Primary source: deutschland-stack.gov.de Tech landscape: technologie.deutschland-stack.gov.de Source code: gitlab.opencode.de/dstack/d-stack-home
Publisher: Bundesministerium fur Digitales und Staatsmodernisierung (BMDS) -- Federal Ministry for Digital and State Modernisation
The Deutschland Stack is Germany's national sovereign technology platform for public-sector digitalisation. It is not just a technology catalogue -- it encompasses:
- A Tech Stack of standards and technologies (the landscape CSV data).
- Strategic and organisational frameworks (architecture principles, governance, criteria).
- Implementation projects and products (the portfolio and roadmap through 2028).
The initiative is mandated by the 2025 coalition agreement ("Verantwortung fur Deutschland"), the Ministers-President Conference (Foderale Modernisierungsagenda, No. 205), the Digital Ministers' Conference, and a Federal Cabinet resolution. Standards and governance were to be established by 31 March 2026.
From the Gesamtbild page:
- User Experience -- Intuitive, low-effort, continuously improved.
- Platform as Foundation -- Central platform delivery, automated operations, professional managed services.
- AI, Data & Standardisation as Enablers -- Active AI use for automation; standardised direct data exchange; technologically current solutions.
- Digital Sovereignty -- Preferential procurement from European markets; own components developed as open source; open interfaces and local data storage.
| Principle | Summary |
|---|---|
| API-First | Open, well-documented interfaces on all stack elements. |
| Service-Oriented / Loosely Coupled | Modular, independently replaceable components. |
| Reusability | Quality-assured, reusable elements. |
| DevSecOps Only | Integrated automated development, security, and operations. |
| Zero-Trust | Flexible trust-building measures on all elements. |
| Technologically Current | State of the art at all times. |
| Made in EU First | Priority to products from EU member states. |
| Prefer Buy over Make | Standard products procured from the market where possible. |
| End-to-End Digitalisation | Fully digital, interoperable processes. |
| Managed Services Only | Professional operational services on all elements. |
Technologies are assessed (currently as guidance, not yet automated) against:
- Digital Sovereignty -- Switchability between vendors; EU market preference; open source.
- Interoperability -- API-first; open interfaces.
- Future-Proofing -- Continuous updates; industry engagement.
- Market Relevance -- Real products available; distributed vendor landscape.
- Trustworthiness -- Security documentation; BSI compliance.
- Sustainability -- Reusability; economic, ecological, and social factors.
Two public consultation rounds have been held:
- Round 1: Oct-Nov 2025. Broad feedback on strategy, criteria, and technologies.
- Round 2: Jan-Feb 2026. Focused on the Gesamtbild and technology field priorities.
The landscape is explicitly described as an iterative, non-final selection -- not a binding or exhaustive catalogue.
The Tech Stack is structured into seven layers. The landscape CSV currently only populates four of these with concrete technologies. The full layer model from the Aufbau page is:
| Layer | German Name | Status in Landscape |
|---|---|---|
| Infrastructure | Infrastruktur | Populated |
| DevSecOps | Entwicklung, Sicherheit und Betrieb | Partially populated (as "Betrieb") |
| Platform | Plattform | Populated |
| Base Services | Basisdienst | Not yet in landscape |
| Applications & Services | Anwendungen und Dienstleistungen | Not yet in landscape |
| Surface & Access | Oberflache und Zugang | Populated (as "Zugang") |
| Strategy, Architecture & Governance | Strategie, Architektur und Governance | Not yet in landscape |
These are centrally-provided, reusable digital services:
- Notification, Payment, Wallet (EUDI), Personal Dashboard (Cockpit)
- Data Exchange, Geodata, Identity, Inbox
- Seal, Signature, Certificate, Consent
The landscape currently covers development languages/frameworks and CI/CD tools. The full model also includes:
- Operations: Runtime, compute, storage, load balancing, forwarding
- Managed Services: Monitoring, observation, logging, distribution, backup/recovery, service management
- Security: Runtime security, encryption, security policies, credentials, access control
The landscape CSV contains 129 technologies across four categories. 128 are "graduated" and 1 is "sandbox" (AG-UI).
| Technology | Description |
|---|---|
| Bluetooth | Ad-hoc / point-to-point wireless (incl. LE, Mesh, broadcast). |
| Ethernet (IEEE 802.3) | Wired LAN connectivity. |
| Glasfaser (Fibre Optic) | Backbone and last-mile optical fibre (ITU-T G-series). |
| Mobilfunk (Cellular / 3GPP) | Mobile network connectivity (LTE, 5G) via SIM-based access. |
| WiFi (IEEE 802.11) | Wireless LAN, ad-hoc, access-point, and mesh modes. |
| Technology | Description |
|---|---|
| FTPS | File transfer secured via TLS. |
| HTTP (incl. HTTP/2, HTTP/3) | Hypertext transfer for web resources and APIs. |
| IMAPS | Secure mailbox access (IMAP over TLS). |
| IPv6 | Next-generation internet addressing. |
| JWT (JSON Web Tokens) | Compact, self-verifying tokens for auth and data transfer. |
| MLS (Messaging Layer Security) | End-to-end encryption for group messaging. |
| QUIC | Connection-oriented, encrypted transport (UDP-based). |
| SIP (Session Initiation Protocol) | Signalling for VoIP and multimedia sessions. |
| SMTPS | Secure email relay. |
| TCP | Reliable, ordered packet delivery. |
| TLS | Encryption layer for data in transit. |
| UDP | Lightweight, connectionless datagram protocol. |
| Technology | Description |
|---|---|
| BGP | Inter-AS routing for internet backbone. |
| DHCP | Automatic IP address assignment. |
| DNS | Hierarchical domain-name resolution. |
| IGP (OSPF, IS-IS etc.) | Intra-AS routing protocols. |
| IPSec | Network-layer VPN and encryption suite. |
| IXP OIX-1 | Certification standard for Internet Exchange Points. |
| MAC (IEEE 802) | Layer-2 addressing and medium access control. |
| MPLS | Label-switched routing for carrier networks. |
| OSPF | Link-state routing for enterprise IP networks. |
| SD-WAN (MEF 70.2) | Software-defined WAN service framework. |
| Segment Routing (SR) | Simplified source-routed forwarding. |
| Technology | Description |
|---|---|
| Cassandra | Column-family NoSQL database. |
| Chroma | Vector database. |
| CKAN | Open-data portal for cataloguing and publishing datasets. |
| CouchDB | Document-oriented NoSQL database. |
| CSV | Comma-separated values data format. |
| DCAT | Vocabulary for describing datasets in catalogues. |
| HBase | Column-oriented NoSQL (Hadoop ecosystem). |
| JSON | Lightweight data interchange format. |
| Markdown | Human-readable text markup format. |
| MariaDB | Relational DBMS (MySQL-compatible fork). |
| Milvus | Vector database for similarity search. |
| MongoDB | Document-oriented NoSQL database. |
| MySQL | Relational DBMS. |
| Neo4j | Graph database. |
| Piveau | Data management pipeline (ingest, aggregate, publish). |
| PostgreSQL | Object-relational DBMS. |
| Qdrant | Container-native vector database. |
| RDF | Resource Description Framework for linked data. |
| Scylla | High-performance column-family NoSQL (C++ Cassandra rewrite). |
| XML | Extensible Markup Language. |
| YAML | Human-friendly data serialisation. |
| Technology | Description |
|---|---|
| Contour | Kubernetes ingress controller (Envoy-based). |
| Docker Swarm | Container orchestration built into Docker Engine. |
| Emissary Ingress | Envoy-based API gateway and K8s ingress. |
| Envoy Proxy | High-performance L7 proxy for microservices. |
| gRPC | High-performance RPC framework (HTTP/2 + Protobuf). |
| GraphQL | Flexible query language for APIs. |
| Istio | Service mesh for microservices. |
| Kong | API gateway / management platform. |
| Kubernetes | Container orchestration platform. |
| NGINX | Web server, reverse proxy, and load balancer. |
| Nomad | Workload orchestrator (HashiCorp). |
| OKD (OpenShift Origin) | Kubernetes distribution by Red Hat (community edition). |
| OpenAPI | Specification for describing REST APIs. |
| Portainer | Web UI for Docker/K8s management. |
| Rancher | Multi-cluster Kubernetes management. |
| REST | Architectural style for distributed systems. |
| SOAP | XML-based protocol for web services. |
| Traefik | Cloud-native reverse proxy and load balancer. |
| Technology | Description |
|---|---|
| Angel-ML | Distributed ML platform (parameter server architecture). |
| ANP (Agent Network Protocol) | Decentralised agent-to-agent communication. |
| A2A (Agent-to-Agent Protocol) | Cross-framework agent collaboration protocol. |
| AG-UI | Agent-user interaction protocol. Sandbox maturity. |
| Axolotl | LLM fine-tuning framework. |
| Haystack | RAG / document-search pipeline framework. |
| HuggingFace Transformers | Model hub + multi-framework inference/training. |
| LangGraph | Graph-based agent orchestration framework. |
| MCP (Model Context Protocol) | Standardised context delivery to LLMs. |
| MLflow | ML lifecycle management (tracking, model registry). |
| ONNX | Open model interchange format for neural networks. |
| PromptFlow | LLM application development toolkit (Microsoft). |
| Pyro | Probabilistic programming language on PyTorch. |
| PyTorch | Deep learning framework. |
| RAGFlow | Retrieval-Augmented Generation engine. |
| Robot Framework | Test automation and RPA framework. |
| spaCy | Industrial NLP library (Python). |
| TensorFlow | ML/DL framework for training and inference. |
| Technology | Description |
|---|---|
| Appsmith | Open-source internal tool builder (drag-and-drop + JS). |
| Budibase | Low-code platform for internal business apps. |
| Joget | Enterprise low-code/no-code with workflow engine. |
| n8n | Workflow automation with 400+ integrations. |
| Node-RED | Visual flow-based programming (popular in IoT). |
| Technology | Description |
|---|---|
| Angular | Web application framework (Google). |
| C++ | Systems programming language. |
| CSS | Stylesheet language for the web. |
| Flutter | Cross-platform UI toolkit (Google). |
| Go | Language for cloud and network applications. |
| Java | Platform-independent language (JVM). |
| JavaScript (ECMAScript) | Dynamic web scripting language. |
| Next.js | React-based full-stack web framework. |
| PHP | Server-side web development language. |
| Python | General-purpose / prototyping language. |
| R | Statistical computing and data visualisation. |
| React | Component-based UI library. |
| Rust | Memory-safe systems programming language. |
| Selenium | Browser automation and testing framework. |
| Swift | Apple ecosystem app development. |
| TypeScript | Statically-typed superset of JavaScript. |
| Technology | Description |
|---|---|
| CircleCI | CI/CD platform. |
| Flux | GitOps Kubernetes synchronisation tool. |
| GitHub Actions | CI/CD within GitHub. |
| GitLab | Full DevSecOps platform with built-in CI/CD. |
| Jenkins | Open-source automation server for CI/CD. |
| OpenKruise | Advanced K8s workload management and deployment. |
| Spinnaker | Multi-cloud continuous delivery platform. |
| Technology | Description |
|---|---|
| AES | Symmetric block cipher. |
| ECIES | Hybrid encryption (Diffie-Hellman + elliptic curves). |
| Kerberos | Ticket-based network authentication (SSO). |
| ML-KEM | Post-quantum key encapsulation (lattice-based). |
| OAuth 2.0 | Delegated authorisation framework. |
| OIDC (OpenID Connect) | Authentication layer on top of OAuth 2.0. |
| OTP | One-time password for multi-factor auth. |
| RSA | Asymmetric encryption and digital signatures. |
| SHA | Cryptographic hash functions for integrity. |
Blink (Chrome/Edge/Opera), Gecko (Firefox), WebKit (Safari).
Android (Google), iOS (Apple).
The Gesamtbild page defines seven priority technology fields and names specific standards for each. Critically, several technologies named here are not yet on the landscape CSV -- they represent the government's acknowledged roadmap. These are marked with an asterisk (*) below.
Standards set:
- MCP -- context delivery to language models
- ANP + A2A -- agent-to-agent communication
- AG-UI -- agent-user interaction
- ONNX -- model interchange
Acknowledged future needs:
- Agent monitoring and quality assurance standards
- Model exchangeability (ONNX)
- Training data reuse standards
- Responsible AI (provenance, licensing, compliance)
Standards set:
- RDF, OWL*, SPARQL*, SKOS* -- linked data and ontologies
- DCAT, OAI-PMH -- metadata exchange
- JSON, XML, CSV -- data formats
- ODF*, PDF/UA* -- document formats
- SQL*, ODBC*, JDBC* -- relational data access
Acknowledged future needs:
- Standards for vector, graph, document, and object-oriented storage
- Data flow modelling and data integration standards
- Harmonised semantics and taxonomies (XOV*, HL7*, SWIFT*)
- Kafka* is explicitly mentioned for streaming analytics
- ETL*, OLAP* for business intelligence
- Dashboard* and IBCS* for visualisation
Standards set:
- MEF for SD-WAN definition
- NFV* (Network Function Virtualisation)
Acknowledged future needs:
- Software-Defined Storage (SDS*)
- Hypervisor* management and virtual resource management
Standards set:
- Git* -- version control
- CI/CD pipeline principles, IaC*, PaC* (Policy as Code)
- Scanning, testing, and analysis mechanisms
- Monitoring, logging, and observability mechanisms
- Package management and distribution mechanisms
- SBOM* -- software bill of materials
- OWASP* -- security guidance
- Kubernetes -- orchestration
- REST, gRPC, GraphQL, MQTT* -- exchange protocols
- OpenAPI -- interface description
- IPv6, HTTPS, FTPS, SMTPS, QUIC -- assumed transport baseline
Acknowledged future needs:
- Standards for load balancing, proxies, gateways
- Service mesh and service discovery standards
Standards set (by reference):
- Deutsche Verwaltungscloud (DVC)
- OpenStack*
- Sovereign Cloud Stack (SCS)*
- EVB-IT* (procurement framework)
Standards set:
- BSI IT-Grundschutz, BSI technical guidelines, C5 catalogue
- AES, RSA -- encryption
- OAuth, OIDC, JWT -- auth
- OTP, ML-KEM -- multi-factor and post-quantum
- Crypto-agility (key and algorithm rotation)
No specific standards named yet. Requirements:
- External solutions callable from workflows without implementation effort
- Modelled content must be exportable and portable across platforms
- Runtime must work on various infrastructure environments
This analysis cross-references the landscape CSV against the strategic technology fields, the layer model, and broader public-sector requirements.
Gaps are classified as:
- Roadmap gap -- acknowledged by the government as needed but not yet on the landscape.
- Landscape gap -- not yet mentioned anywhere; should be considered.
Status: MQTT is a roadmap item (explicitly named in Gesamtbild under DevSecOps & APIs). Not yet on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| MQTT v5 | Roadmap gap | Explicitly named in the Gesamtbild as an exchange protocol alongside REST, gRPC, and GraphQL. MQTT v5 (OASIS standard, ISO/IEC 20922) is the dominant pub/sub protocol for IoT, smart buildings, and industrial telemetry. Its absence from the landscape CSV is a clear omission that should be resolved promptly -- the government already endorses it. |
| AMQP 1.0 | Landscape gap | ISO/IEC 19464 standard for enterprise message queuing. Complements MQTT for backend event-driven architectures. |
| CoAP (RFC 7252) | Landscape gap | REST-like protocol for constrained IoT devices. Pairs naturally with MQTT in IoT deployments. |
| LwM2M (OMA) | Landscape gap | Device management for IoT sensor fleets. Important for smart-city infrastructure management. |
Status: Kafka is a roadmap item (explicitly named in Gesamtbild under Real-Time Analytics). Not yet on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| Apache Kafka | Roadmap gap | Explicitly mentioned in the Gesamtbild. De facto standard for event streaming and data pipeline backbones. |
| Apache Flink | Landscape gap | Stateful stream processing for real-time analytics. Natural complement to Kafka. |
| Apache Pulsar | Landscape gap | Multi-tenant, geo-replicated alternative to Kafka. |
| NATS | Landscape gap | Lightweight cloud-native messaging (CNCF incubating). |
Status: The layer model explicitly lists "Beobachtung (monitoring, observation)" and "Protokollierung" (logging) under Managed Services. The Gesamtbild names "monitoring, logging, and observability mechanisms" as required. No specific products are on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| OpenTelemetry | Landscape gap | CNCF standard for traces, metrics, and logs. The unified observability API. |
| Prometheus | Landscape gap | Time-series metrics and alerting (CNCF graduated). |
| Grafana | Landscape gap | Visualisation and dashboarding for metrics/logs. |
| Jaeger / Zipkin | Landscape gap | Distributed tracing for microservices. |
| Fluentd / Fluent Bit | Landscape gap | Log collection and forwarding (CNCF graduated). |
| ELK / OpenSearch | Landscape gap | Log analytics and full-text search. Also covers the missing search-engine database category. |
Status: IaC is a roadmap item (Gesamtbild names "Infrastructure as Code" and "Policy as Code" as principles). No specific products on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| OpenTofu / Terraform | Landscape gap | Declarative infrastructure provisioning. OpenTofu is the open-source fork (Linux Foundation). |
| Ansible | Landscape gap | Agentless configuration management and automation. |
| Helm | Landscape gap | Kubernetes package manager. Essential companion to K8s which is already on the stack. |
| Pulumi | Landscape gap | IaC using general-purpose programming languages. |
Status: SBOM is a roadmap item (Gesamtbild explicitly requires it). OWASP is named as a guiding framework. Neither appears on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| SBOM (SPDX / CycloneDX) | Roadmap gap | Explicitly required by the Gesamtbild. Also mandated by the EU Cyber Resilience Act. |
| OWASP | Roadmap gap | Named in the Gesamtbild as a security guidance framework. |
| OCI (Open Container Initiative) | Landscape gap | The standard underlying Docker images and K8s container runtimes. |
| Sigstore / Cosign | Landscape gap | Container image signing and verification. |
| Notary / TUF | Landscape gap | Secure software update framework (CNCF graduated). |
| containerd / CRI-O | Landscape gap | Container runtimes Kubernetes depends on. |
Status: Git is a roadmap item (explicitly named in the Gesamtbild). GitHub Actions and GitLab are on the landscape, but Git itself is not.
| Technology | Type | Rationale |
|---|---|---|
| Git | Roadmap gap | Named in the Gesamtbild as the version control standard. Should be on the landscape as a foundational tool. |
The stack has OAuth, OIDC, Kerberos, JWT, and OTP. Zero-Trust is an architecture principle. But concrete zero-trust implementations are missing.
| Technology | Type | Rationale |
|---|---|---|
| SAML 2.0 | Landscape gap | Still dominant in federated government SSO (eIDAS, ELSTER). |
| FIDO2 / WebAuthn | Landscape gap | Passwordless auth standard. EU is moving toward phishing-resistant MFA. |
| SPIFFE / SPIRE | Landscape gap | Workload identity for zero-trust (CNCF graduated). Aligns with the declared Zero-Trust principle. |
| Keycloak | Landscape gap | Open-source IAM/SSO server. Widely deployed in European government IT. |
| X.509 / PKI | Landscape gap | Certificate infrastructure. RSA and ECIES are listed but the cert framework itself is absent. |
Status: OWL, SPARQL, and SKOS are roadmap items (named in Gesamtbild under Semantic Technologies). Not yet on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| OWL | Roadmap gap | Web Ontology Language. Named in the Gesamtbild alongside RDF. |
| SPARQL | Roadmap gap | Query language for RDF data. Named in the Gesamtbild. |
| SKOS | Roadmap gap | Vocabulary for knowledge organisation systems. Named in the Gesamtbild. |
Status: ODF and PDF/UA are roadmap items (named in Gesamtbild). Not yet on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| ODF (Open Document Format) | Roadmap gap | Named in the Gesamtbild. ISO/IEC 26300 standard. Critical for government document sovereignty. |
| PDF/UA | Roadmap gap | Named in the Gesamtbild. Accessible PDF standard (ISO 14289). Required for barrier-free digital government. |
Status: SQL, ODBC, and JDBC are roadmap items (named in Gesamtbild). Not yet on the landscape.
| Technology | Type | Rationale |
|---|---|---|
| SQL | Roadmap gap | Named in the Gesamtbild. The stack lists SQL databases but not the query language standard itself. |
| ODBC / JDBC | Roadmap gap | Named in the Gesamtbild. Standard database connectivity interfaces. |
The landscape covers relational, document, columnar, graph, and vector databases. The Gesamtbild acknowledges future need for standards in these areas but names no specific products.
| Technology | Type | Rationale |
|---|---|---|
| TimescaleDB / InfluxDB | Landscape gap | Time-series databases for IoT, metrics, and audit logs. |
| Elasticsearch / OpenSearch | Landscape gap | Full-text search and analytics. |
| Redis / Valkey | Landscape gap | In-memory data store / cache. Valkey is the open-source fork. |
| etcd | Landscape gap | Distributed key-value store. Kubernetes itself depends on it. |
The stack mentions DVC, OpenStack, and Sovereign Cloud Stack in the Gesamtbild. EUDI Wallet appears in the Base Services layer. But broader European data sovereignty frameworks are absent.
| Technology | Type | Rationale |
|---|---|---|
| Gaia-X | Landscape gap | European data sovereignty framework. Notably absent given German government co-leadership of the initiative. |
| IDSA (International Data Spaces) | Landscape gap | Data sovereignty architecture with German government backing. |
| Open Policy Agent (OPA) | Landscape gap | CNCF graduated policy engine. Aligns with the Policy-as-Code aspiration. |
| Technology | Type | Rationale |
|---|---|---|
| KubeEdge | Landscape gap | CNCF project extending K8s to edge nodes. |
| K3s | Landscape gap | Lightweight Kubernetes for edge and IoT. |
| EdgeX Foundry | Landscape gap | Open-source IoT edge platform (Linux Foundation). |
Status: NFV and hypervisor management are roadmap items (Gesamtbild). Not on landscape.
| Technology | Type | Rationale |
|---|---|---|
| NFV (ETSI) | Roadmap gap | Named in the Gesamtbild for decoupling network services from hardware. |
| OpenStack | Roadmap gap | Named in the Gesamtbild alongside DVC and SCS. |
| Sovereign Cloud Stack (SCS) | Roadmap gap | Named in the Gesamtbild. German-led open cloud standard. |
| Technology | Type | Rationale |
|---|---|---|
| Linux | Landscape gap | Android and iOS are listed as mobile OSes, but the dominant server and cloud OS is absent. |
| SSH / SFTP | Landscape gap | FTPS is listed but not SSH-based secure shell or file transfer. |
| WireGuard | Landscape gap | Modern VPN protocol (Linux kernel native). IPSec is listed but WireGuard is increasingly its successor. |
| Matrix Protocol | Landscape gap | Decentralised, E2E-encrypted messaging. Already adopted by the Bundeswehr (BwMessenger) and the French government (Tchap). |
| WebAssembly (Wasm) | Landscape gap | W3C standard for portable, sandboxed execution. Browser engines are listed but not Wasm itself. |
| DNS-over-HTTPS / DNS-over-TLS | Landscape gap | Encrypted DNS. DNS is listed but encrypted variants are absent. |
| S/MIME | Landscape gap | Email signing/encryption. Complements the listed SMTPS. |
| HTML | Landscape gap | The fundamental web markup language. CSS is listed but HTML is not. |
| WebRTC | Landscape gap | Real-time browser communication. Important for government video conferencing and citizen-facing services. |
From projects.csv:
- Graduated: 128 technologies
- Sandbox: 1 technology (AG-UI)
The near-uniform "graduated" status across technologies spanning 1977 (RSA) to 2025 (AG-UI, Spinnaker) suggests the maturity model would benefit from more granular staging. The Gesamtbild's layer model includes "accepted", "sandbox", "incubating", and "graduated" dates per project, but in practice nearly everything has been fast-tracked to graduated.
- Classical networking (TCP/IP, DNS, BGP, OSPF, TLS, QUIC)
- Cloud-native orchestration (Kubernetes, Istio, Envoy, and multiple ingress controllers, service meshes, and API gateways)
- Database diversity (relational, document, columnar, graph, vector)
- Modern AI/ML tooling (PyTorch, TensorFlow, LangGraph, MCP, RAG, ONNX, agentic protocols)
- CI/CD pipelines (Jenkins, GitLab, GitHub Actions, Flux, Spinnaker)
- Core cryptography (AES, RSA, ML-KEM, SHA, TLS)
These appear in the Gesamtbild strategic text but are not yet in the landscape CSV. They should be the first additions:
- MQTT (named alongside REST, gRPC, GraphQL as an exchange protocol)
- Kafka (named for streaming analytics)
- Git (named as the version control standard)
- SBOM (named as required for component listing)
- OWASP (named as a security guidance framework)
- OWL, SPARQL, SKOS (named for semantic technologies)
- ODF, PDF/UA (named as document format standards)
- SQL, ODBC, JDBC (named for data access)
- NFV, OpenStack, SCS (named for virtualised infrastructure)
- Observability (OpenTelemetry, Prometheus, Grafana) -- the layer model demands it but no products are named
- Infrastructure as Code (OpenTofu, Ansible, Helm) -- IaC is a principle but has no concrete tooling
- Supply chain security (OCI, Sigstore, containerd) -- beyond SBOM
- Identity & zero-trust (SAML, FIDO2, SPIFFE, Keycloak) -- deeper than the current OAuth/OIDC/OTP coverage
- IoT protocols beyond MQTT (CoAP, AMQP, LwM2M)
- European sovereignty frameworks (Gaia-X, IDSA)
- Edge computing (KubeEdge, K3s)
- Streaming/search databases (TimescaleDB, OpenSearch, Redis/Valkey)
- Linux as the foundational server OS
- Matrix Protocol for sovereign messaging (already in Bundeswehr use)