InfoQ Homepage Governance Content on InfoQ
-
Cycle Introduces EU Control Plane as Sovereignty Debate Continues
Cycle recently introduced a separate EU-based control plane, allowing European customers to keep platform management data and telemetry within Europe. The new offering is designed to improve compliance, operational isolation, and responsiveness for European organizations.
-
AI Tools Accelerates Coding, But Not Overall Software Delivery, GitLab Research Finds
GitLab's 2026 AI Accountability Report highlights an AI Paradox: although 78% of developers say they code faster, overall software delivery has not accelerated due to downstream testing and review bottlenecks and new challenges for enterprise governance and traceability.
-
AI Is Moving up the Software Lifecycle: from Code Review to PRD Governance
Technology companies are extending AI beyond code generation into earlier stages of the software lifecycle, including PRD validation, design inputs, and code review. Initiatives from Uber, DoorDash, and Cloudflare highlight a shift toward AI-driven governance layers that evaluate engineering artifacts before implementation while preserving human oversight across the development pipeline.
-
Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks
Cloudflare has outlined a reference architecture for scaling Model Context Protocol (MCP) deployments across the enterprise, positioning centralized governance, remote server infrastructure, and cost controls as key requirements for production-ready agent systems.
-
GitLab Suggests AI Can Detect Vulnerabilities But it's AI Governance That Determines Risk
Artificial intelligence is rapidly transforming how software vulnerabilities are detected, but questions about who governs the risks AI exposes, and how those risks are acted on, are becoming increasingly urgent, according to a new blog post by GitLab.
-
Cedar Joins CNCF as a Sandbox Project
Cedar, an open-source policy language architected by AWS, has joined the CNCF as a Sandbox project. Designed for fine-grained application permissions, it decouples access control from code using a verifiable, high-performance policy engine. Cedar supports RBAC, ABAC, and ReBAC, offering a secure, analyzable alternative to general-purpose tools like OPA.
-
AWS Launches European Sovereign Cloud amid Questions about U.S. Legal Jurisdiction
AWS has launched its European Sovereign Cloud with a €7.8 billion investment, designed to meet EU regulatory demands and address data privacy concerns amid geopolitical tensions. Despite its operational separation from global regions, questions linger about legal protections against U.S. data access. Competitors like Microsoft and local providers may present stronger sovereignty options.
-
Michelin Drives Pragmatic Path to AIOps without a Grand Vision
Michelin's China operations group have written about how they implemented an AIOps platform. It details the missteps and organisational resistance that were overcome on the way to eventual alignment with their global IT governance, and explains how enterprises can move past vendor pitches to get to a practical deployment.
-
Breaking Silos: Netflix Introduces Upper Metamodel to Bring Consistency across Content Engineering
Netflix has introduced the Upper metamodel within its Unified Data Architecture (UDA) to standardize domain definitions and generate consistent data container representations. UDA links conceptual models to GraphQL, Avro, SQL, and Java artifacts, supporting projections, mappings, and knowledge graph-based discovery across content, advertising, and operational systems.
-
Microsoft Addresses Data Residency with Private Cloud Expansion
Microsoft has strengthened its Sovereign Cloud offering to meet stringent global data-residency and control regulations, particularly in Europe. New capabilities include a commitment to EU Data Boundary, expanded in-country data processing, and enhanced Sovereign Private Cloud features.
-
AWS Launches Capabilities by Region Tool
AWS has launched "AWS Capabilities by Region," a powerful tool that streamlines service visibility for architects and developers. No more manual checks—now you can compare AWS services across regions interactively and plan deployments efficiently. With enhanced transparency and automated capability checks, streamline global projects and minimize delays.
-
EU's Cloud Sovereignty SEAL Ranking Forces Governance and Resilience Trade-offs
The EU's new Cloud Sovereignty Framework establishes a standardized assessment for cloud services, enhancing digital autonomy and reducing dependence on non-EU giants. It introduces a scorecard system based on eight Sovereignty Objectives that influences public sector procurement decisions.
-
Why Software Engineering Governance Matters: Reducing Risk without Slowing down
Software engineering governance helps teams make decisions, Sarah Wells said at Goto Copenhagen. She argued it should support value delivery, not hinder it. Poor governance slows progress and can increase costs. A technical strategy with a radar can help teams to make better decisions, and aligning with DORA capabilities can boost their performance.
-
Azure Service Groups Enter Public Preview Offering New Abstraction Layer for Resource Management
Microsoft has launched Azure Service Groups in public preview, a new feature designed to simplify resource management and administration. Acting as a flexible, tenant-level container, Service Groups allow users to organize Azure resources from anywhere within their tenant without affecting RBAC or policy inheritance.
-
Google Apigee Adds Built-in LLM Governance with Model Armor
Google Cloud has launched the public preview of Model Armor, a native LLM governance framework integrated into the Apigee API management platform. Detailed in a community post, Model Armor introduces out-of-the-box enforcement for LLM-specific policies such as prompt validation, output filtering, and token-level controls at the API layer.