Schrems II compliance of Sanity's CDN for procurement processes in EU

Hi, has anyone experience in procurement processes where Sanity has been used as the main database in EU? If so, wonder if Sanity is classified as the Cloud Service Provider, or if this is Google Cloud as the underlaying infrastructure?

Hi are you asking concerning Schremms II compliance of Sanity?

Yes indeed, – if you have any more info, it could be helpful

I will get things for you…

CDN Access LogsThe CDN has edge nodes across the globe, but even if a request is routed via US infrastructure (e.g. a request originating in the US that is routed to an edge node in the US, because it is geographically closest),
all access logs are stored in Europe. This is the most important thing to note: no access logs are ever stored in the US.In addition to that, no requests originating in Europe should ever be routed to the US. They will instead be routed to a nearby edge node.“anycast” IP addresses
The CDN uses “anycast” IP addresses, which means a single IP represent multiple servers across the globe. *It is a red herring that testing tools indicate these requests are routed to the US.*There is no definitive way to determine the geographical location of a server based on an IP address. When reporting location information, tools will often fall back to the where the company that owns the IP address is registered. Another cause of inaccuracy is that the test itself will be dynamically routed to the closest server: if the tool conducts testing from a server located in the US, it will be handled by infrastructure in the US.

traceroute

There is a technical way we can investigate how CDN requests originating in Europe are being routed.

traceroute

is a tool to inspect the route a request takes through the network. Requests make multiple “hops” on the way to their final destination, and

traceroute

reports the duration each hop takes.Here is an example of a

traceroute

for

<http://cdn.sanity.io|cdn.sanity.io>

from my office in the UK, the output shows the IP address of each network hop and, more importantly, the duration of time each hop took. A transatlantic hop would take at least 70ms, but we can see each hop is well below that. We can therefore determine that the request is not being routed to the US. If you run a

traceroute

from your location, you should see similar results.
Services built on Sanity’s CDN are Schrems II compliant because:
• No access logs are ever stored in the US.
• Requests originating in Europe are routed to CDN edge nodes that are also located in Europe.

Thank you so much, , really appreciate it!

I know how it is to navigate EU rules and we did a lot of experimens