We exist to define a standard, not to generate profit.
Funding serves the mission; it is never the mission itself. The foundation sells no software and no consulting. No single funding source is allowed to grow large enough to direct the standard.
About
A standard, not a company.
The Osprey Foundation maintains POSS. It sells no software and no consulting. It defines what sovereign software actually means — and certifies who meets that definition.
Mission
Keep the standard trustworthy, open, and free.
The Osprey Foundation is a globally neutral, non-government-affiliated organization. Its single purpose is to maintain the POSS standard — Privacy-first Open Source Software — and to keep it trustworthy, open, and free for everyone who adopts it.
It was started by Harshal More in Mumbai in 2026. By design, the foundation is governed independently of any single person. No individual — including its founder — is irreplaceable. The standard must outlive whoever began it.
Non-negotiable principles
The Five NONs
Not constraints — the competitive moat. A government that can trust no vendor can trust a body with no profit motive and no product to sell.
We belong to no government, no corporation, no movement.
The foundation is globally neutral. A government in India, Brazil, or the Middle East cannot trust a vendor bound to a single jurisdiction or an IPO timeline. It can trust a body with no profit motive and no national allegiance.
Everything we produce is open.
Specifications, blueprints, and documentation are released under open licenses. The standard cannot be owned, gated, or forked into a proprietary advantage by anyone — including the foundation itself.
We never create artificial scarcity.
No paywalls. No lock-in. POSS belongs to everyone who adopts it. Verification and trust are services the foundation provides; the standard itself is free, forever.
No single person should be irreplaceable.
The standard must outlive any individual, including its founder. Governance is built to transfer. If the foundation depends on one person, it has already failed its purpose.
What we do
Eight core activities.
Publish the standard
Write, maintain, and version the POSS specification that defines privacy-first, sovereign, self-hostable software.
Certify software
Evaluate open-source projects against the POSS criteria and grant compliance badges.
Certify people
Run tiered examination programs for developers, architects, and auditors.
Manage trademarks
Own and license the POSS name and marks defensively — free to compliant projects, enforced against misuse.
Host events
Run the annual POSS Summit and regional meetups.
Ship reference implementations
Build free, open-source software that proves the standard works in practice.
Engage governments
Advise procurement frameworks as a neutral, vendor-agnostic voice.
Govern the community
Manage contributors, review changes, and resolve disputes in the open.
What the foundation never does
Never sells consulting. Never charges for the software. Never takes equity in companies. Never endorses specific vendors. Never accepts funding that compromises its neutrality. The moment it does any of these, the trust that is its only asset disappears.
Governance
Built to transfer.
The foundation incorporates as a Swiss Stiftung — a foundation under Swiss law — chosen for its reputation for neutrality and its distance from any single technology power bloc. Registration happens once the standard reaches its adoption threshold; until then the foundation operates as an informal, founder-led project, and says so plainly.
The intended governance model is Apache-inspired: a Board of Trustees for strategic oversight, a Technical Steering Committee for the specification and certification criteria, a Certification Committee for exam design and auditor licensing, and project maintainers for the reference implementations. Committees are majority non-affiliated by design.
The decision framework
Every choice is tested against four questions:
- Does this align with the Five NONs? If not, stop.
- Does this serve the standard, or serve us? If us, don't do it.
- Does this increase trust or decrease it? If decrease, reconsider.
- Would we be comfortable if this decision were public? If not, don't do it.
Transparency
We publish what is real.
Transparency is how the Non-Commercial principle earns its credibility. The foundation commits to publishing audited annual reports, disclosing its funding sources, and capping the influence of any single funder.
Those figures will appear here once they exist and have been audited — not before. The foundation does not publish projections or estimates dressed as fact.