Policy & Sovereignty / Open Source & Standards

Go's BSD licence means Google can't restrict it even if they wanted to. The real sovereignty risk isn't who wrote the compiler, it's getting locked into GCP or AWS libraries built on top of it.

We ran Nginx Ingress for years. Then Kubernetes announced its retirement in November 2025. Because we'd adopted Gateway API, migrating to Envoy Gateway was straightforward. Here's the pattern that makes infrastructure components replaceable.

The Terraform license change taught us: widely adopted doesn't mean truly open. Kubernetes is different—CNCF-governed with over 88,000 contributors from 8,000+ companies. Your manifests work on Scaleway, OVHcloud, Hetzner, AWS, or bare metal. This is the portability foundation that makes independence possible.

When HashiCorp changed Terraform's license in August 2023, organisations that treated it as a standard got a wake-up call. Here's what we learned, why we moved to OpenTofu, and how Kubernetes demonstrates what a true standard looks like.

Europe's strength isn't in being a single superpower—it's in being multiple sovereign nations collaborating through shared frameworks. Open source follows the same model: multiple implementations collaborating through standards bodies. This isn't coincidence; it's complementary structure that makes European cloud independence natural.

Kubernetes abstracts away the underlying infrastructure, providing a consistent platform whether you're running on AWS, OVHcloud, or your own servers. This represents Europe's best path to cloud independence.

Every generation of software distribution solved one problem and revealed the next. The pattern is consistent: we find a way to package more knowledge into the artefact, and in doing so, we change who needs to know what. Trace that arc from Makefiles to Kubernetes operators, and you see not just a history of technology but a history of trust — who holds the expertise, and where it lives.

Every go build leaks your module names, versions, and CI runner IPs to Google under FISA 702 jurisdiction. One environment variable (GOPROXY=https://goproxy.eu,...) routes 90%+ of fetches through European cache with zero IP logging.

Kubernetes started at Google, but its open governance and portable API let European organisations run it on their own infrastructure under their own control. The real sovereignty risk is not where the code was written but whether it has been wrapped in a hyperscaler's proprietary extensions.