Built in Europe · Proud of our diversity · 24 languages · 27 nations · one open internet
EU-sovereign · Open source · Production-ready
Open information platform built on W3C standards
Prisma is open-source software that lets governments and organisations manage their own information — without depending on Big Tech. All data stays in Europe.
EU-sovereign cloudMIT / Apache-2.0W3C open standardsMDTO / DUTO compliant
Big tech als afhankelijkheid
Veel AI-tools draaien op Amerikaanse servers en slaan data op buiten Europa. Bij Prisma blijft alle data op Europese servers. Je bent niet afhankelijk van één leverancier.
Nieuwe Europese regels voor AI
Vanaf augustus 2026 moeten organisaties kunnen aantonen hoe hun AI-systemen beslissingen nemen. Prisma legt elke stap automatisch vast — zodat je dat altijd kunt bewijzen.
Open standaarden, geen lock-in
Prisma is gebouwd op internationale open standaarden. Dat betekent: geen eigen formaten, geen gedwongen upgrade, en je kunt altijd overstappen naar een ander systeem zonder je data kwijt te raken.
Digital sovereignty & autonomy
Two concepts. Both essential.
Digital sovereignty and digital autonomy are often used interchangeably — they are not the same thing. Understanding the difference is the starting point for any serious information governance strategy.
Digital sovereignty
Sovereignty is about legal and political control over your data and systems. A sovereign organisation can answer: who has jurisdiction over my data? Under whose laws does it reside? Can a foreign government compel access to it?
Sovereignty is lost the moment your data crosses into a foreign jurisdiction — even if it is encrypted, even if the servers are physically in Europe. A US-headquartered cloud provider is subject to the CLOUD Act regardless of where its data centres are located. Microsoft confirmed this in the French Senate in 2025: it cannot guarantee that European data will never be transferred to US authorities.
Sovereignty is a legal question, not a technical one. You either have it or you do not. There is no "partial sovereignty."
Digital autonomy
Autonomy is about operational freedom — the practical ability to act independently. An autonomous organisation can switch providers, inspect its own systems, modify its tools, and continue operating even if a supplier disappears or changes its terms.
Autonomy is lost through vendor lock-in: proprietary file formats that cannot be exported, APIs that are not documented, licences that can be revoked, and SaaS platforms where you have no access to the underlying code or data model.
Autonomy is an architectural question. It is built in from the start through open standards, open source, and data portability — or it is surrendered, silently, with each proprietary dependency added.
Why you need both — and why one without the other fails
Sovereignty without autonomy means your data is legally protected but you are still operationally dependent. A self-hosted system built on proprietary software still locks you in — you just cannot be surveilled, but you also cannot switch, adapt, or audit. Many national cloud initiatives fall into this trap: the data stays in-country but the software stack remains foreign and opaque.
Autonomy without sovereignty means you have open, portable systems but they are hosted under foreign jurisdiction. An open-source application running on AWS is auditable and portable — but the US government can still compel access to its data. Open source on foreign infrastructure is not sovereign.
Why proprietary standards are a systemic risk in information management
Lock-in compounds over time
Every document saved in a proprietary format, every API call to a closed system, every workflow built on a vendor-specific schema adds one more layer of dependency. Over ten years, the accumulated lock-in becomes structurally impossible to reverse without a full system replacement. Public sector organisations are especially vulnerable because their information must be preserved for decades — long after any vendor's commercial interest in maintaining compatibility has expired.
Accountability cannot be reconstructed
Government information systems must be able to prove what happened, when, and by whom — for Awb accountability, Woo compliance, and legal proceedings. Proprietary audit logs are controlled by the vendor, not by the organisation. If the vendor changes its format, shuts down, or simply declines to provide a log, the accountability chain is broken. Open standards like PROV-O make the audit trail a first-class, independently verifiable artefact — not a commercial by-product.
Interoperability across organisations fails
When two organisations use different proprietary systems, sharing information requires bespoke integration work — custom connectors, bilateral agreements, data conversion, and continuous maintenance. This is why BSW, the Dutch Better Working Together programme, exists: decades of proprietary systems have made cross-departmental information sharing structurally difficult. Open standards like DCAT2 and SPARQL allow any two nodes to query each other without prior agreement on implementation details.
Long-term preservation becomes impossible
The Dutch Archiefwet requires public records to be readable for up to 115 years. DUTO's "Duurzaam" principle demands the same. A document saved in a format that requires proprietary software to render is not durably accessible — it is hostage to that software's continued existence. Open formats like RDF/N-Triples, PDF/A, and XML are readable by any system, today and in decades to come, because their specifications are public and implementation-independent.
Prisma's answer
Prisma is designed to deliver both sovereignty and autonomy simultaneously. Every component uses only W3C open standards — no proprietary formats, no vendor-specific APIs, no lock-in. The entire system can be audited, forked, migrated, or replaced component by component. And because it runs on EU infrastructure under EU law, the legal sovereignty is structural, not promised.
✓ EU jurisdiction — structural✓ W3C open standards only✓ Fully auditable source code✓ PROV-O audit trails — first class✓ Component-by-component replaceable
5
W3C open standards
0
Proprietary formats
EU
Cloud only
3×
NLnet open calls submitted
Use cases
What is Prisma for?
Three concrete use cases — each one a real-world problem that Prisma solves.
Two organisations sharing information securely
Two organisations query each other's DCAT2 catalogue via SPARQL SERVICE. No data copy, no central storage. ODRL governs access per object. Reference architecture available.
Prisma / Federation — in development
Donations without privacy risk
A foundation receives donations while the donor's identity stays private. The board retains full financial oversight via PROV-O audit trails.
Prisma / TALER — planned
AI that accounts for itself
Automated processes log every step via PROV-O. You can always reconstruct what was decided and why — as required by the EU AI Act Art. 12–14.
Prisma / ANP — architecture in production
Components
Three components, each independently deployable
Prisma consists of three components. Click a card for details.
Component 1
Prisma / ANP
The open communication protocol for AI agents and automated systems. Every action is logged via PROV-O.
NLnet NGI Zero — applied formeer info →
Component 2
Prisma / Federation
Informatie delen tussen organisaties zonder kopieën te maken. Elke organisatie beheert zelf de toegang.
NLnet NGI Fediversity — applied formeer info →
Component 3
Prisma / TALER
Betaalmodule voor stichtingen. Donateurs blijven anoniem. Het bestuur houdt overzicht.
NLnet NGI TALER — applied formeer info →
Technical foundation
Gebouwd op internationale open standaarden
Prisma gebruikt geen eigen formaten. Dat betekent: je kunt altijd overstappen naar een ander systeem, zonder je data kwijt te raken.
DCAT2
Dataset cataloguing & discovery
W3C Recommendation
PROV-O
Provenance & audit trails
W3C Recommendation
ODRL 2.2
Access policies & rights
W3C Recommendation
SHACL
Data validation & quality
W3C Recommendation
SPARQL 1.1
Federated query language
W3C Recommendation
W3C DID
Sovereign agent identity
W3C Recommendation
Public sector · government
Built for the public sector
The Dutch central government has strict requirements for how information must be stored and shared — the BSW programme (Better Working Together). Prisma implements all these requirements as working software, not as a policy document.
The same approach works for any European government, healthcare institution, or school — for anyone who needs to prove how information is stored and managed.
Why this matters — four concrete incidents
86% of EU citizens consider it plausible that the US could block European access to digital services — 59% see it as an already concrete risk. Germany 65% · France 60%. Survey of 5,079 citizens across all 27 EU member states, presented at the European Parliament, 17 March 2026.
SWG / Polling Europe ↗
Schrems II (2020) — The Court of Justice of the EU invalidated the EU–US Privacy Shield, ruling that US law (FISA, CLOUD Act) does not sufficiently protect European personal data stored on US servers. Any transfer to a US provider is now legally precarious under GDPR.
NOYB ↗
Microsoft / International Criminal Court (2025) — After the US imposed sanctions on ICC prosecutors, the Court's chief prosecutor was locked out of his Microsoft email account. Microsoft — a US company — was legally obliged to comply with US executive orders, regardless of where the data was hosted or who the client was.
IEEE Spectrum ↗
Anthropic vs. US Department of Defense (March 2026) — The Pentagon designated Anthropic — an American AI company — a "supply chain risk" after it refused to allow its models to be used for mass surveillance or fully autonomous weapons. Any EU organisation using US AI tools is exposed to the same legal and political risk. A US federal judge blocked the designation on 26 March 2026, ruling it was unconstitutional retaliation — but the precedent stands.
TechCrunch ↗
Edward Snowden / PRISM (2013) — NSA whistleblower Snowden revealed that the US government had direct access to servers of Microsoft, Google, Apple, Yahoo and others under PRISM — without the knowledge of European users or governments. The data of European citizens was being collected in bulk. This disclosure directly triggered the CJEU's Schrems I ruling (2015) and ultimately Schrems II (2020). The structural vulnerability Snowden exposed has not been fixed — it has been codified in the CLOUD Act (2018).
The Guardian ↗
Prisma werkt samen met TOOI — de officiële woordenlijst van de Nederlandse overheid. Zo begrijpen systemen van verschillende ministeries elkaars begrippen, ook als ze net iets andere woorden gebruiken.
How TOOI works in Prisma
What TOOI is
TOOI (Thesaurus en Ontologie voor Overheids Informatie) is the Dutch government's official shared vocabulary. It defines standard terms and their relationships for all public sector information — from policy documents to procurement records. Every Dutch ministry is required to use it.
The problem it solves
Different departments use different words for the same thing. Without a shared vocabulary, federated search across departments returns incomplete or duplicate results. A document classified as "beleidsnota" at the Ministry of Finance is invisible to a search for "beleidsbrief" at the Ministry of Interior — even though they refer to the same concept.
How Prisma implements it
Prisma uses a two-level SKOS vocabulary architecture. The TOOI thesaurus forms the shared core — a set of standard concept URIs all departments agree on. Each department then adds its own domain extension using skos:exactMatch to map local terms to the core. This means departments keep their own terminology while remaining interoperable with the rest of government.
Concrete example
MinFin uses "beleidsnota" · MinBZK uses "beleidsbrief" · Both map via skos:exactMatch to the TOOI concept tooi:beleidsdocument. A federated SPARQL query across both departments finds both — automatically, without manual mapping or data duplication.
BSW / MDTO / DUTO
Prisma implementatie
W3C standaard
Status
Informatieobject
Named Graph (RDF triplestore)
DCAT2 + PROV-O + ODRL
✓ Productie
Beschikbaar Krijgen
SPARQL federatieve query
SPARQL 1.1
✓ Productie
Beschikbaar Maken
Build-pipeline + ODRL
PROV-O + ODRL
✓ Productie
Beschikbaar Houden
Content-addressed storage (IPFS + S3 WORM)
PROV-O archival
✓ Productie
Beschikbaar Stellen
SPARQL endpoint + DCAT2
DCAT2 + ODRL
✓ Productie
DUTO — Duurzaam
IPFS CID + N-Triples open formaat
Content-addressed
✓ Productie
DUTO — Uitwisselbaar
W3C RDF/SPARQL, geen lock-in
RDF 1.1
✓ Productie
DUTO — Toegankelijk
DCAT2 catalogus + SKOS thesaurus
DCAT2 + SKOS
✓ Productie
DUTO — Openbaar
ODRL-policies per object
ODRL 2.2
✓ Productie
Zorgdragerschap
ODRL assignee per Named Graph
ODRL 2.2
✓ Productie
Vernietigingsplicht
Vernietigingsprotocol + destruction cert
PROV-O signed
✓ Productie
Woo-publicatie
Afgeleide bron via ODRL endpoint
PROV-O:wasDerivedFrom
✓ Productie
TOOI-thesaurus
SKOS kern + domeinextensies
SKOS + skos:exactMatch
PI 2026.3
EU AI Act Art. 12–14
SHACL deterministic reasoning layer
SHACL + PROV-O
PI 2026.3
Equivalente nationale standaarden in Europa
Elk EU-land heeft zijn eigen naam voor dezelfde uitdaging. Prisma implementeert de W3C-basis waarop al deze standaarden gebouwd zijn.
Prisma implémente les mêmes principes que VITAM — conservation pérenne, traçabilité complète, interopérabilité — mais en utilisant les standards W3C (DCAT2, PROV-O, ODRL) au lieu du SEDA/XML. Les deux approches sont compatibles via DCAT-AP, le profil européen commun. Prisma peut fonctionner en parallèle avec VITAM ou le compléter pour les échanges fédérés entre organisations.
Prisma setzt dieselben Prinzipien um wie das DOMEA-Konzept — lückenlose Nachvollziehbarkeit, Langzeitarchivierung, Interoperabilität zwischen Behörden — jedoch auf Basis offener W3C-Standards (DCAT2, PROV-O, ODRL) statt proprietärer XML-Schemata. XDomea und DCAT-AP sind über gemeinsame Metadatenstrukturen kompatibel. Prisma ergänzt bestehende DOMEA-konforme Systeme um föderierte Abfragen ohne Datenkopie.
Vier diagrammen die laten zien hoe Prisma informatie opslaat, deelt en beheert.
1 — Informatie delen zonder kopiëren
Twee organisaties kunnen elkaars informatie opvragen zonder die te kopiëren. De data blijft bij de eigenaar. Elke organisatie bepaalt zelf de toegangsregels.
2 — Automatische verwerking
Elke keer dat informatie wordt bijgewerkt, doorloopt die automatisch een reeks stappen: valideren, vastleggen, toegangsregels toepassen, publiceren. Altijd hetzelfde, altijd traceerbaar.
3 — Levenscyclus van informatie
Informatie gaat van bewerkbaar naar gepubliceerd naar gearchiveerd. Elke overgang wordt vastgelegd. Vernietigen kan alleen met expliciete goedkeuring.
4 — Hoe informatie permanent wordt opgeslagen
Prisma slaat informatie op in vier lagen. Elke laag voegt iets toe. Samen zorgen ze ervoor dat informatie ook over twintig jaar nog aantoonbaar ongewijzigd is.
Installeren
Zelf installeren in 5 minuten
Twee manieren om Prisma te draaien. Beide op Europese servers, beide veilig.
Podman Compose — recommended
Elke Europese server met 2 GB geheugen. Drie commando's en het draait.
# 1. Clone
git clone codeberg.org/prisma-platform/prisma
# 2. Configure
cp .env.example .env
# 3. Run
podman-compose up -d
Podman 4+2GB RAM minGNU/LinuxEU cloud recommended
Geavanceerde installatie — Kubernetes
Voor grotere omgevingen met hoge beschikbaarheid en automatisch schalen.
The Prisma blog runs on WriteFreely — open source, federated via ActivityPub. Read and follow posts from your Mastodon account, no separate account needed.
Release notes
Every release of Prisma, ANP, Federation and TALER gets a detailed post with architectural commentary.
Architecture articles
Deep dives into IPLD, W3C standards, BSW IHH implementation and EU AI Act compliance.
Federated via ActivityPub
Follow from your Mastodon account. No algorithm, no tracking, no US servers.