European organisations are under growing pressure to demonstrate where their data travels, who it traverses through, and whether those communications remain within approved jurisdictions. Between GDPR cross-border transfer obligations, NIS2 operational resilience requirements, DORA oversight expectations, and increasing scrutiny from auditors and regulators, “trusting” network boundaries is no longer enough.
Today, Damovo is announcing the release of SchengenWatch, an open-source EU data sovereignty validator designed to provide real-time visibility into outbound network communications and jurisdictional exposure.
SchengenWatch continuously analyses perimeter traffic flows, classifies outbound communications by destination geography, and alerts organisations whenever traffic exits the European Union or reaches high-risk jurisdictions. Unlike traditional SIEM-heavy approaches, SchengenWatch is lightweight, self-hosted, and purpose-built for sovereignty validation rather than generic log aggregation.
The project addresses a practical and increasingly common challenge faced by CISOs, compliance teams, legal departments, and infrastructure leaders:
“How do we continuously verify that our network traffic remains within approved jurisdictions?”
Historically, answering that question has required expensive monitoring platforms, manual firewall log reviews, or fragmented reporting across multiple systems. SchengenWatch simplifies that process by providing a focused operational dashboard that visualises outbound communications in real time.
What SchengenWatch Does
SchengenWatch ingests perimeter network telemetry from firewalls, routers, and security appliances, enriches traffic with geolocation intelligence, and categorises communications based on EU and non-EU destinations.
The platform includes:
- Real-time traffic classification by jurisdiction
- EU versus non-EU traffic visibility
- Alerting for cross-border communications
- Watch-list monitoring for high-risk jurisdictions
- Dashboard analytics showing destination countries and communication volumes
- Support for multiple firewall and logging formats
- Fully self-hosted deployment with no SaaS dependency
The dashboard provides operational views including:
- Sovereignty Overview
- Non-EU Alerts
- EU Traffic Monitoring
- Watch List Flows
- Live Recent Connections Feed
Default watch-list countries include Russia, China, North Korea, and Iran, although these can be customised based on organisational policy or sector-specific regulatory obligations.
Designed for European Regulatory Requirements
SchengenWatch was developed specifically for organisations operating under European data sovereignty and cyber resilience frameworks. The project is intended to support operational visibility aligned with requirements associated with:
- GDPR international data transfer oversight
- NIS2 operational security governance
- DORA resilience and third-party risk monitoring
- TISAX and sector-specific assurance requirements
Importantly, SchengenWatch does not export telemetry to external cloud services. All processing and analysis remain within the organisation’s own environment, supporting stricter sovereignty and confidentiality requirements.
Built for Real Infrastructure
SchengenWatch supports syslog ingestion and parsing across a broad range of networking and security platforms including:
- Cisco ASA / FTD
- Palo Alto Networks
- Juniper SRX
- Fortinet
- Check Point
- pfSense
- OPNsense
- MikroTik
- iptables / nftables environments
The platform normalises perimeter telemetry into structured JSON flows containing source IPs, destination IPs, ports, and protocol information for downstream enrichment and analysis.
Open Source and Available Now
SchengenWatch is released as an open-source project under the MIT licence and is now publicly available on GitHub.
The repository includes:
- Docker deployment configuration
- Dashboard components
- NetFlow processing
- Syslog ingestion
- Documentation and screenshots
- PCAP ingestion capabilities
For organisations looking to improve visibility into data sovereignty exposure without deploying a heavyweight SIEM platform, SchengenWatch provides a focused and operationally practical alternative.
Explore the project:
https://github.com/damovo/SchengenWatch
As regulatory scrutiny around data residency and cross-border communications continues to increase across Europe, operational visibility into network sovereignty is rapidly becoming a core requirement rather than a future consideration. SchengenWatch is intended to help organisations answer that challenge with clarity, transparency, and control.