Today we published the Xinity Runtime on GitHub. Here’s the honest version of why we did it and what “open source” actually means in our case.

The easy answer

European companies are being asked to trust AI infrastructure they can’t see, running on servers they don’t control, operated by companies outside their jurisdiction. We built Xinity Runtime to fix that. Open sourcing it was the logical conclusion: if the whole point is that you shouldn’t have to trust us blindly, you should be able to read the code.

That’s the easy answer. The real answer is more complicated.

What we actually shipped

Not everything in the repository carries the same license, and we think being upfront about that matters.

The API Gateway is Apache 2.0 licensed. Take it, fork it, build on it, do whatever you want with it. Same goes for the frontend. These are the parts of the stack that we think should belong to the community unconditionally.

The Dashboard orchestration layer, the part that manages deployments, model routing, and the enterprise features like SSO and RBAC, is source available. You can read every line of it. You can run it. But you can’t extract it and ship it as part of a competing product.

Why the split? Because we watched what happened to other open source infrastructure projects when hyperscalers forked the code, stripped the branding, and offered it as a managed service without contributing anything back. We’re not interested in building the engine that powers someone else’s proprietary product. The source-available license is our protection against that, not against developers, not against enterprises running it internally, but against that specific dynamic.

If you’re a developer running this on your own hardware, the license distinction doesn’t affect you at all.

The sovereignty argument

There’s a version of this announcement that leans hard into compliance deadlines and regulatory pressure, the EU AI Act, the Digital Networks Act, August 2026. All of that is real and relevant.

But that’s not why we built this.

We built it because we think European AI infrastructure should exist on European terms. Not because regulators say so, but because it’s the right architecture. Data that never leaves your building can’t be subpoenaed, breached in transit, or quietly used to train someone else’s model. That’s not paranoia, it’s engineering.

Open sourcing the runtime is part of the same logic. Infrastructure that people can read and audit is infrastructure people can actually trust. That trust is what makes it useful for the workloads that matter, healthcare, legal, financial, government.

What we’re asking for

If you run it: tell us what breaks. The production edge cases we haven’t seen are the most valuable thing the community can give us right now.

If you find a compliance or security issue: open an issue or reach out directly. We’ll move fast.

If you’re running AI workloads in Europe and still routing everything through a US API: the repo is at github.com/xinity-ai/xinity-ai. Getting started takes three commands.

And if you need this in production at scale, hardware sizing support, deployment, enterprise support, that’s what we’re here for.