KubeCon Europe 2026 in Amsterdam made something unmistakably clear. Policy as code is no longer emerging. It is becoming foundational.
Across keynote stages, breakout sessions, and co-located events, the industry is converging on a new reality. Infrastructure is no longer static, and increasingly, it is no longer human-authored. AI is accelerating how systems are built, configured, and operated. That shift demands a new control plane. Policy as code is stepping into that role.
For Nirmata, this KubeCon brought together three defining signals of where the industry is going. The continued rise of policy as code, the rapid expansion of AI infrastructure on Kubernetes, and the graduation of Kyverno.
Kyverno Graduation: Policy as a First-Class Control Plane
Kyverno’s graduation is more than a project milestone. It is a signal of where Kubernetes itself is heading.
Policy is no longer something layered on top of infrastructure. It is becoming part of how infrastructure is defined, enforced, and operated.
Kyverno maintainers Jim Bugwadia, Mariam Fahmy, Shuting Zhao and Nirmata team member Carole Brun celebrate Kyverno’s graduation at KubeCon EU 2026
Kyverno’s evolution reflects that shift. What started as a simpler, Kubernetes-native policy engine has grown into a full lifecycle policy platform supporting validation, mutation, generation, cleanup, and now CEL-aligned policies that map directly to upstream Kubernetes direction.
“Kyverno was initially built as a policy engine for Kubernetes, but has since expanded to cover all aspects of infrastructure governance”, said Jim Bugwadia, creator of Kyverno and a founder at Nirmata. “Platform teams leverage Kyverno for policy-based automation, to enable developers to move fast without compromising security.”
The implication is straightforward. The future of Kubernetes governance will not be external. It will be native.
Policy as Code Was Everywhere — And It Looked Different This Year
Policy as code was not confined to a single track or tool. It showed up across security, platform engineering, and real-world enterprise adoption stories.
One of the most important sessions of the week:
Audit-Ready Kubernetes: How Chase UK Leveraged Policy as Code for Continuous Compliance
The session, featuring Jim Bugwadia and Nischay Goyal, demonstrated a shift that many organizations are now pursuing. Compliance is no longer periodic. It is continuous. Policy is what makes that possible.
The takeaway was not just technical. It was operational. Policy reduces audit cycles, but more importantly, it removes compliance as a bottleneck to delivery.
Another strong signal came from:
Advanced Kyverno Patterns: Automating Platform Security and Operations
Frank Jogeleit and Johannes Sonner showed how policy is being used in production to automate not just security, but operational workflows and platform standards at scale.
Beyond these sessions, Kyverno maintainers including Shuting Zhao, Charles-Edouard Brétéché, Luc Chmielowski, and others were deeply engaged throughout the week in technical discussions, demos, and design conversations.
The pattern across all of this was clear. Policy is shifting:
- From reactive to preventative
- From isolated to integrated
- From security-only to platform-wide
AI Is Forcing a Rethink of Governance
AI dominated KubeCon Europe 2026. Not as hype, but as infrastructure reality. Sessions across the event explored:
- AI agents operating inside Kubernetes
- Inference workloads at scale
- GPU scheduling and cost optimization
- New interaction layers between humans, systems, and models
This introduces a fundamental problem. If infrastructure is increasingly generated by AI, then governance cannot rely on manual review or static controls. Policy becomes the only scalable answer.
We are already seeing this shift take shape:
- Admission control as a first line of defence
- Continuous validation across clusters
- Automated remediation instead of alert fatigue
The conversation around AI Bills of Materials, or AIBOMs, reinforces this further. Visibility alone is not enough. Enforcement is required.
“The complexity of Kubernetes initially drove the need for Policy as Code solutions like Kyverno” added Jim. “Now, with the rapid proliferation of AI Agents, Kyverno has become critical for unified governance, specifically by taming the chaos caused by the explosion of new virtual identities and roles.”
The direction is clear. AI increases speed. Policy ensures that speed does not become a risk.
AI Infrastructure Needs a Control Layer
Another clear takeaway from the conference was the emergence of new AI infrastructure layers.
These include:
- AI gateways controlling model access
- Inference platforms running inside Kubernetes
- Agent-based systems executing workflows
- Tooling ecosystems connecting LLMs to infrastructure
These are not just new workloads. They are new control problems:
- Who can access which model
- What configurations are allowed
- How resources are consumed
- How compliance is enforced
These are policy questions.
Kyverno enables platform teams to answer them using Kubernetes-native constructs. Not as an afterthought, but as part of how systems are defined and deployed.
As AI infrastructure matures, policy becomes the layer that connects intent to execution.
KyvernoCon: From Interest to Momentum
KyvernoCon was one of the clearest indicators of where the community is today. The event was standing room only.
That level of engagement reflects something important. Policy as code is no longer a niche topic. It is becoming a core capability for platform teams.
Standing room only at KyvernoCon EU — photo credit CNCF
Sessions covered:
- CEL-based policy adoption
- Managing large-scale policy sets
- Integrating policy into GitOps workflows
- Applying policy to AI and security use cases
All talks at KyvernoCon Europe were recorded are set to be available on the CNCF YouTube channel.
ContribFest and the Strength of the Community
The Kyverno ContribFest session was another standout moment.
Nearly 100 participants filled the room, including many Kubestronauts and Golden Kubestronauts. This level of engagement is not accidental. It reflects a community that is both growing and highly invested.
Kyverno’s ContribFest event was filled with Kubestronauts and Golden Kubestronauts leading the community forward
Kyverno’s momentum is driven not just by adoption, but by contribution.
Open Source and Commercial Are Converging
One of the most important dynamics at KubeCon was the convergence between open source and enterprise needs.
The open source community continues to:
- Drive innovation
- Expand real-world use cases
Push the boundaries of what policy can do. At the same time, organizations are asking a different set of questions:
- How do we scale policy across hundreds of clusters
- How do we operationalize governance
- How do we automate remediation
Our Nirmata team helping Platform Engineers and the Kyverno open source community at KubeCon EU
As the creators of Kyverno, Nirmata sits at the intersection of these two worlds. This is not about replacing open source. It is about extending it into production reality.
Looking Ahead
KubeCon Europe 2026 made one thing clear. Policy as code is becoming the control plane for modern infrastructure.
AI is accelerating change, but it is also increasing risk. Platform teams cannot rely on manual processes to keep up. They need systems that enforce intent automatically and continuously.
Kyverno’s graduation marks a milestone, but more importantly, it marks a transition. Policy is moving from a feature to a foundation.
For platform teams, the takeaway is simple. If you are not thinking about policy as a core part of your architecture yet, you will be.
Are you looking to better your policy as code stance in the era of AI? Get started with our Cloud Agents today!
