Jahia

Jahia is built on JCR 2.0, defining content types via CND (Compact Namespace and Node Type Definition) files — a schema-as-code approach for developers. Property types span STRING, BOOLEAN, LONG, DOUBLE, DATE, BINARY, REFERENCE, WEAKREFERENCE, URI, NAME, PATH, and DECIMAL, with abstract mixins for reusable field sets. The CND approach is powerful but more complex than modern API-first schemas, and polymorphic/union field types are not natively supported.

JCR REFERENCE and WEAKREFERENCE properties support linking nodes, and JCR's tree structure enables parent-child traversal. Bidirectional lookups are possible via JCR-SQL2/XPath queries but require developer implementation rather than being automatically exposed in the API. Not graph-native, so reverse-relationship traversal is less ergonomic than purpose-built graph CMSes.

Jahia's component architecture allows content types to be composed into pages as nested components within Page Builder, with mixins providing abstract/reusable property sets applied to any node type. The jContent editorial interface supports block-based page composition. Solid for a traditional DXP — components nest within pages and sub-areas — but not portable-text-style unlimited nesting for pure content modeling.

JCR enforces type-level constraints (mandatory properties, value constraints via regex in CND) at the repository level, and Jahia modules can add custom pre-save validation logic. Standard required, type, and regex constraints are built-in via CND definitions. Cross-field validation or a visual rule engine for editors is not a documented out-of-box feature; custom validation requires module development.

JCR 2.0 provides native versioning at the node level — Jahia exposes this as full version history with rollback for content editors. Scheduled publication is supported via the scheduled-publication-workflow module that separates validation from publication date/time, and workflow approval adds an audit trail. No documented content branching beyond draft/live workspaces.

Page Builder reached functional parity with the legacy Page Composer by March 2026 and is production-ready: in-context visual editing, real-time preview, component management, side-by-side translation screen, and in-context preview of personalized content variants per audience segment. Non-technical editors can rearrange and edit page components without developer involvement. Not quite drag-and-drop best-in-class (AEM, SXA) but a solid traditional-DXP editor.

CKEditor 5 integration (1.0 module released June 2026) modernizes the rich-text editor with macro support, styles dropdown, CSS support, natively accessible HTML, and optional generative-AI tools for assisted writing, rewriting, translation, and summarization (OpenAI/Anthropic/Google/Mistral/DeepSeek configurable). Output remains an HTML blob stored in JCR rather than a portable AST, capping the score below platforms with structured rich-text formats.

jContent 3.5 (late 2025) and 3.6 (March 2026) improved the built-in media library with image size/format/usage metadata in thumbnail and list views, better single/multi-selection, automatic standardized file naming on upload, and Page Builder performance improvements. The Bulk Edit Content module (March 2026) lets editors update large volumes of structured content and metadata. DAM connectors exist for Cloudinary and Keepeek (Jahia Store); a community Bynder integration is provided by Gladtek (not in the Jahia Store). Native focal point and URL-based transforms are not built-in — provided via the Scaleflex CloudImage integration.

No documentation or product announcements indicate real-time co-editing (Google Docs-style) in Jahia. Each content item has an explicit lock action and the JCR/workflow architecture implies optimistic locking with workflow handoffs for review. Redesigned workflow/publication screens (March 2026) and the new Bulk Edit Content module improve multi-editor efficiency but do not enable simultaneous co-editing of the same node.

Jahia provides a customizable workflow engine with multi-stage approval processes, role-based transitions, and conditional routing; the Scheduled Publication Workflow module separates validation from publication timing. The Publication Dashboard gives editorial overview and March 2026 brought redesigned workflow and publication notification screens. A caveat: custom JBPM-based workflows are deprecated, with Jahia's replacement scheduled by end of 2026, creating modest near-term migration risk for shops relying on bespoke workflow logic.

Jahia provides a comprehensive GraphQL API (graphql-core module) and REST endpoints. The GraphQL layer exposes every JCR node with filtering, pagination, locale support, subscriptions, and is extensible; Apollo Client integration is documented. Available in both Jahia Cloud and self-hosted deployments. Not a purpose-built headless API (management and delivery share endpoint layers), but the GraphQL surface is broad and well-instrumented.

Jahia Cloud uses Amazon CloudFront for CDN-backed delivery with global PoPs, including a new APAC region available as of March 2026; CDN/WAF dashboards now provide cache-log analysis. CloudFront's April 2026 cache-tag invalidation support enables more granular purges. Self-hosted deployments still have no built-in CDN — operators must add their own — and edge-side personalization is not documented.

Jahia's StackConnect integration layer covers external connectivity and the JCR observation API supports internal event listening, but public documentation does not describe a first-class outbound-webhook service with event filtering, HMAC payload signing, retry logic, or delivery logs. The traditional Java-DXP architecture supports event handling, but the polished webhook tooling found in modern headless CMSes is not evident in product docs.

Jahia is a hybrid CMS — both coupled rendering and headless/API-driven delivery via GraphQL — with @jahia/nextjs-sdk as the primary official frontend SDK and headless-development guides centered on Next.js. Rich-text output is HTML (even after CKEditor 5), limiting non-web channels. SDK breadth beyond Next.js remains thin compared to purpose-built headless platforms, and no native-mobile SDK is documented.

Jahia's segmentation engine is powered by Apache Unomi (open-source CDP co-created by Jahia), supporting behavioral, contextual, declarative, and socio-demographic data combined with CRM integration data. Segments update in real time with no technical intervention. StackConnect (Workato) provides 1000+ connectors for external CDP enrichment. This is genuine native segmentation at a strong tier-2 DXP level.

Jahia serves different content variants to different audience segments natively, with in-context preview per audience available directly in Page Builder as of the March 2026 update (the default variant of personalized content is now visible in Page Builder without opening the personalization window). Personalization is content-item and full-page capable. Not quite best-in-class (lacks ML-driven decisioning engine), but native and editor-accessible.

Jahia includes built-in A/B testing for individual content items and full pages, with traffic allocation among variants and conversion rate analysis across segments and devices. Dedicated A/B testing dashboards were added/updated in the March 2026 release. Statistical significance reporting is not explicitly documented, which prevents a higher score, but this is genuine built-in experimentation with analytics feedback.

Jahia's scoring plans define affinities between visitors and offers, surfacing the most relevant content based on accumulated profile data — this is editorial rule-based with affinity weighting, not ML-based collaborative filtering. There is no documented algorithmic recommendation engine with collaborative filtering or neural embeddings. Adequate for rule-driven personalization but well below platforms with ML-based recommendation systems.

Jahia Augmented Search 4.0 (Elasticsearch-based, November 2025) provides full-text search across pages, content, and documents with typo tolerance, stemming, faceting (termFacet, treeFacet, rangeFacet, conditional facets), configurable boosts and Function Score for relevance tuning, and language plugins for major languages. Permissions, tags, and categories enable precise filtering. This is a genuine enterprise search offering.

Augmented Search is itself an Elasticsearch-based module, meaning Elasticsearch integration is the native path with a dedicated elasticsearch-connector. No official Algolia or Typesense connector is documented on the Jahia Store. Custom extension of Augmented Search is possible through its GraphQL API. StackConnect could bridge to external search services but no documented pattern exists.

Jahia is a DXP/CMS platform, not an e-commerce platform. There is no native product catalog, cart, checkout, pricing, or inventory management. Commerce content can be managed as editorial content but Jahia has no genuine commerce engine.

StackConnect (Workato) provides 1000+ no-code connectors that could include Shopify or Salesforce Commerce Cloud, but no dedicated pre-built commerce connector (product picker UI, API federation) is documented specifically for Jahia. No Shopify, commercetools, or BigCommerce official module appears in the Jahia Store.

Jahia's flexible JCR content type system (CND definitions) could be used to model product content with custom attributes and rich media fields, but no product-specific content type templates or commerce-aware field patterns are documented out-of-the-box. Generic content types repurposed for product content is the realistic scenario.

Jahia has rich built-in analytics powered by its Apache Unomi CDP, accessible in-context within the authoring interface. Metrics include referrer data, UTM parameters, geolocation, devices, browsers, site searches, forms, and CRM data. The March 2026 update added new A/B testing dashboards and personalization dashboards with filtering. This goes well beyond basic usage metrics into genuine content performance analytics.

StackConnect powered by Workato provides 1000+ no-code connectors including Google Analytics, Salesforce, Microsoft Dynamics, Marketo, and other analytics/CRM platforms. The Jahia Store also lists a dedicated Google Analytics for jExperience module. This covers the documented integration path with major analytics platforms at the 65+ threshold.

Jahia's single dashboard manages multiple sites, each with its own domain, URLs, templates, language configuration, and user roles. The Local Site Manager feature allows localization of global content for local sites, enabling content reuse across sites. Centralized governance with granular roles, approval workflows, and audit trails is explicitly documented.

Jahia enforces mandatory language properties per content item and each language has its own independent workflow for publication — locale A can be published without publishing locale B. Language fallback/mixing automatically displays content in the default language when a translation is unavailable. Supports 100+ languages. Document-level localization with per-locale publishing independence.

Jahia has an official strategic partnership with Translations.com (TransPerfect's GlobalLink TMS) with a dedicated certified connector on the Jahia Store. One-click content submission for translation, real-time progress tracking, and automatic return of translated content are documented. The DeepL connector was updated January 2026 with one-click machine translation of pages in jContent, side-by-side review, and multilingual workflow support. SDL connector also available.

Jahia's multi-site architecture supports multiple brands under one platform with shared component libraries, independent site configurations, and centralized user/role management. Approval workflows and audit trails (via JCR versioning) provide governance structure. However, explicit cross-brand policy enforcement or dedicated multi-brand governance UI beyond multi-site management is not prominently documented.

Jahia's jContent serves as an integrated media library with folder structures, metadata, custom tagging/taxonomy, and JCR-based versioning for assets. However, it is not a purpose-built DAM — usage tracking across content, rights/expiry management, and bulk asset operations are not explicitly documented. Optional Jahia Store integrations for Cloudinary and Keepeek bridge the gap for enterprise DAM needs; a third-party Bynder integration exists from Gladtek but is not in the Jahia Store.

Jahia has no native CDN or on-the-fly image transformation engine. The Cloudinary Picker module provides cloud CDN + transformations (resize, crop, format conversion, WebP) when installed, but this is an add-on, not a native capability. Without Cloudinary, image delivery is basic static file serving. Score reflects the add-on model rather than native capability.

No native video hosting, transcoding, or adaptive bitrate streaming in Jahia's core platform. Video requires external embedding (YouTube/Vimeo) or the Cloudinary Picker / Keepeek Content Picker for cloud-hosted video. No documented captions management or audio file management beyond basic file storage.

Jahia 8.2.3 (March 2026) brought Page Builder to functional parity with the legacy Page Composer — production-ready in-context WYSIWYG editing with drag-and-drop placement, real-time preview, compare-preview-vs-live, and inline insertion of content items anywhere in lists/areas. In-context preview of personalized variants is now integrated. Not as polished as modern headless visual editors (Sitecore Pages, Contentful Compose) but a genuine, mature visual authoring experience.

Jahia uses a jBPM-based workflow engine supporting multi-step approval processes with configurable states (draft, review, publication request), role-based routing (contributors, reviewers, editors-in-chief), notification system for task assignment, and JCR versioning for audit trail. Custom workflow definitions are possible through module configuration. Parallel approval paths and SLA enforcement are not explicitly documented.

Jahia supports scheduled publication (publish at a future date/time) and auto-unpublish/expiry with timezone awareness as standard editorial features. A content calendar UI is referenced in editor/marketer tutorials but not clearly documented as a distinct calendar view. Release bundles (atomic multi-item publish) and explicit bulk scheduling are not documented.

No evidence of simultaneous multi-author editing, presence indicators, inline commenting, or @mention notifications in Jahia's authoring interface. The JCR-based workspace architecture (edit vs live) implies a lock-or-overwrite model rather than real-time collaboration. User and group management exists but collaborative authoring features are absent from documentation.

Jahia Forms Core 3.18.1 (April 2026) adds multi-file uploads, new input types (numeric, phone), improved accessibility, and server-side validation for file uploads — on top of multi-step forms, conditional display logic, submission storage with CSV/PDF/XLS export, email notifications, and form prefill from visitor profile/geolocation. Progressive profiling and webhook-on-submit are not documented as turnkey features.

No dedicated pre-built certified ESP connector (Mailchimp, Marketo, HubSpot, Brevo) is documented in the Jahia Store. StackConnect (Workato with 1000+ connectors) can integrate with major ESPs but is a general-purpose integration tool requiring configuration rather than a turnkey CMS-native ESP connector. Email notifications from forms are built-in but email campaign orchestration is not.

Jahia's jExperience module provides behavioral triggers (goal tracking from visitor interactions), visitor scoring (affinity-based lead scoring), campaign tracking, and engagement analytics — genuine marketing automation primitives. However, drip campaign orchestration, nurture flows, and multi-channel campaign management are not native Jahia features. StackConnect provides integration with external automation tools.

Jahia's jCustomer powered by Apache Unomi (which Jahia co-created and maintains) is a genuine native CDP delivering unified customer profiles, real-time segment evaluation, behavioral event streaming, identity resolution, and direct audience sync for personalization. This is deeply embedded in the platform rather than a third-party add-on. Falls short of enterprise CDPs on scale and ML enrichment.

The Jahia Store offers modules across analytics (GA, Kibana), authentication (OAuth/SAML/LDAP/Okta/Keycloak/CAS), DAM (Cloudinary, Keepeek, Dalim), search (Elasticsearch), translation (GlobalLink, DeepL, SDL), AI (Claude, Gemini), and developer tools. Modules are classified by support status (Supported/Community/Legacy). Solid for a tier-3 DXP but smaller than Contentful/Contentstack ecosystems.

A Webhooks module is referenced in the Jahia Store and the developer documentation describes an OSGi rules engine for event-driven patterns. However, comprehensive documentation on covered event types, filtering, signed payloads, retry-on-failure, and webhook management UI is not publicly available. The rules/event system is developer-oriented and requires custom configuration.

Jahia provides a GraphQL API for headless delivery (GraphQL Core Provider updated February 2026 with improved authorization for introspection and a custom HTTP header for live workspace operations) and dual workspaces (edit/draft and live). Personal API tokens enable authenticated headless access. Headless preview integration still requires developers to implement custom preview endpoints against Jahia's draft content API; turnkey shareable preview links and branch-per-environment promotion workflows are not documented as out-of-the-box features.

Jahia has a sophisticated JCR-based RBAC system supporting custom role definitions, node-level and property-level (field-level) ACL, site-specific and language-specific permissions, and team management. SSO is well-supported via SAML2, OAuth 2.0/OIDC, LDAP, CAS, Okta, Keycloak, and AWS Cognito modules. SCIM for automated user lifecycle management is not explicitly documented.

Jahia provides a JCR REST API (JAX-RS) and a GraphQL API via graphql-core, with an interactive GraphQL Playground in Developer Tools and support for custom SDL schemas. 8.2 added a dedicated GraphQL API for administering External Data Providers, and GraphQL documentation on Jahia Academy was refreshed in March 2026. The GraphQL layer remains a modular add-on to a JCR-centric architecture rather than a purpose-built content-delivery API, capping the score below modern headless platforms.

Jahia Cloud is backed by AWS and OVH with 300+ edge locations providing CDN-layer delivery. Public documentation on specific API rate limits, pagination ceilings, or include-depth limits remains absent, and the platform lacks the transparent rate-limit posture seen in purpose-built headless APIs.

Jahia's primary development languages are Java (OSGi modules) and JavaScript/TypeScript (React TSX, now first-class in 8.2.3). There are no official content-delivery SDKs for Python, Ruby, .NET, PHP, Swift, or Android — the ecosystem is oriented toward platform extension rather than headless content consumption. Apollo Client is recommended for GraphQL but is a community library, not an official Jahia SDK.

Jahia offers StackConnect (powered by Workato) with 400+ no-code connectors covering Salesforce, Microsoft Dynamics, Marketo, Mailchimp, and more. The Jahia Store provides DAM modules (Cloudinary, Keepeek), analytics (Google Analytics, Adobe Analytics), and Commerce Factory for ecommerce. Marketplace UX is less curated than modern headless platforms. Note: a Bynder integration exists but is developed externally by Gladtek and is NOT available in the Jahia Store.

Jahia's OSGi module system supports hot deployment of extensions without platform downtime, covering custom UI extensions (30+ documented UI extension hooks), custom GraphQL schema via SDL, custom JAX-RS REST endpoints, and server-side hooks. 8.2.3 adds an OSGi authentication service and broadens JS/React TSX module development without Java. Spring framework usage is deprecated in favor of OSGi declarative services.

Jahia supports SAML 2.0 and OIDC-based SSO, with configurable password policies and SHA-256 + PBKDF2 password hashing. 8.2.3 introduces an OSGi authentication service, and the User Password Authentication — MFA 0.2.0 module (March 2026) adds customizable MFA flows with GraphQL-driven secure login. SSO tier-gating details remain unclear from public sources.

Jahia uses a node-level ACL permission system where permissions attach to JCR nodes, supporting content-instance-level access control and custom roles. A deep-dive permissions doc covers granular actions (read, write, delete, publish), and Content Editor supports per-field permissions. The system is powerful but the JCR-heritage complexity prevents a higher tier.

Jahia holds ISO 27001:2022 certification (company-wide scope including dev teams), is GDPR compliant, HIPAA compliant (Coalfire reassessment April 2026, 100% score), and PCI DSS SAQ A 3.2.1 compliant. EU data residency is available via OVH. No SOC 2 Type 2 is publicly listed — a noted gap for North American enterprise buyers — which holds the score below the 80+ tier.

CVE Details records historical vulnerabilities including XSS in older xCM versions. Jahia operates an ISO 27001:2022 ISMS with frequent cloud penetration tests, proactive third-party CVE remediation (e.g., snakeyaml upgrade in 8.1.9 for CVE-2025-52999), and a responsible-disclosure process via [email protected] plus Open Bug Bounty. The absence of a formal HackerOne/Bugcrowd bounty program caps this below 70.

Jahia supports both Jahia Cloud (managed SaaS on AWS and OVH) and self-hosted/on-premise deployment via Docker, with private cloud explicitly supported for regulated industries. Dual-mode flexibility positions Jahia well for data sovereignty needs, and Docker-based deployment enables consistent infrastructure-as-code patterns.

Jahia Cloud advertises a 99.9% base SLA per calendar month with fully redundant services, and SLAs up to 99.99% for enterprise tiers. The public status page (status.jahia.com) reports actual 2026 uptime: Jan 99.91%, Feb 99.88%, Mar 99.96% — broadly meeting the SLA. Self-hosted deployments have no vendor SLA. The 99.99% tier details and incident-response SLAs are not publicly documented.

Jahia Cloud uses AWS and OVH with 300+ edge locations, auto-scaling Docker clusters that expand in under five minutes, and clustered HA configurations with load balancers and multiple browsing nodes. Blue-green deployments via the Provisioning API enable zero-downtime releases. The platform is deployed at enterprise scale with documented automatic traffic adaptation.

Jahia Cloud automates backups, restores, and migrations across regions, with multi-datacenter replication and zero-downtime blue-green deployments. Specific public RTO/RPO targets remain absent from documentation and the trust center. Self-hosted deployments rely on customer-implemented DR. Automation is solid but the missing RTO/RPO commitments limit the score.

Jahia provides Docker images for full local platform instances and a @jahia/create-module CLI for project scaffolding, with yarn watch enabling hot-deploy during JS module development. OpenJDK is now sufficient (GraalVM no longer required). Provisioning API + Terraform supports reproducible environments. Setup is still more involved than purpose-built headless local emulators.

Jahia's Provisioning API enables fully automated CI/CD workflows including environment creation, scaling, and blue-green upgrades. Docker images + Provisioning API together make Jahia compatible with Terraform, GitOps, and standard CI/CD tooling. Jahia Cloud supports dev/staging/prod separation. Schema migration tooling is less mature than purpose-built headless platforms.

Jahia Academy provides comprehensive documentation segmented by persona (developer, sysadmin, end user) with GraphQL examples, module development guides, and tutorials. 8.2/8.3 added JavaScript/React TSX developer guides; GraphQL docs were refreshed in March 2026. GraphQL Playground is in-product. Some sections still reflect Java-heavy legacy material, capping the score below 80.

Jahia 8.2.3 solidifies native React TSX (TypeScript) support for JavaScript modules, with React 18.2 exposed and full server-side + client-side rendering. There is still no auto-generated TypeScript type system from the JCR content model comparable to GraphQL codegen on headless platforms. TypeScript coverage is at the component/presentation layer rather than typed content delivery.

Jahia maintained a steady release cadence into 2026: 8.1.0 (Jul 2025), 8.2.1 (Jul 2025), 8.2.2 (Aug 2025), 8.3 Page Builder (Nov 2025), 8.1.9 (Mar 2026), and 8.2.3 (Mar 2026) which brought Page Builder to parity with Page Composer and shipped JavaScript Modules engine v1.2. Augmented Search 4.0 (Nov 2025) and 4.1 (Apr 2026) also delivered substantive engine upgrades. Solid feature+maintenance cadence for a hybrid DXP, though still trails SaaS-native peers shipping weekly.

Jahia publishes structured per-version release notes at academy.jahia.com with dedicated 'What's New' and 'Customer Center' sections. Release notes distinguish feature improvements from security fixes, and Augmented Search 4.0 explicitly flagged breaking changes. Adequate, but no per-item migration guides or codemod tooling found.

Jahia publishes monthly product update posts summarizing recently shipped features, which provides some direction. No public community voting portal (Canny, GitHub Discussions) or structured long-range roadmap was found. Communication is retrospective marketing rather than forward-looking community transparency.

Augmented Search 4.0 (Nov 2025) and 4.1 (Apr 2026) released with documented breaking changes and upgrade notes, indicating a working change management process. Jahia uses semver-style versioning (8.x.y) with parallel maintenance branches (8.1.x, 8.2.x, 8.3.x). No evidence of extended 12-month deprecation windows or automated migration tooling.

Jahia is a niche, EU-centric platform with roughly 68 employees. No significant GitHub star counts on core repositories; community is largely contained to Jahia Academy and a private forum. Stack Overflow presence is sparse and the platform lacks the open-source community gravity of Drupal or even Magnolia.

Jahia Academy serves as the primary community hub with documentation, training, and a customer center. GitHub activity is present across 476 repos but engagement is modest, and no active Discord or Slack community was found. The academy model supports existing customers but does not attract broad developer participation.

Jahia operates a formal tiered partner program (Silver, Gold, Diamond) with 800+ trained partners reportedly generating 30% of pipeline. Partner portal with certified agency finder is publicly accessible. Notable partners include Proventeq, WIDE Agency, Ngoar, and Deeply Digital — strong for the company's size, though most partners are EU/French-market-focused.

Third-party content ecosystem is thin. Tutorials, YouTube videos, and conference talks predominantly exist in French-language EU markets, with no significant Udemy/Pluralsight courses found. Limited English-language developer blog content beyond Jahia's own blog reduces learning accessibility for non-EU buyers.

Jahia developer skills are primarily concentrated in EU/French-speaking markets. LinkedIn job postings mentioning Jahia are rare globally. A certification program exists through Jahia Academy but recognition is limited to the partner ecosystem. Buyers outside Europe face meaningful delivery risk finding qualified Jahia developers.

Jahia has a stable long-term customer base including the European Parliament (since 2004) and Ben & Jerry's (since 2011), and claims presence across 195 countries and 21+ industries. However, no recent high-profile new logo announcements or rapid growth signals surfaced for 2025–2026. Customer base appears stable rather than growing.

Jahia's last known funding was a $22.5M growth equity round from Invus in February 2015 — over 10 years ago with no subsequent rounds found. The company has ~68 employees, operates privately from Geneva, and recently transitioned leadership (Elie Auvray → CPO, Michael Tupanjanin → CEO). No acquisition or Series B+ activity; stability is implied but growth investment is absent.

Jahia was included in the Gartner Magic Quadrant for Digital Experience Platforms in 2018–2019 but does not appear in the 2025 Gartner MQ for DXP. It retains a Gartner Peer Insights listing in both WCM and DXP markets. Its open-source DXP positioning (Java/JCR base, EU privacy-friendly) is clear but niche, and without current MQ placement, analyst credibility is weakened for enterprise procurement.

Jahia has 487+ reviews on G2 — a substantial count for a Tier 3 Traditional DXP — and Capterra designates it 'highest rated CMS for building websites and portals.' Reviewers highlight flexibility, personalization, and modular design; criticisms center on steep learning curve and complexity of advanced features. Overall sentiment is positive with no major pricing or reliability scandal signals.

Jahia's official website routes to a contact form at jahia.com/enterprise-now/pricing-license with no published figures. Third-party review sites (G2, Capterra, GetApp) surface indicative ranges: jContent from €1,700/month, jEnterprise from €3,000/month. This partial visibility via aggregators does not substitute for first-party transparency. Scores below the industry norm of ~60 because the official channel is entirely sales-gated.

Jahia uses a tiered subscription with pricing determined by deployment type (cloud vs. on-prem), number of environments, and support level — not per-API-call or bandwidth metering, which avoids the worst unpredictability. However, the multi-variable negotiated model makes budgeting difficult and buyers report unexpected cost increases when adding environments or moving tiers. Scores mid-range for a traditional DXP.

SSO, user directories, and roles/permissions are included in the base jContent tier — a meaningful positive differentiator. Core CMS features are not heavily gated. However, personalization, A/B testing, CDP, consent management, and the rules engine are locked to jEnterprise (starting at €3,000/month), roughly doubling the price for marketing-centric DXP use cases. Gating is defensible given scope difference but the price jump is steep.

No evidence of monthly billing; enterprise DXP pricing at this level is typically annual contracts with negotiated terms. No startup program, nonprofit pricing, or self-service checkout found. Sales-led process implies limited flexibility for smaller buyers. Scored conservatively given no public evidence of exit provisions or short-term billing.

Jahia Community Edition is a permanent, downloadable, open-source release under GPLv3. It includes core CMS capabilities, runs on a standard Apache/Tomcat/MySQL/PostgreSQL stack, and is freely available via Docker images. GPLv3 copyleft is a real restriction for commercial SaaS products built on top of it. It is a meaningful free entry point but requires self-hosting with Java operational overhead, limiting accessibility.

Jahia is a Java-based platform requiring Tomcat, a relational database, and a JVM environment before any content can be managed. Review sources consistently describe a steep learning curve and complex initial installation for non-technical users. Getting a working site typically takes days, not hours. Well below the sub-day threshold for a higher score.

No published benchmark timelines, but Jahia is a traditional Java DXP with JCR-based content modeling, a proprietary module system, and complex personalization capabilities in the enterprise tier. Community sentiment indicates implementations run months for enterprise deployments. One anecdote of 'weeks' to advocacy is the exception, not the norm for full DXP deployments.

Jahia uses Java under the hood with a proprietary JCR-based module and templating framework. The community is small — review sites note that the high price 'keeps the user community small and stagnant.' Specialist availability is limited, and contractors with Jahia-specific expertise command a significant premium above generalist Java or CMS developers. Among the narrowest talent pools of any platform in this dataset.

Jahia supports both cloud-hosted (SaaS) and self-hosted deployments. The SaaS cloud option at €1,700+/month includes infrastructure, which is an advantage. Self-hosted Community Edition requires separate server, database, and CDN provisioning. The enterprise cloud pricing already reflects infrastructure cost bundled in, but the tier entry point is high. Comparable to other dual-mode traditional DXPs.

Cloud-hosted customers reduce ops overhead but still require Jahia expertise for module management, upgrades, and configuration. Self-hosted deployments (Community Edition or on-prem Enterprise) require JVM tuning, Tomcat administration, database ops, and Java application monitoring — effectively requiring a dedicated ops person familiar with the Java stack. Above the minimum operational burden for a traditional DXP.

The open-source GPLv3 Community Edition and JCR (Java Content Repository) standard-based content storage provide a meaningful baseline for data portability — JCR content can be exported via standard APIs. However, Jahia's proprietary module ecosystem, custom templating system, and personalization data structures create practical migration friction. Exiting jEnterprise means rebuilding personalization and workflow logic on a new platform. Better than fully proprietary platforms but not easy.

Jahia requires developers to internalize OSGi bundle architecture, JCR (Java Content Repository) node-type modeling, Maven-based module packaging, and a proprietary 'everything is content' philosophy — all deviating significantly from standard web development mental models. G2 and Gartner reviews consistently cite a steep learning curve. The abstraction stack (OSGi → JCR → modules → templates → rendering pipeline) has no close analogue in modern JS/headless development.

Jahia Academy provides structured documentation, online training courses, and an on-site certification programme — better than pure docs-only platforms. However, reviewer feedback on both G2 and Gartner notes that documentation is helpful but lacks depth in certain areas and does not cover advanced integration scenarios well. No interactive in-app onboarding tour found. Scores above bare-minimum docs but below the structured interactive-onboarding bar of 65+.

Core Jahia development is Java + Maven + OSGi — an enterprise Java toolchain unfamiliar to the mainstream React/Node.js developer pool. While Jahia exposes a GraphQL API and has a React/Apollo tutorial in its Academy, consuming the API still requires understanding Jahia-specific JCR node types and query patterns. No REST-first developer experience; the primary path is Java module development with a Maven archetype. Comparable to HCL DX on this dimension.

No official polished starter for Next.js, Nuxt, or Astro found. Jahia GitHub (github.com/Jahia) contains OSGi module samples (blueprint-servlet-osgi-module, OSGi-modules-samples) targeting Java developers, not JS frontend developers. The headless React tutorial in Academy is tutorial-level code, not a production-ready boilerplate with content model, CI/CD, or TypeScript. Scores near the bottom of the range; below all headless CMS platforms and most traditional CMS.

Going from zero to a working Jahia integration requires: JVM environment, Tomcat (or equivalent), relational database, Jahia server installation, OSGi bundle configuration files, Maven project setup, and (for enterprise) cluster and HAProxy configuration. Cat5 scoring confirmed that self-hosted Community Edition requires Apache/Tomcat/MySQL/PostgreSQL administration. Even cloud-hosted environments require OSGi config management for module customisation. Heavy config surface — among the most complex in this dataset.

Jahia content types are defined as JCR node type definitions (CND files) within Java modules. While the JSR-283 JCR standard provides some portability, modifying a deployed content type that has live content carries migration risk as there is no first-party schema migration tooling equivalent to modern headless CMSes. The 'everything is content' JCR approach introduces potential for deep node hierarchies and difficult refactors. Scores mid-low; better than field-count-limited SaaS CMSes but riskier than platforms with explicit migration tooling.

Jahia's bundled jContent editor provides in-context preview and draft mode for coupled (server-side rendered) deployments out of the box. For headless/decoupled frontends, preview integration is not plug-and-play — developers must implement a custom preview endpoint and integrate with Jahia's draft content API via GraphQL. No evidence of a first-party preview middleware or SDK comparable to Contentful's Content Preview API or Sanity's Presentation tool. Scores mid-range: good for coupled, complex for headless.

Productive Jahia development requires Java expertise, OSGi module development knowledge, JCR content modelling, Maven build tooling, and Jahia-specific APIs — a skill set not covered by generalist TypeScript/React developers. Jahia offers on-site and online certification courses, reinforcing that platform-specific training is expected, not optional. This is among the most specialised skill profiles in the Traditional DXP category, comparable to AEM or HCL DX.

A production Jahia project realistically requires at least a Java developer with Jahia/OSGi knowledge, a solution architect to design the module structure and JCR schema, and a DevOps/ops person for Tomcat/JVM/database management (cloud-hosted reduces but does not eliminate ops). TrustRadius and G2 reviews describe months-long enterprise implementations with professional services involvement. Not a solo-developer or small-team platform.

Jahia's jContent editor provides a usable WYSIWYG content editing interface that allows editors to create pages, manage content, and publish without developer involvement for routine operations. This is a genuine positive relative to lower-scoring DXPs. However, adding new content types, creating templates, building new page layouts, or configuring personalisation rules all require Java developers. Scores above mid-range for a Traditional DXP but not in the self-serve-friendly zone.

Jahia Cloud upgrades are vendor-managed, but self-hosted upgrades carry significant breaking changes: JDK 8 was dropped in 8.2.0 (requiring JDK 17), Hibernate was removed from the public API in 8.2, and JSON override file format changed. The Jahia 7→8 migration required dedicated developer and sysadmin guides. Mixed hosting model tempers the worst of this, but self-hosted customers face real upgrade complexity.

Jahia publishes SBOMs and VEX files for vulnerability transparency and dedicates maintenance releases specifically to security (e.g., 8.1.8 in February 2025). Cloud customers receive vendor-managed patches with no action required. Self-hosted customers must apply patches manually, but Jahia's advisory cadence and security documentation are reasonably mature for a mid-tier vendor.

Jahia has a pattern of significant forced migrations: JDK 8 dropped in 8.2 forced a JVM upgrade across all self-hosted deployments, Augmented Search 4.0 forced an Elasticsearch 7→9 migration (Feb 2026 breaking change release), and the Jahia 7→8 transition was a major platform migration. Migration guides are provided but the frequency of mandatory infrastructure-level changes is elevated.

Self-hosted Jahia carries a substantial dependency stack: JDK (now 17+), Elasticsearch (now v9), a relational database, Jackrabbit JCR storage, and optional jCustomer/jExperience add-ons. Major version upgrades to core dependencies have been forced in recent releases. Cloud deployment removes this burden entirely, but the dual-mode nature means a significant portion of customers manage complex dependency trees.

Jahia Cloud offers Datadog-based monitoring with custom Jahia dashboards covering application health and optimization signals, with alerting when immediate attention is needed. Jahia 8.1.8 added dedicated instance health probes. Self-hosted deployments require customers to configure their own monitoring stack. The cloud tier meaningfully reduces monitoring burden, but permanent monitoring is still described as mandatory even for cloud deployments.

Jahia provides content workflow and management features, but there is no specific evidence of automated content hygiene tooling such as orphan detection, broken-reference alerts, or content expiry dashboards. G2 reviews note that changes to data structures after content creation can be painful, suggesting content governance relies substantially on editorial discipline. Standard for a traditional Java DXP of this tier.

Jahia Cloud includes CDN, auto-scaling, and Datadog performance dashboards — substantially reducing the performance management burden for cloud customers. Self-hosted deployments require active tuning of caching, Elasticsearch indexing, and JVM memory. The 99.9% SLA and managed infrastructure of Jahia Cloud push the score up from the self-hosted baseline, but the significant self-hosted install base keeps the average moderate.

G2 and Capterra reviews consistently praise Jahia support as responsive, knowledgeable, and attentive through both sales and implementation cycles. A published Maintenance and Support Policy provides SLA clarity. Jahia's relatively small customer base means enterprise accounts receive genuine attention. Scores are held from 70+ by the absence of evidence on mid-tier plan SLA quality versus enterprise-only access.

Jahia Academy hosts community forums and documentation, but the community is small relative to tier-1 platforms. No evidence of a highly active public Slack or Discord with strong team participation. G2 reviewers note documentation can have gaps, requiring vendor contact to resolve. Response rates in community channels appear adequate but not fast by modern standards.

Jahia releases dedicated security and maintenance updates on a reasonable cadence (e.g., 8.1.8 in Feb 2025 for security, incremental 8.x.y releases). March 2026 product update notes indicate active development. As a smaller vendor, critical patches appear to ship within weeks rather than immediately. No significant backlog complaints found in reviews, but resolution speed is not exceptional.

Page Builder reached full feature parity with the legacy Page Composer in March 2026 and is now Jahia's recommended editor for all new projects. Drag-and-drop, pre-built customizable templates, dynamic template inheritance, and inline editing allow marketers to create and publish landing pages without developer involvement. CKEditor 5 with optional AI-assisted writing is integrated.

Marketing Factory (up to v1.9) is a dedicated campaign management add-on covering A/B testing, campaign goal setting, conversion tracking, data-driven optimization, and publish lifecycle — all without IT involvement. Lacks a visual content calendar but covers campaign coordination and performance monitoring.

Jahia ships built-in SEO capabilities with no plugin required: clean URLs, vanity URL management, Google-compatible 301 redirect management, automated sitemap.xml generation (per-language), robots.txt configuration, and full HTML metadata management including Open Graph tags. Comprehensive native SEO coverage.

Marketing Factory provides native A/B testing, conversion tracking, goal monitoring, and CTA optimization. Form handling and lead capture are supported. UTM parameter awareness and deep lead routing to CRM/MAP still require StackConnect integrations. Good for a traditional DXP but not a full-stack performance marketing suite.

Jahia's jExperience product (built on Apache Unomi open-source CDP) provides native behavioral segmentation, geo-targeting, session-based and profile-based personalization, and real-time content targeting without requiring a separate CDP. GDPR-compliant by design. March 2026 added personalization dashboards and default variant visibility directly in Page Builder (purple color coding for jExperience elements).

Marketing Factory provides full A/B testing for pages, content components, and campaign elements. March 2026 added dedicated A/B testing dashboards and inline variant visibility in Page Builder (color-coded). Statistical reporting and winner selection are supported. This is genuine integrated experimentation, not just a third-party connection.

Page Builder supports template cloning, inline editing, drag-and-drop, and content reordering. jContent 3.4 (September 2025) added a rewritten side-by-side translation interface accessible from Page Builder. Publication dashboard is accessible directly from Page Builder. Some manual steps remain for complex multi-step approval workflows but general content velocity is solid.

Jahia supports headless API delivery (GraphQL and REST) enabling content to be delivered to web and headless frontends. Marketing Factory can target personalization across headless channels. Native email, social, SMS, or push notification channels require external tools via StackConnect. Primarily web-first with API-based headless delivery.

Marketing Factory includes built-in analytics dashboards for campaign performance, A/B testing results, and personalization engagement. Standard integrations with Google Analytics (GA4), Matomo, and AT Internet (Xiti) are confirmed. Page-level content performance and decay metrics require external analytics tools — CMS-embedded dashboards focus on campaign and personalization.

Site Factory model enables brand template governance — shared templates and locked component palettes enforced at the platform level. Standardized page models prevent off-brand layouts. Enforcement relies on workflow governance rather than automated guardrails; a determined author could still deviate. Good for a traditional DXP.

Jahia's SEO module handles OG and Twitter card meta tag management natively, ensuring proper social media preview cards. Social scheduling or push-to-social workflows require external integration via StackConnect. UGC embeds are possible via custom development or third-party widgets. Solid OG management but no native social scheduling.

Jahia includes a built-in media library with image metadata, format control, and automatic standardized file naming (added March 2026). CloudImage integration reduces delivery sizes up to 75%. Dedicated DAM connectors for Cloudinary and Keepeek are available on the Jahia Store. A Bynder integration exists as a third-party build by Gladtek but is not available in the Jahia Store. Not a full native enterprise DAM but solid integration story with transforms and tagging.

Jahia has strong multilingual support — per-language sitemaps, locale-specific campaign variants via Marketing Factory, and a rewritten side-by-side translation interface (jContent 3.4, Sept 2025) accessible from Page Builder. GDPR compliance (cookie consent) is handled natively via Unomi. Market-specific promotional scheduling is possible but requires configuration.

Jahia's StackConnect platform provides 1,000+ no-code connectors covering CRM (Salesforce), MAP (Marketo, Mailchimp, Pardot), Adobe Experience Cloud, and AWS. Marketing Factory provides event-triggered content optimization. Depth of data sync varies by connector — many are webhook-based rather than deep API federations.

Commerce Factory supports product catalog management, physical and downloadable product types, multi-image per SKU, content enrichment at PIM level or directly in Jahia, and ElasticSearch-powered catalog. Commerce Factory is a separate add-on with no 2025-2026 product updates, suggesting maintenance-mode status. Adequate but not purpose-built for commerce content depth.

Commerce Factory provides automated category and brand pages, automated faceting on all product categories, up-selling and cross-selling content management, advanced couponing, and promotional content scheduling. Genuine merchandising tooling, though in maintenance mode. Scores above the 'no native tooling' floor given confirmed cross-sell/upsell and automated category management.

Jahia's commerce-io positioning focuses on API-based integration with third-party commerce platforms. StackConnect provides connectors including SAP Commerce and Salesforce Commerce Cloud. GraphQL and REST APIs enable data federation. However, no UI-level product pickers or deep real-time sync with Shopify or commercetools is documented — integrations are primarily webhook/API-based.

Commerce Factory enables editorial content enrichment alongside product data. Marketers can embed product references within editorial pages, creating buying-guide-style content. Shop-the-look, shoppable content with inline purchase CTAs, and lookbook patterns are not first-class authoring features — they require custom component development.

Commerce Factory includes basic promotional content scheduling and cart-adjacent banner management. CMS-managed trust badges and upsell banners in cart pages are possible through Commerce Factory. However, injection into external commerce platform checkout flows (Shopify, commercetools) without commerce template changes is not documented.

No specific post-purchase content management features found in Jahia documentation. Order confirmation pages and delivery tracking are primarily managed within the commerce platform. Marketing Factory can trigger follow-up content via behavioral signals but post-purchase order-event integration requires custom implementation via StackConnect.

Jahia Portal Factory explicitly supports B2B portal use cases with account-based access control, customer-specific content delivery, role-based catalog visibility, and gated documentation. The intranet/portal architecture extends naturally to B2B commerce content. Quote-request flows and customer-specific pricing display require custom integration.

Jahia's Augmented Search 4.0 (released November 2025, powered by ElasticSearch 9) provides federated search with improved performance. Commerce Factory's automated category faceting enables content-product blended search. Search landing pages are manageable via Page Builder. A solid but not best-in-class implementation.

Commerce Factory supports promotional content scheduling, advanced couponing, and time-based activation. Marketing Factory adds behavioral targeting of promotional content by audience segment. Countdown timers and tiered pricing tables require custom component development.

Jahia's multi-site architecture supports multiple storefronts from a single instance — each with independent domains, templates, language settings, and regional content. Site Factory enables rapid new-storefront deployment. Cross-site content reuse via Local Site Manager reduces duplication. Some content duplication may occur for storefront-specific editorial.

Commerce Factory supports multiple images per SKU. CloudImage integration provides responsive image delivery with up to 75% size reduction. Cloudinary DAM connector adds advanced media capabilities. However, 360-degree views, AR/3D models, and native video-in-PDP are not documented as native Commerce Factory features.

No marketplace or multi-vendor seller content management features found in Jahia documentation. Commerce Factory manages a single-seller product catalog. Seller profiles, seller-contributed content, and content moderation at marketplace scale are not native capabilities.

Commerce Factory supports multi-lingual stores, catalogs, categories, and promotions, as well as multi-country (taxes, currencies, regional specifics). Jahia's core multilingual CMS extends to product content localization. Regulatory content can be managed per locale. Currency-aware content blocks require configuration.

Marketing Factory + Commerce Factory integration enables some commerce analytics: ML-driven product recommendations, behavioral marketing signals, and conversion goal tracking. However, direct revenue attribution to CMS content pages and content-assisted conversion funnels are not documented as out-of-the-box features.

Jahia provides node-level RBAC where roles assigned to a content node are inherited down the tree with configurable inheritance breaks. Fine-grained permissions, custom role creation, SSO integration, and 2FA are confirmed. Audience-based personalization for department/segment-level content visibility is native via jExperience. Strong intranet-grade access control.

Jahia supports content lifecycle workflows, approval chains, version history, and content taxonomy. The employee intranet solution explicitly supports HR documentation repositories and internal knowledge bases. Augmented Search 4.0 improves internal knowledge discoverability. Content expiry scheduling relies on workflow rather than automated archival.

Jahia has a dedicated Employee Intranet Software product and Portal Factory module with 200+ out-of-box modules, personalized content delivery by role/department, and HR self-service portals. However, native social features (likes, comments), employee directory, and dedicated mobile apps are not part of core — they require integrations or custom development.

Jahia's intranet solution supports company news feeds, departmental announcements, and audience-segmented content delivery via Marketing Factory personalization. Content can be targeted by department or role. Read receipts, mandatory-read workflows, and acknowledgment tracking are not documented as native features.

Basic employee directory pages are buildable via Jahia content modeling and Portal Factory. HR system integration is possible via StackConnect (Workday, BambooHR). However, native org chart visualization, manager hierarchy views, and skills/expertise profiles are not documented as out-of-box features. Requires custom development for a full directory experience.

Jahia's core CMS provides version control, approval workflows, and content lifecycle for document management. HR documentation repositories with approval chains are confirmed for intranet use. Mandatory acknowledgment tracking, automated review/expiry reminders, and formal policy management distinct from general content are not documented as native capabilities.

Portal Factory with role-based content delivery enables new-hire portals with department-specific content paths. Progressive content disclosure can be configured via Marketing Factory personalization rules. Structured onboarding journeys with task checklists, 30/60/90-day progressive disclosure, and HR-triggered enrollment are not documented as first-class features.

Augmented Search 4.0 (released November 2025, powered by ElasticSearch 9) provides federated search across Jahia CMS and connected systems with improved performance and reduced memory footprint. Faceted filtering and relevance tuning are confirmed. Cross-system search (SharePoint, Confluence) is possible via connectors but not native out-of-the-box.

Jahia intranet portals are responsive web applications — mobile access is available via browser. Headless GraphQL/REST APIs enable custom mobile app development. No native Jahia employee mobile app is documented. Push notifications and offline support require custom app development. Responsive web without native mobile is the current capability.

No native LMS or micro-learning features found in Jahia documentation. Learning content hosting is possible via general CMS capabilities. StackConnect may provide LMS connectors but no documented native integration with Cornerstone, Workday Learning, or similar is found. Portal Factory does not include learning-specific modules.

No native social layer confirmed for Jahia intranets. Comments, reactions, discussion forums, employee recognition, and polls are not documented as out-of-the-box Portal Factory capabilities. These features require custom development or third-party widget integration. The platform is content-delivery focused, not collaboration-focused.

StackConnect provides 1,000+ no-code integrations including workplace tools. Salesforce, Adobe, and AWS are explicitly listed. No explicit native Microsoft Teams or Slack connectors are documented. Basic webhook-based integration with workplace tools is achievable via StackConnect, but embedded content cards, bots, and deep Teams/Slack integration are not confirmed as native.

Jahia supports content workflow states, approval chains, version history, and content scheduling (time-based publishing). Publication dashboard in Page Builder provides lifecycle visibility. Automated date-based content expiry/archival and stale content flagging are not documented as native features — lifecycle management relies on workflow configuration.

Marketing Factory provides intranet analytics: personalization engagement data, content performance by audience segment, and failed-search analytics via Augmented Search. Google Analytics and Matomo integrations provide standard page view metrics. Department-level analytics exist within Marketing Factory reporting. Not a purpose-built intranet analytics tool but adequate.

Jahia's multi-tenant architecture provides database-level isolation per site/tenant. The PaaS offering enforces strict data segregation between tenants. Each virtual site has independent content models and API access, scaling from 1 to 1,000+ sites. Genuine multi-tenant isolation for a traditional DXP.

Jahia enables cross-site content reuse natively — content objects from one virtual site can be referenced in others via Local Site Manager. Shared templates, global design tokens, and reusable components are maintained centrally and consumed across brand instances. Site Factory enables component library propagation to new sites at creation time.

Jahia implements federated governance: centralized homepage approvals while regional teams manage local campaigns independently. Fine-grained role management, cross-site JBPM approval workflows, multilingual governance, and complete audit history are native. Well-suited for multi-brand enterprise governance with local team autonomy.

Jahia's PaaS/cloud model uses shared infrastructure for hosting multiple sites/tenants, potentially providing per-brand cost efficiency versus license duplication. Pricing is enterprise/custom with no public volume tier commitments. Asia-Pacific cloud region added in 2025-2026 expands geographic reach but not pricing transparency.

Site Factory model enables per-brand visual identity — each site instance can have its own theme tokens, CSS, typography, color palettes, and logo treatment while sharing underlying component structures. Bootstrap/Less.js support and standardized page models enable brand-level customization with shared architecture. Not as strict as a formal design token API but solid for a traditional DXP.

Jahia supports per-brand multilingual governance through combined site isolation and workflow management. Translation workflows can be configured per site/brand. Marketing Factory provides locale-specific campaign variants per brand. Regional cookie consent (Unomi) and GDPR compliance are manageable per site.

Marketing Factory provides per-site analytics dashboards for each brand. Individual brand performance (campaign analytics, A/B testing, personalization engagement) is available per site. An aggregate cross-brand portfolio analytics dashboard with publishing cadence benchmarking or content velocity comparison across brands is not documented as a native feature.

Jahia supports independently configurable JBPM-based approval workflows per site/brand. Each brand can have its own review stages, approval chains, and scheduling policies while the central audit trail remains shared. Genuine per-brand workflow independence within a centrally auditable framework.

Local Site Manager enables corporate-to-brand content syndication — content from a central/corporate site can be referenced or shared across brand sites. Press releases, legal disclaimers, and product announcements can be managed at corporate level and consumed by child brands. Controlled override points for local adaptation exist but require configuration.

Jahia's Unomi-based CDP provides GDPR-compliant consent management and privacy settings configurable per site/brand. Regional cookie consent and privacy policies can be managed per brand instance. Per-region data residency settings are available in Jahia Cloud. No automated compliance guardrails preventing non-compliant publishing are documented — compliance is configuration-driven.

Site Factory maintains a central component library and site templates that propagate to new brand instances. The 'Luxe' template set (new in March 2026) demonstrates a React TSX design system reference implementation. Component versioning and update propagation across existing tenants are possible but require coordinated deployments rather than an automated versioning system.

Jahia provides a centralized admin dashboard across all sites and brands with granular RBAC. Central administrators can manage all brands while brand teams retain autonomous local management. SSO and 2FA are supported centrally. Cross-brand contributor roles and cross-site permissions are configurable. Strong enterprise user management for multi-brand.

Jahia supports cross-site shared content types that each brand site can extend with local customizations via JCR content type inheritance. Site Factory enables deploying base content models to new brand sites. Per-brand extension of shared content types without forking requires careful JCR configuration and is not a documented first-class authoring feature.

Per-brand analytics are available via Marketing Factory dashboards for each site. An executive portfolio dashboard aggregating content freshness, publishing SLA adherence, cost allocation per tenant, and capacity planning across all brands is not documented as a native feature. Manual aggregation from per-site reports would be required for portfolio-level insights.

Jahia publishes a dated public sub-processor list (Mar 27, 2025) naming 12 sub-contractors with activities, hosting countries, and customer-data flags — a level of transparency many DXP vendors do not match. EU/Swiss residency is available via AWS Ireland, AWS Switzerland (new), and OVH France. GDPR compliance is stated in the trust center. No customer-facing DPA template or SCC text was located publicly (only cloud T&Cs and a [email protected] contact for sub-processor notice), and right-to-erasure tooling remains undocumented — preventing a higher score.

Jahia completed a HIPAA Security Rule compliance assessment by Coalfire Inc., achieving a 100% score on the auditor's scorecard. A Coalfire certificate of completion and the compliance report are available on request. This is a strong signal for healthcare-oriented buyers. However, no explicit Business Associate Agreement (BAA) offering was documented, which is required for covered entities. Score reflects documented HIPAA posture without confirmed BAA.

Jahia covers GDPR (EU) and PCI DSS SAQ A 3.2.1 with yearly evaluations. PCI DSS SAQ A is the most limited scope questionnaire, covering card-not-present merchants using third-party processors. No documentation found for CCPA, UK GDPR/IDTA, PIPEDA, LGPD, FedRAMP, IRAP, C5, or HITRUST. Score reflects GDPR + lightweight PCI coverage without broader regional framework depth.

No evidence of SOC 2 Type 1 or Type 2 attestation was found across Jahia's trust center, security pages, or any third-party source. Jahia's certification stack focuses on ISO 27001 rather than SOC 2. The absence of SOC 2 is a notable gap for enterprise buyers in North America, where SOC 2 Type 2 is frequently required. Score reflects no SOC 2 attestation.

Jahia holds a current ISO/IEC 27001:2022 certification (certificate N° 2022/101121.3) issued by AFNOR Certification under COFRAC accreditation, valid 2025-09-06 through 2028-09-05. The scope covers Jahia Solutions Group SA as a 'Web Content Management and Digital Experience Software Editor' across the Geneva headquarters, Paris office, and Lyon development center — broader than infrastructure-only coverage. Statement of Applicability v4.0 dated 25/02/2025. No ISO 27018 for cloud PII processing was documented, which prevents a higher score.

Beyond ISO 27001:2022, Jahia holds PCI DSS SAQ A 3.2.1 (yearly evaluation), the Coalfire HIPAA Security Rule assessment, and has completed the AWS Foundational Technical Review (FTR) as an AWS partner. PCI + HIPAA are meaningful; AWS FTR is a modest assurance signal but not a security certification. No CSA STAR (Level 1 or 2), FedRAMP, IRAP, ENS, C5, Cyber Essentials Plus, or HITRUST documentation was found.

The Jahia Cloud sub-processor list confirms data hosting across five regions: AWS USA, AWS Ireland, AWS Switzerland, OVH France, and OVH Canada. This provides a meaningful EU vs. US choice plus two sovereign EU options (OVH France, AWS Switzerland) — broader than the previously-documented three regions. The sub-processor table also flags which providers handle customer data versus which do not, an unusual level of clarity. No APAC region is offered, and contractual residency guarantees are not surfaced in public materials, which limits the score.

No public documentation was found covering self-service data export tooling, post-termination data retention periods, or right-to-erasure mechanisms for Jahia Cloud. Automatic backups and triple redundancy are documented, but customer-facing lifecycle controls are not. Each customer receives dedicated infrastructure (no multi-tenancy), simplifying isolation, but the absence of documented data lifecycle controls is a gap for enterprise procurement. Score reflects insufficient public evidence of documented procedures.

Jahia partners with Datadog for platform monitoring and log indexing, bundled across all Cloud plans, and advertises 'live log access' to customers. This suggests operational observability is available. However, no documentation was found regarding content operation audit logs (who changed what, when), configurable log retention periods, SIEM integration connectors, or log export for compliance reporting. Datadog monitoring is not equivalent to compliance-grade audit logging.

No WCAG 2.1 AA compliance documentation was found for Jahia's content authoring interface. No ATAG 2.0 conformance statement, keyboard navigation documentation, or screen reader support documentation was identified. A dedicated /accessibility page returns 404. The absence of any accessibility commitment for the authoring UI is a material gap for public-sector and enterprise buyers with accessibility procurement requirements.

No VPAT (Voluntary Product Accessibility Template), ACR (Accessibility Conformance Report), Section 508 conformance statement, or ATAG 2.0 assessment was found for Jahia. No accessibility statement page was identified on the Jahia website (the /accessibility URL returns 404). The complete absence of formal accessibility documentation prevents procurement by US federal agencies and many regulated public-sector organizations.

Jahia 8.2 ships CKEditor 5 as its rich-text editor, and the CKEditor 5 AI Assistant feature (available via the Jahia Store module) provides in-editor AI writing assistance, rewriting, paraphrasing, and instant translation. The March 2026 product update explicitly lists 'AI through CKEditor 5 (assisted writing, rewriting, instant translation)' as a supported optional feature. No Jahia-native proprietary LLM engine, no brand voice controls, no bulk generation — AI is purely the CKEditor plugin connected to implementer-supplied LLM keys. Scores below mid-tier because the feature is an editor plugin rather than a first-class CMS AI product.

No Jahia-native AI image generation, AI-powered alt-text generation, or AI media tagging was found in any official source, store listing, or product release notes through March 2026. The Content Editor changelog (through v4.16.0) contains no AI image features. DAM operations are manual. Score reflects near-zero capability.

Two AI translation pathways are available: (1) a native DeepL integration module in the Jahia Store enabling one-click MT of pages within jContent with side-by-side review and multilingual workflow support; (2) CKEditor 5 AI Assistant providing instant translation within the rich-text editor. The deprecated GlobalLink connector directs users to DeepL. No brand voice preservation metrics, no MT quality scoring, no bulk cross-locale translation management, but the DeepL native module is a solid MT integration shipped in the official store.

Jahia has a template-driven `enableSEOAutomaticMetaTagGeneration` configuration and auto-generated sitemaps per language, but these are rule-based/template-driven, not AI-powered. No AI-generated SEO titles, descriptions, image alt text, or taxonomy tagging was found in official documentation. On-page SEO scoring or NLP-based metadata extraction is not available. Score reflects minimal rule-based automation rather than AI capability.

Jahia's workflow engine is conventional BPM-style (trigger-based routing, publication approvals) with no AI-driven routing, auto-tagging, smart scheduling, or autonomous content lifecycle management. The DeepL translate workflow module provides translation routing, but this is a connector, not AI content ops. No evidence of AI bulk enrichment, duplicate detection, or AI-powered publishing triggers. Score reflects essentially no AI in content operations.

No agentic workflow capability is offered as a Jahia first-party product. The March 2026 product update notes that Elasticsearch 9 (used by Augmented Search 4.0) introduces an LLM integration layer making it 'easier to build conversational agents,' but Jahia explicitly states it is 'evaluating these possibilities' and flagged additional licensing and infrastructure costs. No named agent products, no agent marketplace, no natural language multi-step workflow execution has shipped. Score reflects evaluation-only status.

Jahia's content intelligence is delivered through jExperience (powered by jCustomer / Apache Unomi CDP): visitor behavior tracking, real-time customer profiles, dynamic segments, A/B testing, and personalization dashboards. The March 2026 update added new dashboards for A/B testing, personalization, and login events; jCustomer 2.5.0 (September 2025) added JSON Schema support and Elasticsearch index optimizations. This is behavioral/CDP analytics, not generative AI content analysis or LLM-driven editorial intelligence — no content gap analysis, topic clustering, or stale content detection. Score acknowledges real analytics capability without AI-driven insight generation.

No AI-powered content auditing, quality scoring, brand voice compliance checking, or AI-driven accessibility scanning was found in any official Jahia source. Jahia has workflow-based content governance, version history, and publication controls, but none are AI-driven. Score reflects absence of any AI audit capability.

Augmented Search (v4.0, using Elasticsearch 9) provides full-text search with instant search, fuzzy matching, faceted filtering, dynamic relevance boosting, and a GraphQL API — all ACL-aware. Elasticsearch 9 has native vector/LLM capabilities, but Jahia documentation confirms these are under evaluation and not yet productized. No semantic search, vector embedding, RAG-ready indexing, or NLQ features are shipped as of March 2026. Score reflects a capable traditional search foundation with no AI search.

jExperience delivers personalization through behavioral segmentation (rules-based, configured by marketers), A/B testing, and personalized content variants. The previously-existing `unomi-predictionio-plugin` ML lead-scoring integration was archived in April 2023 and is no longer supported. No active ML recommendation or predictive personalization engine exists. Apache Unomi can feed real-time profiles to external AI systems, but that is a custom integration pattern, not a built-in product. Score reflects rule-based-only personalization with no ML layer.

No Jahia MCP (Model Context Protocol) server was found in any official source, GitHub repository, Jahia Store listing, or product announcement as of March 2026. Jahia has not announced a public MCP server for connecting AI agents to its content repository or APIs.

Jahia does not have a first-party BYOM/BYOK feature or AI gateway UI. However, CKEditor 5's AI plugin connects to LLM providers via implementer-configured API keys, and custom Jahia modules can integrate any external LLM API. Jahia's own AI positioning whitepaper emphasizes that AI is 'optional and under your control,' implying implementers provide their own keys. This is architectural BYOK at the integration level rather than a branded, self-service feature. Score reflects indirect key configuration without a first-class BYOK product.

Jahia provides a GraphQL API (extensible), JCR Java Content Repository APIs, REST APIs, OSGi module architecture, and JavaScript/TypeScript module development via React TSX (since Jahia 8.2 — no Java required). Apache Unomi REST API exposes CDP profile data consumable by external AI systems. These standard APIs are usable for building AI integrations, but there is no Jahia AI SDK, RAG toolkit, agent framework, or official LangChain/LlamaIndex integration guides. A December 2025 blog highlights AI-assisted module development as a workflow accelerant, but developer tooling for AI is entirely custom. Score reflects accessible APIs without purpose-built AI developer tooling.

Jahia has robust general content governance (workflow-based approvals, version history, RBAC, audit logs for content changes) but no AI-specific governance features were found — no logging distinguishing AI-generated content, no human-in-the-loop enforcement specifically for AI outputs, no AI content flagging, watermarking, or hallucination detection. Jahia's AI framing ('optional, user-controlled') implicitly addresses governance by keeping AI assistive rather than autonomous, but this is a product positioning choice, not a governed technical capability. Score reflects general CMS governance without any AI-specific layer.

No AI usage dashboards, LLM token consumption tracking, AI interaction logging, per-user AI consumption metrics, or AI observability tooling was found in any official Jahia source. AI usage through CKEditor 5 or custom integrations is completely opaque to platform administrators. Score reflects zero AI observability capability.