Product Updates & Regulatory Context
Follow CloudTaser development milestones and the evolving regulatory landscape that drives the need for technical data sovereignty.
Product Updates
Recent releases, features, and milestones from the CloudTaser project.
Killercoda Interactive Demos Launched
Browser-based interactive demos now available on Killercoda. Try secret injection, eBPF enforcement, and S3 proxy encryption without setting up a cluster. Complete scenarios in under 5 minutes with guided step-by-step instructions.
S3 Proxy Beta Release
CloudTaser S3 Proxy enters beta. Transparent client-side encryption for S3-compatible object storage with envelope encryption, per-object DEKs, and AES-256-GCM. Zero application code changes required. Keys stay in your EU vault.
Operator v0.1.0 Beta
CloudTaser Operator reaches beta with full CI/CD pipeline to Google Artifact Registry. Mutating admission webhook, init container injection, wrapper sidecar, and Kubernetes service account authentication. Cosign-signed images with SBOM attestation.
eBPF Agent Beta
eBPF enforcement agent enters beta. DaemonSet deployment with kprobe and tracepoint programs for runtime secret leak detection. Core dump prevention, ptrace blocking, and /proc access control. Pre-built kernel support for CI testing.
Regulatory Context
The legal and regulatory developments that make technical data sovereignty measures essential for EU enterprises.
NOYB Files DPF Complaints
Max Schrems' NOYB organization files formal complaints challenging the EU-US Data Privacy Framework adequacy decision. Legal experts widely expect a "Schrems III" ruling that could invalidate the framework, repeating the pattern of Safe Harbor and Privacy Shield.
EU AI Act Obligations Begin
The EU AI Act enters its enforcement phase for high-risk AI systems. Data governance requirements include data residency considerations, creating new compliance pressure for enterprises using US cloud AI services with EU data.
FISA Section 702 Expanded
The US Congress reauthorizes and expands FISA Section 702 with a broader definition of "electronic communications service provider." Cloud infrastructure providers are now more clearly within scope, increasing the legal risk for EU data stored on US platforms.
DORA Enters Force
The Digital Operational Resilience Act begins applying to financial entities across the EU. Articles 6-12 require comprehensive ICT risk management including third-party provider risk assessment, directly impacting how banks and insurers use US cloud services.
Danish DPA Orders Google Workspace Ban
The Danish Data Protection Authority orders municipalities to stop using Google Workspace due to insufficient protections for international data transfers. This sets a precedent for other EU DPAs considering similar enforcement actions.
EU-US Data Privacy Framework Adopted
The European Commission adopts an adequacy decision for the EU-US Data Privacy Framework (DPF). However, the framework relies on Executive Order 14086 which can be revoked by any future US president, making its long-term viability uncertain.
NIS2 Directive Transposition Deadline
EU member states must transpose the NIS2 Directive into national law. Article 21 requires cryptography and encryption policies, supply chain security measures, and incident handling capabilities for essential and important entities.
Schrems II Invalidates Privacy Shield
The Court of Justice of the EU strikes down the Privacy Shield framework in Case C-311/18 (Data Protection Commissioner v. Facebook Ireland). The court finds that US surveillance laws are incompatible with EU fundamental rights and requires "effective supplementary measures" for data transfers.
US CLOUD Act Enacted
The Clarifying Lawful Overseas Use of Data Act establishes that US law enforcement can compel US-headquartered companies to provide data stored on servers regardless of the country where the data is physically located. This creates a direct conflict with GDPR for EU data.
GDPR Enforcement Begins
The General Data Protection Regulation begins enforcement with Articles 44-49 restricting international data transfers. Fines of up to 4% of global annual revenue create significant financial incentive for compliance. Supervisory authorities begin investigating US cloud transfers.