Blogs | Marketplace * | AI Powersessions
Subscribe for AI Powersessions
About us | Join us Book a Demo
EN
AI Operation Layer Framework · 5×5 Matrix

Five floors, five pillars — one future-proof AI foundation.

A complete framework for IT organisations that want to work with AI professionally, securely, and sustainably. From sovereign EU hosting to observability, DTAP, and the tools your teams actually use.

Explore the matrix → Plan an infra workshop
GDPR · ISO 27001 · EU AI Act Sovereign · data in EU
Future-proof AI infrastructure — 5×5 matrix
"

Companies often start with AI tools. But that's only floor 5. A strong foundation starts at the bottom — with sovereign hosting and governance.

— The Kodify AI-OLF principle
5 infrastructure floors
5 sovereignty pillars
3 sovereignty levels
100% EU data residency
The Kodify AI Operation Layer Framework

A future-proof AI infrastructure is technically layered and operationally controlled.

Without the floors there is no functional AI platform. Without the pillars that platform is not trusted, manageable, or sustainable. That is why we think in both axes simultaneously: five floors that AI rests on, and five pillars that must land consistently on every floor.

Floors ↓ The technical AI stack — physical foundation at the bottom, user applications at the top. Each floor relies on the capabilities of the floor below.
Pillars → Cross-cutting architectural concerns that must exist consistently on every floor. Where they are missing, a blind spot appears in the stack.
PILLAR 01 Adaptability Does the architecture move with AI development?
PILLAR 02 Sovereignty Who controls infra, data, models, and dependencies?
PILLAR 03 Observability Is what the system does measurable and traceable?
PILLAR 04 Security & Governance Is the platform protected, compliant, and governed?
PILLAR 05 Privacy Is personal data processed responsibly and minimally?
Floor 5 UI / Applications Business-facing applications
Applications evolve independently, support multiple AI models and adapt UX and workflows quickly.
Users and organisations determine where applications run and which AI providers they use.
User behaviour, AI responses, latency, errors and business KPIs are measurable and traceable.
Role-based access, workflow controls, policy enforcement and human-approval processes.
Protection of prompts, conversations, personal data and consent handling in applications.
Floor 4 Integration APIs, MCP & orchestration
APIs, MCP servers and connectors are modular and interchangeable without breaking the ecosystem.
Control over which systems, APIs and external AI services may integrate.
Monitoring of API calls, tool use, orchestration flows, failures and dependency health.
API authentication, authorisation, rate limiting, governance policies and audit trails.
Minimisation and protection of sensitive data flowing through integrations and tool calls.
Floor 3 Data & AI Intelligence and data layer
Models, vector databases, orchestration frameworks and AI pipelines are interchangeable.
Ownership and control over datasets, models, embeddings and the locations of training and inference.
Monitoring of model quality, hallucinations, drift, token usage, costs and AI performance.
Model governance, dataset controls, compliance policies, lineage and AI risk management.
Protection of PII, sensitive embeddings, training data leakage and inference confidentiality.
Floor 2 Platform / OS Runtime platform
Containerised, modular runtime platforms that support hybrid and multi-cloud deployments.
Control over runtime environments, Kubernetes clusters, operating systems and cloud dependencies.
Monitoring of infrastructure health, workloads, containers, logs, traces and runtime metrics.
Identity management, secrets handling, patching, workload isolation and platform compliance.
Isolation of workloads and safe handling of sensitive runtime data and memory.
Floor 1 Hardware Physical foundation
Hardware scales and evolves across GPU generations, cloud, edge and on-prem environments.
Physical ownership or control over compute, storage, network and geographic infrastructure location.
Monitoring of power, thermals, GPU utilisation, storage, network throughput and hardware failures.
Physical security, hardware trust, secure boot, network segmentation and infrastructure policies.
Protection of physical data storage, secure deletion and prevention of unauthorised access.
The yellow column — Sovereignty — is what this page zooms in on. See the three hosting levels →
5 × 5

A future-proof AI infrastructure is not a tech stack — it is a matrix. Technically layered (floors) and operationally controlled (pillars). Only when both axes are right does an AI platform emerge that is scalable, trusted and manageable.

Section 02 — Sovereignty levels

Which sovereignty level fits your organisation?

Not every organisation needs the same foundation. We offer three levels — from managed cloud to full sovereign control — each building on the 5×5 matrix.

Level A
Managed Cloud
SME / scale-up

Quick start with EU-hosted infrastructure

Sovereign EU hosting on Scaleway, pre-configured for compliance. Your data stays in the EU — GDPR-ready from day one, with basic observability and a managed DTAP pipeline.

  • HostingScaleway EU (Paris / Amsterdam)
  • ComplianceGDPR · ISO 27001 template
  • DTAPManaged pipeline
  • ObservabilityBasic monitoring
Scaleway EU GDPR ready Managed DTAP
Level B
Private Cloud
Mid-market / regulated sector

Dedicated infrastructure with full audit trail

A private cloud environment with dedicated compute, full observability, and version-controlled AI pipelines. Suitable for organisations in regulated sectors that need an audit trail for every AI decision.

  • HostingDedicated private cloud
  • ComplianceGDPR · ISO 27001 · EU AI Act
  • DTAPFull pipeline + rollback
  • ObservabilityFull audit trail
Private compute EU AI Act Full audit trail ISO 27001
Most complete
Level C
Sovereign Core
Enterprise / government

Full sovereignty over AI infrastructure and data

Complete sovereignty — your own dedicated hardware, on-premise or in a private data centre, with Kodify managing the full AI operation layer. No shared infrastructure, no external dependencies. Maximum control, maximum compliance.

  • HostingOn-premise or dedicated DC
  • ComplianceGDPR · ISO · EU AI Act · NEN
  • DTAPFully managed + CI/CD
  • ObservabilityReal-time sovereign monitoring
On-premise Full sovereignty NEN certified Zero dependency
Section 03 — Why AI infrastructure fails

Most AI projects fail before they start.

Nine out of ten organisations start at the top floor — the tooling — without the foundation in place. These are the three most common infrastructure mistakes.

  • 01
    Starting with tooling

    Selecting an AI tool before data, governance, and infrastructure are in place. The tool works in demo — but fails in production.

  • 02
    No observability layer

    No visibility into what AI costs, how it behaves, and whether it complies with governance requirements. You can't manage what you can't measure.

  • 03
    Missing data governance

    Data quality is unknown, sources are not connected, and there is no policy for who can access what. AI amplifies data problems — it does not solve them.

The Kodify infrastructure journey
1
IT landscape scan We map your current IT stack against the 5×5 matrix and identify gaps in each pillar.
2
Architecture blueprint A concrete plan for the missing floors — with technology choices, timeline, and cost estimate.
3
Pilot configuration We configure the first floors and validate the blueprint in a controlled environment.
4
Production rollout Phased rollout of all five floors, with your team trained at each stage.
5
Continuous operations Ongoing management, monitoring, and optimisation — with monthly observability reports.
Section 04 — The observability layer

The layer that makes AI governable.

Between your AI applications and your data infrastructure sits the AI Operation Layer — our unique observability and orchestration layer that gives you full control over quality, costs, and compliance.

  • 01
    Guardrails

    Prevent unsafe inputs and outputs. Define what AI may and may not do — per application, per team, per data source.

  • 02
    Observability

    Full visibility into model usage, costs per team, quality scores, and latency — from a single dashboard.

  • 03
    Routing

    Smart model routing — use the most cost-effective model that delivers sufficient quality. Switch models without changing your application.

Section 05 — The team

Two practitioners who have built this infrastructure.

We don't sell what we haven't built ourselves. Marten and Ruben have designed and delivered the 5×5 framework for multiple organisations.

Marten van der Tempel

Marten van der Tempel

CEO & AI Strategy

Former VP Technology and startup founder. Marten translates the 5×5 framework into boardroom language — connecting IT decisions to business outcomes and governance requirements.

Connect on LinkedIn →
Ruben Snoek

Ruben Snoek

CTO & Infrastructure Lead

Hands-on architect with deep expertise in sovereign cloud, AI pipelines, and observability tooling. Ruben has configured Scaleway sovereign environments and AI operation layers from scratch.

Connect on LinkedIn →
Section 06 — Compliance

GDPR, EU AI Act, ISO — built in, not bolted on.

Compliance is not an audit checklist. It is the result of the right infrastructure choices. The 5×5 matrix is designed around EU sovereignty and regulatory requirements from the ground up.

  • 01 Data stays in the EU — always. No exceptions.
  • 02 ISO 27001 template configuration from day one.
  • 03 EU AI Act compliance built into the observability layer.
  • 04 PII protection enforced at every data integration point.
GDPR / AVG

GDPR / AVG

All data processing within EU jurisdiction. Data residency guaranteed by sovereign hosting on Scaleway.

EU AI Act

EU AI Act

Risk classification, transparency requirements, and human oversight built into the AI operation layer.

ISO 27001

ISO 27001

Information security management aligned with the ISO 27001 standard across all infrastructure layers.

Plan your infrastructure workshop → Watch on YouTube
On demand — Infrastructure deep dive

Watch: building a sovereign AI stack from scratch.

In this session, Marten and Ruben walk through the 5×5 matrix live — showing what each floor and pillar means in practice, with real Scaleway configurations and observability dashboards.

Plan your infrastructure workshop → Read the whitepaper

Ready to future-proof your IT landscape?

Start with a 2-day IT infrastructure workshop. We assess your architecture against the 5×5 matrix and deliver a concrete blueprint — with technology choices, cost estimate, and a phased rollout plan.

Plan the workshop → Explore the levels