Keynotes — Day 2

KubeCon + CloudNativeCon Europe 2026

Date: March 25, 2026 — London

CRA — The Compliance Clock Is Ticking

The Cyber Resilience Act dominates the regulatory landscape.

Date Milestone
December 10, 2025 Initial reporting obligations
June 11, 2026 Conformity assessment bodies designated
September 11, 2026 Market surveillance operational
December 11, 2027 Full regulation applies

Standards in progress — won't be finished by December 2027.

CRA: What It Means

  • "List of ingredients needed for devices — ingredients must be safe"
  • Services fall outside CRA scope
  • Open source foundations must provide security contacts
  • Use security.txt, become a CNA, or use web forms
  • Reference: bestpractices.dev, REUSE tool from FSFE

SAXO Bank — Blueprint Operator

Oscar Kristiansen, SAXO Bank

  • SinglePR — OneApproval — Zero Broker Interaction
  • Declarative model with Git-managed operators
  • Focus on digital sovereignty
  • Blueprint Operator streamlines developer experience

Kagent and AI-Native Kubernetes

Solo.io announced kagent — an AI agent gateway for Kubernetes

  • Agent gateway for orchestrating AI agents
  • Kubernetes-native deployment model
  • Signals the shift toward AI workloads as first-class citizens

Key Takeaways

  1. CRA creates a legal mandate for supply chain security — timeline is aggressive
  2. Standards aren't ready but deadlines won't move
  3. SAXO Bank's Blueprint Operator shows declarative DevEx in practice
  4. AI agents on Kubernetes are becoming a real deployment pattern

Questions?

KubeCon EU 2026 — London