Datenresidenz und EU-Cloud-Souveränität¶
This page describes data-residency and cloud-sovereignty properties of Weblate services operated by Weblate s.r.o., including Hosted Weblate and Weblate Cloud. It does not describe arbitrary self-hosted Weblate deployments, where the deploying organization controls hosting, backups, integrations, legal basis, and retention.
Weblate-operated services are designed for European data residency and customer control. The service operator is Weblate s.r.o., a company established in the European Union, and the primary hosting infrastructure is provided by Hetzner Online GmbH and Hetzner Finland Oy.
Wo die Daten gespeichert sind¶
Kundendaten, darunter Übersetzungen, Benutzerinformationen, Betriebsdaten und Sicherungen, werden innerhalb der Europäischen Union gespeichert und verarbeitet.
Die Hauptstandorte befinden sich in Deutschland.
Keine Betriebsdaten verlassen die EU, es sei denn, der Kunde fordert dies explizit an oder konfiguriert es, beispielsweise durch das Aktivieren von externen Sicherungen, Repository-Hosting, Authentifizierung, E-Mail, Analyse, Fehlerberichterstattung oder Integrationen für maschinelle Übersetzungen außerhalb der EU.
Infrastrukturanbieter¶
Die von Weblate betriebenen Dienste nutzen die Hetzner-Infrastruktur. Die Hetzner Online GmbH und die Hetzner Finland Oy sind nach DIN ISO/IEC 27001:2022 für ein Informationssicherheits-Managementsystem zertifiziert, das die Infrastruktur, den Betrieb und die Kundenbetreuung für ihre Rechenzentrumsparks in Nürnberg, Falkenstein und Helsinki abdeckt.
Hetzner gibt an, dass seine Rechenzentren Strom aus erneuerbaren Quellen nutzen. Die deutschen Rechenzentren werden mit Wasserkraft betrieben, und der finnische Rechenzentrumspark nutzt seit seiner Eröffnung Wasserkraft.
EU-Cloud-Souveränität¶
Weblate-operated services are intended to support common European cloud sovereignty requirements:
Data sovereignty: Weblate stores and processes customer data in the EU.
Operational sovereignty: Weblate s.r.o. operates the application service from within the EU using EU infrastructure providers.
Legal sovereignty: The service is provided by an EU company and uses EU hosting infrastructure. This reduces exposure to non-EU cloud operators, but does not remove every possible cross-border legal or integration dependency.
Technical sovereignty: Weblate is libre software and can be self-hosted, migrated, or run as a dedicated deployment when an organization needs stronger isolation or deployment-specific controls.
Customer control: Projects, translations, and user data can be exported or deleted. External integrations are optional and configurable.
The operational controls around security incidents and service continuity are documented in Vorfallsreaktionsplan für Weblate and Wiederherstellungsplan.
Cloud Sovereignty Framework¶
The EU Cloud Sovereignty Framework and similar procurement frameworks are often described using Sovereignty Effectiveness Assurance Levels (SEAL). Weblate’s target direction for operated services is alignment with the expectations of SEAL-4 / Full Digital Sovereignty, especially EU locality, EU operation, data portability, open-source software, and customer control.
Weblate does not currently claim formal SEAL-4 certification, third-party attestation, or equivalent public-sector framework approval. Such a claim would depend on a formal assessment route and on provider-level evidence from subprocessors such as Hetzner.
For procurement reviews, the current evidence points are:
Weblate s.r.o. is the EU service operator.
Customer data for Weblate-operated services is hosted and processed in the EU.
The application is libre software and can be independently deployed.
Customer projects and translations can be exported.
External integrations are optional and configurable.
Hetzner publishes ISO/IEC 27001:2022 certification for the relevant data center parks.
Cloud and AI Development Act¶
The EU Cloud and AI Development Act is still an emerging legislative and policy initiative. Until final legal text and implementation guidance are available, Weblate treats Cloud and AI Development Act questions as procurement and readiness questions rather than as a formal compliance certification.
The current Weblate service design supports likely cloud and AI sovereignty questions in these areas:
European cloud infrastructure: Weblate-operated services use EU hosting for customer data and operational data.
Open-source stack: Weblate is libre software, reducing dependency on proprietary cloud application code.
Portability: Translation files, project data, and user data can be exported.
No mandatory external AI provider: Core Weblate workflows do not require external AI or machine-translation services.
Configurable AI and machine translation: Automatic suggestions can use third-party machine translation or LLM providers only when configured by an administrator or project owner. These services can receive source strings, translations, and related context, so their use should be reviewed against the customer’s sovereignty and data-transfer requirements.
Organizations that require AI processing to stay within a chosen jurisdiction can disable external machine-translation services or use a self-hosted provider such as LibreTranslate.
Kundenverwaltung¶
Customers retain control over their Weblate data:
Project translation files can be downloaded from Weblate or synchronized back to the customer’s repository.
User data can be exported and account removal can be requested as described in Einhaltung der Datenschutzrichtlinien.
External integrations, including code hosting, authentication, e-mail, backups, analytics, error reporting, and machine translation, are optional and should be configured according to the customer’s transfer and processor requirements.
Dedicated Weblate instances are available for organizations needing stronger isolation or customized operational controls.
Service legal documents¶
Bemerkung
Diese Dokumente gelten für Weblate-Bereitstellungen, die von Weblate s.r.o. betrieben werden, wie beispielsweise Hosted Weblate und Weblate Cloud.
Der Auftragsverarbeitungsvertrag kann im Kundenbereich eingesehen werden.