EU sovereign AI gateway —
what changed when the cloud lane consolidated.
On 30 April 2026, Palo Alto Networks announced the acquisition of Portkey AI for an undisclosed sum, with Economic Times (via Futurum Group analyst coverage) reporting a transaction value in the $120-140M range. The cloud-AI-gateway category — the layer between your application and the LLM provider — now anchors to a US-incumbent security megavendor and integrates into Prisma AIRS as the AI Gateway for unified agentic security. For EU buyers, this consolidation changes the procurement question. Data residency, sub-processor list size, supervisory-authority routing, EU-jurisdiction litigation posture, and the legal entity behind the gateway all become first-class questions. This page maps the architectural-class differences between the consolidated cloud-gateway lane and Lucairn's EU-sovereign, BYOK-passthrough alternative.
PANW + Portkey + Prisma AIRS
is one signal in a wider lane.
The PANW-Portkey announcement (30 April 2026, press release verifiable at the URL above) folds the AI gateway into Prisma AIRS — the platform PANW uses to position itself as the unified control plane for agentic AI. Per the press release, Portkey will serve as the AI Gateway inside Prisma AIRS: the layer that monitors, routes, and secures every AI transaction across the enterprise. Transaction value: not officially disclosed; Economic Times via Futurum Group reports the $120-140M range. The earlier $700M figure circulating in some write-ups was incorrect.
PANW + Portkey is one signal in a wider lane. AI gateway is becoming a sub-feature of the broader US-incumbent agentic-security control plane. Several other US security incumbents are circling the same architectural lane via adjacent capabilities. The pattern is clear; the architectural-class shift is real. EU buyers' procurement questions change because of it — not because the consolidation is bad for customers, but because the jurisdiction, control-plane scope, and sub-processor map all shift when the gateway sits inside a US-incumbent suite.
Five procurement properties
that move on the spec sheet.
Each bullet below is a real, EU-procurement-relevant property under GDPR, AI Act, NIS 2, and DORA. None require taking Lucairn's word for anything beyond what is publicly verifiable.
Data residency.
Where the gateway runs, where the metadata is logged, where the request bodies transit. EU AI Act + GDPR Article 44 (international transfers) make this the first procurement question. Lucairn runs on Hetzner (Germany); a US-incumbent gateway sits in the acquirer's cloud footprint — verify per product before signing.
Sub-processor count.
GDPR Article 28(2) + Article 30 require enumerable, contractually-bound sub-processor lists. The shorter and more EU-resident the list, the simpler the customer's own DPA register. Lucairn's list is fixed at 8 (Hetzner, Cloudflare, Supabase, Resend, Plausible, Anthropic, FreeTSA, Sigstore Rekor). A megavendor stack typically carries a longer, partly US-resident list.
Supervisory authority.
Which regulator your AI deployment answers to. For EU customers, EU jurisdiction means EU regulators — BNetzA (DE) under KI-MIG once it stabilizes, plus the data-protection authority and AI Act competent authority each Member State designates (CNIL in France, Garante in Italy on the data-protection overlap; designations under AI Act Article 70 are still settling per Member State). Direct, fast escalation. A US-incumbent gateway adds a longer cooperation chain and routes some questions through US legal frameworks.
EU-jurisdiction litigation posture.
Where a contract dispute or breach-notification action is heard. EU vendor + EU customer = EU court. US vendor + EU customer = a longer arbitration discussion before either party reaches a court of competent jurisdiction.
BYOK posture.
Whether the gateway holds upstream LLM keys or only forwards them. Lucairn never persists upstream keys — the BYOK passthrough is verifiable in code. See the architectural detail in /security/no-shared-credentials.
Architectural-class comparison
for an EU procurement reviewer.
Read the column you'd rather defend in an audit. The middle column is the architectural-class as observed in public materials — not a product-level claim about any specific competitor. Where a row depends on per-product configuration, the cell says “varies — verify per product.”
| Procurement question | Cloud AI gateway under US-incumbent control plane | Lucairn EU-sovereign BYOK-passthrough |
|---|---|---|
| Legal entity jurisdiction | US-incorporated parent (acquirer); subsidiaries vary | Declade UG (i.G.) under German law; intended progression to a Holding GmbH |
| Supervisory authority routing | Longer cooperation chain via the parent's home jurisdiction; varies per product | BNetzA (DE) under KI-MIG once enforcement chain stabilizes; direct EU regulator escalation |
| Sub-processor count | Varies per product | 8 enumerated: Hetzner, Cloudflare, Supabase, Resend, Plausible, Anthropic, FreeTSA, Sigstore Rekor |
| Primary infrastructure residency | Varies — verify per product | Hetzner, Germany (gateway, bridge, sanitizer, audit, witness all run there) |
| BYOK posture (gateway holds upstream LLM keys?) | Varies — verify per product | Never. Per-request passthrough; key read once, used once, discarded |
| Deployment shape | Cloud-managed primarily; varies per product | EU-region cloud gateway + per-laptop daemon (lucairnd) for the Sensitive Mode product line |
| Per-decision evidence layer | Varies per product | Per-request signed Decision Certificate; FreeTSA RFC 3161 timestamp; Sigstore Rekor public anchor |
| Default certification posture (vendor side) | Varies per product | EU-incorporated SME; no certification overclaims (architectural and cryptographic guarantees only) |
| Litigation forum | Varies per contract — verify per product | EU court between EU-incorporated vendor and EU customer |
The differentiator,
in honest framing.
Each bullet below is a structural property of Lucairn that a US-incumbent acquirer cannot replicate without rebuilding the architecture from scratch. Locked in; not marketing.
- Lucairn is not a US-incorporated company. The legal entity is Declade UG (i.G.) under German law, with intended progression to a Holding GmbH before the first production contract.
- Primary infrastructure is on Hetzner (Germany). The gateway, the bridge, the sanitizer, the audit, and the witness all run there. Cloudflare provides CDN/DNS only.
- The sub-processor list is fixed at 8. Hetzner, Cloudflare, Supabase, Resend, Plausible, Anthropic, FreeTSA, Sigstore Rekor. No silent additions; changes require a public sub-processor-list update.
- Supervisory-authority routing for AI Act enforcement is BNetzA. Once the KI-MIG enforcement chain stabilizes, EU customers escalate through EU regulators — not through a US parent's compliance liaison.
- The gateway never holds upstream LLM keys. BYOK passthrough is verifiable in code. The architectural detail is at /security/no-shared-credentials.
None of those properties is replicable by a US-incumbent acquirer without rebuilding the architecture from scratch.
The honest scope
of this comparison.
- Lucairn does not claim PANW, Portkey, or any other competitor is unsafe. The architectural class has different procurement properties under EU regulation; that is a factual statement about jurisdiction and control-plane scope, not a quality judgment.
- Lucairn does not claim that “EU sovereign” is a regulatory category. It is a procurement framing that customers under GDPR, AI Act, NIS 2, and DORA increasingly use. The legal force comes from those regulations, not from the term.
- Lucairn is a small EU vendor. PANW is a Fortune-500 US security megavendor. The comparison is about architectural fit for EU procurement, not about market scale.
- The PANW + Portkey transaction is recent. Announced 30 April 2026; expected to close in PANW's fiscal Q4 2026, subject to customary conditions. The Prisma AIRS integration roadmap may evolve. Track the announcement directly.
Verify the BYOK passthrough
or audit a real certificate.
The architectural claim is checkable. The credential-isolation page documents how Lucairn's gateway never holds upstream LLM keys; the verify page lets you audit a real signed certificate without contacting Lucairn.
REFERENCES
- PANW press release · 30 April 2026 · Acquisition of Portkey
- Prisma AIRS · AI Runtime Security landing page
- Futurum Group · analyst coverage of the Portkey acquisition (textual citation)
- Economic Times · transaction value reporting ($120-140M range; textual citation)
- GDPR Article 28 · sub-processor obligations
- GDPR Article 30 · records of processing activities
- EU AI Act Article 74 · supervisory authorities
- src/app/api/sandbox/run/route.ts:32 (in-repo)