Use Cases
GDPR · EU AI Act · NIS2 · European Health Data Space
Healthcare: Sovereign infrastructure for regulated health data
Patient data physically located in the EU can still be legally accessible under foreign law. Apeiro's technology enables health workloads to run on verifiably EU-governed infrastructure, where compliance is enforced at the infrastructure layer, not just written into a contract.
The challenge today
A hospital stores patient records in a data centre located in Germany, but that data centre is operated by a company headquartered outside the EU. Under certain foreign laws, authorities can compel that company to hand over data stored anywhere in the world, without notifying the hospital or the patient. The records are physically in Frankfurt. Legally, they are not fully protected by EU law.
Most European hospitals are in this situation today. Many of the tools they need, particularly enterprise clinical software and AI-assisted diagnostics, are offered by providers whose parent companies are headquartered outside the EU.
NIS2 (Network and Information Security Directive) classifies hospitals and healthcare networks as essential entities, carrying mandatory security baseline requirements, incident reporting obligations, and supply chain security expectations that extend to the cloud providers and software vendors they depend on. Meeting these requirements is structurally harder when the underlying infrastructure is operated by providers whose security practices and legal obligations cannot be fully audited from within the EU.
At the same time, the EU AI Act requires that high-risk AI systems used in medical contexts, such as diagnostic support tools, maintain fully auditable training data: its origin, collection methodology, and known limitations. Without verifiable control over the infrastructure that holds that data, satisfying this requirement becomes a compliance exercise on paper rather than a technical reality.
What becomes possible with Apeiro
Gardener provisions and manages Kubernetes clusters across EU-certified infrastructure providers, with CNCF (Cloud Native Computing Foundation)-conformant clusters, audit logging, etcd encryption, and hardening documented against STIGs (DISA Security Technical Implementation Guides). Because Gardener abstracts the provider, a hospital can target only operators whose legal structure satisfies EU jurisdiction requirements, and move workloads between them without rebuilding applications. Garden Linux, the auditable, minimal Debian-based OS running on every node, is purpose-built for this environment: its CIS (Center for Internet Security) benchmark compliance configuration, read-only filesystem option, and automated software currency checks directly address NIS2’s supply chain security expectations.
OpenKCM adds cryptographic sovereignty at the data layer. Patient records are encrypted under keys held exclusively by the hospital using the HYOK (Hold Your Own Key) model. Because the provider never holds the keys, they cannot hand over readable data in response to a foreign legal demand. Key revocation removes access across all infrastructure the key protects.
The EU AI Act’s audit trail requirements become a structural output rather than a manual exercise. OCM (Open Component Model) records every AI training pipeline as a versioned, signed delivery artifact, capturing the training framework version, model code, infrastructure configuration, and Garden Linux image hash as cryptographically verifiable metadata. The software stack used for training is traceable and tamper-evident. Greenhouse’s audit logging plugin provides the operational compliance dashboard, giving the hospital continuous visibility into who accessed what across the infrastructure and meeting NIS2’s incident detection and reporting obligations.
The European Health Data Space is enabled by ORD (Open Resource Discovery) and the UMS (Unified Metadata Service): each participating institution publishes its available data offerings as machine-readable metadata through ORD; the Unified Metadata Service aggregates these across institutions. Research data can be shared under agreed governance rules through standardised interfaces, without any central operator gaining uncontrolled access to the underlying records.
A scenario
A regional hospital network wants to train an AI diagnostic model on anonymised patient records. Gardener provisions GPU (Graphics Processing Unit)-enabled training clusters on a BSI C5-certified EU operator. OpenKCM ensures the training data is encrypted under keys only the hospital controls; no plaintext ever reaches infrastructure the hospital does not govern. OCM records the training pipeline as a signed, versioned artifact: training framework version, model architecture, infrastructure configuration, and Garden Linux image hash. When the EU AI Act compliance audit arrives, the software stack used for training is fully traceable from the artifact. Greenhouse’s compliance dashboard shows the continuous audit log from development to the deployed inference endpoint. The same governance applies automatically when the model is retrained.
Apeiro is an open reference architecture — a collection of components and blueprints. Realising this scenario requires industry-specific knowledge, engineering investment, and integration expertise. Explore the technical foundations
