ai governanceeu ai actdata residencyb2b saas

EU Residency as a Tier, Not a Brand

Most European AI vendors either market themselves as 'EU sovereign' and quietly ship a weaker product, or route everything through US clouds and hope nobody asks. There is a third path. We shipped it.

June 9, 2026 · 9 min read

A European data centre interior at night, fibre-optic cabling glowing blue, a clipboard with a contract resting on a server rack frame in the foreground

Key Takeaways

✓ Most B2B AI vendors give one of two bad answers to EU data residency: brand themselves as 'EU sovereign' and ship a weaker product, or default to US clouds and hope procurement does not ask
✓ Corial offers a third path: EU residency as a per-tenant tier. Default tier is US-routed under Standard Contractual Clauses. EU tier routes every AI call through Google Cloud Vertex AI in European data centres at roughly a 10% premium
✓ When the EU tier is on, every AI code path goes to Europe: orchestrator, email drafting, voice transcription, grounded lookups, intelligence monitoring. No carve-outs
✓ The honest reason this is a tier and not the default: the capability gap with US frontier models is still real in 2026, and pretending otherwise would ship a worse product for customers

The cleanest position turned out not to be 'EU sovereign AI'

When I started writing the Corial Responsible AI Charter, I assumed the strongest position would be EU sovereign. We are a French company, our data sits in Germany, our DPO is in Chantilly. Branding the AI layer the same way looked obvious.

The more I wrote, the more that position fell apart. It did not survive contact with what our customers actually need from an AI workplace assistant in 2026.

So we shipped a different answer. EU residency at Corial is a tier. Customers choose it, in writing, at onboarding. The default tier is US-routed under Standard Contractual Clauses. The EU tier routes every AI call through Google Cloud Vertex AI in European data centres at roughly a 10% premium. This post is the argument for why a tier is honest where a brand is not.

The two bad answers most vendors give

Walk down the floor at any European SaaS conference in 2026 and you will see two postures repeated. Neither is right.

The first is the sovereignty brand. The vendor positions itself as the European choice. The website carries the colours. The pitch deck has a slide about Schrems II. Under the hood, the AI layer is restricted to a single European provider, often one whose flagship models are noticeably weaker than what is available in the US. The customer pays for the brand and gets a product that does less well on the work they actually need it to do.

The second is the 'default and do not mention it' posture. The vendor routes everything through US clouds because that is where the best models live, and the topic of residency simply does not come up unless procurement raises it. When procurement does raise it, the answer arrives as a vague reference to Standard Contractual Clauses and a hope that the conversation moves on. Most B2B SaaS today, including some very large ones, sits here.

Both postures resolve the trade-off in advance for the customer. Sovereignty-by-brand decides the capability cost is acceptable. Default-US decides the residency question is not worth surfacing. The customer is told the answer, not asked the question.

Why ignoring the question is not an option

If you sell to European customers in 2026, the question is coming. GDPR has been load-bearing for eight years. The French Data Protection Act adds a national layer on top. The EU AI Act came into force in stages through 2024 and 2025 and now reaches deep into workplace AI. National regulators, particularly the CNIL in France, have published specific guidance on AI providers and inference geography.

The commercial layer matters as much as the regulatory one. Our customers are B2B ingredient suppliers whose customers are the consumer brands at the end of the supply chain. L'Oréal, Unilever, and Henkel run formal supplier risk assessments. Those assessments now include a question about which AI vendors the supplier uses on relationship data. The supplier's answer flows up the chain. A weak answer creates a problem two layers downstream from where the AI lives.

Ignoring the question may work for another year. It will not work for the duration of an enterprise contract. Procurement asks. The supplier asks. The supplier's customer asks. By 2027 the absence of an EU residency option becomes a procurement gate, not a procurement nice-to-have.

The tier as a third path

The third path is to give the customer the trade-off as a choice, in writing, at onboarding. Two tiers. The default tier is US-routed under Standard Contractual Clauses. The EU residency tier routes every AI call through Google Cloud Vertex AI inside the European Union, at roughly a 10% premium on the AI line of the contract.

The mechanism is one boolean on the tenant record. A platform admin pastes the Google Cloud service account credentials into the admin console once, validates them with a one-token ping, then ticks the EU residency box on each tenant who has bought the tier. The tenant's next AI request routes through Vertex AI EU. No code deploy. No restart. Nothing changes on the customer's side.

On the EU tier, Anthropic Claude models are served on Vertex under licence and Google Gemini models are served on Vertex EU directly. The same model names, the same capabilities, served from European regions. The current EU regions in use across the Claude and Gemini families are Belgium, Netherlands, Frankfurt, Paris, Madrid, and Finland. Per-model region maps live in our model registry so newer models pick up the right region automatically.

What '100% coverage when on' actually means

If you say a tenant's data stays in the EU, every AI code path has to honour it. A single carve-out, an admin tool that calls a US endpoint for 'just this one feature', a transcription path routed differently for legacy reasons, breaks the promise. Most vendor residency claims fall down at exactly this seam.

We audited the codebase before publishing the claim. When a tenant is on the EU residency tier, the following AI code paths route through Vertex AI EU:

The orchestrator agent, on both the light and heavy paths, including all tool-use workflows
Email drafting, research, and people-query subagents
Daily briefing generation, meeting-prep briefs, and product intelligence synthesis
Voice note transcription via the Gemini transcription helper
Grounded LinkedIn, company, and news lookups via the Gemini grounding helper
The background industry-news monitor and intelligence worker
Every structured-output JSON extraction call across the system

The peripheral paths share the same helper as the main gateway dispatch. A single function resolves the tenant's EU residency flag once per request and returns the right client for the right region. There are no carve-outs and no second routing layer. If you find one, that is a bug and we want to know about it.

A salesperson at a tenant on the EU residency tier records a voice note in the lift after a customer meeting in Paris. The audio is transcribed by Gemini on Vertex AI in Paris or Belgium. The extracted action items are structured by Claude on Vertex AI in Frankfurt. The follow-up email draft is written by Claude on the same region. The customer's data never touches a US endpoint between the lift and the inbox.

The honest cost trade

The EU residency tier costs roughly 10% more on the AI line of the contract. This is the actual Vertex AI premium for Claude and Gemini in EU regions versus their direct US endpoints, plus the operational overhead of running per-region client pools. We charge it through at cost.

What does not change: model capability, model name, customer-side code, customer-side configuration, observable latency at the application layer. A tenant on the EU tier uses the same Corial product as a tenant on the default tier.

What does change: where the inference runs, which sub-processor sub-contract applies, and the data processing addendum the customer signs. The customer chooses the trade-off. The product team does not.

The thing we will not pretend

One part of this argument often gets quietly skipped in European AI marketing. I want to say it out loud.

The strongest AI capability in 2026 still sits with US-based providers. Anthropic and Google publish more capable frontier models, more comprehensive safety frameworks, and more detailed transparency reports than the European providers. The Stanford Foundation Model Transparency Index for 2025 scored Mistral, the leading French AI company, at 15 out of 100. Anthropic and Google sat higher. We use Mistral as a third provider, behind the gateway, opt-in per task, and we are glad it exists, but pretending it closes the capability gap would ship a worse product to the customers paying us to help them sell ingredients into the biggest brands in the world.

The Charter says this directly. We have not made 'EU providers only' a hard rule because doing so would force us to ship a noticeably weaker assistant. The residency tier handles the data flow question. The Charter handles the provider choice question. When European capability closes the gap on the workloads our customers care about, the default may move. We will say so when it does.

The principle: let the customer choose the trade-off

Underneath the engineering, this is really a principle about respect. Sovereignty-by-brand and default-US both decide for the customer in advance. The tier model puts the trade-off on the table where it belongs and asks the customer to pick.

Some of our customers will pick the EU tier because their downstream brand customers will eventually ask. Some will stay on the default tier because the 10% AI premium is meaningful at their scale and the SCC route is sufficient for their risk posture today. Both are defensible. Neither is the right answer for everyone.

What is not defensible is hiding the trade-off behind a brand. If you read your AI vendor's residency page and you cannot tell from it which region runs your inference today and which would run it tomorrow under a different option, the vendor has decided for you. That is the part worth pushing back on.

If you want to see the longer policy version of this argument, the Charter is at corial.app/responsible-ai-charter and the full Trust page is at corial.app/trust. The Model Card listing every provider, region, and independent third-party score is at corial.app/models. The full sub-processor list is at corial.app/legal/subprocessors.

Frequently asked questions.

Does the EU residency tier mean my AI calls never touch a US server?

Yes, for inference. When a tenant is on the EU residency tier, every AI inference call (orchestrator, drafting, transcription, grounded lookups, intelligence monitoring, structured extractions) routes through Google Cloud Vertex AI in European data centres. The current regions in use are Belgium, the Netherlands, Frankfurt, Paris, Madrid, and Finland. Non-AI infrastructure (application servers, database, backups) is already EU-only on Hetzner in Germany regardless of tier.

Why isn't EU residency the default for every tenant?

The Vertex AI EU endpoints carry roughly a 10% premium over the direct US endpoints for the same Claude and Gemini models. We charge that premium through at cost. Many tenants are happy on the US tier under Standard Contractual Clauses and would rather not pay the premium. We did not want to force the cost on customers who have not asked for it. So we made it a tier, defaulted off, and let the customer pick.

Which AI models are available on the EU tier?

The same models that are available on the default tier. Claude Opus, Sonnet, and Haiku are served on Vertex AI EU under licence. Gemini 2.5 Flash and the Gemini 3.x family are served on Vertex AI EU directly. Per-model region maps live in our model registry so newer models pick up the right region automatically. Mistral La Plateforme is wired into the gateway as an EU-sovereign-by-construction third provider and is available on both tiers.

How is the 10% premium calculated?

It is the per-call Vertex AI EU premium versus the direct US endpoint for the same model, plus the operational overhead of running per-region client pools. We pass it through at cost on the AI line of the contract. Per-tenant cost reports show the actual figure for the tenant's traffic mix each month, so the 10% is a planning number and the bill is the real one.

Can we move our tenant between tiers later?

Yes. The tier is a single boolean on the tenant record, edited from the admin console. Flipping it invalidates the routing cache and the next AI request for the tenant routes through the new tier. There is no code deploy, no migration, and no customer-side change. The AI line of the contract is updated to reflect the new tier.

Share this article LinkedIn X

Want a real answer to 'where does our AI inference run?'

Corial is the AI-native CRM for B2B ingredient sales teams whose downstream customers run formal supplier risk assessments. Pick the tier that matches your posture. Get the same product either way.

Get early access