Dries Buytaert: Contentful and the limits of “Buy European”

A practical example is the US CLOUD Act. Many people may not know about it, but it becomes relevant anytime a non-US vendor is acquired by a US company.
But it shows the limit of “Buy European”. Contentful spent 13 years as a trusted European vendor, and one board meeting is enough to put it under US law.
Open Source is the only way to guarantee long-term choice, control, and governance over your code, data, and infrastructure.
The Contentful team deserves credit for what they built. Few European software companies have reached its scale and size. But this is also a reminder for Europe. For software that governments, public institutions, and critical industries depend on, sovereignty must survive any acquisition.
That is the point of The Software Sovereignty Scale and The Sovereignty Prerequisite that I submitted to the European Commission as feedback on their Cloud Sovereignty Framework.
For many of Contentful’s customers, this acquisition will be a non-event. For governments, public institutions, and regulated industries, it exposes a harder truth: a vendor being European today is no guarantee it stays European tomorrow.
This morning, Salesforce announced its plan to acquire Contentful.
Contentful is a German company, Contentful GmbH, registered in Berlin. For over a decade it has been a flagship European software company.
To me, the more important question isn’t whether the acquisition makes strategic sense (it does), or whether every Contentful investor got the outcome they hoped for (probably not). It is what the acquisition means for digital sovereignty.
The deal makes sense for both Salesforce and Contentful. Salesforce has long had a CMS-shaped hole in its product offering, and Contentful fills it with a mature, enterprise-ready SaaS product.
Congratulations to Sascha Konietzke, Paolo Negri, and the whole Contentful team. They spent 13 years building Contentful into one of Europe’s most visible enterprise software companies. Salesforce buying Contentful is real validation of the product, customers, and team they built.
This is not a hypothetical concern. The law came out of a dispute between Microsoft and the US government over emails stored in Ireland. US Congress changed the law while the case was pending, making clear that US providers can be required to produce data stored abroad.
Special thanks to Tiffany Farriss for her review of this blog post.
That does not make Contentful a bad company. It does not make Salesforce a bad owner. And it does not take anything away from what the Contentful team built.
If the acquisition closes, it becomes part of Salesforce, a US corporation, and falls under US law.
That is where Open Source matters. Drupal customers running on Acquia, my own US-based company, are also exposed to US law. But because Drupal is Open Source, they have alternatives: they can move to a European hosting partner, self-host, or fork the code. A Contentful customer cannot do the same.
In plain English, the CLOUD Act means that US authorities can require any US company to disclose data it controls. That can apply even if its data is stored in Europe, managed by a European team, or running on European infrastructure.
Before I go further, let me be clear about where I’m coming from. I founded Drupal and still lead the project, and I co-founded Acquia, a company built around Drupal, where I’m Executive Chair. So when I argue that this deal exposes a problem, you should factor in that Open Source is both my life’s work and my livelihood.
Contentful last raised money in 2021, at a valuation of more than billion, when SaaS valuations were near their peak and enthusiasm for headless CMS was at its highest. Since then, valuations have come down, and developers have become more pragmatic about when headless CMS makes sense.