Ankarina
Notebook

Notes from the workshop.

Long-form pieces on the practical work of building digital products in regulated spaces. Written by someone who does this every day.

Stack of thread-bound notebooks with a royal-purple bookmark.
May 2026 · Essay · 6 min

What 'EU Hosting' Actually Means in Law. Location, Jurisdiction, and Where Schrems II Still Bites.

A server in Frankfurt is not automatically GDPR-compliant. Data location and legal reach are two different things. A clarification for studios that want to use the term honestly.

Read the essay → May 2026 · Essay · 8 min

The European Accessibility Act for Small Providers. Who It Covers and What It Actually Asks For.

Since 28 June 2025 the EAA applies, transposed in Germany as the BFSG. For small providers the more useful question is not how onerous it gets, but whether the law applies to them at all. A short clarification.

Read the essay → May 2026 · Essay · 6 min

GDPR Article 25 in Practice. What Privacy by Design Actually Demands When You Mean It.

Privacy by Design is not a marketing phrase in the GDPR; it is a duty. Article 25 requires concrete technical and organisational measures, and supervisory authorities check whether the decisions taken are documented and defensible.

Read the essay → May 2026 · Essay · 7 min

The EU AI Act for Small Studios. When an App Is AI and When It Is Not.

The EU AI Regulation sounds like a problem for large corporations. For many small studios the more useful question is a different one: does what we are building actually fall under the Regulation? A reading from solo practice.

Read the essay → May 2026 · Essay · 7 min

The MDR Pathway for Solo Developers. Reading Rule 11 Without a Compliance Department.

EU medical device regulation is often described as something only large corporations can navigate. The truth is more interesting: small developers can engage with it honestly, if they understand what it actually asks for.

Read the essay → May 2026 · Essay · 6 min

Privacy by Design in Health Apps. Why Local-Only Storage Matters for Cancer Patient Companions.

When the data is this sensitive, „trust us, it is encrypted" is not enough. A practical argument for leaving sensitive health data where it belongs: on the user's device.

Read the essay →