Use Cases

DORA · EU AI Act · ECB Supervisory Expectations

Finance & Insurance: Portable workloads and tested exit plans

Every European bank, insurer, and investment firm must now hold tested, executable exit plans from their cloud providers. Workloads built on proprietary cloud APIs make this legally required capability practically impossible. Apeiro's open interfaces make portability real.

The challenge today

DORA (Digital Operational Resilience Act) is now fully applicable across the EU. It requires every European financial institution to have contractual audit rights over their cloud providers (including on-site inspection) and to maintain a tested exit plan: a documented, executable procedure for leaving that provider within a defined timeframe.

In practice, many financial institutions have these requirements on paper but cannot actually execute them. Their workloads are built on proprietary cloud services (databases, serverless functions, managed queues) that have no direct equivalent elsewhere. Migrating means rebuilding applications. And until recently, providers charged per gigabyte for data leaving their networks, making the economics of switching a deliberate trap.

The ECB (European Central Bank) has also published supervisory expectations requiring that EU supervisory authorities can access bank data under EU jurisdiction. This creates a direct conflict when a bank’s data sits on infrastructure whose legal structure cannot guarantee that access is governed purely by EU law.

What becomes possible with Apeiro

Gardener manages Kubernetes clusters across multiple infrastructure providers (AWS, Azure, OpenStack-based EU operators, IronCore-backed bare metal) using an identical operational model throughout. Because workloads are deployed against Gardener’s provider-agnostic API rather than proprietary cloud primitives, the exit plan a compliance team writes is one that can actually be executed. Retargeting a workload to a different provider is a configuration change to the Gardener Shoot definition, not a re-engineering project.

OCM (Open Component Model) underpins the portability guarantee. Every deployed workload is described as a signed, versioned delivery artifact (a Software Bill of Delivery) with cryptographic proof of what is running, where it came from, and what it depends on. Konfidence builds on this foundation with immutable, reproducible deployment packages: the same package deployed on Provider A is deployed identically on Provider B, eliminating configuration drift as a source of migration risk. When a regulator requests audit access, the evidence is in the artifact rather than extracted from proprietary provider dashboards. DORA’s audit rights requirement is satisfied by the openness of the infrastructure itself.

Concentration risk, which DORA explicitly requires financial institutions to monitor, becomes an operational metric rather than a structural given. Platform Mesh’s multi-provider service discovery layer gives operations teams real-time visibility into which workloads depend on which provider, and Greenhouse’s DOOP plugin (Decentralised Observer of Policy Violations) surfaces concentration threshold breaches by aggregating policy violation reports across the infrastructure. OpenKCM with HYOK (Hold Your Own Key) keeps encryption keys under the institution’s control regardless of which provider is currently hosting the workload; jurisdiction of the data never follows jurisdiction of the compute.

The EU AI Act adds a further compliance dimension. Credit scoring, fraud detection, and insurance underwriting systems are explicitly classified as high-risk AI under the Act, requiring fully auditable training data, documented methodology, and known limitations. OCM records each model training pipeline as a signed delivery artifact, capturing the training framework version, model code, and infrastructure configuration. The same artifact that satisfies DORA’s audit rights requirement also provides a traceable, tamper-evident record of the software stack the EU AI Act demands. Gardener provisions the training infrastructure on EU-certified compute, ensuring personal financial data used for training never leaves EU jurisdiction.

A scenario

A mid-sized European insurer’s DORA review identifies unacceptable concentration on a single provider and gaps in their tested exit plan. Because their workloads were packaged with OCM and deployed through Gardener, the remediation is an operational exercise: Gardener Shoot definitions are updated to target a second EU-certified provider, and OCM ensures the same signed artifact is deployed identically. OpenKCM keys stay under the insurer’s control throughout, with no re-encryption required during migration. Greenhouse’s DOOP plugin surfaces the concentration limit as a monitored policy, making breaches visible across the infrastructure. The compliance team’s exit plan is rehearsed, not just filed.

Apeiro is an open reference architecture — a collection of components and blueprints. Realising this scenario requires industry-specific knowledge, engineering investment, and integration expertise. Explore the technical foundations