Versa Networks, a global provider in unified security and networking, has announced the general availability of Europe’s first fully sovereign Secure Access Service Edge (SASE) platform. This service converges wide-area networking and cloud-delivered security into a single, unified platform, operated by noris network AG from redundant ISO 27001-certified facilities within Germany.

The new offering allows European enterprises to consume enterprise-grade sovereign SASE as a fully managed service, with traffic inspection, policy enforcement, and operational control handled entirely within Germany. This approach adheres to applicable European laws and regulations, addressing a critical distinction between data residency—where data sits—and sovereignty, which controls who has access to data, from where, and under whose law.

Prior to this launch, European organizations typically procured SASE solutions that were part of global cloud security infrastructures, often lacking full sovereignty across all architectural layers. Many incumbent SASE vendors deliver services from global infrastructures where, despite having points of presence (PoPs) within specific jurisdictions, their control planes—systems for inspection and access policy enforcement—often operate outside that jurisdiction. This subjects EU entities to non-European legal authority, even when accessing sovereign clouds or data centers within the EU. While some vendors offer data residency options, regional log storage, or in-country gateways, these often provide only partial sovereignty, with control and management planes remaining outside EU jurisdiction. This distinction is particularly important for organizations subject to regulations such as GDPR, NIS2, DORA, or Germany’s KRITIS framework, which mandate demonstrable control over where access decisions are made, policies enforced, and under whose legal authority infrastructure operates.

Versa’s Sovereign SASE provides sovereignty across all four planes of the SASE architecture as a fully managed service. The data plane handles traffic inspection, threat prevention, and content filtering at the local Sovereign PoP, ensuring traffic remains within Germany for processing. The control plane performs full Zero Trust access, including identity validation, continuous authentication, and access decisions, entirely within the sovereign environment. The management plane governs platform administration, logging, configuration, and operational access locally, making it fully auditable under EU law. Legally, the service is contracted through Versa Networks B.

V., a Netherlands-based EU legal entity.

Versa has a history of delivering sovereign SASE, with over five years of experience and production customers in defense, telecommunications, and critical infrastructure requiring operational independence. Examples include Swisscom’s beem service, Switzerland’s first carrier-grade sovereign SASE deployment at a national scale, and the U.

S. Department of Defense Thunderdome program, both built on Versa’s sovereign architecture. This new managed service model makes a similar architectural standard available within a specific jurisdiction without the associated operational overhead previously required for organizations to build and operate their own sovereign infrastructure.

The service is designed for organizations of all sizes, with particular appeal for those in regulated industries such as financial services, healthcare, critical infrastructure, manufacturing, and public administration. For financial entities under DORA, the architecture supports ICT risk management, operational resilience testing, and third-party oversight, with all operations contained within EU jurisdiction. For critical infrastructure industries subject to NIS2, it supports governance accountability, incident reporting timelines, and supply chain security controls. KRITIS-designated operators benefit from all data processing and operational control remaining within Germany, with BSI-aligned certifications and support for OT and ICS environments.

Unlike some sovereign SASE deployments that may sacrifice functionality, Versa’s solution provides the full VersaONE Universal SASE Platform within the sovereign boundary. This includes Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Next-Generation Firewall (NGFW), Intrusion Prevention System (IPS), Advanced Threat Protection (ATP), and Secure SD-WAN. No capabilities are removed or restricted. The platform also integrates VersaAI, Versa’s AI layer for real-time threat detection, automated security operations, and AI-driven analytics, with all VersaAI processing, telemetry, and inference operations remaining within the German sovereign boundary. This ensures that the security layer governing AI workloads meets the same sovereignty standard.

Kelly Ahuja, CEO of Versa Networks, stated, “Many enterprises invested in sovereign cloud strategies only to discover that their secure access, management and control plane were still operating outside their jurisdiction. Deploying a cloud SASE provider’s appliance on customer premises does not make a solution sovereign. True sovereignty requires control over where policy is enforced, where control and management occur, and who governs that data while it is in motion. This deployment makes that available to any EU enterprise as a managed service.”

Joachim Astel, CRO of noris network AG, commented, “We are thrilled to support Versa with our noris sovereign Cloud Platform (nSC) hosted in our German data centers. Customers who operate in security-critical and regulated sectors can rely on noris to deliver highly secure and compliant IT operations.”

Versa Sovereign SASE-as-a-Service is available now directly from Versa Networks and through authorized channel partners and managed service providers. All contracts are executed through Versa Networks B.

V.