Whether it's sensitive government communications that remain under German jurisdiction, business secrets that are secured against non-European access rights, or the protection of personal data and personal communication as well as control over your own data: With mailbox, companies, the public sector and private individuals benefit from legal certainty, GDPR conformity, information security, compliance and transparency. The label awarded by ECSO confirms that mailbox is not only committed to European sovereignty, but is actually European.
Why digital sovereignty is now more important than ever
The geopolitical developments of recent years impressively demonstrate how vulnerable dependence on non-European technology providers makes us. The US CLOUD Act, for example, obliges American companies to grant US authorities access to data – even if it is stored on servers in Europe. European companies, authorities and private individuals can thus inadvertently become transparent citizens. What's more:
- Political uncertainties due to changing governments and legislation in third countries
- Economic risks due to monopoly structures at US big tech companies
- Legal grey areas in the transfer of personal data outside the EU
In this area of tension, digital sovereignty – the ability to control one's own digital infrastructure is being challenged, to have self-determination over one's own digital infrastructure – becomes a question of capacity to act.
Beware of "sovereignty washing": Not every data centre in Europe is sovereign
Many providers advertise with servers in Germany or Europe. However, a data centre in Germany does not make a US company or its subsidiary a European provider. The decisive factor is which law the company is subject to. mailbox is not dependent on non-European parent companies: As a German company, mailbox is subject exclusively to German and EU law – including the strict requirements of the General Data Protection Regulation (GDPR). Data processing at mailbox only takes place in Germany.
Independently tested security at mailbox
In addition to the "Cybersecurity Made in Europe" label, mailbox has received a number of other awards and certifications that prove the high quality and priority of data protection and information security:
- ISO/IEC 27001 certificate: The International Standard for Information Security Management Systems confirms that a company protects data and systems with a structured security management system and actively manages risks.
- BSI C5-Typ 1-certificate: BSI C5 is the cloud criteria catalogue of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). A C5 certificate proves that a cloud provider works according to tested German cloud security criteria.
- Quality seal "Software made in Germany" and "Software hosted in Germany" of the Bundesverband IT-Mittelstand e. V. (BITMi).V. (BITMi):
- "Made in Germany": The seal of quality stands for IT solutions that are developed in Germany and whose quality assurance takes place in Germany.
- "Hosted in Germany": All data and the software itself are demonstrably processed exclusively in German data centres and all data processing is subject exclusively to German law.
- Gold status as part of the BSI Email Security Year 2025: mailbox has committed to fully implementing the latest email security standards and has already successfully implemented them.
Whoever chooses mailbox is not only opting for a secure digital workplace, but also for an independently audited European sovereign alternative to Big Tech. Find out more about security, encryption, spam and virus protection with mailbox.