The kernel, security model and network stack we built for a sovereign desktop turn out to be exactly the architecture the market needs for three harder problems.
Where each use case stands. Desktop · alpha is a working operating system you can boot today (QEMU and hardware). The Agent Runtime, OT/Embedded profile and Sovereign Compute node roadmap are built on the same kernel: their foundations — capability isolation, signed audit logging, WASM sandboxing with memory caps, local-model integration — already run and are tested in the kernel today, while the packaged products are on our roadmap (Horizon E). The terminal panels below are illustrative of intended behaviour, not captured system output.
AI agents that do real work — capability-isolated at kernel level, with an immutable audit trail, running local models. No mandatory cloud. No data leaving your organisation.
A stripped EuroOS profile for operational technology — SCADA, PLCs, industrial controllers, edge nodes. Secure by design. NIS2-compliant. Runs on hardware from 2010.
Hardware plus software — a fully managed compute node that runs EuroOS, configured and delivered by GoTrust. Organisations get full control over their data without managing the complexity.
A full sovereign desktop for organisations that cannot trust foreign OS vendors. From boot to browser to office suite — every line of code is in Europe, readable and auditable.
AI agents are becoming real infrastructure. The question is who controls the trust boundary — a US cloud provider, or your own kernel. Roadmap · foundations built & tested
Local models run entirely on your hardware. No mandatory API calls to foreign services. Works completely air-gapped.
Every agent run produces an Ed25519-signed, immutable log. Export to your SIEM or compliance platform. GDPR Article 5(1)(f) compatible.
A compromised agent cannot escape its sandbox. EuroGuard contains the damage to exactly the declared capability scope.
Build agents in any language that compiles to WASM. Standard tool-calling interface. EuroIPC for agent-to-agent pipelines.
Capability isolation, audit logging and human oversight built in — not bolted on. Designed for regulated industries from day one.
Government, healthcare, defence, critical infrastructure — EuroAgent is built for organisations where data cannot leave the building.
Zero Trust is now codified guidance — NIST SP 800-207, the NSA's implementation guides, OWASP's least agency, and a US federal mandate by 2027 — and it is being extended to autonomous AI agents. EuroOS makes its core controls native kernel primitives, designed for breach from the first line of code.
Sandboxing AI agents, isolating them, and putting guardrails around the tools and credentials they touch is becoming the industry consensus. Red Hat, one of the largest open-source platform vendors, is now publicly building exactly these defenses for agentic AI.
Red Hat's guidance calls for defense-in-depth around AI agents: per-agent kernel isolation (OpenShift sandboxed containers), policy-enforced tool and network access (OpenShell), and short-lived, scoped credentials injected at the boundary, so even a compromised agent has nothing to exfiltrate. It even points toward sovereignty.
We reached the same conclusion, then built it into the OS. Instead of layering governance on top of Linux and Kubernetes, EuroOS makes the capability the kernel's native primitive: the operating system itself is the sandbox. Agents run capability-isolated in WASM, every tool call is Ed25519-signed and audited, and credentials stay in a capability-gated vault, fully offline and EU-sovereign.
When a vendor of Red Hat's scale builds the same guardrails, it validates the direction. EuroOS was designed around it from the first line of kernel code.
Every layer built from scratch. That changes what the platform can promise — and prove.
| Capability | EuroOS | Linux distributions | Windows / macOS | US cloud AI agents |
|---|---|---|---|---|
| From-scratch kernel (no Linux/BSD) | ✓ | – | – | – |
| Fully auditable by EU governments (EUPL-1.2) | ✓ | Partial | – | – |
| AI agents isolated at kernel level | ✓ | – | – | – |
| Agent runs fully offline, no cloud needed | ✓ | – | – | – |
| Immutable, signed agent audit trail | ✓ | – | – | Partial |
| Zero telemetry (verifiable) | ✓ | Partial | – | – |
| Runs on embedded / OT hardware (75 MB RAM) | ✓ | Partial | – | – |
| Own TLS stack with European trust store | ✓ | – | – | – |
| Governed and hosted in Europe | ✓ | Varies | – | – |
A EuroOS ✓ means the capability is built and verified in the kernel today, or is an architectural property of the from-scratch stack. The desktop is shipping alpha; the agent-runtime, OT and sovereign-compute products that package these capabilities are on the roadmap (Horizon E). See the technical docs for exactly what runs today.
EuroOS OT runs on existing hardware. 75 MB RAM. No external dependencies. No telemetry. EuroGuard watches every process. Every network connection is explicitly approved. Every incident logged. Roadmap profile
From kernel to AI agent — auditable, sovereign, built in Rust. If you are building for regulated industries, critical infrastructure, or simply believe Europe deserves its own computing foundation: we want to hear from you.