.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
CloudFest 2026 is done. Four days at Europa-Park in Rust, Germany (March 23 to 26), roughly 10,000 people from 80+ countries, 250 speakers across 175 sessions and a schedule that starts with coffee at 8 AM and doesn't really end until someone finally leaves the Colosseo Bar at 3 AM. We wrote a pre-event post about what we wanted to get out of it. Now here's what happened.
The short version? This year felt different. A subtle shift, the kind you notice by Wednesday when you realize that every second hallway conversation has touched the same two or three themes. Security operations, EU sovereignty and AI that's being talked about in practical terms instead of hype terms. People are tired of vague promises and they want specifics.
How CloudFest 2026 was structured
If you've been before, you already know the rhythm. Monday kicked off with the WP Business & Agency Summit, a full day of sessions aimed at web agencies and WordPress professionals, followed by the Come2Gather party in the evening. The Lords of Uptime played their set (these guys are industry people who happen to be in a band together) and from that point on, CloudFest's social engine was running.
Tuesday through Thursday was the main event. This year CloudFest dropped daily subthemes and replaced them with five topic tracks that ran across all three days: Cybersecurity & Compliance, AI-Powered Cloud Solutions, Corporate IT Evolved, Data Sovereignty and Finding the Future. Those names sound like marketing language, sure. But the structure worked well. It was easier to follow a thread across multiple days instead of jumping between unrelated themes.
The biggest physical change was CloudFest Village. It's a new expansion area with the WebPros Stage, a bar/cafe, swag shop and its own exhibition space. There was also the Street Food Festival (food trucks close to the Cloud Fair hall, which saved a lot of time compared to past years where grabbing lunch could eat half your afternoon). And yes, the Server Throwing Arena. People threw servers. It's a real sport now, sanctioned by the World Server Throwing Association, and the crowd was louder than you'd expect.
CloudFest also launched the HackerSpace this year, a dedicated area for cybersecurity sessions and a Capture the Flag tournament. If you care about security (and if you're running infrastructure, you should), that corner of the event pulled in a solid crowd all week.
Sessions and speakers that stuck with us
With 175 sessions running on multiple stages, you can't see everything. So we picked based on what we care about: infrastructure, security, compliance and how AI is being used in real operations right now.
Brewster Kahle's appearance on Thursday was probably the most talked-about session. The founder of the Internet Archive came on stage for a fireside chat with Christian Dawson from the i2Coalition, and the conversation covered everything from the Internet Archive hitting one trillion preserved web pages to how AI is reshaping what "public knowledge" even means. What made it hit hard is the context: the Internet Archive barely survived 2024 after a major DDoS attack and data breach. Brewster talked about that openly, and it was a reminder that the infrastructure we take for granted is more fragile than most people think.
Radia Perlman, often called the "Mother of the Internet" for inventing the Spanning Tree Protocol, was another highlight. Her focus was on internet resilience and long-term stability, which are the kind of boring-sounding topics that matter enormously when you're the one responsible for keeping things running. Brittany Kaiser, the Cambridge Analytica whistleblower, brought a very different energy to the stage. Her session tackled data ethics and power structures in cloud platforms, and it connected back to the overarching theme of sustainability in a way that felt honest rather than performative.
On the more operational side, Oliver Sild from Patchstack presented results from controlled security testing across multiple hosting companies. His team ran simulated attacks against shared hosting environments and showed who was prepared and who wasn't. For anyone managing WordPress at scale, that session was uncomfortable in a useful way. Ditlev Bredahl from hosted.ai delivered what felt like the most candid AI session of the week with his talk on GPU-as-a-Service, one year later. He openly admitted that some of what the industry promised last year hasn't materialized, and that honest assessment was refreshing.
Igor Seletskiy from CloudLinux focused on something practical: how to extract more revenue from existing customers instead of burning cash on acquisition. His framing around ARPU improvements of even a few dollars was the kind of unsexy math that changes business outcomes. And Robert Jacobi from Blackwall made a case for owning your security stack instead of outsourcing it to CDN providers, arguing that bot traffic is eating bandwidth and CPU that providers pay for but can't bill anyone for.
What people were talking about between sessions
Sessions are one thing. But at CloudFest, the hallway conversations are where you find out what people are really dealing with. Here's what kept coming up.
NIS2 and compliance pressure
NIS2 was everywhere. And it had a "we need to figure this out by Q3" kind of urgency that wasn't there last year. Providers across Europe are trying to translate the directive into routines: incident handling documentation, supplier risk assessments, access control logs and audit trails that hold up when a customer or regulator asks for evidence. The smaller the provider, the harder this is. Most don't have a dedicated compliance team, so the work falls on people who are already stretched thin doing operations.
We had several conversations about this during the week, and the common pattern was frustration mixed with acceptance. Nobody disputes that better security documentation is a good thing. The friction is in how to do it without it becoming a full-time job. webhosting.today published an article on NIS2 during the event that captured the mood well.
EU cloud sovereignty is real demand now
Last year, sovereignty was mostly a talking point. This year it's purchasing criteria. We heard from multiple providers and customers that European-hosted, European-operated alternatives to hyperscalers have become a hard requirement. Regulated industries are pushing for it. Some procurement processes now explicitly require it. And the questions go well beyond where data is stored. Who can access it, what logs exist, how encryption keys are handled and what happens when a customer needs proof for their own compliance audit are all part of the conversation now.
For us at LumaDock, as a European cloud provider, this is something we've been building toward. But hearing the urgency firsthand from people across different industries confirmed that the demand is accelerating faster than we expected.
AI in infrastructure is getting specific
The AI conversation has shifted. In 2025, people were still trying to figure out if AI belongs in ops. In 2026, the question was more specific: what tasks does it reduce time on, and what failure modes should we worry about? Monitoring, anomaly detection and automated incident triage came up a lot. But so did skepticism about giving automated systems authority to act without a human in the loop.
Our position hasn't changed much. If an automation can't explain what it did and why, we treat it as a liability. That view resonated with a lot of operators we talked to this week.
Rising hardware costs
This one came up constantly in informal conversations. RAM and storage prices are climbing, and providers of all sizes are feeling it. The conversation goes deeper than "prices are up" though. How do we absorb this without passing it all to customers? How do we plan capacity when we can't predict pricing six months out? Nobody had a clean answer, which is why people kept talking about it.
CloudFest Village on the ground
Worth giving this its own section because the physical changes to CloudFest were significant. The Village added real breathing room. Previous years had a bottleneck problem where the main exhibition hall got overcrowded by midday and finding a place to sit for a casual meeting was genuinely difficult. The WebPros Pavilion helped with that. It had its own stage running sessions, plus enough seating and cafe space that you could have a real conversation without shouting over background noise.
The Street Food Festival near the Cloud Fair hall was a small but meaningful improvement. In past years, lunch logistics could derail your entire afternoon. Having food trucks nearby meant you could eat in 15 minutes and get back to meetings instead of losing 45 minutes in a queue at one of Europa-Park's restaurants.
And the Dome area, an indoor-outdoor lounge with regional wines, was a smart addition. It gave people a quieter alternative to the parties for networking. Sometimes you want a glass of wine and an honest conversation about infrastructure economics instead of a loud band at 10 PM, and now there's a place for that.
Our week at CloudFest
Our team this year was CEO Bogdan, CTO George, our Chief Customer Officer Teo... and yours truly. We split up across sessions and the expo floor, then regrouped for joint meetings when both sides of a conversation needed technical and commercial input.
Monday was a warm-up: catching up with people we already know, orienting ourselves in the new layout and getting into the Come2Gather party. Tuesday was dense. Back-to-back meetings from morning until the expo closed, then the Loud in the Cloud party (powered by Supermicro and NVIDIA). Wednesday was where things clicked. Conversations shifted from introductions to substance, and potential partnerships moved from "we should talk" to "here's what we're thinking specifically." Thursday slowed down in a good way. Final day energy at CloudFest is different. People are tired but also more open. Quick hellos turn into long conversations because there's less schedule pressure.
We had good exchanges throughout the week with providers, vendors and people building interesting things in this space. Some conversations were about technology, some about partnership models and some about shared operational challenges. A few will turn into concrete things over the coming months. Big thanks to everyone we connected with this week.
What we're taking home and doing differently
This is the part that matters most. Events are worth the trip only if they change something when you get back. Here's what we're acting on.
We're tightening our NIS2 readiness. We have a clear plan now for documenting controls, mapping supplier dependencies and building audit-ready evidence. The conversations at CloudFest confirmed that this isn't optional anymore, and that providers who do it early will have an advantage when customers start asking (some already are).
We're refining how we talk about sovereignty. Saying "European-hosted" isn't specific enough anymore. Customers want to know what that means in terms of access, encryption, logging and compliance support. We're working on making those answers clearer and more verifiable in our documentation and sales conversations.
We're evaluating two specific AI integrations for our internal operations. These are for monitoring and anomaly detection where we've identified clear toil that a well-scoped automation can reduce. The key constraint: anything we deploy has to have explainable outputs and a human stop mechanism. We already have customer-facing AI.
And on the product side, some conversations this week validated directions we were already considering for our VPS platform. We can't share details yet, but you'll see movement in the next few months.
Should you go to CloudFest?
If you work in hosting, cloud infrastructure, domains or the WordPress/web agency space, yes. The session content is solid but honestly the main value is the people. Four days of unstructured access to decision-makers from across the industry, in an environment where people are relaxed enough to give you honest answers instead of polished ones. That's hard to replicate anywhere else.
A few practical notes for anyone considering it next year:
Leave gaps in your schedule. The best conversations at CloudFest are the ones you didn't plan. If every 30-minute slot is booked, you'll miss them.
Use the app. The layout at Europa-Park is confusing, especially with the new Village area. The app's wayfinding feature saves real time.
Stay for the parties but pace yourself. Monday through Thursday is a long run. If you go all-out on Monday night, Wednesday will hurt. The afterparties are where connections deepen, but they only work if you can still form sentences.
Bring comfortable shoes. Europa-Park is a theme park, and you'll walk more than you expect.
See you next year!
