Where does your city's data live, who has access, and can you switch at any time? Three questions decide what real smart-city sovereignty looks like. Here are our answers, provable rather than just a slogan.
An honest look at the options a municipality weighs up, by category rather than by vendor. This shows you what really matters when it comes to data sovereignty.
| Criterion | Hyperscaler platform | International IoT vendor | Classic IT integrator | In-house or point solution | urbanOS by dataMatters |
|---|---|---|---|---|---|
| Data location | Often outside the EU, access under US law possible | Depends on the vendor, jurisdiction often unclear | Project-dependent | Your own data center, high effort | Data centers in Germany |
| Legal basis | US law also applies | Inconsistent | Project-dependent | To be ensured yourself | GDPR & BDSG, German law |
| Data processing | Cloud-centric | Frequently cloud | Mixed | To be built yourself | Edge AI on site, depersonalization at the sensor |
| Open standards & export | Proprietary, lock-in risk | Partly proprietary | Project-dependent | Self-defined | Open standards (LoRaWAN), export via interfaces |
| Vendor lock-in | High | Medium to high | Project-dependent | Low, but expensive | No |
| Time to deploy | Long, complex | Varies | Long, project-driven | Very long | Fast, on existing sensors and network |
| Live references in municipalities | Varies | Varies | Varies | Rare | In operation in Neuss, Hürth, Dormagen and more |
This comparison describes general category characteristics, not individual competitors. The information on urbanOS is verifiable; for the other categories, the characteristics depend on the respective vendor and project.
Sovereignty is not a promise, it is measurable. Here are the figures and references we can actually back up.
In use across Neuss, Hürth, Dormagen, Dülmen, Senden, Lüdinghausen, Nordkirchen and the Coesfeld district. dataMatters is a spin-off of RWTH Aachen (since 2018).
In data centers located in Germany. The data never leaves Germany, and there is no transfer to foreign data clouds.
Yes. Data capture and analysis take place in strict compliance with the GDPR. Personal data is depersonalized right at the sensor, edge AI removes faces and license plates directly on site, for example.
No. We rely on open standards such as LoRaWAN and guarantee the export of your data through open interfaces.
No. All data is processed in data centers located in Germany that are subject exclusively to German law.
The AI analysis runs locally on the device on site rather than in a central cloud. This keeps sensitive raw data within the municipality, and only anonymized measurements flow into the data space.
No. Municipalities want a smart city, not a surveillance city. No information that would allow conclusions about individual people ever reaches the central system.
Let's talk about your city's data: location, legal basis, and the path from sensor to app.