[{"content":"Søren Hartvig Jensen is closely tied to the experience that shaped fremverk\u0026rsquo;s view of sovereign cloud. As one of the original founders of CloudUnit, which has evolved into fremverk, he has seen first-hand that enterprises need a practical path from US hyperscaler environments to a more controlled operating model. His background spans cloud platforms, target architectures, and transformation paths where pace, governance, and operational realism all need to hold together.\nAt fremverk, Søren works on turning that target state into concrete platform foundations and realistic migration paths. His focus is not only where the platform should end up, but how the organisation gets there without losing control, delivery capability, or ownership.\n","date":"13 April 2026","externalUrl":null,"permalink":"/en/authors/shj/","section":"The team","summary":"Søren Hartvig Jensen is closely tied to the experience that shaped fremverk’s view of sovereign cloud. As one of the original founders of CloudUnit, which has evolved into fremverk, he has seen first-hand that enterprises need a practical path from US hyperscaler environments to a more controlled operating model. His background spans cloud platforms, target architectures, and transformation paths where pace, governance, and operational realism all need to hold together.\n","title":"Søren Hartvig Jensen","type":"authors"},{"content":"Martin Haslund Johansson represents the part of fremverk\u0026rsquo;s approach that takes the existing estate seriously. His background is rooted in classic enterprise infrastructure, hybrid environments, and the integrations and operating constraints that any new platform still has to work with in practice.\nAt fremverk, Martin works on the connection between the current estate and the target state. His focus is to make transformation workable in day-to-day operations, so sovereign platform foundations do not become a greenfield story detached from the customer\u0026rsquo;s reality.\n","externalUrl":null,"permalink":"/en/authors/mj/","section":"The team","summary":"Martin Haslund Johansson represents the part of fremverk’s approach that takes the existing estate seriously. His background is rooted in classic enterprise infrastructure, hybrid environments, and the integrations and operating constraints that any new platform still has to work with in practice.\n","title":"Martin Haslund Johansson","type":"authors"},{"content":"Jan Ulnits represents the delivery discipline behind fremverk\u0026rsquo;s work with customers. As one of the original founders of CloudUnit, which has evolved into fremverk, his background is rooted in building engagements that keep scope, ownership, and execution aligned from the first planning session through handover.\nAt fremverk, Jan works on the structure around delivery: turning complex platform and transformation work into engagements that are coordinated, governable, and executable in practice. His focus is to keep momentum, accountability, and service quality intact while the customer moves from target design into day-to-day delivery.\n","externalUrl":null,"permalink":"/en/authors/ju/","section":"The team","summary":"Jan Ulnits represents the delivery discipline behind fremverk’s work with customers. As one of the original founders of CloudUnit, which has evolved into fremverk, his background is rooted in building engagements that keep scope, ownership, and execution aligned from the first planning session through handover.\n","title":"Jan Ulnits","type":"authors"},{"content":"Abigaele Meghan Frost supports the operational side of fremverk, helping keep engagements, communication, and day-to-day coordination running smoothly across the business.\n","externalUrl":null,"permalink":"/en/authors/amf/","section":"The team","summary":"Abigaele Meghan Frost supports the operational side of fremverk, helping keep engagements, communication, and day-to-day coordination running smoothly across the business.\n","title":"Abigaele Meghan Frost","type":"authors"},{"content":" Architecture that fits # Moving to EU-sovereign cloud starts with a design that accounts for your existing systems, networks, vendors, and future ambitions. We build architectures that integrate cleanly with what you already have, not greenfield fantasies that ignore reality.\nWhat we design # Platform architecture — Full platform design with integration to existing networks, vendors, systems, and clouds Solution design — Targeted architecture for specific systems and workloads Transformation planning — Transition and transformation plans for existing platforms and solutions Blueprints — Custom solution development and reusable blueprints for future workloads Documentation — Frameworks, guiding principles, and architecture decision records Exploration # Not ready to commit? Start smaller. We help you validate assumptions and build confidence before committing resources.\nHow we explore # Proof of concept — Pilot projects on T Cloud and supporting tools to validate feasibility Workshops and presentations — Sessions to support insight and decision-making across technical and leadership teams Service comparison — Tool selection logic, actionable guides, and side-by-side comparisons What you get # Reference architecture — Documented platform design aligned to your requirements Integration plan — How the new platform connects to your existing systems Transformation roadmap — Phased approach with clear milestones Validated assumptions — Proof of concept results and technical findings Included in These Paces This service is included in the following packaged offers:\nLearn Perform Accelerate Let's talk ","externalUrl":null,"permalink":"/en/services/design/","section":"Services","summary":"Architecture that fits # Moving to EU-sovereign cloud starts with a design that accounts for your existing systems, networks, vendors, and future ambitions. We build architectures that integrate cleanly with what you already have, not greenfield fantasies that ignore reality.\n","title":"Design","type":"services"},{"content":" A hands-on first day # Learn is a one-day workshop for organisations that want to see what a sovereign cloud platform can actually do before they commit to a broader build. We use the day to make the platform tangible, relate it to the cloud patterns your team already knows, and show the practical benefits of running in a sovereign cloud.\nDuring the workshop, we start a tenant in T Cloud for the customer and configure a simple static website with the customer\u0026rsquo;s logo and a hello world message. That gives the team a real portal, real services, and a live tenant they can explore instead of leaving the day with slides alone.\nTypical deliverables # One-day workshop focused on platform capabilities and sovereign cloud fit Practical mapping between T Cloud capabilities and the cloud platform patterns most relevant to the customer A live T Cloud tenant created for the customer during the session Simple static website configured in the tenant with customer branding and hello world content Guided walkthrough of the portal, services, and tenant basics Curated link collection for the customer to continue exploring after the workshop A clear next-step choice: continue into Perform or Accelerate, or delete the tenant again Typical shape # Timeline — 1 day Format — Workshop-led and hands-on in the customer\u0026rsquo;s own T Cloud tenant Best for — Teams that want a low-friction, practical first experience before committing to a larger sovereign cloud programme Included services # Design What you have at the end # At the end of Learn, the customer has seen the platform in practice, has a live tenant with a simple branded demo, and has the material needed to decide what happens next. They can continue and expand the tenant through Perform or Accelerate, or choose to delete it again.\nBecause the tenant comes with a startup grant, the customer gets the hands-on demo in their own tenant without incurring cost for the workshop environment.\nLet's talk ","externalUrl":null,"permalink":"/en/paces/learn/","section":"Paces","summary":"A hands-on first day # Learn is a one-day workshop for organisations that want to see what a sovereign cloud platform can actually do before they commit to a broader build. We use the day to make the platform tangible, relate it to the cloud patterns your team already knows, and show the practical benefits of running in a sovereign cloud.\n","title":"Learn","type":"paces"},{"content":" From blueprint to running platform # Design is only valuable when it becomes infrastructure. We build production-ready, EU-sovereign platforms: fully automated, security-hardened, and ready for your teams to deploy on.\nPlatform # A Cloud Adoption Framework-aligned platform with the required baseline in place from day one, plus optional extensions where the design calls for them.\nLanding zones — One T Cloud account by default with enterprise projects as the main permission, ownership, and cost boundary, plus separate accounts only when legal, billing, or strong administrative isolation requires them Sovereign Fremforge — EU-sovereign managed Git and CI/CD at frem.sh with hosted runners, single sign-on enforcement, and a bundled supply chain security stack (pre-receive secret scanning, dependency scanning, signed commits, and SLSA provenance) for strong control over source code and delivery workflows, AI-agnostic by design with a first-class public API your developer tooling and AI agents consume directly, with no forge-level vendor lock-in Ephemeral Fremforge runners — Temporary continuous integration and continuous delivery (CI/CD) workers spawned on demand, scaling with workload and back to zero when idle, similar to hosted Azure DevOps agents OpenTofu modules — Standardised infrastructure modules with best-practice security defaults CI/CD templates — Deployment pipelines with built-in security scanning and multi-environment support Runtime secrets delivery — Pipeline secrets and deployment credentials supplied from sovereign secrets management at runtime, so CI/CD jobs avoid long-lived credentials in repositories and runner images Policy as code — Governance and continuous compliance enforcement, including Kubernetes manifest policy evaluation Shared services # The cross-cutting services that form the platform baseline, plus optional shared services when the architecture needs them.\nAPI management — Optional shared or workload-owned API gateway for routing, throttling, and authentication controls where it adds value Load balancing and WAF — Public web ingress through Web Application Firewall (WAF)-protected edges, with load balancing patterns selected per workload or shared service Enterprise networking — Native virtual private cloud (VPC) routing by default, with Enterprise Router and firewall controls where shared routing domains or perimeters are required Hybrid connectivity — Connections to on-premises, Secure Access Service Edge (SASE), or other hosting providers when the design includes hybrid dependencies DNS as code — Shared public and private DNS patterns, usually owned in the connectivity boundary and managed through infrastructure as code Certificate management — Automated TLS lifecycle with cert-manager and Let\u0026rsquo;s Encrypt for Kubernetes workloads, or load-balancer-based TLS termination for non-containerised services Managed messaging — Optional Kafka-based messaging for event-driven architectures and asynchronous workflows Documentation site — Optional central platform and service documentation where shared documentation needs justify it Cloud native application platform # Enterprise Kubernetes with everything developers need to ship confidently.\nKubernetes — Enterprise clusters with secure-by-default configuration GitOps — Declarative, auditable, and version-controlled deployment workflows when GitOps is the chosen delivery model Managed ingress and egress — Approved ingress patterns with WAF at public web edges and controlled egress through the selected perimeter model Flexible isolation — Multi-solution or single-solution designs (platform-in-platform or per-workload isolation) Container registry — Managed registry with Trivy-based image scanning in CI/CD Serverless compute — FunctionGraph-first automation and lightweight event-driven workloads without provisioning servers Managed databases and storage — Added where the workload design needs managed data services rather than self-managed runtimes Virtual machines — VM-based compute for workloads that don\u0026rsquo;t require containers or serverless patterns Secrets and encryption — Managed keys and platform secrets through Data Encryption Workshop (DEW) Key Management Service (KMS) and Cloud Secret Management Service (CSMS) Self-service pipelines — Consistent developer experience with deployment autonomy Included in These Paces This service is included in the following packaged offers:\nPerform Accelerate Let's talk ","externalUrl":null,"permalink":"/en/services/build/","section":"Services","summary":"From blueprint to running platform # Design is only valuable when it becomes infrastructure. We build production-ready, EU-sovereign platforms: fully automated, security-hardened, and ready for your teams to deploy on.\n","title":"Build","type":"services"},{"content":" Production-ready platform delivery # Perform is the package for teams that are ready to move from planning to a serious platform build. It delivers a usable sovereign cloud foundation with the engineering and security baseline already in place.\nTypical deliverables # Landing zone and account or project structure Core networking, identity, and access model Infrastructure as code foundation and reusable modules CI/CD templates and delivery workflow baseline Security controls, policy baseline, and compliance guardrails Platform documentation and handover-ready architecture notes Typical shape # Timeline — Usually 6-10 weeks for a focused first baseline Format — Defined implementation package with clear milestones Best for — Teams ready to own a real platform, not just evaluate one Included services # Design Build Protect What you have at the end # At the end of Perform, you have a working, documented platform foundation with the controls and delivery baseline needed for a first controlled production adoption.\nLet's talk ","externalUrl":null,"permalink":"/en/paces/perform/","section":"Paces","summary":"Production-ready platform delivery # Perform is the package for teams that are ready to move from planning to a serious platform build. It delivers a usable sovereign cloud foundation with the engineering and security baseline already in place.\n","title":"Perform","type":"paces"},{"content":" Platform plus team uplift # Accelerate combines the platform outcomes of Perform with paired delivery, operational readiness, and team capability building. It is the package for organisations that want the platform and the operating model to mature together.\nTypical deliverables # Platform foundation from Perform Paired delivery with your platform or application team Operational runbooks, dashboards, and alerting baseline Enablement sessions for platform ownership and day-two operations CCoE or platform team operating model definition First-solution acceleration for the initial workloads Typical shape # Timeline — Usually 12-16 weeks depending on team availability, operating-model depth, and first-solution scope Format — Side-by-side delivery with knowledge transfer built into the work Best for — Organisations that want momentum, capability, and execution at the same time Included services # Design Build Protect Operate Enable Optional: Migrate for the first live workloads What you have at the end # At the end of Accelerate, you have a platform, a team that has delivered the first real workload with us, and a stronger base for taking ownership without losing momentum.\nLet's talk ","externalUrl":null,"permalink":"/en/paces/accelerate/","section":"Paces","summary":"Platform plus team uplift # Accelerate combines the platform outcomes of Perform with paired delivery, operational readiness, and team capability building. It is the package for organisations that want the platform and the operating model to mature together.\n","title":"Accelerate","type":"paces"},{"content":" Security is architecture, not an add-on # We don\u0026rsquo;t bolt security on after the fact. Every platform we build has security integrated from the first line of code: in the infrastructure, in the pipelines, and in the identity layer.\nSecurity # Secure by design # Policy and delivery controls — Open Policy Agent (OPA) or Conftest guardrails in the delivery path, with optional Checkov, Trivy, Gitleaks, Semgrep, and OWASP ZAP where the workload risk or delivery model calls for them Host security — Conditional server protection for Linux and Windows workloads that run on VM-based or higher-risk runtimes Compliance as code — Policy defined in code, supported by T Cloud Config and drift review to catch and flag out-of-band infrastructure changes Continuous compliance — Record, search, and evaluate resource configurations against defined rules to ensure policy expectations are met Network and data protection # Zero-trust networking — Least-privilege network paths, Kubernetes network policies where relevant, and perimeter controls aligned to the approved ingress model Zero-trust identity — Least-privilege access and role-based access controls DDoS protection — Added for exposed internet paths when distributed denial-of-service (DDoS) risk and the exposure model justify it Encryption — At rest and in transit across all services Secrets management — Key and secret handling through Data Encryption Workshop (DEW) Key Management Service (KMS) and Cloud Secret Management Service (CSMS), with rotation and runtime retrieval patterns Identity # Your users shouldn\u0026rsquo;t notice the migration. We integrate with your existing identity provider and add a T Cloud-hosted identity layer when the target operating model requires it.\nMicrosoft Entra ID integration # Keep your existing identity provider with no disruption to user workflows or single sign-on (SSO) configurations Architecture kept modular so identity can be moved or split later if jurisdiction, control, or operating-model requirements change Start with Entra federation. Add Authentik when you need full identity infrastructure sovereignty, fewer third-party control-plane dependencies, or a T Cloud-hosted identity layer under your own operating boundary Authentik — T Cloud-hosted identity option # Added when a T Cloud-hosted identity layer is required, using a dedicated platform identity boundary rather than the default shared runtime Passkeys, full multifactor authentication (MFA), conditional access, policy and risk-based authentication, and user lifecycle management Complete Security Assertion Markup Language (SAML) and OpenID Connect (OIDC)/OAuth 2.0 support for clean integration with existing and new services Included in These Paces This service is included in the following packaged offers:\nPerform Accelerate Let's talk ","externalUrl":null,"permalink":"/en/services/protect/","section":"Services","summary":"Security is architecture, not an add-on # We don’t bolt security on after the fact. Every platform we build has security integrated from the first line of code: in the infrastructure, in the pipelines, and in the identity layer.\n","title":"Protect","type":"services"},{"content":" Run it like you built it # A platform is only as good as its operations. We deliver full observability, backup and recovery, and cost management. All managed as code, all reproducible, all sovereign.\nObservability and monitoring # See everything, respond fast, and keep an audit trail.\nCentralised logging — Log Tank Service (LTS)-based collection, aggregation, and searchable storage across platform components and workload integrations Metrics and dashboards — Cloud Eye (CES) and Application Operations Management (AOM) as the baseline monitoring plane, with optional dashboard extensions when native views are not enough Alerting pipelines — Simple Message Notification (SMN)-based routing to email, HTTP, or operational integrations that fit your incident process Audit trail — Cloud Trace Service (CTS) for API-level activity tracking, governance, and compliance evidence Distributed tracing — Optional tracing for microservice architectures where application performance management (APM) or self-hosted alternatives such as Jaeger materially improve diagnosis Uptime monitoring — Synthetic checks for critical endpoints where service-level monitoring needs extend beyond the platform baseline Database audit — Conditional auditing and risky-behaviour detection for higher-risk or regulated data platforms Application monitoring — AOM-based monitoring of applications and cloud resources with metrics, logs, events, health analysis, alarms, and visualisation Everything as code — Dashboards, alerts, and integrations version-controlled and reproducible Backup, disaster recovery, and business continuity # Plan for the worst. Recover fast.\nAutomated backup policies — Cloud Backup and Recovery (CBR)-based backup and restore policies for supported databases, object storage, file shares, and persistent workloads Cross-region and cross-zone replication — Added only for workloads whose recovery objectives justify the extra complexity Disaster recovery runbooks — With defined recovery point objective (RPO) and recovery time objective (RTO) targets Regular DR testing — Failover validation on a schedule Backup encryption — Retention policy management Recovery procedures — Documented and integrated into operational runbooks FinOps and cost management # Visibility into spend. Control over growth. No surprises.\nTagging strategy — Cost allocation by team, project, and environment Showback and chargeback — Reporting for multi-team platforms Right-sizing — Recommendations for compute, storage, and database resources Forecasting and estimation — Price Calculator support for design choices, growth scenarios, and predictable workloads Budget tracking — Financial Dashboard-backed cost review cadence with stakeholder visibility Ongoing optimization — Cost reviews as part of platform governance Included in These Paces This service is included in the following packaged offers:\nAccelerate Let's talk ","externalUrl":null,"permalink":"/en/services/operate/","section":"Services","summary":"Run it like you built it # A platform is only as good as its operations. We deliver full observability, backup and recovery, and cost management. All managed as code, all reproducible, all sovereign.\n","title":"Operate","type":"services"},{"content":" Make the switch # Whether you\u0026rsquo;re moving workloads from AWS, Azure, GCP, on-premises infrastructure, or legacy hosting models, we get you to EU-sovereign cloud with minimal disruption.\nAssessment # Before committing resources, you need a clear picture of what you\u0026rsquo;re working with and where you\u0026rsquo;re heading.\nWorkload inventory — Existing workloads, dependencies, and data classification across AWS, Azure, GCP, or on-premises environments Application mapping — Dependency mapping and stateful vs stateless workload identification Network analysis — Topology analysis and traffic flow documentation Compliance gap analysis — GDPR, NIS2, and industry-specific requirements relating to infrastructure and data residency Migration roadmap — Phased timeline, risk register, and resource estimation Cost modelling — Projected migration spend and ongoing operational costs compared to current state Deliverables # Infrastructure Report — Detailed documentation of your current cloud estate Migration Plan — Step-by-step roadmap with dependencies and timelines Cost Model — Projected costs for both migration and ongoing operations Risk Register — Identified risks with probability, impact, and mitigations Executive Summary — Board-ready presentation of findings and recommendations A typical assessment takes 2–4 weeks depending on the complexity of your infrastructure.\nApplication modernisation # Not every workload should be lifted and shifted. Some need to be rethought.\nDecomposition — Monolith-to-microservices analysis and domain boundary mapping Containerisation — Packaging existing applications for Kubernetes deployment Cloud-native refactoring — 12-factor principles, stateless design, and externalised configuration Replatforming — Strategies for adopting managed services and reducing operational overhead Incremental modernisation — Strangler fig pattern and parallel-run validation Migration execution # We don\u0026rsquo;t do big-bang migrations. Instead, we pilot, iterate, migrate, and validate.\nPlatform-to-platform migration — Migration from AWS, Azure, or GCP to EU-sovereign T Cloud On-premises to cloud — Migration from traditional hosting to EU public cloud Database migration — Online migration and synchronisation between source and target databases with zero-downtime and data validation Storage migration — Object, block, and file — with automated verification Network cutover — DNS cutover, load balancer reconfiguration, and firewall rule translation Phased execution — Pilot, iterate, migrate, validate Included in These Paces This service is included in the following packaged offers:\nAccelerate Let's talk ","externalUrl":null,"permalink":"/en/services/migrate/","section":"Services","summary":"Make the switch # Whether you’re moving workloads from AWS, Azure, GCP, on-premises infrastructure, or legacy hosting models, we get you to EU-sovereign cloud with minimal disruption.\n","title":"Migrate","type":"services"},{"content":" Your platform, your team # We build platforms to be handed over, not to create dependency. From day one, the goal is to make your team confident, capable, and autonomous.\nTraining # Hands-on enablement for platform, operations, and development teams.\nPlatform training — Walkthroughs and hands-on labs for day-to-day operations IaC workshops — OpenTofu, CI/CD pipelines, and infrastructure automation Kubernetes operations — Cluster management, troubleshooting, and scaling Security practices — Security tooling, scanning, and incident response Gradual transition — Responsibilities shift progressively during the stabilisation period Critical-phase support — On-call support during go-live and post-migration review Phased operations handover # We don\u0026rsquo;t just hand you the keys. We walk alongside your team until they\u0026rsquo;re ready to run.\nPhase 1 — we run # Full operational responsibility in the initial period. We run the platform while your team ramps up.\nPhase 2 — paired operations # Your team takes the lead. Our engineers are alongside for guidance and escalation.\nPhase 3 — advisory # Your team owns day-to-day operations. We step back to third-line support and architecture advisory.\nAt every phase # Defined handover milestones and readiness criteria Operational runbooks, escalation paths, and knowledge base transferred progressively Optional ongoing advisory retainer for architecture reviews, incident escalation, and platform evolution Engagement models # Project-based # Fixed-scope engagement for defined projects. Clear deliverables, timeline, and budget.\nTime \u0026amp; Materials # Flexible engagement for evolving requirements. Pay for actual effort with transparent tracking.\nEmbedded team # Our engineers work as part of your team for extended periods. Full integration with your processes and tools.\nIncluded in These Paces This service is included in the following packaged offers:\nAccelerate Let's talk ","externalUrl":null,"permalink":"/en/services/enable/","section":"Services","summary":"Your platform, your team # We build platforms to be handed over, not to create dependency. From day one, the goal is to make your team confident, capable, and autonomous.\n","title":"Enable","type":"services"},{"content":"We write about how EU organisations can modernise platforms, reduce dependency, and make cloud decisions with clearer technical and regulatory context.\n","date":"24 April 2026","externalUrl":null,"permalink":"/en/blog/","section":"Blog","summary":"We write about how EU organisations can modernise platforms, reduce dependency, and make cloud decisions with clearer technical and regulatory context.\n","title":"Blog","type":"blog"},{"content":" EU-sovereign cloud advisory\nMove critical cloud workloads into European control. Strategy, platform design, and migration delivery for organisations building or moving critical workloads into European control while keeping engineering quality high.\nLet's talk Explore services Starting point AWS, Azure, Google Cloud, or T Cloud estates with real delivery pressure Designed for Regulated sectors, public institutions, and EU-headquartered teams Delivery style Advisory, implementation, and side-by-side enablement for platform teams Control journey\nFrom today's cloud estate to an owned operating model. Now Current platform estate Existing providers, inherited control planes, and jurisdiction requirements that need to be made explicit.\nTransition Target-state design Exit paths, landing zones, governance baselines, and migration sequencing made explicit.\nResult European operational control Production foundations with security, observability, and runbooks built in from day one.\nAssess Design Deliver Engagement models\nChoose the right depth of help. Start with an executive decision point, move into a production platform build, or run delivery side by side with your team.\n01 Learn Focused workshop, live walkthrough, and a clear target-state recommendation.\nLow-risk first step Fast decision support View pace 02 Perform Landing zones, security controls, infrastructure as code, and production foundations.\nPlatform delivery Concrete operating baseline View pace 03 Accelerate Build the platform while strengthening the internal team, governance model, and pace.\nPaired delivery Durable internal capability View pace What changes\nSovereignty is treated as an operating constraint, not a slogan. The target state is not just new hosting. It is landing zones, identity, policy, observability, backup, runbooks, and delivery controls that stand up in production.\nRisk boundaries made explicit Control, disclosure, and support assumptions are written into the architecture instead of left implicit.\nGovernance built with the platform Identity, encryption, policy, and observability are part of delivery scope, not deferred work.\nInternal teams stay in the loop Platform teams and CCoEs gain the delivery rhythm, documentation, and runbooks needed to take ownership.\nTypical delivery scope\nAssess Current estate, constraints, and realistic exit options.\nBuild Landing zones, shared services, pipelines, and platform foundations.\nProtect Identity, policy, logging, backup, and operational controls.\nEnable Runbooks, handover, and side-by-side team enablement.\nCapabilities\nFour workstreams most teams need first. A focused set of capabilities for teams shaping a credible EU-sovereign target state.\nDesign Target architecture, landing zones, and transformation planning.\nBuild Platform engineering, shared services, CI/CD, and cloud-native foundations.\nProtect Identity, encryption, policy enforcement, and security controls.\nMigrate Assessment, migration execution, and application modernisation.\nExplore all services Fit\nWho this is for. Best suited to teams that already carry cloud responsibility and need a more explicit control model, not just a high-level sovereignty discussion.\n01 Regulated and accountable environments Public institutions, regulated sectors, and EU-headquartered organisations that need clearer control, disclosure, and operating boundaries.\n02 Existing cloud estates Teams already running workloads on AWS, Azure, Google Cloud, or hybrid estates and needing a credible next platform step.\n03 Delivery and handover in one path Organisations that want architecture, implementation, and handover to happen as one connected delivery path instead of separate disconnected projects.\nSee the reference platform Read the FAQ Next step\nStart with a concrete review of your current cloud estate. We can map the technical and jurisdiction constraints that matter, identify realistic migration paths, and shape an EU-controlled target state that fits your operating model.\nLet's talk info@fremverk.com ","date":"24 April 2026","externalUrl":null,"permalink":"/en/","section":"fremverk | EU-sovereign cloud consultancy","summary":" EU-sovereign cloud advisory\nMove critical cloud workloads into European control. Strategy, platform design, and migration delivery for organisations building or moving critical workloads into European control while keeping engineering quality high.\nLet's talk Explore services Starting point AWS, Azure, Google Cloud, or T Cloud estates with real delivery pressure Designed for Regulated sectors, public institutions, and EU-headquartered teams Delivery style Advisory, implementation, and side-by-side enablement for platform teams Control journey\n","title":"fremverk | EU-sovereign cloud consultancy","type":"page"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/devops/","section":"Tags","summary":"","title":"Devops","type":"tags"},{"content":"We built CloudUnit in a market where the default cloud answer was usually one of the US hyperscalers. That work gave us deep practical experience in landing zones, identity, networking, automation, operations, platform engineering, and delivery at scale.\nThat experience still matters. What has changed is the market around it, and the questions clients now need answered.\nThat is why we are becoming fremverk. The work is no longer only about helping organisations navigate the big US platforms. It is increasingly about helping them move critical workloads, operating models, and engineering practices into EU-sovereign environments without losing speed, quality, or technical discipline.\nWhy CloudUnit is becoming fremverk # For us, the CloudUnit name belonged to an earlier chapter. It matched a period when much of the work centered on cloud enablement in ecosystems dominated by US vendors.\nThe fremverk name is a better fit for what we are actually building now: foundations, operating models, and modern platform capabilities for organisations that need stronger European control over infrastructure, data, and delivery.\nThis is not a rejection of cloud in general, and it is not a claim that every workload must leave US providers immediately. It is a recognition that many organisations in Europe now need a credible sovereign option, and they need it to work in practice rather than only on paper.\nWhat the name means # The name is intentionally Nordic in tone.\nFrem points to forward movement, progress, and transformation. Verk points to work, craft, and execution. Together, the name says something important about how we want to operate: not only advising on the direction, but helping build the target state and getting the work done.\nWhy the time is right # Three changes make this shift timely.\nEU-sovereign cloud platforms are materially more mature than they were a few years ago. Regulatory, procurement, and governance pressure has increased across both public and private sectors. Customers want a realistic migration path, not a theoretical discussion about sovereignty. That combination matters.\nFor a long time, the gap between the sovereignty requirement and the available platform capability was too wide. Today that gap is much narrower. The question is no longer whether there are usable EU alternatives for serious workloads. The real question is how to adopt them with the same engineering discipline that teams already expect from mature cloud programmes.\nThe expertise still transfers directly # One of the most common misunderstandings in this space is that moving from a US hyperscaler context to an EU-sovereign cloud context requires starting over.\nIt does not.\nThe provider catalogue changes. The legal and operational constraints change. Some architecture choices change. But a large share of the work remains exactly the kind of work experienced cloud teams already know how to do.\nIdentity and access management still has to be designed carefully. Network boundaries, ingress, egress, and segmentation still matter. Infrastructure as code still needs structure, policy, review, and drift control. CI/CD still needs isolation, secrets handling, and repeatability. Observability, backup, disaster recovery, and cost control still determine whether a platform is viable in production. Teams still need operating models that balance central guardrails with delivery autonomy. That is where our background remains useful. Years spent working with modern cloud operations and DevOps practices on US platforms are not wasted effort. They are transferable engineering capability.\nWhat changes in an EU-sovereign model # The transfer is real, but it is not one-to-one. EU-sovereign delivery adds different design priorities.\nJurisdiction and operating model # The conversation is not only about regions and services. It is about who controls the platform, which legal regime applies, how administration is performed, and what evidence can be produced when procurement, compliance, or audit questions appear.\nService mapping and architecture choices # Teams cannot assume that every managed service, every developer convenience, or every integration pattern will look identical to a hyperscaler baseline. Good architecture work means mapping the real requirement to the real service catalogue instead of forcing old assumptions into a different platform.\nPortability has to be more than slogan # When sovereignty becomes a first-class design concern, portability and exit posture become more concrete. Open tooling, clean interfaces, and deliberately chosen abstractions matter more because they reduce strategic lock-in over time.\nWhat we bring into this next phase # The move from CloudUnit to fremverk is not a move away from engineering depth. It is a clearer expression of where that depth is applied.\nWe bring forward the parts that matter most.\nPractical experience with cloud foundations and landing zones. Broad knowledge of operational cloud patterns across security, networking, governance, and resilience. Platform engineering discipline that keeps environments usable, supportable, and automatable. DevOps practices that make delivery repeatable instead of person-dependent. A migration mindset focused on reducing risk while keeping business momentum. That combination is exactly what organisations need when they want to move toward EU-sovereign cloud without turning the journey into a disruptive reset.\nWhat clients should expect from fremverk # Clients should expect practical decisions rather than abstract sovereignty language.\nWe help assess what genuinely needs sovereign treatment, what can move now, what should be redesigned, and where existing delivery practices can be carried forward rather than rebuilt. We work across architecture, platform build, security, operations, and migration so the result is not a theoretical target state, but a platform your team can run, govern, and improve.\nWe are not changing the name to sound different. We are changing it because the work now demands a clearer position.\nfremverk is the continuation of the same engineering discipline under a name that more honestly matches the work ahead: helping European organisations build, move, and operate on EU-sovereign cloud with fewer abstractions and more technical clarity.\nIf you want to discuss what a practical move from hyperscaler-first to EU-sovereign cloud could look like for your organisation, let\u0026rsquo;s talk.\n","date":"13 April 2026","externalUrl":null,"permalink":"/en/blog/from-cloudunit-to-fremverk/","section":"Blog","summary":"We built CloudUnit in a market where the default cloud answer was usually one of the US hyperscalers. That work gave us deep practical experience in landing zones, identity, networking, automation, operations, platform engineering, and delivery at scale.\n","title":"From CloudUnit to fremverk: why we are refocusing on EU-sovereign cloud","type":"blog"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/platform/","section":"Tags","summary":"","title":"Platform","type":"tags"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/sovereignty/","section":"Tags","summary":"","title":"Sovereignty","type":"tags"},{"content":"","date":"April 13, 2026","externalUrl":null,"permalink":"/da/categories/strategi/","section":"Categories","summary":"","title":"Strategi","type":"categories"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/categories/strategy/","section":"Categories","summary":"","title":"Strategy","type":"categories"},{"content":"","date":"April 13, 2026","externalUrl":null,"permalink":"/da/tags/suver%C3%A6nitet/","section":"Tags","summary":"","title":"Suverænitet","type":"tags"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"Meet the team behind fremverk: hands-on architects and operators with experience across sovereign cloud platforms, hyperscaler transitions, and enterprise delivery.\n","date":"13 April 2026","externalUrl":null,"permalink":"/en/authors/","section":"The team","summary":"Meet the team behind fremverk: hands-on architects and operators with experience across sovereign cloud platforms, hyperscaler transitions, and enterprise delivery.\n","title":"The team","type":"authors"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/transformation/","section":"Tags","summary":"","title":"Transformation","type":"tags"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/compliance/","section":"Tags","summary":"","title":"Compliance","type":"tags"},{"content":"","date":"13 April 2026","externalUrl":null,"permalink":"/en/tags/gdpr/","section":"Tags","summary":"","title":"Gdpr","type":"tags"},{"content":"The conversation around digital sovereignty has moved from academic to urgent. What was once a niche concern for government agencies is now a board-level issue for enterprises, public sector organisations, and scale-ups across Europe.\nHere is why, and what it means for your cloud strategy.\nThe legal landscape has shifted # The Data Privacy Framework: a framework still under scrutiny # In July 2023, the European Commission adopted the EU-US Data Privacy Framework (DPF), replacing the Privacy Shield that was invalidated by Schrems II in 2020. This framework currently allows organisations to transfer data to US providers.\nBut even with the DPF in place, several structural concerns still matter:\nFISA Section 702 still allows US intelligence agencies to compel US companies to hand over foreign users\u0026rsquo; data, without a warrant, without notification The CLOUD Act still grants US authorities access to data held by US companies regardless of where it\u0026rsquo;s stored geographically Limited judicial redress — the new \u0026ldquo;Data Protection Review Court\u0026rdquo; remains disputed by many critics, who question whether it provides the remedies EU law requires Many legal observers expect further challenge. The framework rests on executive orders that a future US administration could revoke, which is why some organisations are reassessing how much critical exposure they want tied to it.\nGeopolitical risk is real # Beyond the legal technicalities, the geopolitical landscape has fundamentally changed:\nIncreasing US-EU tensions on trade, tariffs, and technology policy Sanctions and export controls that can be applied unpredictably The precedent of sudden service restrictions based on political decisions Relying entirely on US infrastructure means accepting that parts of your business continuity and compliance model are linked to political stability between Washington and Brussels. For some critical operations, many organisations will judge that risk too high.\nGDPR enforcement is intensifying # We\u0026rsquo;re past the grace period. Regulators are issuing record fines:\nMeta: €1.2 billion (May 2023) for EU-US data transfers Amazon: €746 million (2021) for processing personal data Google: Multiple fines totalling hundreds of millions More importantly, the pattern of enforcement is expanding beyond tech giants to enterprises across sectors.\nNIS2 raises the bar # The NIS2 Directive, effective October 2024, significantly expands cybersecurity requirements:\nMore sectors covered (healthcare, waste management, food production, etc.) Personal liability for management Stricter incident reporting (24-hour notification) Supply chain security requirements US cloud providers aren\u0026rsquo;t automatically disqualified, but the compliance burden for using them has increased substantially.\nBeyond compliance: strategic considerations # Customer trust # Your customers are paying attention. B2B buyers increasingly include data residency questions in procurement processes. B2C customers are becoming more aware of where their data lives.\n\u0026ldquo;Data stored in EU\u0026rdquo; is becoming a competitive differentiator.\nOperational certainty # Regulatory uncertainty creates operational risk. If a future court ruling or regulatory action restricts US cloud services, organisations heavily dependent on hyperscalers face:\nEmergency migration projects Service disruptions Potential fines for non-compliance during transition Moving some or all critical workloads to EU-sovereign infrastructure can reduce this exposure materially.\nWhat \u0026ldquo;EU sovereignty\u0026rdquo; actually means # Not all EU-based cloud services are equal. True sovereignty requires:\nData residency # Data stored exclusively in EU data centres. This is the baseline requirement.\nLegal jurisdiction # The entity controlling the data is subject to EU law, not US, Chinese, or other foreign jurisdiction. This means EU-owned or a legal structure that insulates from foreign government access.\nOperational control # EU persons and entities control the infrastructure operations. No remote access from non-EU locations to administrative systems.\nTechnology independence # For the most sensitive use cases: no hardware or software components that create backdoor access, ability to verify the full technology stack.\nT Cloud: hyperscaler capabilities, EU sovereignty # The market for EU-sovereign cloud has matured. T Cloud, Deutsche Telekom\u0026rsquo;s sovereign cloud platform, now offers the service breadth and operating model most enterprises expect from hyperscalers:\nEnterprise-grade infrastructure with the scale and reliability you expect AI and machine learning capabilities operated entirely from German data centres Complete tooling ecosystem — the same developer experience, CI/CD pipelines, and operational workflows you\u0026rsquo;re used to 24/7 EU-based support with operations and support centred in the EU This isn\u0026rsquo;t a compromise. It\u0026rsquo;s a credible enterprise cloud platform under EU jurisdiction.\nThe path forward # Shifting critical workloads into EU-sovereign infrastructure doesn\u0026rsquo;t mean a risky big-bang migration or starting from scratch. A pragmatic, proven approach:\nDesign — Start with architecture, exploration, and transformation planning tailored to your business and compliance requirements Build — Platform engineering, landing zones, shared services, and cloud-native application platforms, fully built and production-ready Protect — Zero-trust security, sovereign identity, compliance as code, and continuous governance Operate — Centralised monitoring, backup, disaster recovery, and cost management from day one Migrate — Assess existing workloads, modernise where needed, and execute the migration systematically Enable — Phased knowledge transfer and paired operations until your team has full ownership The goal is an EU-sovereign target state for the workloads that need it most, delivered at a pace that works for your organisation, without disrupting your business.\nIf you want to review what EU sovereignty means for your current cloud estate, let\u0026rsquo;s discuss your situation.\n","date":"13 April 2026","externalUrl":null,"permalink":"/en/blog/why-eu-digital-sovereignty-matters/","section":"Blog","summary":"The conversation around digital sovereignty has moved from academic to urgent. What was once a niche concern for government agencies is now a board-level issue for enterprises, public sector organisations, and scale-ups across Europe.\n","title":"Why EU digital sovereignty matters for your business","type":"blog"},{"content":" Why fremverk exists # fremverk was built around a simple observation: enterprises that want to reduce jurisdiction and delivery risk often lack a practical path from hyperscaler dependence to a sovereign operating model.\nToo many initiatives stop at strategy decks, compliance presentations, or isolated migrations. We built fremverk for teams that need a real transition, where platform, governance, identity, security, observability, and handover are treated as one connected delivery.\nThat is why EU-sovereign cloud is not a slogan for us. It is a way to make control, accountability, and day-to-day operations clearer for critical workloads. We have collected the legal and regulatory background here: Read the analysis →\nThe story behind our approach # Our approach is shaped by three practical perspectives.\nSøren Hartvig Jensen comes from the hyperscaler-to-sovereign side, with experience across US hyperscaler platforms, target architectures, and transformation paths. Jan Ulnits brings the delivery and operating perspective, shaped by years of turning complex customer engagements into structured execution with clear ownership, momentum, and handover. He and Søren were the original founders of CloudUnit, the company that has now evolved into fremverk. Martin Haslund Johansson comes from the hybrid and classic enterprise side, where existing estates, integrations, and operating realities cannot be ignored.\nThat combination matters. A credible sovereign platform is not created by changing hosting alone. It has to offer a stronger target state while still working against the environment the customer already runs. That is why we combine platform engineering with governance, security, operations, and realistic migration paths.\nfremverk is not built as a one-person profile either. The core is a small, experienced team, backed by specialists when the work calls for deeper support.\nHow we work with customers # We start from the current estate and assess what can realistically be moved, standardised, or modernised. We design and build landing zones, shared platform services, security controls, and delivery patterns that hold up in production. We stay through the runbooks, handover, and operating model work until the customer team can take ownership with clarity. That means customers do not just get a target architecture. They get a more realistic operating foundation for moving from AWS, Azure, Google Cloud, or hybrid environments into a sovereign platform.\nIf you want the shortest route into the offer, start with the FAQ or the reference platform.\nPlatforms we typically build with # We show them because they reflect how we work with control, operations, and delivery.\nT Cloud Our preferred sovereign cloud platform for enterprise landing zones, shared platform services, and modern workload runtimes in German data centers.\nFremforge Our EU-sovereign managed Git and CI/CD platform at frem.sh — repositories, pipelines, and planning workflows hosted in Europe, without the customer having to operate a forge themselves.\nOpenTofu Open and declarative Infrastructure as Code with version control, peer review, and predictable governance.\nMicrosoft Entra \u0026amp; Authentik Integration with existing enterprise identity, or a T Cloud-hosted identity layer when full identity sovereignty is required.\nThe team # Søren Hartvig Jensen CEO \u0026amp; Enterprise Cloud ArchitectCo-founder Martin Haslund Johansson CGO \u0026amp; Enterprise Hybrid Architect Jan Ulnits COO \u0026amp; PartnerCo-founder Abigaele Meghan Frost Office Manager The team is backed by a broader bench of highly specialised consultants. Let's talk ","externalUrl":null,"permalink":"/en/about/","section":"fremverk | EU-sovereign cloud consultancy","summary":"Why fremverk exists # fremverk was built around a simple observation: enterprises that want to reduce jurisdiction and delivery risk often lack a practical path from hyperscaler dependence to a sovereign operating model.\n","title":"About","type":"page"},{"content":" Let\u0026rsquo;s talk # Ready to move your infrastructure to EU-sovereign cloud? Have questions about compliance, migration strategy, or platform capabilities?\nWe\u0026rsquo;re here to help.\nBefore you reach out # If you want a fast overview first, read the FAQ and the reference platform. They explain how we typically work, what stays hybrid, and what the target platform usually includes.\nGet in touch # info@fremverk.com · +45 9188 6000 (weekdays 8–16 CET)\nLocation # fremverk ApS\nCVR: 39150689\nRingager 4C, 2. tv\n2605 Brøndby\nDenmark\nMap image derived from OpenStreetMap data. © OpenStreetMap contributors. This map image is served locally from this site. We do not embed a live third-party map here. Open the address in OpenStreetMap only if you want to send a request to that service. Open in OpenStreetMap Your inquiry is used only to respond and follow up in line with our privacy policy.\n","externalUrl":null,"permalink":"/en/contact/","section":"fremverk | EU-sovereign cloud consultancy","summary":"Let’s talk # Ready to move your infrastructure to EU-sovereign cloud? Have questions about compliance, migration strategy, or platform capabilities?\n","title":"Contact","type":"contact"},{"content":" What kind of organisation is fremverk best suited for? We are best suited to organisations with real platform responsibility, meaningful compliance or jurisdiction pressure, and an existing cloud or hybrid estate that cannot simply be replaced with generic hosting.\nDo all workloads need to move to EU-sovereign cloud? No. In many cases, only selected workloads, control points, identities, data flows, or delivery paths need stronger European control. A mixed target state is often the right answer.\nIs this only relevant for public sector organisations? No. Public sector is an obvious fit, but the same questions also matter to regulated enterprises, critical suppliers, EU-headquartered companies, and teams facing procurement or customer questions about control and jurisdiction.\nDo we have to replace Microsoft Entra or our current identity provider? No. In many engagements, Entra or another existing enterprise identity provider remains in place. We only introduce a different identity layer when the operating model or sovereignty requirement actually calls for it.\nDo you only work with greenfield platforms? No. The normal starting point is an existing AWS, Azure, Google Cloud, or hybrid estate. The work is usually about designing a credible next state and moving toward it without breaking delivery.\nWhat does a first engagement usually look like? The smallest starting point is usually a focused workshop or assessment, often similar in shape to Learn. That is used to clarify constraints, identify what needs stronger control first, and define whether the next step should be design work, a platform build, or a migration track.\nWhat can stay hybrid during a transition? Identity, networking, existing business systems, and some application components can often remain where they are for a period. Hybrid is a normal transition pattern, not a failure state.\nDo you only work with T Cloud? T Cloud is the primary sovereign platform we build around because it has the service coverage and operating model we need for the target state. We also work with the surrounding toolchain, integration patterns, and hybrid dependencies that make that platform usable in practice.\nWhat does the target platform usually include? Typically one T Cloud account by default, enterprise projects as the main boundary, shared platform-management operations, a platform-connectivity boundary for shared network and DNS patterns, federated identity, infrastructure as code, Git and CI/CD, FunctionGraph-first for lightweight automation, security controls, monitoring, backup, and a clearer operating model for the customer team.\nFor the concise version, see the reference platform.\nAre you replacing the customer team? No. The model is designed to strengthen the customer team while delivery happens. That can mean advisory support, implementation, or side-by-side delivery with handover and runbooks.\nHow long does a serious platform build usually take? It depends on the starting point and scope, but the first usable baseline is usually a scoped piece of work measured in weeks, not a multi-year transformation before anything becomes operational. On this site, a focused Perform is usually 6-10 weeks and Accelerate 12-16 weeks.\nHow should we decide whether to talk now? Talk now if the cloud decision already has legal, procurement, customer, or operating-model consequences. If the question is still purely theoretical, start with the blog or a lightweight workshop first.\nLet's talk ","externalUrl":null,"permalink":"/en/faq/","section":"fremverk | EU-sovereign cloud consultancy","summary":" What kind of organisation is fremverk best suited for? We are best suited to organisations with real platform responsibility, meaningful compliance or jurisdiction pressure, and an existing cloud or hybrid estate that cannot simply be replaced with generic hosting.\n","title":"FAQ","type":"page"},{"content":"Services describe what we do. Paces are fixed-scope engagement packages with a defined outcome, a typical timeline, and practical deliverables.\nChoose the pace that fits your current stage, then use the included services as the breakdown of what the package covers.\n","externalUrl":null,"permalink":"/en/paces/","section":"Paces","summary":"Services describe what we do. Paces are fixed-scope engagement packages with a defined outcome, a typical timeline, and practical deliverables.\nChoose the pace that fits your current stage, then use the included services as the breakdown of what the package covers.\n","title":"Paces","type":"paces"},{"content":"Last updated: April 2026\nIntroduction # fremverk (\u0026ldquo;we\u0026rdquo;, \u0026ldquo;us\u0026rdquo;, or \u0026ldquo;our\u0026rdquo;) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website or use our services.\nData controller # fremverk ApS CVR: 39150689\nRingager 4C, 2. tv, 2605 Brøndby, Denmark\nEmail: info@fremverk.com\nWhat this website does not do # We believe privacy claims should be verifiable, so we want to be explicit:\nNo advertising or analytics cookies — this website does not use cookies for analytics, advertising, or cross-site tracking No tracking pixels or fingerprinting — there are no third-party tracking scripts No external font loading — all fonts are self-hosted (no requests to Google, Adobe, or others) No auto-loaded third-party widgets or maps — external services are contacted only if you choose to open an external link Limited browser-side preference storage only — this site may use the browser\u0026rsquo;s localStorage API to remember preferences such as appearance or an explicitly selected language; this is not used for analytics, advertising, or cross-site tracking Preferences are stored only after user action — appearance is stored only if you use the theme switcher, and language is stored only if you explicitly choose a language No consent banner for tracking — because we do not use non-essential cookies or similar technologies for analytics, advertising, or third-party tracking You can verify this using your browser\u0026rsquo;s developer tools (Network and Application tabs).\nIf you choose to open an external link, that destination handles your request under its own policy. This site does not auto-load third-party widgets or embedded maps. Edge delivery and caching are covered separately in the Hosting section below; they are operational infrastructure rather than browser-side tracking.\nHosting # This website is hosted on T Cloud (Deutsche Telekom), an EU-sovereign cloud provider. The primary hosting environment is located in the EU. The public website is delivered through Bunny CDN in front of the origin.\nTo deliver, cache, and protect the site, T Cloud and Bunny process technical request data such as IP address, timestamp, requested URL, HTTP status code, and user agent in server or edge logs. We use this data solely for content delivery, security monitoring, abuse prevention, and troubleshooting. Operational access logs under our control are retained for a maximum of 30 days. The legal basis is legitimate interest (GDPR Art. 6(1)(f)) in maintaining the security, integrity, and availability of our website.\nAnalytics # When we add analytics to this website, we will use a privacy-focused, EU-sovereign or self-hosted solution that does not use cookies or track individual visitors. Such tools work by aggregating page view counts, referrer information, and approximate geographic region (country level) without storing personal identifiers. If we deploy analytics on that basis, we do not expect a consent banner to be required for analytics because no non-essential cookies or comparable tracking identifiers would be used.\nThis section will be updated when analytics are deployed.\nInformation you provide # When you contact us, by email, phone, LinkedIn, or in connection with a consultancy engagement, we may receive:\nContact information: name, email address, phone number Business information: company name, job title, project requirements We use this information to respond to your inquiry, deliver the services you have requested, and comply with legal obligations.\nLegal basis for processing # Under GDPR, we process your data based on:\nConsent (Art. 6(1)(a)): only where you explicitly give consent for a specific optional purpose Contractual necessity and pre-contractual steps (Art. 6(1)(b)): when responding to service inquiries and providing consultancy services you have requested Legal obligation (Art. 6(1)(c)): when we need to retain records or comply with applicable law Legitimate interest (Art. 6(1)(f)): for website delivery via T Cloud and Bunny, server and edge log processing, security monitoring, abuse prevention, and improving service reliability Data sharing # We do not sell, trade, or rent your personal information. We may share data with:\nService providers who assist in our operations, including T Cloud for hosting and Bunny for CDN delivery, under appropriate contractual terms Legal authorities when required by applicable law Data retention # Server logs: maximum 30 days Contact and business information: for the duration of our business relationship plus 5 years, or as required by Danish bookkeeping legislation Your rights # Under GDPR, you have the right to:\nAccess your personal data (Art. 15) Rectify inaccurate data (Art. 16) Erase your data (Art. 17) Restrict processing (Art. 18) Data portability — receive your data in a structured, machine-readable format (Art. 20) Object to processing based on legitimate interests (Art. 21) Withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7(3)) To exercise these rights, contact us at info@fremverk.com. We will respond within 30 days.\nSupervisory authority # You have the right to lodge a complaint with the Danish Data Protection Agency:\nDatatilsynet\nCarl Jacobsens Vej 35, 2500 Valby, Denmark\nWebsite: datatilsynet.dk\nEmail: dt@datatilsynet.dk\nData security # We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), least-privilege access controls, and operational monitoring on the hosting platform.\nInternational transfers # We seek to keep website hosting and operational processing within the European Economic Area (EEA). If a service used for website operations involves a transfer outside the EEA, we will rely on an appropriate transfer mechanism under GDPR and update this policy accordingly.\nChanges to this policy # We may update this Privacy Policy from time to time. Material changes will be indicated by updating the \u0026ldquo;Last updated\u0026rdquo; date at the top of this page.\n","externalUrl":null,"permalink":"/en/privacy/","section":"fremverk | EU-sovereign cloud consultancy","summary":"Last updated: April 2026\nIntroduction # fremverk (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website or use our services.\n","title":"Privacy policy","type":"page"},{"content":" What this page is # This is the concise version of the target platform shape we typically help customers design and deliver. It is not a one-size-fits-all blueprint, but it follows the baseline in our architecture notes: one T Cloud account by default, enterprise projects as the main boundary, and a shared platform foundation that is extended only where the design justifies it.\nCore structure # Boundary model — One T Cloud account by default, with enterprise projects as the main permission, ownership, and cost boundary. Required platform projects — platform-management for shared platform operations and platform-connectivity for shared routing, DNS, edge, and perimeter controls. Conditional platform projects — platform-identity only when a self-hosted identity layer such as Authentik is actually required, and platform-security only when security tooling or retention boundaries justify it. Delivery path — Platform and workload resources defined through Git, OpenTofu, CI/CD, and policy checks so the operating model stays declarative and reviewable. Shared platform services # Networking and DNS — platform-connectivity owns shared routing patterns, shared DNS zones, hybrid connectivity, and perimeter controls by default. Ingress and edge controls — Shared edge is for genuinely shared platform services. Public-facing workloads normally own their own public edge in their own project, with WAF for public HTTP and HTTPS ingress. Runtime baseline — PaaS-first in platform-management with OBS, CES/LTS, SMN, CTS, FunctionGraph, and SWR. Git and CI/CD are consumed from Fremforge at frem.sh, so no shared container platform is required at bootstrap. Automation-first runtime choice — FunctionGraph-first for lightweight automation and event-driven jobs. Kubernetes, managed services, or virtual machines are added when the workload or service actually needs them. Security and control layer # Policy and governance — Guardrails, least-privilege access, tagging, and compliance-oriented checks are built into the baseline instead of added later. Identity and access — Human access is federated from the enterprise identity provider by default, with local break-glass access retained and automation scoped through agencies. Keys, secrets, and auditability — Managed key and secret services are the primary source of truth for keys and platform secrets, while API-level audit trails provide auditability and traceability. Backup and recovery — Backup coverage, retention, restore paths, and rebuild-from-code expectations are defined for shared services and critical workloads. Operating model # Observability baseline — Metrics, logs, alerts, notifications, and audit trails form the baseline monitoring and audit stack, with platform alerts for ingress, Fremforge tenant reachability, backups, and key dependencies. Runbooks and handover — Practical operational procedures so the platform can be owned after delivery. Hybrid transition — Space for existing identity, networks, and business systems to remain in place while the target state is built out. Team enablement — Delivery designed so the customer team becomes more capable as the platform matures. What usually changes first # The first useful step is rarely “move everything.” It is usually one or more of these:\nA clearer enterprise-project and governance baseline A more defensible delivery path for source code and CI/CD Better identity and access boundaries A first sovereign workload platform with monitoring, backup, and perimeter controls built in A migration path for the workloads that matter most Where to go next # If you want the practical buyer questions answered first, read the FAQ.\nIf you want to discuss how this maps to your current estate, get in touch.\n","externalUrl":null,"permalink":"/en/reference-platform/","section":"fremverk | EU-sovereign cloud consultancy","summary":"What this page is # This is the concise version of the target platform shape we typically help customers design and deliver. It is not a one-size-fits-all blueprint, but it follows the baseline in our architecture notes: one T Cloud account by default, enterprise projects as the main boundary, and a shared platform foundation that is extended only where the design justifies it.\n","title":"Reference platform","type":"page"},{"content":"","externalUrl":null,"permalink":"/en/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":" Advisory, delivery, and paired delivery across platform strategy, delivery, operations, and team enablement. If you're new here, start with the FAQ or the reference platform.\nHow we engage Advisory, implementation, or paired delivery with your team What this creates Landing zones, controls, migrations, runbooks, and stronger internal capability Best for Organisations that need stronger control while keeping delivery moving ","externalUrl":null,"permalink":"/en/services/","section":"Services","summary":" Advisory, delivery, and paired delivery across platform strategy, delivery, operations, and team enablement. If you're new here, start with the FAQ or the reference platform.\nHow we engage Advisory, implementation, or paired delivery with your team What this creates Landing zones, controls, migrations, runbooks, and stronger internal capability Best for Organisations that need stronger control while keeping delivery moving ","title":"Services","type":"services"},{"content":"Last updated: April 2026\nAbout us # These Terms of Service (\u0026ldquo;Terms\u0026rdquo;) are entered into between you and:\nfremverk ApS CVR: 39150689\nRingager 4C, 2. tv, 2605 Brøndby, Denmark\nEmail: info@fremverk.com\nAgreement to terms # By accessing or using our website and services, you agree to be bound by these Terms and our Privacy Policy. If you do not agree, please do not use our website or services.\nServices # fremverk provides EU-sovereign cloud consultancy services across platform design, migration, operations, and team enablement, including but not limited to:\nCloud infrastructure assessment and design Architecture planning and implementation Cloud migration and modernisation Security, compliance, and data protection Managed operations and support Training, enablement, and knowledge transfer Use of website # Permitted use # You may use our website for lawful purposes related to learning about our services and contacting us for business inquiries.\nProhibited use # You may not:\nUse our website in any way that violates applicable laws Attempt to gain unauthorised access to our systems Use automated tools to scrape or collect data from our website Interfere with the proper functioning of our website Intellectual property # All content on this website, including text, graphics, logos, and software, is the property of fremverk ApS or its content suppliers and is protected by intellectual property laws. You may not reproduce, distribute, or create derivative works from any content without our prior written consent.\nConsultancy services # Engagement # Our consultancy services are provided under separate engagement agreements that specify scope, deliverables, timelines, and fees. In the event of a conflict between these Terms and a specific engagement agreement, the engagement agreement shall prevail.\nProfessional standards # We provide our services with reasonable skill and care, in accordance with generally accepted industry practices.\nLimitations # Our recommendations are based on information provided by you and our professional judgment. Final decisions regarding your cloud infrastructure remain your responsibility.\nDisclaimer of warranties # Our website and its content are provided on an \u0026ldquo;as is\u0026rdquo; and \u0026ldquo;as available\u0026rdquo; basis. To the maximum extent permitted by applicable law, we disclaim all warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the website will be uninterrupted, error-free, or free of harmful components.\nLimitation of liability # To the maximum extent permitted by Danish law:\nWe are not liable for any indirect, incidental, special, or consequential damages, including loss of profit, data, or business opportunity Our total aggregate liability for any claim related to our website or these Terms shall not exceed DKK 10,000 Our total liability for claims related to consultancy services shall not exceed the fees actually paid by you for the specific services giving rise to the claim We are not liable for any third-party services, platforms, or providers recommended or referenced by us Indemnification # You agree to indemnify and hold harmless fremverk ApS, its directors, and employees from any claims, damages, or expenses arising from your use of our website or violation of these Terms.\nConfidentiality # Both parties agree to maintain the confidentiality of any proprietary or sensitive information shared during our engagement. Confidential information shall not be disclosed to third parties without the disclosing party\u0026rsquo;s prior written consent, unless disclosure is required by law or court order.\nThird-party links # Our website may contain links to third-party websites. We are not responsible for the content, accuracy, or practices of these external sites. Inclusion of a link does not imply endorsement.\nForce majeure # Neither party shall be liable for any delay or failure to perform its obligations under these Terms where such delay or failure results from circumstances beyond the party\u0026rsquo;s reasonable control, including but not limited to natural disasters, war, terrorism, pandemics, strikes, government actions, power failures, internet or telecommunications failures, or cyberattacks.\nGoverning law and jurisdiction # These Terms are governed by and construed in accordance with the laws of Denmark, without regard to its conflict-of-law principles. Any disputes arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Denmark.\nDispute resolution # Before initiating court proceedings, the parties agree to first attempt to resolve any dispute through good-faith mediation. If the dispute is not resolved within 60 days of the initial mediation request, either party may proceed to litigation in accordance with the governing law section above.\nChanges to terms # We reserve the right to modify these Terms. Material changes will be posted on this page with an updated \u0026ldquo;Last updated\u0026rdquo; date. Changes take effect 30 days after posting. Your continued use of our website or services after the effective date constitutes acceptance of the modified Terms.\nEntire agreement # These Terms, together with our Privacy Policy and any applicable engagement agreement, constitute the entire agreement between you and fremverk ApS regarding the use of our website. Any prior or contemporaneous agreements, communications, or understandings relating to the subject matter hereof are superseded.\nSeverability # If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.\nContact # For questions about these Terms or our services, contact:\nfremverk ApS\nEmail: info@fremverk.com\nPhone: +45 9188 6000\n","externalUrl":null,"permalink":"/en/terms/","section":"fremverk | EU-sovereign cloud consultancy","summary":"Last updated: April 2026\nAbout us # These Terms of Service (“Terms”) are entered into between you and:\n","title":"Terms of service","type":"page"}]