Open Bank Foundation logo Open Bank Foundation
Live from the openbank-sandbox cluster

The platform, in real time.

This isn't a pitch deck. It's a running European bank you can inspect: governance mapped to the regulation, the real cost of every business process this month, continuity proven tier by tier, AI under the same gates as humans, and live cloud architecture. All of it, observable.

● Live today ◐ Partial ○ Planned
European regulatory coverage

Governance, mapped to the regulation.

Every framework control traces to a named article. This is the maturity of that mapping today: a coverage surface, not a compliance claim. The work in the open is closing the gap.

88%

CNB

Czech National Bank

  • §4 Books of account → double-entry ledger
  • §20d Business continuity plan → BCP tiers
  • CERTIS Domestic clearing → domestic-payment
85%

DORA

Digital Operational Resilience

  • Art.17 Immutable audit → audit-service (WORM)
  • Art.11-12 Recovery objectives → RTO/RPO tiers
  • Art.5 ICT risk → governance-as-code in CI
82%

5AMLD

Anti-Money-Laundering

  • Art.18 Screening before payout → compliance gate
  • Sanctions Real-time list checks → sanction-screening
  • Monitoring Transaction surveillance → audit trail
80%

PSD2

Payment Services Directive

  • Art.97 Strong auth (SCA) → Keycloak
  • AISP/PISP Open banking → open-banking-service
  • pacs.008 SEPA rails → sepa-payment / instant
78%

GDPR

Data Protection

  • Art.25 Protection by design → party-service PII masking
  • Consent Lawful basis → consent service
  • Erasure Right to be forgotten → retention policy
75%

EBA

European Banking Authority

  • ICT Risk guidelines → BCP + observability
  • Outsourcing Register → cloud architecture map
  • Incident Reporting → audit + notifications
70%

PCI DSS

Card Security

  • Req.3.5 Key management → HashiCorp Vault / KMS
  • Isolation Cardholder scope → card-issuance
  • SegNet Network segmentation → namespaces
60%

EU AI Act

AI Governance

  • Oversight Human-in-the-loop → ADR-0031
  • Traceability AI-attributed audit → every action logged
  • Risk Deny-by-default agents → OPA policy gate
FinOps · this month

Real cost, broken down by business process.

Every euro of run-cost attributed to the flow that spends it, fully-loaded with shared dependencies. Not an estimate. The current month, live.

$0.00total run-cost / month
0business flows costed
0services attributed
livecost feed status
SEPA Credit TransferPSD2 · pacs.008
$0
SEPA InstantPSD2 · 10s SLA
$0
Domestic PaymentCNB CERTIS
$0
SWIFT Cross-Borderpacs.008 · cross-border
$0
Double-Entry LedgerCNB §4 · books of account
$0
FX Conversion3 services
$0
Account Management4 services
$0
Balance Projection2 services
$0
Open BankingPSD2 AISP/PISP
$0
Compliance Gate5AMLD Art.18 · AML/Sanctions
$0
Card IssuancePCI DSS
$0
Audit TrailDORA Art.17 · immutable
$0

Flows share services, so the per-flow sums overlap. Figures are fully-loaded sandbox run-cost.

Business continuity · live

Continuity you can prove, tier by tier.

A prioritized recovery plan per DORA Art.11-12, CNB §20d and EBA ICT guidelines, with real-time health, not a document in a drawer.

OverallDEGRADED20 / 38 services healthy
Compliance gateCLEAR5AMLD Art.18 / DORA Art.12
Payment processingENABLEDTier 4 payment services
Target RTO< 8 minpre-built Docker images
0

Tier 0 · Infrastructure prerequisites

Prerequisite of every other tier

RTO 5 minRPO 0P06/6 ✓
PostgreSQLApache KafkaKeycloak (IAM) HashiCorp VaultValkey (Redis)Schema Registry
1

Tier 1 · Core ledger & identity

CNB §4 accounts · DORA Art.17 audit online during incident

RTO 15 minRPO <1 minP14/5 ✓
Account ServiceLedger ServiceTransaction Service Party ServiceAudit Service
2

Tier 2 · Compliance gate

5AMLD Art.18 · payments must not run without AML/sanctions

RTO 20 minRPO <5 minP12/6 ✓
Sanction ScreeningCompliance ServiceConsent Service Watchlist SyncCase MgmtReporting
AIOps · AI governance

AI under the same gates as humans.

ADR-0031 · Proposed. Agents propose; governance disposes. An agent never holds more privilege than a human. It holds less.

1/5Phasepolicy skeleton · deny-by-default
AdvisoryEnforcementdefault: deny
0Agents acting3 charters defined
1/9Roadmap D1-D96 partial · 2 planned

read read-only · PII masked

query.ledger.readonlyread.catalog read.logsread.governance

write_proposal proposal only

draft.ticketgh.pr.opendraft.adr git.branchgit.commit.signedrun.skill

deny forbidden for all agents

money.transfermoney.post.ledger gh.pr.mergegh.pr.approvesecrets.read.raw
Cloud architecture · live status

A live system, not an architecture diagram.

Target state per ADR-0027 with a live health overlay from the openbank-sandbox EKS cluster. Cloud-agnostic by design: one AWS-managed layer, everything stateful runs as in-cluster OSS.

Internet / Edge ADR-0027 edge tier · not provisioned yet
Route 53CloudFront + WAF + Shield ALB (AWS LB Controller)ACM (TLS certs)
AWS substrate account 2651·7546·8565 · eu-north-1 · the only AWS-managed layer
S3 · tofu stateEC2 / Mac mini CI runnerVPC · 3 AZ EKS control plane 1.31Bootstrap nodes (Graviton)KMS CMK IAM (OIDC, Karpenter)ECR CloudTrail + ConfigS3 Object Lock (WORM)
EKS cluster · openbank-sandbox k8s 1.31 · Karpenter Graviton/Spot autoscaling
platform bootstrap
cert-managerKarpenterArgoCDARC runners
stateful core cnpg · messaging · iam
CloudNativePGStrimzi / KafkaApicurio KeycloakValkey / RedisVault + ESOClickHouse
application accounts · admin-ui · domain verticals
account-serviceadmin-ui10+ domain verticals Notification ServiceSecurity Scanner
observability
PrometheusGrafanaLoki TempoOTel Collector
Everything above is live

Don't take the screenshots. Open the real thing.

The admin portal you just scrolled through is running right now. Sign in with the demo account and click around: FinOps, BCP, AI governance, the live cloud map.

Back to the vision
Live demo · read-only sandbox

Open Bank admin portal

A running instance of the admin console: service catalog, governance dashboards and the platform's control surfaces. Sign in with the shared demo account.

Portaladmin.open-bank.tech
Userdemo@openbank.local
PasswordOpenBank+
Open admin portal →

Demo data only. Please don't enter real personal or payment information.