Product Brief

Summary

Kaphera Cloud is a managed platform and open-source Kubernetes operator for deploying and operating EDC Connectors at scale across European dataspace ecosystems. Built entirely in Rust and targeting general availability on 1 October 2026, it addresses a structural gap in the market: the infrastructure required to participate in regulated, policy-governed data sharing networks has been too complex and too costly for most organisations to operate independently. Kaphera Cloud removes that barrier by abstracting the full EDC stack (control plane, identity wallet, credential issuer, data plane, secrets management, and database) behind a clean, high-level operator interface. The platform serves three primary personas: Builders (platform engineers and solutions architects at systems integrators), Governance Authorities (organisations that operate or define a dataspace), and Participants (organisations joining one), with a fourth White-label Partner channel for systems integrators who want to offer managed connector services under their own brand. Two connector profiles ship at GA, Mobility Data Space (MDS) and Tractus-X (Catena-X), the first of which has already been running in production since mid-2026 across more than 150 active connectors.

Goal

The primary goal is to establish Kaphera Cloud as the reference infrastructure platform for EDC Connector deployments across European dataspaces by the time of the 1 October 2026 general availability release. This means shipping a production-grade managed platform that any organisation can onboard onto in a single working day, at a price point that makes participation viable for SMEs and mid-tier suppliers who have historically been priced out of dataspace ecosystems. A meaningful near-term deployment milestone is X,XXX connectors, the point at which the platform generates approximately €XXX,XXX in monthly revenue against approximately €XX,XXX in cloud infrastructure costs, making profitability reachable well before that threshold given the low shared-infrastructure cost per tenant. Longer-term, the goal is to become the standard infrastructure layer across European dataspaces, not through lock-in, but through operational excellence and open-source credibility.

Scope

The GA release includes three Kubernetes operators: the EDC operator (Apache 2.0), which manages the full lifecycle of Eclipse Dataspace Components; the EDC Enablement operator (Apache 2.0), which manages the supporting services around them; and the Kaphera Cloud operator (source-available), which manages the platform infrastructure layer covering PostgreSQL, Vault, NATS, Keycloak, and the organisational model. It also includes the Kaphera Digital Twin Registry (GPL), a multi-tenant AAS Part 2-compliant registry built in Rust; the complete developer toolchain comprising the kaphera CLI, Terraform provider, and Terraform modules; a web console modelled on the DigitalOcean experience; and three managed deployment tiers (shared, dedicated, and enterprise). MDS and Tractus-X are the two supported connector profiles at launch. Support for additional dataspaces is on the roadmap.

Explicitly out of scope for GA: bring-your-own-cloud (BYOC) deployments, compute-to-data capabilities, the application layer built on top of sovereign infrastructure, and connector profiles beyond MDS and Tractus-X. BYOC is the next major capability following GA, and the application layer is the longer-term horizon once the platform infrastructure is fully established.

flowchart LR
  SH["Managed Shared<br/>Petra Novák<br/>(participant)"]
  DE["Managed Dedicated<br/>Thomas Brandt<br/>(participant)"]
  EN["Enterprise<br/>Sophie / Isabelle<br/>(governance authority)"]
  BY["BYOC (post-GA)<br/>Dirk Wassermann<br/>(participant)"]
  WL["White-label<br/>Marco Ferretti<br/>(partner)"]
  SH -->|managed server + console| MGD["Managed services"]
  DE -->|isolated managed| MGD
  EN -->|managed + DTR| MGD
  BY -->|self-host + ops| SELF["Cloud Server + Console + 3 operators"]
  WL -->|licensed stack| SELF

Details

The platform is Kubernetes-native throughout, with both operators written in Rust and following a strict four-layer CRD model with clean controller boundaries: one controller, one clear job. The operator pattern is not incidental; it reflects the architectural philosophy that managing hundreds of multi-component connector deployments reliably requires continuous reconciliation of actual state toward declared intent, not imperative scripting.

EU-sovereign cloud infrastructure (Scaleway as primary, OVH as secondary) is the default deployment environment for the managed tiers, which matters materially for customers choosing sovereign infrastructure specifically to avoid hyperscaler dependency. The platform orchestrates IdentityHub, CredentialIssuer, the EDC Virtual multi-tenant control plane, the DataPlane, and sidecars including PGO-managed Postgres, Keycloak, HashiCorp Vault, and NATS JetStream. The multi-tenant DataPlane, serving many connector tenants from a shared process, is what makes shared-tier pricing economically viable. Rust’s memory model enables a per-tenant footprint low enough to support margins that make the shared tier genuinely competitive.

The open-source and source-available licensing strategy is deliberate and structural. The EDC operator is Apache 2.0 (the most permissive licence) to maximise adoption by Builders and establish the reference implementation. The Digital Twin Registry is GPL to keep derivative implementations open. The Kaphera Cloud operator and platform server are source-available: auditable by any organisation that needs to inspect what manages their infrastructure, but not forkable into a competing commercial service without a licence agreement. This architecture means the commercial moat is the managed platform and the operational expertise embedded in it, not proprietary code.

Compliance milestones running in parallel with the technical build include TISAX Level 2 (Kaphera’s obligation as a Catena-X Enablement Service Provider) and CX-0018 conformance (held by Think-it, consistent with the division of responsibility between the two organisations). ISO 27001 work is underway and substantially overlapping with TISAX. Billing infrastructure uses Lago (self-hosted on Kubernetes). ArgoCD manages per-cluster deployments rather than a hub-spoke model, consistent with the platform’s sovereignty posture.

Estimated Impact

In the near term, Kaphera Cloud converts Krypton’s existing MDS production track record (150-plus live connectors as of the soft launch) into a credible reference footprint for the full GA release. This gives the Tractus-X launch a production anchor rather than a blank-slate introduction, which is significant for enterprise procurement in automotive. The EU Data Act, generally applicable since 12 September 2025 with the cross-sector access-by-design milestone arriving in September 2026, acts as an external forcing function that converts latent interest into funded projects, compressing sales cycles for the enterprise channel.

At scale, the platform’s unit economics are compelling. Shared-tier margins are very high at any meaningful volume given the negligible per-tenant infrastructure cost in the multi-tenant data plane. The dedicated tier carries approximately XX% gross margin. The combination of open-source adoption driving Builder conversion and enterprise direct sales driving dedicated and enterprise tier revenue creates two distinct revenue paths with different velocity and different ceiling.

Beyond revenue, the strategic impact of establishing Kaphera as the open-source reference implementation for EDC operator infrastructure is durable. No competitor has released their operational stack under a permissive licence. Being the reference implementation means systems integrators evaluate Kaphera first, not last, and every integrator who adopts it multiplies reach across their client portfolio without additional Kaphera sales effort. The steward-ownership governance structure adds a differentiator that large competitors backed by telcos or multinationals structurally cannot replicate: a credible promise that the platform cannot be acquired and repurposed against the interests of the organisations that depend on it.

Related

• pr-faq: the same product story written as launch narrative, with market framing and competitor positioning.
• kaphera-cloud-overview: the shorter mission/purpose framing.
• index: the twelve components the brief describes at scope-and-goals level.
• builder, governance-authority, participant, white-label-partner: the four personas the brief is built around.
• Customer journeys: the brief’s claims grounded in eight customer-side scenarios.