Use Cases

Gardener is the operational foundation: it manages Kubernetes clusters targeting any certified EU infrastructure provider (BSI C5-assessed operators, SecNumCloud-qualified facilities, national government data centres) using an identical control plane throughout. Because Gardener abstracts the provider through its Shoot cluster model, government applications are written against standard Kubernetes APIs, not proprietary cloud primitives. Migrating to a new provider is a change to the Shoot definition, not an application rebuild. Gardener’s built-in audit logging, etcd encryption, and cluster hardening documentation address NIS2’s security baseline requirements directly; its STIG (DISA Security Technical Implementation Guide) compliance support is designed precisely for regulated government environments.

OCM (Open Component Model) makes the compliance posture portable. Every deployed government workload is described as a signed, versioned delivery artifact (a Software Bill of Delivery) capturing what is running, which provider it is running on, and under what access controls. Konfidence’s immutable, reproducible deployment packages ensure that what ran on the previous provider and what runs on the new one are provably identical; migration fidelity is verifiable, not assumed. When an audit is requested, the evidence is in the artifact rather than assembled from provider-specific dashboards.

OpenKCM with HYOK (Hold Your Own Key) ensures that encryption keys for sensitive government data are held by the agency, not the infrastructure operator. Even on third-party EU-certified infrastructure, the agency retains the ability to revoke access to its data instantly. Greenhouse gives IT operations teams a unified compliance dashboard across all infrastructure, showing security posture, access controls, and incident alerts through a single operational layer that is not provided by or dependent on any particular cloud provider.

When government services need to interoperate (data shared between ministries, cross-agency processes, citizen-facing portals composing information from multiple back-end systems) ORD (Open Resource Discovery) and the UMS (Unified Metadata Service) provide standardised discoverability without bespoke integration work. openMFP and Luigi provide the composable frontend layer, allowing portal teams to assemble government-facing interfaces from independently operated micro-frontends without building a monolith.

Government AI deployments sit squarely in the EU AI Act’s high-risk categories: benefits assessment, permit processing, public safety, and recruitment systems all require fully auditable training data and documented decision logic. OCM records the AI training pipeline as a versioned, signed delivery artifact, capturing training framework version, model code, and infrastructure configuration alongside the regular workload deployment record. The software stack used for training is traceable and tamper-evident without a separate compliance process. Gardener provisions training infrastructure on EU-certified compute so that personal data used to train government AI models never leaves EU jurisdiction. OpenKCM HYOK ensures that even the infrastructure operator cannot access training data without the agency’s keys.