Identity is the single most sensitive shared infrastructure dependency in a modern stack. It sits in front of every other system, so the jurisdiction and ownership of the identity provider becomes the jurisdiction and ownership of the entire authentication path.
For European procurement teams, this is also where the largest concentration of US dependency sits today. Okta, Auth0, AWS Cognito, Entra ID, and Google Workspace SSO together cover a significant share of EU enterprise authentication, and each comes with the same recurring questions: where is the directory hosted, where are session tokens stored, who can be compelled to access them, and how is sub-processor disclosure handled.
European and open-source identity software addresses these questions differently. Self-hostable platforms such as Keycloak and Authentik can be deployed inside an EU-hosted environment with no third-party access to the identity store. Managed European providers such as ZITADEL offer the operational simplicity of SaaS without the US ownership question.
For an EU-first stack, identity is one of the highest-leverage categories to move first. Once the IdP is sovereign, every downstream SaaS integration inherits a cleaner trust boundary, and the procurement story becomes much easier to defend.