TAPPaaS: Resilience Cannot Be Outsourced
– but together we can build secure, affordable and sovereign solutions
This blog post is based on interview with dr. Lars Rossen, TAPPaaS
QualiWare has formed a strategic partnership with TAPPaaS
We have become increasingly digitally vulnerable
On November 18, 2025, Cloudflare experienced an outage that took a significant part of the internet down. Most people had never heard of the company, yet it provides critical infrastructure between users and service providers such as Amazon Web Services.
The incident was not an anomaly, but a symptom of a deeper structural issue.
One reason is the growing complexity of our digital infrastructure. Dependency chains in modern IT landscapes have become longer and more tightly coupled — and the longer the chain, the more fragile the system. When just one link breaks, the effects can cascade across the entire landscape.
At the same time, many of our most critical systems rely on technology provided by an ever-smaller group of vendors — primarily large, US-based technology companies.
“A friend of mine once lost access to his Google account. All his pictures and a significant part of his digital identity disappeared overnight. The story ended well: the account was restored, but only after weeks of struggling with an automated help desk,” Lars Rossen says.
How many of your core processes would continue to function if internet connectivity disappeared? What would happen if access to your digital identity were disrupted due to contractual, legal, or political circumstances?
Taken together, these developments increase systemic digital risk.
Why TAPPaaS Is Being Developed
The challenges described above are not isolated incidents. They recur across large organizations, public institutions, and complex IT environments.
In response, TAPPaaS is being developed as an independent open-source initiative led by Lars Rossen (Denmark) and Erik van Busschbach (the Netherlands).
Both bring decades of experience in enterprise architecture, large-scale systems, and digital transformation.
The ambition behind TAPPaaS is not to create isolation from the internet, but to reduce dependency on it. The goal is to enable organizations to operate locally and resiliently — in an autonomous manner — without requiring large teams of developers or system administrators.
TAPPaaS is currently under active development and is being explored in close collaboration with QualiWare, where internal systems are being migrated onto the platform.
Resilience: What Do We Actually Mean?
In a digital context, resilience is the ability to continue operating when conditions change — when systems fail, dependencies break, or assumptions no longer hold. It is the capacity to absorb disruption and adapt without losing critical functionality.
This has an important implication: resilience cannot be outsourced. No contract, platform, or service provider can take full responsibility for an organization’s most critical digital capabilities. When something goes wrong, responsibility ultimately remains with the organization itself.
Fundamental Vulnerabilities
Some of the most serious resilience challenges are found in basic infrastructure components upon which everything else depends. The Domain Name System (DNS) — the “phone book of the internet” — and digital identity management (IDM) systems are prime examples.
If DNS is unavailable, systems cannot find one another. If identity services fail, users cannot access systems, even if the applications themselves are still running.
When such fundamental services are centralized and externally controlled, entire systems become dependent on their availability. In those situations, resilience is no longer an inherent property of the system; it becomes a dependency on someone else’s infrastructure.
How Did We Become Less Resilient?
There are two key reasons why digital resilience has weakened over time.
Originally, the internet was intended to consist of independent networks capable of operating on their own while still benefiting from interconnection. We refer to this as the bazaar model.
In a bazaar, there is no center. If one vendor is unavailable or difficult to work with, you can choose another one.
In practice, the internet evolved into what can be described as a cathedral model, where systems are tightly interconnected and local autonomy has largely disappeared, replaced by centralized corporate platforms that make architectural decisions on behalf of their users.
Organizations increasingly assume that a small number of global cloud providers can indefinitely safeguard their interests — commercially, technically, and politically. This assumption has delivered efficiency and convenience, but it has also concentrated risk and reduced structural resilience.
Any organization whose business is digital must take ownership of its critical infrastructure decisions. Returning to a more decentralized “bazaar” approach may initially appear complex, but diversity, optionality, and distributed control are fundamental characteristics of resilient systems. Like, any chef who cooks delicious meals will choose the bazaar over the supermarket for quality and variety.
Complexity Hidden Behind Convenience
Modern IT systems are highly complex, yet much of that complexity is concealed behind convenient platforms and services.
At the same time, most of the necessary building blocks already exist as high-quality Free and Open Source Software (FOSS). What is missing is not technology, but the capability to assemble and operate these components as a coherent and resilient whole.
This is where digital sovereignty becomes more than a technical concern. When critical digital infrastructure is built on proprietary platforms controlled by a small number of actors, sovereignty is gradually eroded through dependency.
Open source offers a different foundation — one free from control by any single vendor or jurisdiction — and therefore a prerequisite for autonomy, resilience, and long-term freedom in the digital domain.
The Vision Behind TAPPaaS
TAPPaaS is a Trusted, Automated, Private Platform-as-a-(Self-Hosted)-Service:
- Capable of running any application
- Connected to the internet, but not dependent on it
- Resilient, backed up, and able to operate off-grid when needed
- Built on a solid security architecture
- Automatically installed and continuously patched
- Fully open source
- Operable on inexpensive hardware
In short, it represents a practical approach to digital sovereignty and resilience.
TAPPaaS is still under development and continues to evolve through practical implementation and collaboration.
QualiWare partnership with TAPPaaS
QualiWare has formed a strategic partnership with TAPPaaS
“For some of our customers, access to procedures and contingency plan at all times is critical, including during outages or emergency scenarios where internet connectivity is unavailable. That is one of the reasons we chose to partner with TAPPaaS: we want to ensure our customers can remain compliant and operational even when connectivity is disrupted. Beyond the technology itself, the platform is shaped by some of the world’s most forward-thinking enterprise architects, and we believe their architectural direction is the right one,” says Jacob Lund, CIO at QualiWare.
In our next blog post, we will take a closer look at QualiWare’s partnership with TAPPaaS and the strategic considerations behind our approach to digital sovereignty.
