Sovereignty over your own information
That's built into our platform, our contracts and how we work with clients.
A datacenter in Europe: look beyond the location
Data sovereignty is high on the agenda. Ten years ago, nobody was losing sleep over it. Now it shows up as standard in procurement documents.
The starting point is usually location. A datacenter in Frankfurt has a clear European anchor. But as an organisation, you're better off looking past the location alone.
If your data is stored with an American cloud provider, it falls under the Cloud Act. That US law from 2018 allows the US to request data from American providers, even if the data is stored in Europe. Choose that kind of provider and the location is European, but the legislation isn't. That distinction gets forgotten more often than it should.
It goes further than data
Sovereignty is about more than where your data lives. At its core, it's about autonomy and control: how much of that sits with the client, how much with the vendor? That plays out across different dimensions, and it's rarely as obvious as it seems.
It's a thread running through many of the choices Zeticon has made over the years. We put 5 experts from the team in front of a camera and asked them how we've addressed this in MediaHaven and InformationHaven.
Below, you'll find their answers per theme, with concrete examples from real clients.
Where does my data live...
The first question is about location. With MediaHaven and InformationHaven, you choose: on-premise on your own servers, a private cloud we set up exclusively for you, or a shared cloud where infrastructure is used efficiently and your data stays logically separated from other organisations. What works best depends on your information, your security requirements and how much you want to manage yourself.
If the data isn't highly sensitive, we usually recommend a European cloud. We work with OVHcloud, a European provider. That keeps you clear of the Cloud Act described above, which targets American providers only.
...and who can access it?
The second question is about access. Who can reach the data once it's in the platform? MediaHaven and InformationHaven handle this with roles and user groups. Every user gets a role, and that role determines which data is visible to whom and what you can do with it. HR sees personnel files, finance sees financial documents, neither sees the other's information.
In the event of an audit, a security breach or a dispute, this is exactly what you need to show an auditor who did what and when. This matters most in sectors like the public sector, which works with personal data about citizens. It's equally relevant in sectors where data carries high economic value.
Our team helps clients make the right choices here.
Who decides when things change?
Choosing a platform is one moment. After that, you work with it for years. So it's worth discussing upfront who gets to decide when an upgrade happens and where the platform is headed.
At Zeticon, you have a say. Your subscription sets a baseline: on-premise clients get 1 upgrade per year by default, private cloud clients get 2 or 4 per year. Want to upgrade sooner because a feature you've been waiting for is coming? That's possible. Want as little disruption as possible? We look together at how to keep the impact small.
New features don't come from us alone: clients contribute to what gets built. AI metadata tagging and OCR for text extraction both came out of that process. The same goes for how you use the platform: as a media library, or fully via the API with your own frontend. We help you make the right choice.
How open is the technology underneath?
Many platforms are built on paid software from a single vendor. If you need something that vendor can't or won't deliver, you're stuck.
MediaHaven is built on a range of open source components. These are chosen carefully and are well-supported: they're maintained year after year by the open source community. When needed, they get supplemented or replaced by a better alternative.
On top of that, our platform is API-first: everything you can do in our application, you can also do via the API. Want to build your own access portal, integrate with another system, or use MediaHaven entirely without our frontend? All of that is possible.
Can I prove I'm compliant?
"We do things right" is different from "we can prove we do things right." Since NIS2, that gap has widened. NIS2 is a European directive from 2022 that requires organisations in critical sectors to demonstrably have their information security in order.
MediaHaven and InformationHaven help you build that proof. The system logs who viewed or modified a file, which values changed, and which IP address was used to access it. That gives you evidence when an auditor asks, when an incident occurs, or when a client dispute comes up.
You can also automate retention periods for groups of documents. Attach a 10-year retention period to a group, and the system deletes or archives automatically when the time is up. That solves a concrete problem for organisations required to keep data for a set period. A Dutch municipality became a client specifically for this functionality, for files around solar panel subsidies that legally must be kept for exactly 10 years, no more and no less.
Zeticon itself is ISO 27001-certified. NIS2 doesn't require an ISO 27001 certificate, but almost everything NIS2 covers is contained in that standard.
Will I be locked in, or can I leave?
You use a platform for a long stretch of time, during which your organisation grows and changes. Make sure you choose one that can handle that.
With MediaHaven and InformationHaven, the subscription is modular. You can add, reduce or scale functionalities and services at any point. A communications team that starts with a media library can grow into a DAM used across multiple departments within a few years. The platform grows with you; you don't have to adapt to it.
And if the collaboration ever ends? Every Zeticon contract states that you remain the owner of your data. You retrieve it yourself via our API, or we guide the transition.
An exit plan on the table before you sign gives peace of mind for the years that follow.
Hogeschool Utrecht
Hogeschool Utrecht heeft MediaHaven gekoppeld aan JW Player, zodat tienduizenden studenten tegelijk dezelfde video kunnen bekijken. Als een video uit MediaHaven wordt verwijderd, verdwijnt ze automatisch ook uit JW Player.
GS1
GS1 gebruikt MediaHaven als content delivery systeem. Dat was bij de start niet de beoogde toepassing. Het platform groeide mee.
- +190
- Affiliated organisations
- 1
- Central storage
- 29 PetaByte
- Volume assets
Meemoo
Meemoo beheert het audiovisuele archief van de VRT: zo'n 30.000 terabyte, deels op tape. Bijna geen ander MAM-systeem ondersteunt die opslagvorm nog. Zij bouwden hun eigen ontsluitingsportalen op de MediaHaven API.
Zeticon is ISO 27001-certified and is audited against that standard every year.
Do you prefer to have a conversation first?
Frequently asked questions
Data sovereignty covers location and legislation, but organisations that want to keep control of their information ecosystem look further. Who decides the pace of upgrades and new features? How open is the underlying technology, and can it integrate with other systems? Can you prove you comply with GDPR and NIS2? And what does the contract say if you ever want to leave? Each of those questions touches a different piece of the control you either have or don't.
Data sovereignty means your organisation decides where your data is stored, which legislation applies to it and who has access. For organisations working with personal data or business-sensitive information, it also determines whether you comply with GDPR, and whether foreign governments can access your data through laws like the Cloud Act.
Possibly. The Cloud Act from 2018 allows the US government to request data from American cloud providers, even if that data is physically stored in Europe. A datacenter in Frankfurt under an American hyperscaler still falls under that law. That's why many European organisations choose a European cloud provider.
3 options: shared cloud (shared server infrastructure, 4 upgrades per year), private cloud (dedicated infrastructure for one organisation, 2 upgrades per year), and on-premise (installation on your own server infrastructure). The SaaS variants run in ISO 27001 and ISO 9001-certified datacenters within the EU.
MediaHaven includes role-based access control by default, logging of who viewed or modified which file, an audit trail for compliance reporting, and automated retention periods via classifications. Attach a 10-year retention period to a classification and the system archives or deletes automatically. Zeticon is also ISO 27001-certified, a standard that closely aligns with what NIS2 requires.
Every contract states explicitly that you as a client remain the owner of your data at all times. Zeticon uses a standard exit scenario that is discussed upfront. You can retrieve your data yourself via the API, or have Zeticon prepare and guide that process.
All functionality the MediaHaven frontend offers is also available via the REST API. You can build your own applications, access portals or integrations on top of the platform. Meemoo uses this for an education archive, Hogeschool Utrecht for integration with JW Player.
Ask about 3 things upfront: an exit scenario in the contract, data ownership during and after the collaboration, and how much the platform uses open standards and APIs. Vendor lock-in sometimes comes from contractual terms, but just as often from knowledge that only sits with the vendor. Transparency throughout the process helps prevent that.
Yes. Zeticon has the capability to move data between European datacenters, and outside Europe if needed. The choice depends on where the laws and standards best match your needs, and happens in consultation with you.