Verholm.
Open-source compliance for regulated Kubernetes

Compliance your platform generates by default.

Verholm builds the Compliance Fabric, an open-source control and evidence layer for regulated AI, and helps life sciences and finance teams put it into production.

Open source · Apache 2.0
Full Kubestronaut · GxP · DORA · NIS2
The open core

The Compliance Fabric

An open-source layer that runs across a regulated Kubernetes platform. You author controls once, the platform enforces them as policy, and the running system produces audit-ready evidence on demand. The control logic is open, so a quality team and an auditor can read exactly how each control is enforced, instead of trusting a black box.

01

Author

Controls as code in OSCAL: GxP, DORA, and NIS2 in one place.

02

Enforce

Controls compiled into Kubernetes policy at CI, admission, and runtime.

03

Evidence

Running state becomes audit-ready evidence and on-demand audit packs.

View on GitHub → Apache 2.0 · contributions welcome
How Verholm helps

A consultancy built around the Fabric.

001

Readiness assessment

A fixed-scope review of your platform against the Fabric's controls for GxP, DORA, and NIS2. You leave with a clear gap map and a path to close it.

002

Implementation

We deploy and qualify the Fabric on your platform, wiring policy enforcement, supply-chain trust, and evidence collection into your clusters.

003 Commercial layer

Managed Fabric

A hosted control plane, audit-pack and validation-report generation, certified GxP control packs, and support, built on the open core.

004

Training and enablement

Workshops that bring your platform and quality teams up to speed on Kubernetes, validated AI, and the Fabric itself.

Who is behind it

I'm a platform engineer in Copenhagen who has built GxP-compliant Kubernetes platforms for regulated manufacturing at major Nordic life sciences companies.

I'm a full Kubestronaut, holding all five CNCF Kubernetes certifications, and I maintain the open-source Compliance Fabric. I also teach Kubernetes and platform engineering publicly on LinkedIn, Udemy, and LinkedIn Learning. Verholm is where that combination of regulated delivery and open-source work becomes independent.

The thesis is simple: agentic AI is arriving in regulated industries whether the validation story is ready or not. The Fabric is how I make sure it is, in the open.

Get started

Putting AI into a regulated environment?

Start with a readiness assessment. Fixed scope, a clear written output, and no long commitment.