AI Workforce Deployment Models 2026: Cloud vs On-Premises vs Hybrid
Last updated April 2026
In 2024 the deployment question was a footnote. You bought a SaaS seat, you pointed it at a CRM, you were done. Two years later — with the EU AI Act's high-risk obligations in force since 2 August 2026, GDPR fines climbing past EUR 5.88 billion cumulatively (per the European Data Protection Board's 2026 annual report), and at least seven EU member states publishing national AI sovereignty guidance — where an AI workforce runs is no longer a back-office detail. It determines which contracts you can sign, which auditors will pass you, which incident-response timelines you owe, and how much margin survives the cloud bill.
The naive answer is still "buy SaaS." For a 50-person mid-market software company selling to other mid-market software companies, that is correct. But the same answer applied to a Tier-1 Italian bank, a German hospital, a French defence contractor, or a manufacturer running edge inference inside a 1990s PLC network is at best a procurement delay and at worst a regulatory disqualification.
This guide walks through the five deployment models actually in commercial use as of April 2026: public-cloud SaaS, private-cloud / VPC-deployed, on-premises self-hosted, hybrid (edge + cloud orchestration), and sovereign cloud (GAIA-X, OVHcloud, T-Systems). It maps each one against cost, latency, compliance, customization, and time-to-value, then sorts industries into the model that fits their constraint set rather than their wishlist. Compliance disclosure: Knowlee's primary commercial offering is multi-tenant SaaS; a private-cloud deployment is available for buyers whose constraints rule SaaS out — that section is flagged.
1. Public-cloud SaaS — the default for most
This is what 80%+ of AI workforce deployments still look like in April 2026, and for good reason. The vendor runs the orchestration layer, the model gateway, the vector store, the audit log, the kanban, the scheduler — everything — on hyperscaler infrastructure (AWS, Azure, GCP) shared across tenants. The buyer signs a Data Processing Agreement, plugs OAuth into Salesforce / HubSpot / Gmail / Slack, and is operating within hours.
Why it dominates. The economics of multi-tenant SaaS are still unbeaten for variable, bursty AI workloads. The same Claude or GPT-4-class model that costs USD 15 / million output tokens at retail can be amortised across thousands of tenants whose peak hours don't overlap, which is why per-seat AI workforce pricing has compressed to roughly USD 80–250 per active user per month for category leaders. A self-hosted equivalent — even on spot GPUs — rarely beats that below 30–40 concurrent agents.
What it solves. Time-to-value (days, not quarters), automatic model upgrades (the vendor swaps to the next-generation foundation model behind the scenes), zero infrastructure team requirement, predictable opex, and — critically as of 2026 — a vendor-maintained AI Act technical file. A serious SaaS vendor now ships a buyer-facing compliance package: model cards, risk classification, post-market monitoring evidence, and a current EU AI Office registration number when the system meets Article 6 high-risk thresholds.
What it costs you. Three things, roughly in this order. First, data residency choice. Most SaaS AI workforce vendors offer EU-region hosting (typically AWS Frankfurt or Azure West Europe), but the underlying foundation model may still route through a US-hosted endpoint unless the vendor has explicitly contracted EU-only inference — a question worth asking in writing. Second, model lock-in. The vendor picks the foundation model; you don't. If they switch from Claude Sonnet 4.5 to a cheaper alternative mid-contract and quality drops, your only lever is the renewal date. Third, audit trail ownership. Logs live in the vendor's tenancy. For most operators that's fine; for anyone subject to ECB DORA, EBA outsourcing guidelines, or the German BAIT, it is a problem unless the contract grants supervisory-authority access rights.
Who it's for. Mid-market B2B SaaS, professional services firms, consumer brands, agencies, e-commerce, most marketing and sales operations. If your data classification stays at "internal" or "confidential" — not "regulated" or "restricted" — public-cloud SaaS is the cheapest, fastest, and (perhaps counter-intuitively) often the most compliant option, because the vendor's compliance budget is larger than yours.
Where to push back. Demand schema-level data residency, not just tenancy region. Demand named-subprocessor list with 90-day change notice. Demand a contractual right to export the full audit log in machine-readable form. Demand model-version disclosure on request. If the vendor balks at any of these in 2026, they're behind the market.
2. Private-cloud / VPC-deployed — the regulated-buyer compromise
The middle ground that has matured fastest in the last 18 months. The vendor's software runs inside your AWS / Azure / GCP account (or, increasingly, your OVHcloud, Aruba, or Hetzner tenancy), under your IAM, your VPC peering, your KMS keys, your VPN — but the vendor retains operational responsibility through a remote-access agreement. You own the infrastructure; they own the application lifecycle.
Why it exists. The wave of AI Act + DORA + NIS2 procurement in 2025 surfaced a category of buyers who could not accept multi-tenant SaaS but did not want to staff a 24/7 AI platform team. Banks, insurers, large healthcare networks, and several national-champion industrial groups landed here. By April 2026, every credible enterprise AI workforce vendor offers a private-cloud SKU, typically priced at 1.8x–2.5x the SaaS list and gated above EUR 100k–250k ACV.
What it solves. Data never leaves the customer's cloud account. Model inference can be pinned to a customer-controlled endpoint — Azure OpenAI in the customer's subscription, AWS Bedrock with cross-account isolation, or a self-managed open-weight model on customer GPUs. Audit logs land in the customer's S3 / Blob bucket, not the vendor's. Network egress is limited to a vendor-management plane carrying telemetry and updates, not customer data. This satisfies most "data must stay in our cloud" clauses without requiring the buyer to re-implement the orchestration layer themselves.
What it costs you. Operational opacity is the headline cost. The vendor still needs a path to debug production incidents, which means a privileged-access workflow — typically just-in-time access via a customer-approved bastion, with session recording. Buyers who don't get this right end up either blocking the vendor (and losing SLA coverage) or granting standing access (and losing the point of private cloud). Cost is the second issue: cloud egress, GPU reservation, and the duplicated control plane mean a private-cloud deployment is rarely cheaper than 2x SaaS at equivalent scale, even before factoring the customer-side platform engineering load (typically 0.5–1.5 FTE).
The 2026-specific wrinkle. EU buyers increasingly require that the customer's cloud account itself sit in an EU region operated by an EU-headquartered entity, which excludes default AWS / Azure / GCP regions for some defence and government workloads. This pushes private-cloud deployments toward sovereign cloud (section 5) or toward second-tier EU operators (OVHcloud, Aruba, Hetzner, Scaleway). Vendors who only support hyperscaler private-cloud are quietly losing deals to vendors who support Hetzner Dedicated Servers and OVHcloud Hosted Private Cloud.
Who it's for. Banks (DORA), insurers, hospital networks (national health-data residency rules), pharmaceutical R&D, defence-adjacent industrials, and any organisation whose internal information security policy contains the phrase "data must remain within the company's controlled cloud environment." Also: any buyer where the legal team blocks the SaaS DPA over sub-processor lists. Private cloud collapses the sub-processor question to "the customer's own cloud, plus the vendor."
3. On-premises / self-hosted — the regulated-industry endpoint
Genuinely on-premises AI workforce deployments — running on customer-owned servers in a customer-owned datacentre, with customer-owned GPUs, with no vendor network access — are rare but not extinct. As of April 2026, the credible use cases cluster in four places: classified government workloads, certain critical-national-infrastructure operators (energy grids, water utilities, rail signalling), pharmaceutical research handling pre-clinical IP that cannot legally cross any cloud boundary, and a small number of European industrial conglomerates operating inside OT networks that simply do not connect to the internet at the relevant layer.
Why it persists. Three reasons. First, regulatory: a handful of national security frameworks (the German VS-NfD classification, the French Diffusion Restreinte, the Italian Riservatissimo) prohibit cloud processing entirely for in-scope workloads. Second, contractual: defence prime contracts often inherit clauses from the end customer that propagate cloud exclusions all the way down to the AI tooling. Third, operational: a chemical plant or grid operator with strict deterministic-latency requirements at the SCADA / DCS layer cannot tolerate the round-trip to a cloud control plane.
What it solves. Absolute data containment. Air-gappable. Deterministic latency. Compliance with frameworks where "the cloud" is a non-starter. And — increasingly important since the open-weight model wave of 2025 — full control over the model itself, including the ability to fine-tune on regulated data without it ever leaving the perimeter.
What it costs you. Most things. GPU procurement (an H100 or H200 cluster sized for a real workload starts at EUR 250k+, plus power and cooling), platform engineering (you are now running an inference stack, a vector store, a model registry, a CI/CD pipeline, an audit log retention system, and an MLOps observability layer — call it 3–6 FTE), model lifecycle management (no automatic upgrades; you decide when to swap Llama 3.3 70B for whatever comes next, and you pay for the validation), and time-to-value (a serious on-premises deployment is a 9–18 month project, not a 6-week SaaS rollout).
The 2026 reality check. Open-weight models have closed enough of the gap with frontier models that on-premises deployments are now technically credible for most enterprise tasks — Llama 3.3 70B, Mistral Large 2, Qwen2.5 72B, and DeepSeek-V3 all hit 80–90% of GPT-4-class performance on common business benchmarks at inference costs that justify the capex below ~5 million tokens / day. But the orchestration layer (kanban, scheduler, audit, governance, multi-agent coordination) is still where most on-premises projects break, because vendors who ship that layer historically optimised for cloud and are only now porting to disconnected installs.
Who it's for. Defence, intelligence, classified-government, pharma R&D on pre-clinical IP, certain critical-infrastructure operators, and large industrial conglomerates with mature internal AI platform teams. If you don't have a 3+ FTE platform team and an existing GPU procurement track record, on-premises is almost certainly the wrong answer for a 2026 AI workforce — go private-cloud or sovereign cloud instead.
4. Hybrid — edge inference + cloud orchestration
The model that's growing fastest in industrial, retail, and field-service contexts. Lightweight inference (small language models, vision models, anomaly detection) runs on edge hardware close to the action — a factory line, a retail floor, a service vehicle, a hospital ward — while the orchestration plane, the long-term memory, the cross-site analytics, and the heavyweight reasoning models run in the cloud.
Why it exists. Two physical realities. First, latency: an industrial robot arm needs sub-50ms decisions; a 700ms round-trip to Frankfurt is not a deployment, it's a hazard. Second, bandwidth: a manufacturing site with 200 cameras producing 4K streams at 30fps generates roughly 6 Gbps of raw video; you do not ship that to the cloud. You run a small model on-site that flags the 0.1% of frames worth uploading.
The 2026 architecture pattern. Edge nodes — typically NVIDIA Jetson Orin, Hailo-8L, or AMD Versal devices — run quantised small models (Phi-4, Llama 3.2 1B/3B, Mistral Nemo) for the latency-sensitive perceptual layer. They emit structured events upstream. The cloud control plane (the AI workforce orchestration platform) consumes those events, plans actions, dispatches them back to edge actuators, writes to the long-term memory graph, and surfaces the work to human operators on a kanban. The cloud also runs the heavyweight reasoning model when the edge can't decide — typically 5–15% of cases.
What it solves. The latency / bandwidth wall, plus a useful side-effect: edge inference is a privacy-by-design pattern under GDPR, because most personal data (faces in cameras, voices in microphones, body-pose data from sensors) can be processed and discarded at the edge, with only derived features escaping to the cloud. Several EU DPAs have signalled in 2025–2026 guidance that edge-first architectures lower the legal-basis bar for legitimate-interest processing.
What it costs you. Operational complexity is the main cost — you are now running two infrastructures, not one, and the failure modes multiply at the boundary. Edge devices need an OTA update mechanism, a model-deployment pipeline, a fleet-monitoring system, and a degraded-mode fallback for when connectivity drops. Cost-wise, edge hardware is a real capex line (EUR 800–4,000 per node depending on sensor density), but the cloud bill drops sharply because you stopped shipping raw data.
The 2026 governance angle. The AI Act's requirements on high-risk systems (logging, post-market monitoring, human oversight) apply to the system as a whole, not to the cloud or the edge in isolation. A common compliance failure pattern in 2025 was treating the edge as out-of-scope; the European AI Office has explicitly clarified (in the February 2026 guidance) that this is wrong. If the edge node makes the decision, the edge node is part of the high-risk system and its logs must satisfy Article 12.
Who it's for. Manufacturing (predictive maintenance, quality inspection, worker safety), logistics (autonomous mobile robots, warehouse routing), retail (in-store analytics, autonomous checkout), field service (technician AR assistance, remote diagnostics), automotive (in-vehicle assistants), and increasingly healthcare (bedside monitoring, OR scheduling). If your AI workforce has to act in physical space on millisecond timescales, hybrid is not optional — it's the only model that physics permits.
5. Sovereign cloud — the EU-strategic-autonomy option
The fastest-growing model among public-sector and regulated EU buyers. A sovereign cloud is, definitionally, a cloud whose entire operational stack — datacentres, hardware supply chain, operator entity, employees, jurisdictional control — sits within a single sovereign jurisdiction (typically the EU) and is contractually and technically immune to extraterritorial law (notably the US CLOUD Act and FISA 702). The two flagship initiatives as of April 2026 are GAIA-X (the European federated cloud framework) and the national-champion offerings: OVHcloud (France), T-Systems Open Telekom Cloud (Germany), Aruba (Italy), Scaleway (France), IONOS (Germany), and the Bleu joint venture between Capgemini and Orange.
Why it matters in 2026. The Schrems II ruling (2020) and its aftermath made it legally awkward to use US-headquartered cloud providers for certain categories of EU personal data, even with Standard Contractual Clauses. The 2024–2025 wave of AI Act + Data Act + NIS2 implementation has added a strategic-autonomy overlay: several EU member states (France with SecNumCloud, Germany with the C5 testat and the BSI guidance, Italy with the ACN cloud qualification scheme, Spain with the ENS) now publish lists of qualified cloud providers, and increasingly tie public-sector procurement to that list. As of Q1 2026, none of AWS, Azure, or GCP has full SecNumCloud qualification on their core offerings; only the joint ventures (S3NS for GCP, Bleu for Azure) approach it, and those JVs are still ramping.
What it solves. Jurisdictional certainty. A French ministry running its AI workforce on OVHcloud SecNumCloud has a defensible answer to any "where does the data live, who has access, which courts apply" question. A German Landesbank running on T-Systems Open Telekom Cloud satisfies BAIT and DORA-residency requirements without bespoke contracting. A pan-EU defence prime running on a GAIA-X-compliant federated stack can compete for contracts that explicitly exclude hyperscalers.
What it costs you. Performance gap and ecosystem gap. As of April 2026, the sovereign cloud providers run roughly 18–36 months behind the hyperscalers on managed services maturity, per-region GPU availability, and AI-specific tooling. You can rent H100s on OVHcloud and on Hetzner, but the orchestration ecosystem (managed Kubernetes feature parity, serverless inference, vector DBs, LLM gateways) is thinner. Pricing is typically 10–25% above hyperscaler list. And the foundation-model question is sharper: most frontier closed models (Claude, GPT-4) are not natively available inside sovereign clouds, so you either route to them via egress (defeating the point) or deploy open-weight models locally.
The 2026 trajectory. Sovereign cloud is not where you go for cutting-edge AI capability; it's where you go when the procurement process makes it the only legal option. But the gap is closing — Mistral's models are EU-hosted by default, several open-weight models hit GPT-4-class on European benchmarks, and the SecNumCloud / C5 / ACN lists are growing. Buyers who locked in three-year hyperscaler contracts in 2024 are increasingly negotiating sovereign-cloud parallel deployments at renewal.
Who it's for. Public sector across the EU (ministries, agencies, defence, national health systems), regulated industries with explicit national-residency mandates (banks under BAIT, insurers under VAG, telecoms under NIS2), and any organisation whose contracting authority has a SecNumCloud / C5 / ACN clause. If you don't have one of those drivers, sovereign cloud is currently a worse-product-at-higher-price trade you don't need to make.
Trade-off matrix (April 2026)
| Dimension | Public SaaS | Private cloud / VPC | On-premises | Hybrid edge+cloud | Sovereign cloud |
|---|---|---|---|---|---|
| Cost (TCO, 50 agents, 12 months) | EUR 60k–180k | EUR 150k–500k | EUR 800k–2.5M+ | EUR 200k–700k (incl. edge capex) | EUR 200k–600k |
| Latency to first token | 200–800ms | 200–800ms | 50–300ms (LAN) | 20–80ms (edge) / 200–800ms (cloud) | 250–900ms |
| Time to first agent in production | Days | 4–12 weeks | 6–18 months | 3–9 months | 6–14 weeks |
| AI Act fit (high-risk system) | Vendor-managed; verify technical file | Customer + vendor split; clearer accountability | Fully customer-owned; heaviest internal load | Joint; edge-cloud boundary needs careful logging | Strong jurisdictional posture; capability gap |
| GDPR data residency posture | Vendor-region default; verify contract | Customer-controlled; strong | Strongest | Strongest for personal data (edge-discarded) | Strongest jurisdictionally |
| Customization depth | Configuration only | Configuration + some VPC-side custom | Full source / fine-tune | Full at edge; configuration in cloud | Configuration + open-weight fine-tune |
| Internal team load (FTE) | ~0.1 | 0.5–1.5 | 3–6 | 1.5–3 | 0.5–2 |
| Model freshness | Vendor-driven, fast | Customer-controlled, medium | Customer-controlled, slow | Mixed (cloud fast, edge slow) | Open-weight only, medium |
The matrix isn't a scoreboard — it's a constraints map. The right column for you is the leftmost column whose row reads "acceptable" for every constraint your business actually has.
Industry fit
Financial services. Regulated retail / commercial banking and insurance overwhelmingly land on private cloud or sovereign cloud as of 2026. DORA's outsourcing-of-critical-functions clauses, combined with national supervisor expectations (BaFin BAIT, ACPR, IVASS, BoE PRA), push the balance away from default SaaS for any agent that touches account, claim, or underwriting data. Investment banking trading-floor automation often lands on private cloud with on-premises bursts for the lowest-latency analytics. Crypto-native financial services and EMI / payment institutions can usually still operate on SaaS — the prudential burden is lower.
Healthcare. Tightest residency rules in the EU. Hospitals, health-insurance funds, and pharma operators almost always require private cloud or sovereign cloud, with on-premises for clinical-decision-support systems that integrate with EHRs in air-gapped HIS environments. The MDR / IVDR overlay on top of the AI Act adds a software-as-medical-device layer that effectively forces a fully-controlled deployment for any agent involved in diagnosis, treatment recommendation, or patient triage. SaaS is fine for back-office (HR, finance, supply chain) inside healthcare organisations — it's clinical-adjacent agents that require custody.
Government. Sovereign cloud is the default for any in-scope public-sector workload across France, Germany, Italy, Spain, the Netherlands, and the Nordics as of 2026. National qualification schemes (SecNumCloud, C5 Testat, ACN, ENS, BIO) increasingly gate procurement. On-premises persists for defence, intelligence, and certain ministerial workloads. Some non-classified government back-office work is moving to public-cloud SaaS hosted in EU-region tenancies of qualified vendors — typically with a sovereign-cloud parallel for the regulated subset.
Mid-market SaaS. The cleanest case for public-cloud SaaS. A 50–500 employee software company selling to other software companies has no residency constraint that SaaS can't satisfy, no latency requirement edge can't ignore, no compliance overlay that justifies the operational cost of private cloud. Buy SaaS, demand a real DPA and audit-log export rights, move on. The only mid-market SaaS exception is companies whose customers are themselves regulated (a fintech-focused HR-tech, a healthtech CRM); their procurement teams will route the residency requirement through to the AI workforce vendor.
Manufacturing. Hybrid is the default and increasingly the only credible model. The combination of OT-network isolation, deterministic latency at the line, and the bandwidth wall on machine vision rules out pure cloud for any agent that touches the production process. The orchestration plane sits in cloud (private cloud for German Industrie 4.0 operators, public cloud SaaS for smaller operators); the perception and actuation plane sits at the edge. The discrete-vs-process-manufacturing split matters: discrete (automotive, electronics) leans cloud-heavier, process (chemicals, oil & gas, pharma manufacturing) leans edge-heavier.
Knowlee deployment options
Compliance disclosure: this section is product positioning. Knowlee's commercial offering is multi-tenant SaaS as primary; a private-cloud deployment is available for buyers whose constraints rule SaaS out.
Knowlee runs as multi-tenant SaaS by default — the orchestration layer, the kanban, the jobs registry, the Neo4j memory graph, and the MCP fabric all run in EU-region infrastructure (currently Hetzner Falkenstein for compute, with Supabase EU for the per-vertical data plane). The foundation models are routed through EU-hosted endpoints where vendor-supported. AI Act technical files, post-market monitoring evidence, and audit-log export rights are part of the standard MSA.
For regulated buyers — banks, insurers, hospital networks, defence-adjacent industrials — Knowlee offers a private-cloud deployment in the customer's own AWS / Azure / GCP / OVHcloud / Hetzner tenancy. The orchestration plane runs under the customer's IAM, the memory graph runs in a customer-controlled Neo4j instance, and the MCP fabric is configurable to route only to customer-approved endpoints. Foundation-model selection includes the option to pin to open-weight models (Llama 3.3, Mistral Large 2, Qwen2.5) hosted in the customer tenancy, for buyers who cannot egress prompts to closed-model providers.
Knowlee does not currently sell on-premises, sovereign-cloud, or hybrid-edge deployments as productised SKUs. Buyers with those constraints work with Knowlee's solutions team on a deployment design and a separate professional-services engagement. We tell buyers honestly when their constraint set is better served elsewhere — sovereign-cloud procurement, in particular, often makes a different vendor the right answer in 2026.
FAQ
Q: Is on-premises AI workforce realistic for a mid-market company in 2026? Almost never. Below ~500 employees, the platform-engineering load alone (3–6 FTE plus GPU capex) breaks the business case versus private cloud or SaaS. The exception is mid-market companies in defence supply chains where a prime contractor's clauses force on-premises — and even then, the compliant move is usually a private deployment in a sovereign-qualified cloud, not a self-built on-premises stack.
Q: How does the AI Act treat hybrid deployments where the edge and cloud are operated by different parties? As one system. The European AI Office's February 2026 guidance is explicit: high-risk-system obligations apply to the system as a whole, and the deployer (Article 26) is responsible for ensuring compliance across the boundary. In practice, this means the contract between the edge-hardware vendor, the cloud-orchestration vendor, and the deployer must allocate Article 12 logging, Article 14 human oversight, and Article 72 post-market monitoring responsibilities clearly — and the deployer carries the residual risk if the allocation has gaps.
Q: Can I switch from public-cloud SaaS to private-cloud after starting? With most credible vendors in 2026, yes — but it's a migration, not a flip. You're moving the tenancy, re-pointing identity, exporting and re-importing data, and re-validating the AI Act technical file. Budget 8–16 weeks of effort and expect a 1.5x–2.5x annual cost step-up. Vendors who don't support the upgrade path are increasingly visible as a risk during procurement; ask the question at the RFP stage.
Q: Are sovereign clouds actually production-ready for AI workloads in 2026? For inference on open-weight models, yes — OVHcloud, T-Systems, Aruba, and Hetzner all offer GPU instances suitable for 70B-class models, and the regional capacity has roughly tripled since 2024. For frontier-closed-model workloads, no — Anthropic and OpenAI do not currently host their flagship models inside SecNumCloud or C5-qualified environments, so any sovereign-cloud deployment of those models requires either egress (defeating the purpose) or use of regional endpoints that don't carry sovereign qualification. The pragmatic 2026 answer: sovereign cloud + open-weight model is production-ready; sovereign cloud + frontier-closed model is not yet a coherent product.
Q: How should we choose between a private-cloud deployment and an EU-region public-cloud SaaS deployment, when both claim "data stays in the EU"? Three questions. First, where do the foundation model inference calls actually land? Public-cloud SaaS often routes to the model vendor's endpoint, which may not be EU-pinned even if the SaaS application layer is. Second, who has operational access to your data — vendor employees, vendor sub-processors, or only people inside your organisation? Private cloud answers "only us, plus contractually-bounded vendor break-glass access." SaaS answers "the vendor's operations team plus their sub-processors." Third, who owns the audit log? In SaaS, the vendor; in private cloud, you. If the answer to any of these matters for your regulator or your customers' regulators, that pushes you toward private cloud regardless of regional posture.
Related reading
- AI workforce management software in 2026 — how the orchestration layer differs across deployment models.
- AI workplace transformation in 2026 — what changes inside the organisation when AI agents become operationally accountable.
- Open-source AI workforce platforms in 2026 — the open-source orchestration layer options that map onto on-premises and sovereign-cloud deployments.
- AI workforce governance framework in 2026 — the policy and audit architecture that sits across all five deployment models.
- Best AI workforce platforms in 2026 — vendor landscape with deployment-model coverage.
Sources used: EU AI Act consolidated text and European AI Office February 2026 guidance; EDPB 2026 annual report; ANSSI SecNumCloud reference v3.2; BSI C5 catalogue 2024; ACN qualification scheme 2025; ECB DORA Level 2 RTS; vendor disclosures and pricing pages as of April 2026.