Top 5 software escrow providers in the Netherlands compared

Looking for the best software escrow provider in the Netherlands? We compared the five most relevant players on the basis of publicly available information. Each approaches the market in its own way. This comparison shows where the similarities and differences lie and helps you choose what suits you best.


Overview

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Founded19912009201420111995
LocationAlmereAmsterdamThe Hague + San Francisco (USA)HaarlemHaren
Customers5,100+3,000+3,500+1,000+

Services

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Software Escrow
SaaS Escrow
Cloud service continuity
CloudSecure®

Continuity Escrow
Data Escrow
AI Escrow
Knowledge Escrow
Domain Name Escrow

Technical security

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Zero-knowledge architecture
Explicit, encryption key never with Softcrow
Client-side encryption
Supplier encrypts themselves, with their own key, before delivery

OpenPGP with Escrow4all’s shared public key; with Git synchronisation, content delivered readable

Direct Git synchronisation, content delivered readable
Standard encryption (Cipher)
AES-256
Symmetric

OpenPGP/GPG
Asymmetric

AES-256/512
Own encryption and tooling
Via web uploader, method set out in deposit specification
Quantum-safe
Symmetric AES-256, 256-bit key
Key management with supplier
Fully, Softcrow never receives the key

Private key shared with Escrow4all

Encryption at rest
Open standard file format
AES256-ZIP, opens with 7-Zip/WinZip
Deposit integrity check
Weekly based on SHA256 checksum
Append-only storage
Delivered data cannot be changed
Storage on private network
Deposit storage isolated from the public internet
Sovereign storage
100% EU-hosted, CLOUD- and USA PATRIOT Act-free

Partly based in the US (San Francisco)

Deposit options

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Web uploader
Command Line Interface (CLI)
Binary for Windows, macOS, Linux and Unix
Automated delivery
Via CLI, script, cron or pipeline

Git sync

Git sync
Git synchronisation (readable)
Snapshots (incremental)
Upload protocolHTTPS and SFTPHTTPS and SFTP

Verification

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Verification levels233
Key verification
Free of charge
Verification audit
Independent executor
Externally hired NOREA Register IT auditor

Own consultants

Own consultants

Self-appointed IT inspector

SoftcrowEscrow4allCodekeeperEscrow AllianceSoftware Borg
Business model scopeEscrow onlyEscrow and consultingEscrow and consultingEscrow and consultingEscrow and consulting
Pricing modelOne-off + annual, total priceMonthly, per component
Prices public
Fully

Indicative (calculator)

Via webshop
Legal systemDutchDutchDutchDutchDutch
ISO 27001 certified
(in preparation)

Notes

Zero-knowledge
Softcrow is, in this overview, the only escrow provider that explicitly describes zero-knowledge storage as an architecture principle and anchors it technically. With zero-knowledge, the supplier encrypts the deposit themselves, before delivery, with a key that Softcrow never receives. Access to the contents is thereby technically excluded, not merely contractually prohibited. The deposit is end-to-end encrypted (E2EE): from supplier to beneficiary, without Softcrow being able to view the contents. This layer runs on SecureStorage, Softcrow's own zero-knowledge storage infrastructure.

Sovereign storage
Softcrow's storage infrastructure is 100% hosted within the EU and falls beyond US jurisdiction. Softcrow is an independent Dutch company without a US parent or establishment, so the US CLOUD Act and USA PATRIOT Act do not apply. That is relevant for anyone who wants to keep data within the EU under the GDPR. Codekeeper is partly based in the US (San Francisco); a provider with a US entity can fall within the reach of US legislation. For the other providers this is not explicitly stated. It should also be noted: even under a legal demand, Softcrow can provide nothing meaningful without the encryption key, the zero-knowledge layer stands apart from the jurisdiction question.

Asymmetric encryption
Escrow4all uses OpenPGP/GPG with a key pair that they generate and manage themselves. The supplier encrypts the deposit with Escrow4all's public key. Escrow4all holds the accompanying private key and can decrypt the contents at any time. This is publicly documented in their own manual. That is not zero-knowledge.

AI Escrow
In the table, AI Escrow is named as a separate service, with its own name and its own positioning. The service is aimed at organisations that train or fine-tune their own AI model and host that model internally, not at companies that use AI via a cloud service such as OpenAI or Google. With cloud-based AI there is nothing to deposit: the model belongs to the provider and runs at the provider. The term AI Escrow covers a broad spectrum: from model weights and training data to system prompts and workflow configurations. That spectrum is not equivalent. Model weights of a self-trained or fine-tuned model are a valuable asset in their own right, depositable as software. System prompts and workflow configurations are configuration files. That is not escrow in the classic sense, but version control with a custodian in between. Softcrow deposits AI components such as model weights and training data as part of an ordinary Software Escrow. So far we do this without a separate AI agreement, separate name or separate price; if a specific situation calls for it, we draw up a separate agreement for it. What Softcrow does not offer is a native integration with AI development platforms such as Hugging Face or MLflow. That is an integration feature, not an escrow feature.

Knowledge Escrow
What other providers call knowledge escrow or IP escrow goes further than source code alone: think of design documentation, build and compilation instructions, configurations and other knowledge needed to be able to continue the software. Softcrow arranges this via an additional deposit within an existing Software Escrow, SaaS Escrow or CloudSecure agreement, so that all knowledge belonging to the software sits on the same zero-knowledge, sovereign storage.

Storage encryption
Codekeeper states AES-256/512 encryption. Because their verification service rebuilds the source code, Codekeeper has readable access to the deposit contents, regardless of the type of encryption.

Pricing model
With Codekeeper you assemble an escrow from separate components. Each component has its own price. Together those amounts form the monthly price. On the website you click together all the components you need.

Git synchronisation
Some escrow agents offer a direct integration with Git systems. That raises two objections. First, direct synchronisation is incompatible with zero-knowledge storage: the escrow agent receives the source code in unencrypted, readable form. Second, a Git synchronisation deposits at every commit, not at every release. A deposit in the escrow sense is an identifiable, release-ready version that a beneficiary can actually use in case of need. Interim commits are development snapshots, not a deposit. When every commit is deposited automatically, it is moreover unclear which version is the official one the beneficiary can lay claim to. Softcrow supports automated delivery via the CLI in a pipeline, at the moment of a release, without the escrow agent having access to the unencrypted contents.

Cloud service continuity: legal basis
Not all cloud continuity services offer the same protection. CloudSecure from Softcrow separates the hosting contracts, the intellectual property and the user agreements legally from the operating company. Those assets fall outside the bankruptcy estate, so in a bankruptcy it is immediately clear what does and does not belong to the estate. Codekeeper's Continuity Escrow is an operational service: in case of payment failures or disruptions at infrastructure providers, Codekeeper steps in to keep the service running. That is a different use case and a different legal basis. An approach that is sometimes presented as a continuity solution is storing login credentials for a cloud account in a deposit. That offers no legal protection: a cloud account is an asset of the supplier and falls into the bankruptcy estate in a bankruptcy. The trustee decides what happens with it. The beneficiary has no entitlement to cooperation.

NOREA Register IT auditor
RE is a protected professional title. A Register IT Auditor has completed an academic post-master programme, is obliged to undertake continuing education and falls under the disciplinary law of NOREA. In case of an error or unethical conduct, the title is at stake. That is a fundamentally different responsibility structure than an unprotected job title such as "IT inspector", where only civil liability applies. Formal independence is not a promise for an RE but a hard requirement, monitored by an external supervisory body. The verification report is drawn up and signed by an RE in accordance with ISAE audit standards and thereby has formal evidential value with supervisors and in legal disputes.

Business model scope
Softcrow provides escrow only. Providers who combine escrow with consulting have broader commercial interests: they earn from advising on the content of what they store. That is not by definition problematic, but it is relevant for anyone who deliberately chooses a neutral custodian without other interests.

Storage on private network
Softcrow's deposit storage sits on a private network that is not reachable from the public internet. Upload endpoints (HTTPS and SFTP) are publicly reachable, but shielded from the rest of the world via IP whitelisting and SSH keys. Exception: with the snapshots option for data deposits, the upload endpoint and storage are technically combined. Here too, access is solely via SSH keys.

Not known
Where a provider does not publicly describe a feature, this is shown with a light grey cross. This overview has been carefully compiled and is based solely on publicly available information.


Data based on publicly available information, consulted June 2026.