// PROCUREMENT_LAYER
Cocoshede blueprints reference infrastructure categories, not vendor hype. This catalog gives leaders a structured shortlist for the common procurement layers behind private, governed AI adoption.
Strong fit for MVP and mid-market teams already comfortable with Postgres governance.
Managed cloud Postgres
GDPR: EU region available
HIPAA: Provider-dependent BAA review required
No
Teams that want a pragmatic vector layer close to relational application data.
Useful when sovereignty or self-hosting is a major buying criterion.
Cloud, private cloud, self-hosted
GDPR: EU hosting and self-hosting options
HIPAA: Enterprise review required
Yes
Private retrieval layers where teams need vector search portability and deployment choice.
Requires internal ML platform maturity or an implementation partner.
Self-hosted / private cloud
GDPR: Customer-controlled deployment
HIPAA: Customer-controlled deployment
Yes
Serving open-weight models in private GPU environments with strong throughput requirements.
Strong candidate when the target architecture already lives in AWS.
Managed cloud
GDPR: Regional controls available
HIPAA: Eligible service review required
No
Enterprises standardizing AI adoption inside AWS procurement and security controls.
Evaluate when Azure AD, Purview, and Microsoft security tooling are already standard.
Managed cloud
GDPR: Regional controls available
HIPAA: Eligible service review required
No
Microsoft-centric enterprises requiring identity, governance, and procurement alignment.
Important once prototypes move from demo usage into governed production monitoring.
Cloud, self-hosted
GDPR: EU and self-hosting options
HIPAA: Enterprise review required
Yes
Tracing prompts, model calls, evaluations, costs, and quality for production AI systems.
Useful for teams pursuing hybrid API routing without building gateway infrastructure first.
Managed edge
GDPR: Regional and enterprise controls dependent on plan
HIPAA: Enterprise review required
No
Centralized routing, caching, observability, and policy control across model providers.
Consider when report generation, extraction, or agent actions need deterministic gates.
Open-source, managed options
GDPR: Deployment-dependent
HIPAA: Deployment-dependent
Yes
Schema validation, output constraints, and policy checks around LLM workflows.
// PROCUREMENT_NOTE
Treat every entry as a due-diligence starting point. Enterprise buyers should still validate data residency, contractual terms, support coverage, security documentation, and implementation ownership before selection. Cocoshede links blueprint recipes to categories so teams can compare realistic options without turning strategy into a vendor shopping exercise too early.