput LLM inference on your own GPU infrastructure in Switzerland, with full visibility into the code that processes your data.
When you use OpenAI's API, Azure OpenAI, or AWS Bedrock for inference, every prompt and every model output passes through US infrastructure, governed by US law, and accessible under the CLOUD Act without Swiss judicial process. Your prompts and completions never leave Swiss jurisdiction only if the inference engine itself runs on Swiss soil.
Sovereignty is more than where GPUs are located. The EU Cloud Sovereignty Framework defines eight dimensions that determine whether your provider is truly sovereign.
Why vLLM is a strong choice for sovereign inference
Unlike proprietary inference APIs from OpenAI, Google, or Amazon, vLLM gives you:
- No vendor lock-in — run any compatible open-weight model (Llama, Mistral, Qwen, and others)
- Full code auditability — every line of vLLM is inspectable on GitHub
- No data exfiltration — prompts and outputs stay on your infrastructure, period
- Community-governed — Apache 2.0 license, active open-source community
- Hardware flexibility — run on NVIDIA, AMD, or Intel GPUs without API vendor approval
VSHN operates vLLM on Swiss Kubernetes clusters with GPU scheduling. Combined with VSHN's Swiss ownership and operations, this creates a fully sovereign inference platform.
vLLM sovereignty compared
| Dimension | OpenAI API | Azure OpenAI | AWS Bedrock Inference | VSHN Managed vLLM |
|---|---|---|---|---|
| Ownership | OpenAI (USA) | Microsoft (USA) | Amazon (USA) | VSHN AG (Switzerland) |
| Governing law | US law | US law | US law | Swiss law |
| CLOUD Act | Exposed | Exposed | Exposed | Not exposed |
| Data location | USA | Regional (US-controlled) | Regional (US-controlled) | Switzerland (cloudscale.ch, Exoscale, or your choice) |
| Inference engine | Proprietary | Proprietary | Proprietary | Open source (vLLM, Apache 2.0) |
| Prompt data access | Provider has access, may use for training | Microsoft has access | Amazon has access | VSHN has operational access only for authorized support — never used for model training |
| Operations team | USA | USA | USA | Switzerland (Swiss-only option) |
| Certifications | SOC 2 | SOC 2, ISO 27001 | SOC 2, ISO 27001 | ISO 27001, ISAE 3402 Type II |
VSHN sovereignty self-assessment
We applied the EU's Cloud Sovereignty Framework (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's EUR 180M sovereign cloud tender in April 2026 — three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.
This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.
| # | Dimension | Weight | Assessment | Evidence |
|---|---|---|---|---|
| SOV-1 | Strategic | 15% | Strong | Swiss AG, no foreign parent, all shareholders Swiss citizens (Commercial Register) |
| SOV-2 | Legal | 10% | Strong | Swiss law (GTC), no CLOUD Act, EU adequacy decision |
| SOV-3 | Data & AI | 10% | Strong | Swiss DCs by default. Sovereign key management via Managed OpenBao + Swiss HSM |
| SOV-4 | Operational | 15% | Strong | Swiss 24/7 ops, Swiss-only support option. All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | Strong | Infrastructure-agnostic — customer chooses provider. Open-source software |
| SOV-6 | Technology | 15% | Strong | 100% open source. VSHN contributes to K8up (CNCF), Crossplane providers, Project Syn |
| SOV-7 | Security | 10% | Strong | ISO 27001, ISAE 3402 Type II, Swiss SOC. FINMA-regulated customers |
| SOV-8 | Environmental | 5% | Moderate | DC operators: Green Datacenter AG (ISO 22301/27001/27701), Exoscale sustainability. VSHN CSR policy |
Overall: SEAL-3 equivalent — the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4, as it requires fully EU/EEA-sourced hardware supply chains and open-source foundations — structural gaps shared by every cloud provider.
Get a sovereignty assessment for your inference setup
If you're running inference through US-hosted APIs or evaluating sovereign alternatives, we can assess your current setup against the EU framework and design a vLLM deployment that keeps your prompts and model outputs under Swiss jurisdiction.