Sovereignty shouldn't cost you the frontier.
One conviction: using any model shouldn't cost you control of your data. Sovereignty is deciding where data goes.
A sluis is a canal lock. It holds back the sea while it moves the boat through.
Open both gates of a lock at once and the sea floods in. So a lock never does. It admits the boat into a sealed chamber, closes behind it, equalises the water, and only then opens ahead. Controlled passage. Nothing spills.
Sluis treats your data the same way. Every request enters a sealed chamber: inspected, routed under your residency policy, then handed to a model. The frontier on one side, your jurisdiction on the other, a gate between them, never a hole. Every passage is logged.
Four convictions. Each one is wired into the product, not the pitch.
The best model AND the right jurisdiction
These were never opposites. Never trade the best model for the flag. Sluis runs EU-sovereign anchors and frontier models (Claude, Gemini, Mistral) in EU regions behind one endpoint, with direct US and Chinese providers available on opt-in, and pseudonymization so the model never sees a name, number or secret.
Prove it, don't promise it
A compliance claim you can't verify is a hope. Every call is sealed in a hash-chained ledger that you, or your auditor, can export and re-verify offline. Trust, then check.
Residency is a policy, not a hope
Where data may go is a rule you declare and we enforce on every request: explicit regions, explicit fallback, a hard block if nothing qualifies. Not a setting you trust a vendor to honour.
Built in the EU, for the EU
We answer to the same regulators you do. Sovereignty isn't a feature we bolted on for a market. It's the reason the company exists, and why the default is always EU-only until you decide otherwise.
Teams who answer to regulators.
The places where a single careless egress is a breach notification, and where "we think the data stayed in the EU" is not an answer anyone will accept.
Names shown are illustrative: placeholders for the kinds of teams Sluis is built for, not customer claims.
Built in Amsterdam. Run inside the EU.
Sluis is a Dutch company, anchored in Amsterdam and operated entirely on EU infrastructure. For a sovereignty product that isn't incidental; it's the point. The country a vendor sits in decides which laws can reach your data, and which government can compel it.
We surface the part other gateways hide: not just the region a model runs in, but who owns it, so EU-region-but-US-owned deployments carry their CLOUD Act exposure on the label, in the open.
We're hiring across the EU.
Engineering, compliance, and go-to-market. Remote-first, Amsterdam-anchored. If sovereign infrastructure is the problem you want to spend years on, talk to us.
See open roles→Talk to a human.
Procurement, a security questionnaire, a signed DPA, a self-hosted Sluis Edge gateway: whatever your compliance team needs to say yes. No bot, no funnel.
hello@sluis.aiCompliance shouldn't mean giving up the best models.
It should mean knowing exactly where they ran, and leaking nothing on the way. One base_url, any model your policy allows, every call sealed in a ledger you can hand an auditor.