Use Cases

Cyber Resilience Act · EU AI Act · EUCS High

Defense: Sovereign infrastructure for classified and dual-use environments

Defense agencies and the organizations supplying them operate across multiple security domains that existing cloud platforms were not designed to span. Workloads classified at different levels must remain cryptographically isolated, software running in each domain must carry verifiable provenance from source to deployment, and AI systems used in dual-use applications must satisfy EU AI Act audit and oversight requirements. Apeiro provides the open infrastructure foundation that makes all of this operationally achievable.

The challenge today

Defense agencies and ministries face a structural infrastructure problem. Operational IT spans multiple security tiers, from unclassified administrative systems to sensitive and classified mission workloads, yet the tools and platforms available for each tier are largely incompatible. Commercial cloud platforms satisfy unclassified workloads but cannot meet the data residency, key management, or operational isolation requirements that sensitive government data demands. Bespoke sovereign platforms cover the classified tier at high cost and with proprietary tooling that locks in vendors and extends every procurement cycle.

The result is that moving software between security tiers requires manual re-certification. Deployments in isolated or edge locations, such as forward operating bases, maritime units, and air-gapped command facilities, run on disconnected infrastructure with no coherent lifecycle management. Each location accumulates its own toolchain debt. The defense industrial base supplying these environments faces an overlapping compliance burden: the Cyber Resilience Act imposes software supply chain documentation requirements for every product placed on the EU market, and the EU AI Act requires audit logs and human oversight records for dual-use AI systems from 2026. Most procurement pipelines have no systematic answer to either requirement yet.

The EUCS High (EU Cybersecurity Certification Scheme for Cloud Services), once adopted, will formally gate cloud procurement for sensitive government data behind sovereignty and isolation requirements that current hyperscaler offerings cannot meet. National schemes, such as France’s SecNumCloud and Germany’s BSI C5, already impose comparable requirements today. Defense agencies procuring cloud infrastructure before EUCS is finalised are effectively building toward a target that commercial providers are structurally unable to reach.

What becomes possible with Apeiro

IronCore and CobaltCore provide bare-metal and IaaS (Infrastructure as a Service) infrastructure managed through Kubernetes-native APIs, deployed within agency-controlled facilities or on EU-sovereign data centre capacity. Each security domain runs as an isolated Gardener-managed cluster with its own key hierarchy. OpenKCM manages cryptographic key lifecycle across security domains using the HYOK (Hold Your Own Key) model: key material never leaves the domain it was created for, and the infrastructure operator cannot access data without the key holder’s explicit authorisation. Konfidence provides immutable, versioned deployment packages that ensure the same signed artifact is deployed identically across every security tier, eliminating configuration drift as a source of migration risk and giving both agency and supplier a reproducible, tamper-evident deployment record. The same cluster management plane can extend to disconnected edge locations, with Gardener handling lifecycle management across connected and isolated environments through the same operational interface.

OCM (Open Component Model) provides the software supply chain layer that the Cyber Resilience Act requires and that defense procurement has needed for longer. Every component, from firmware to application container, is packaged as a signed OCM artifact, with build environment, dependency graph, and infrastructure snapshot captured at build time. The signed component descriptor travels with the component through every environment and every security tier, giving both the procuring agency and the supplying contractor a shared, tamper-evident software bill of delivery. When a vulnerability is discovered, the artifact graph shows exactly which deployed environments are affected without manual inventory work.

Greenhouse aggregates compliance posture across all clusters: NIS2 supply chain security status, CRA (Cyber Resilience Act) artifact provenance, EUCS High control evidence, and policy violation monitoring through its DOOP (Decentralised Observer of Policy Violations) plugin. NIS2’s 24-hour incident reporting obligation becomes a continuous operational output of the monitoring infrastructure rather than a fire-drill. For dual-use AI systems, such as logistics optimisation, predictive maintenance, and decision-support tools, Greenhouse’s observability layer provides the operational audit log that the EU AI Act’s Article 12 requires, without additional instrumentation.

ORD (Open Resource Discovery) lets each participating agency or contractor describe its available data services as machine-readable metadata, enabling discovery across multi-party defense programs without bespoke bilateral integrations.

A scenario

A defense ministry wants to deploy a command logistics platform across three security tiers: unclassified administrative functions, a sensitive operational planning tier, and a classified intelligence integration tier. Each tier runs as a separate Gardener-managed cluster on IronCore bare-metal infrastructure within ministry-controlled facilities. OpenKCM HYOK encryption ensures each tier’s data is inaccessible to operators at the other tiers; key custody for the classified tier sits entirely with the ministry. Konfidence’s immutable deployment packages ensure that the same signed artifact is deployed identically at each tier. OCM signs every software component at build time; the signed descriptor travels through all three tiers, satisfying both CRA documentation requirements and the ministry’s own software acceptance process. When a new logistics optimisation model is deployed, a dual-use AI system falling within the EU AI Act’s high-risk category, Greenhouse’s monitoring layer records the operational audit log Article 12 requires as a structural output of the deployment pipeline. When a forward operating base needs the same platform in a disconnected configuration, Gardener extends the same management plane to the edge location, with OCM handling the airgap-aware component delivery.

Apeiro is an open reference architecture — a collection of components and blueprints. Realising this scenario requires industry-specific knowledge, engineering investment, and integration expertise. Explore the technical foundations