Built in Europe · Proud of our diversity · 24 languages · 27 nations · one open internet
EU-sovereign · Open source · Production-ready

Open information platform
built on W3C standards

Prisma is open-source software that lets governments and organisations manage their own information — without depending on Big Tech. All data stays in Europe.

View on Codeberg ↗ Get started in 5 min Public sector standards
EU-sovereign cloud MIT / Apache-2.0 W3C open standards MDTO / DUTO compliant 3× NLnet NGI

Big tech dependency

Many AI tools run on American servers and store data outside Europe. With Prisma, all data stays on European servers. You are not dependent on any single vendor.

New European AI rules

From August 2026, organisations must demonstrate how their AI systems make decisions. Prisma automatically records every step — so you can always prove it.

Open standards, no lock-in

Prisma is built on international open standards. No proprietary formats, no forced upgrades, and you can always switch without losing your data.

Digital sovereignty & autonomy

Two concepts. Both essential.

Digital sovereignty and digital autonomy are often used interchangeably — they are not the same thing. Understanding the difference is the starting point for any serious information governance strategy.

Digital sovereignty

Sovereignty is about legal and political control over your data and systems. A sovereign organisation can answer: who has jurisdiction over my data? Under whose laws does it reside? Can a foreign government compel access to it?

Sovereignty is lost the moment your data crosses into a foreign jurisdiction — even if it is encrypted, even if the servers are physically in Europe. A US-headquartered cloud provider is subject to the CLOUD Act regardless of where its data centres are located. Microsoft confirmed this in the French Senate in 2025: it cannot guarantee that European data will never be transferred to US authorities.

Sovereignty is a legal question, not a technical one. You either have it or you do not. There is no "partial sovereignty."

Digital autonomy

Autonomy is about operational freedom — the practical ability to act independently. An autonomous organisation can switch providers, inspect its own systems, modify its tools, and continue operating even if a supplier disappears or changes its terms.

Autonomy is lost through vendor lock-in: proprietary file formats that cannot be exported, APIs that are not documented, licences that can be revoked, and SaaS platforms where you have no access to the underlying code or data model.

Autonomy is an architectural question. It is built in from the start through open standards, open source, and data portability — or it is surrendered, silently, with each proprietary dependency added.

Why you need both — and why one without the other fails

Sovereignty without autonomy means your data is legally protected but you are still operationally dependent. A self-hosted system built on proprietary software still locks you in — you just cannot be surveilled, but you also cannot switch, adapt, or audit. Many national cloud initiatives fall into this trap: the data stays in-country but the software stack remains foreign and opaque.

Autonomy without sovereignty means you have open, portable systems but they are hosted under foreign jurisdiction. An open-source application running on AWS is auditable and portable — but the US government can still compel access to its data. Open source on foreign infrastructure is not sovereign.

Why proprietary standards are a systemic risk in information management

Lock-in compounds over time

Every document saved in a proprietary format, every API call to a closed system, every workflow built on a vendor-specific schema adds one more layer of dependency. Over ten years, the accumulated lock-in becomes structurally impossible to reverse without a full system replacement. Public sector organisations are especially vulnerable because their information must be preserved for decades — long after any vendor's commercial interest in maintaining compatibility has expired.

Accountability cannot be reconstructed

Government information systems must be able to prove what happened, when, and by whom — for Awb accountability, Woo compliance, and legal proceedings. Proprietary audit logs are controlled by the vendor, not by the organisation. If the vendor changes its format, shuts down, or simply declines to provide a log, the accountability chain is broken. Open standards like PROV-O make the audit trail a first-class, independently verifiable artefact — not a commercial by-product.

Interoperability across organisations fails

When two organisations use different proprietary systems, sharing information requires bespoke integration work — custom connectors, bilateral agreements, data conversion, and continuous maintenance. This is why BSW, the Dutch Better Working Together programme, exists: decades of proprietary systems have made cross-departmental information sharing structurally difficult. Open standards like DCAT2 and SPARQL allow any two nodes to query each other without prior agreement on implementation details.

Long-term preservation becomes impossible

The Dutch Archiefwet requires public records to be readable for up to 115 years. DUTO's "Duurzaam" principle demands the same. A document saved in a format that requires proprietary software to render is not durably accessible — it is hostage to that software's continued existence. Open formats like RDF/N-Triples, PDF/A, and XML are readable by any system, today and in decades to come, because their specifications are public and implementation-independent.

Prisma's answer

Prisma is designed to deliver both sovereignty and autonomy simultaneously. Every component uses only W3C open standards — no proprietary formats, no vendor-specific APIs, no lock-in. The entire system can be audited, forked, migrated, or replaced component by component. And because it runs on EU infrastructure under EU law, the legal sovereignty is structural, not promised.

✓ EU jurisdiction — structural ✓ W3C open standards only ✓ Fully auditable source code ✓ PROV-O audit trails — first class ✓ Component-by-component replaceable
5
W3C open standards
0
Proprietary formats
EU
Cloud only
NLnet open calls submitted
Use cases

What is Prisma for?

Three concrete use cases — each one a real-world problem that Prisma solves.

Two organisations sharing information securely

Two organisations query each other's DCAT2 catalogue via SPARQL SERVICE. No data copy, no central storage. ODRL governs access per object. Reference architecture available.

Prisma / Federation — in development

Donations without privacy risk

A foundation receives donations while the donor's identity stays private. The board retains full financial oversight via PROV-O audit trails.

Prisma / TALER — planned

AI that accounts for itself

Automated processes log every step via PROV-O. You can always reconstruct what was decided and why — as required by the EU AI Act Art. 12–14.

Prisma / ANP — architecture in production
Components

Three components, each independently deployable

Prisma consists of three components. Click a card for details.

Component 1

Prisma / ANP

The open communication protocol for AI agents and automated systems. Every action is logged via PROV-O.

NLnet NGI0 Commons Fund — applied for more info →
Component 2

Prisma / Federation

Share information between organisations without copying. Each organisation controls its own access.

NLnet NGI Fediversity — applied for more info →
Component 3

Prisma / TALER

Payment module for foundations. Donors stay anonymous. The board keeps oversight.

NLnet NGI TALER — applied for more info →
Technical foundation

Built on international open standards

Prisma uses no proprietary formats. You can always switch to another system without losing your data.

DCAT2
Dataset cataloguing & discovery
W3C Recommendation
PROV-O
Provenance & audit trails
W3C Recommendation
ODRL 2.2
Access policies & rights
W3C Recommendation
SHACL
Data validation & quality
W3C Recommendation
SPARQL 1.1
Federated query language
W3C Recommendation
W3C DID
Sovereign agent identity
W3C Recommendation
Public sector · government

Made for the public sector

The Dutch central government has strict requirements for how information must be stored and shared — the BSW programme (Better Working Together). Prisma implements all these requirements as working software, not as a policy document.

The same approach works for any European government, healthcare institution, or school — for anyone who needs to prove how information is stored and managed.

Why this matters — four concrete incidents

86% of EU citizens consider it plausible that the US could block European access to digital services — 59% see it as an already concrete risk. Germany 65% · France 60%. Survey of 5,079 citizens across all 27 EU member states, presented at the European Parliament, 17 March 2026. SWG / Polling Europe ↗
Schrems II (2020) — The Court of Justice of the EU invalidated the EU–US Privacy Shield, ruling that US law (FISA, CLOUD Act) does not sufficiently protect European personal data stored on US servers. Any transfer to a US provider is now legally precarious under GDPR. NOYB ↗
Microsoft / International Criminal Court (2025) — After the US imposed sanctions on ICC prosecutors, the Court's chief prosecutor was locked out of his Microsoft email account. Microsoft — a US company — was legally obliged to comply with US executive orders, regardless of where the data was hosted or who the client was. IEEE Spectrum ↗
Anthropic vs. US Department of Defense (March 2026) — The Pentagon designated Anthropic — an American AI company — a "supply chain risk" after it refused to allow its models to be used for mass surveillance or fully autonomous weapons. Any EU organisation using US AI tools is exposed to the same legal and political risk. A US federal judge blocked the designation on 26 March 2026, ruling it was unconstitutional retaliation — but the precedent stands. TechCrunch ↗
Edward Snowden / PRISM (2013) — NSA whistleblower Snowden revealed that the US government had direct access to servers of Microsoft, Google, Apple, Yahoo and others under PRISM — without the knowledge of European users or governments. The data of European citizens was being collected in bulk. This disclosure directly triggered the CJEU's Schrems I ruling (2015) and ultimately Schrems II (2020). The structural vulnerability Snowden exposed has not been fixed — it has been codified in the CLOUD Act (2018). The Guardian ↗

Every EU member state has its own information management framework. Prisma implements the W3C foundation that all of them are built on — making cross-border interoperability structural, not aspirational.

BSW / MDTO / DUTOPrisma implementatieW3C standaardStatus
InformatieobjectNamed Graph (RDF triplestore)DCAT2 + PROV-O + ODRL✓ Production
Beschikbaar KrijgenSPARQL federatieve querySPARQL 1.1✓ Production
Beschikbaar MakenBuild-pipeline + ODRLPROV-O + ODRL✓ Production
Beschikbaar HoudenContent-addressed storage (IPFS + S3 WORM)PROV-O archival✓ Production
Beschikbaar StellenSPARQL endpoint + DCAT2DCAT2 + ODRL✓ Production
DUTO — DuurzaamIPFS CID + N-Triples open formaatContent-addressed✓ Production
DUTO — UitwisselbaarW3C RDF/SPARQL, geen lock-inRDF 1.1✓ Production
DUTO — ToegankelijkDCAT2 catalogus + SKOS thesaurusDCAT2 + SKOS✓ Production
DUTO — OpenbaarODRL-policies per objectODRL 2.2✓ Production
ZorgdragerschapODRL assignee per Named GraphODRL 2.2✓ Production
VernietigingsplichtVernietigingsprotocol + destruction certPROV-O signed✓ Production
Woo-publicatieAfgeleide bron via ODRL endpointPROV-O:wasDerivedFrom✓ Production
TOOI-thesaurusSKOS kern + domeinextensiesSKOS + skos:exactMatchPI 2026.3
EU AI Act Art. 12–14SHACL deterministic reasoning layerSHACL + PROV-OPI 2026.3

How Prisma bridges national standards across Europe

Every EU country has its own information management framework. They use different names, different XML schemas, different governance structures — but they all face the same challenge: making government information findable, accessible, interoperable and reusable. Prisma implements the W3C layer that connects them all.

CountryNational frameworkArchive systemEU bridgeLink
🇳🇱 NetherlandsMDTO / DUTO / BSW IHH / TOOIDCAT-AP, DCAT2MDTO ↗
🇫🇷 FranceSEDA / ISO 20614 / RGIVITAM (open source)DCAT-AP, PROV-OVITAM ↗
🇩🇪 GermanyDOMEA / XDomea / GoBDDCAT-AP, XDOMEAIT-Planungsrat ↗
🇧🇪 BelgiumOSLO / MAGDA / DCAT-AP-VLDCAT-AP, OSLOOSLO ↗
🇪🇸 SpainNTI / ENI / ENSInSiDEDCAT-AP, NTIPAe ↗
🇮🇹 ItalyAgID guidelines / CADDCAT-AP_ITAgID ↗
🇸🇪 SwedenDCAT-AP-SE / RA-FSDCAT-APDIGG ↗
🇵🇱 PolandePUAP / EZDDCAT-APdane.gov.pl ↗
🇪🇺 EU-wideDCAT-AP / EuroVoc / ISA²DCAT2, Dublin CoreDCAT-AP ↗

The W3C bridge

All these national frameworks converge on the same W3C standards: DCAT2 for cataloguing, PROV-O for provenance, SPARQL for queries, SKOS for vocabularies. Prisma implements this shared layer directly — so a Dutch municipality, a French ministry and a Belgian region can query each other's data without bilateral agreements or custom connectors.

NL: MDTO + TOOI → DCAT-AP FR: SEDA + VITAM → DCAT-AP DE: XDomea → DCAT-AP BE: OSLO → DCAT-AP ES: NTI → DCAT-AP Prisma = the W3C layer
🇫🇷 Pour les administrations françaises

Prisma et le programme VITAM

Prisma implémente les mêmes principes que VITAM — conservation pérenne, traçabilité complète, interopérabilité — mais en utilisant les standards W3C au lieu du SEDA/XML. Compatible via DCAT-AP.

programmevitam.fr ↗
🇩🇪 Für deutsche Behörden

Prisma und XDomea

Prisma setzt dieselben Prinzipien um wie DOMEA — Nachvollziehbarkeit, Langzeitarchivierung, Interoperabilität — auf Basis offener W3C-Standards. Kompatibel via DCAT-AP.

IT-Planungsrat ↗
🇧🇪 Voor Belgische overheden

Prisma en OSLO / MAGDA

Vlaanderen's OSLO-standaarden en het MAGDA-platform delen dezelfde DCAT-AP basis als Prisma. Federatieve queries tussen Belgische en Nederlandse overheden werken zonder extra mapping.

data.vlaanderen.be ↗
🇪🇸 Para administraciones españolas

Prisma y el ENI/ENS

El Esquema Nacional de Interoperabilidad y el Esquema Nacional de Seguridad comparten con Prisma los mismos estándares W3C. Compatible via DCAT-AP y NTI.

administracionelectronica.gob.es ↗
How it works

How does it work?

Four diagrams showing how Prisma stores, shares and manages information.

1 — Share information without copying

Two organisations can query each other.s information without copying it. Data stays with the owner. Each organisation sets its own access rules.

Node A e.g. Ministry of Finance RDF triplestore DCAT2 + PROV-O + ODRL SPARQL endpoint policy-enforced ODRL policy PROV-O log Node B e.g. Ministry of Interior RDF triplestore DCAT2 + PROV-O + ODRL SPARQL endpoint policy-enforced ODRL policy PROV-O log SPARQL SERVICE No data copy · No central storage · Each node owns its data

2 — Automated processing

Every time information is updated, it automatically goes through a series of steps: validate, record, apply access rules, publish. Always the same, always traceable.

Triggered on every git push — deterministic, reproducible, auditable Git source of truth SHACL validate PROV-O log provenance ODRL apply policies Deploy RDF triplestore IPLD CID Every step automated · Every transition logged · No manual archiving

3 — Information lifecycle

Information goes from editable to published to archived. Every transition is recorded. Destruction requires explicit approval.

Operational Editable In Git No PROV-O No ODRL git push Published Read-only In triplestore PROV-O active ODRL active retention period Archived Immutable IPFS + IPLD + S3 CID = proof PROV-O chain destroy + cert Transition is one-way · Every step cryptographically logged

4 — How information is permanently stored

Prisma stores information in four layers. Each layer adds a capability. Together they ensure information remains provably unchanged even after twenty years.

Four layers — each adds a capability. Together they make information sovereign and permanent. IPFS Transport · store & retrieve by CID Content-addressed blocks SHA-256 hash = address IPLD Datamodel · link blocks as graph CID → CID links Traverse across content boundaries RDF + SPARQL Semantics · meaning & queries DCAT2, PROV-O, ODRL, SHACL Named Graphs, federated queries CID–URI bridge Prisma · permanent identity Named Graph → hash → CID Proof of integrity after 20 years
Install

Self-host in 5 minutes

Two ways to run Prisma. Both on European servers, both secure.

Podman Compose — recommended

Any European server with 2 GB memory. Three commands and it runs.

# 1. Clone git clone codeberg.org/bohe/prisma # 2. Configure cp .env.example .env # 3. Run podman-compose up -d
Podman 4+ 2GB RAM min GNU/Linux EU cloud recommended

Kubernetes — advanced

For larger environments with high availability and auto-scaling.

# Add repo helm repo add prisma \ https://codeberg.org/bohe/prisma # Install helm install prisma prisma/prisma \ -f values.yaml
Kubernetes 1.28+ Helm 3 4GB RAM min
Architecture guide ↗ API reference ↗ BSW IHH mapping ↗
Changelog

Version history

2026-03-26v0.1.0Initial release — ANP spec, Federation node package, TALER modulelatest
Roadmapv0.2.0EU AI Act compliance layer — SHACL deterministic reasoningPI 2026.3
Roadmapv0.3.0TOOI-thesaurus integration + rijksbrede SKOS vocabulairePI 2026.4
Open source

All source code on Codeberg

The complete source code is publicly available. No GitHub, no Microsoft, no American servers.

prisma
Main platform — Podman Compose + Helm
codeberg.org/bohe/prisma ↗
prisma-anp
Agent Network Protocol
codeberg.org/bohe/prisma-anp ↗
prisma-federation
Federated cloud nodes
codeberg.org/bohe/prisma-federation ↗
prisma-taler
GNU Taler integration
codeberg.org/bohe/prisma-taler ↗

Part of the European movement for digital independence

EuroStack Industry Initiative ↗
Industry coalition for European digital sovereignty. Buy European, Sell European, Fund European.
EuroStack Directory ↗
Catalogue of trusted EU-sovereign open source tools and services. GDPR-compliant alternatives.
EuroStack Report ↗
Academic vision by Francesca Bria / Bertelsmann Stiftung. €300B investment roadmap for EU digital independence.
IPFS Foundation ↗
Stewards of the IPFS protocol. Prisma uses IPFS + IPLD for permanent, content-addressed storage.

This platform has dedicated pages for public sector organisations in your language:

🇳🇱 Nederlandse overheid — BSW IHH → 🇫🇷 Secteur public français — VITAM/SEDA → 🇩🇪 Deutscher öffentlicher Sektor — DOMEA →
Blog · Nieuws · Updates

Follow our blog

The Prisma blog runs on WriteFreely — open source, federated via ActivityPub. Read and follow posts from your Mastodon account, no separate account needed.

Release notes

Every release of Prisma, ANP, Federation and TALER gets a detailed post with architectural commentary.

Architecture articles

Deep dives into IPLD, W3C standards, BSW IHH implementation and EU AI Act compliance.

Federated via ActivityPub

Follow from your Mastodon account. No algorithm, no tracking, no US servers.

Read the blog ↗ Mastodon ↗ RSS-feed ↗

Blog runs on WriteFreely — self-hosted on EU infrastructure. Source: codeberg.org/bohe/prisma-blog

Get in touch

For enterprise architects, the BSW programme, ODI and the open-source community — happy to talk.

Koen Bohé · BOHÉ Investments BV · Solution Architect

Email Codeberg ↗