Our layers are solid — Aiven, Scaleway, KYA meet Nadella’s Foundry
· by Risto Anton Paarni
Satya Nadella, this week
“Every agent will need its own computer. And with new Hosted agents in Foundry, every agent gets its own dedicated enterprise-grade sandbox, with durable state, built-in identity and governance, and support for any harness or framework.”
That is the other half of what we have been shipping. The sandbox half is now a Microsoft product. The identity half is KYA. The EU-sovereign ground underneath is Aiven (Helsinki) and Scaleway (Paris). Our layers are solid, and they line up one-to-one with what Foundry asks for.
Four layers, one stack
Layer 1 · Distribution
Microsoft Foundry — Connect tier
Foundry’s Hosted Agents give each agent a dedicated sandbox with durable state and harness freedom. For DWS clients already on the Microsoft stack, Connect tier is how our skilled agents land in their environment without re-platforming. One sandbox per KYA-bound agent, per tenant, per policy. Metadata to Foundry; data stays on EU sovereign infra.
Layer 2 · Data plane
Aiven — Helsinki, Finland
Aiven is the Finnish managed open-source data platform (PostgreSQL, Kafka, ClickHouse, OpenSearch, Valkey) with an official Aiven MCP server — AI agents call SQL, pgvector similarity search and Kafka topics through RBAC-enforced tool calls. EU HQ and EU data centres means sovereignty is about jurisdiction, not just pin-code. DWS_DATA_STANDARD locks Aiven-first; Aiven’s own sovereignty stance (“data residency in Frankfurt or Helsinki can still fall under foreign jurisdictions if the cloud provider is headquartered outside the EU”) is why.
Layer 3 · Compute
Scaleway — Paris / Amsterdam
SecNumCloud-eligible, French-headquartered, EU-only execution. Our compliance agents — ETS, CBAM, CSRD (E1–E5, S1–S4, G1), EU AI Act Article 12, EPBD, EED — run here, not on a US hyperscaler. CLOUD Act exposure on the execution path: effectively zero. The data never leaves the bloc.
Layer 4 · Identity spine
KYA Standard v1.5 — Know Your Agent
Every agent session bound to a KYB/KYC-verified human. Five pillars: Identity Attribution, Capability Gating, Forensic Observability, Autoresearch Governance, KYA Vision. TC-4 Leash Snap terminates the full agent chain when trust drops. Foundry says “every agent has a computer.” KYA says “every agent has an accountable human.” Both are true at once.
What Nadella describes, in our words
Foundry covers three things explicitly: sandbox, durable state, built-in identity and governance. “Built-in identity” inside a Microsoft tenant is fine — until you are deploying 21 skilled compliance agents for a regulated EU client, and the auditor asks: whose identity, whose tenant, under whose legal regime. KYA answers that with a cryptographic identity token issued by Lifetime Oy (Helsinki) and honored by the sandbox. The Microsoft identity is the seat. The KYA identity is the worker.
Concrete shape: 21 Skilled Compliance Agents per client
For a single EU enterprise under a CSRD + CBAM + EU AI Act engagement, the wiring is the same every time:
- 21 Skilled Agents — ETS, CBAM (transitional + definitive), CSRD disclosures across E1–E5 / S1–S4 / G1, EU AI Act Article 12, EPBD, EED.
- Each one gets its own Foundry Hosted Agent sandbox.
- Each one is bound to a KYA identity with capability gating and Firehorse trace IDs.
- Each one reads and writes on Aiven for PostgreSQL (client tenant, RLS-enforced, pgvector for similarity search).
- Each one executes on Scaleway EU compute.
- Every action is logged to the Firehorse audit trail and signed by the sovereignty audit overlay for EU AI Act Article 12.
- A single TC-4 Leash Snap revokes all 21 sandboxes at once if the bound human’s trust score drops below threshold.
Foundry asks → KYA already answers
| Foundry requirement | KYA answer (already shipping v1.5) |
|---|---|
| Built-in identity, per agent | Pillar 1 — Identity Attribution. KYB/KYC-verified human → agent binding with cryptographic token. |
| Governance | Pillar 3 — Forensic Observability. Firehorse trace IDs on every action, tamper-evident chain. |
| Durable state | Aiven for PostgreSQL + memory audit trail (KYA-S v1.5 §10, KYA-O v1.7 §12). |
| Any harness or framework |
Skills as .md contracts, CLI + MCP;
portable across runtimes by design.
|
| Accountability when the agent acts wrong | Pillar 2 — Capability Gating + TC-4 Leash Snap. One revoke, full chain terminates. |
| Data residency (EU-regulated clients) | Layers 2 and 3 above. Aiven + Scaleway. EU HQ, EU DC, EU law. |
Foundry gives the agent a computer. KYA gives the agent a conscience.
That is the one-line version. The fuller version is that our four layers — distribution (Foundry Connect), data (Aiven), compute (Scaleway), identity (KYA) — compose. None of them compete with Nadella’s announcement; all of them complete it. For EU-regulated industrial clients, this is the shape the regulation will accept.
Read next
- KYA Standard v1.5 — what changed since the v1 field note
- KYA Standard v1 — the original field note (why software-level scaffolding is not enough)
-
KYA Standard v1.5 source of truth:
Legal/KYA_STANDARD_v1.md -
Sovereignty Standard:
DWS_SOVEREIGNTY_STANDARD.md(Aiven + Scaleway as EU Tier 1) -
Data Standard — Aiven-First Mandate:
DWS_DATA_STANDARD.md
Risto Anton Paarni
CEO, Lifetime Oy · Editor in Chief, Lifetime Scope Journal