Drupal feeds

The Drop Times: Sovereignty Expires; Licences Don’t

Drupal Planet -

Europe is finally getting serious about digital sovereignty, and getting it half right. The instinct to “Buy European” is sound, but the frameworks being built around it are solving for the wrong variable. Ownership and headquarters are snapshots; they tell you where power sits today, not where it will sit after the next acquisition. Skype had every European credential imaginable. Microsoft shut it down in 2025.

The missing piece is durability. Dries and Nicholas argue, convincingly, that a sovereignty score without an open-source licensing requirement is a sovereignty score with an expiry date. The GPL licence did not stop Oracle from acquiring Sun Microsystems, but it ensured that MySQL could not be discontinued. MariaDB exists today because someone had the legal right to fork before the deal closed. That right is structural; it does not depend on which flag flies over the headquarters.

The forthcoming Cloud and AI Development Act is the real test. Europe can use it to define what makes sovereignty resilient: open licensing as a hard gate for mission-critical procurement, and supply chain assessments that distinguish between dependencies that can be replaced quickly and those that would take years to rebuild. Anything short of that risks becoming a checklist rather than a strategy.

With that, here are the key stories from the past week.

DISCOVER DRUPALEVENTORGANIZATION NEWSDRUPAL COMMUNITYSECURITY

Additional developments from across the Drupal ecosystem were published during the week. Readers can follow The Drop Times on LinkedIn, Twitter, Bluesky, and Facebook for ongoing updates. The publication is also active on Drupal Slack in the #thedroptimes channel.

Alka Elizabeth
Sub-editor
The Drop Times

Drupal AI Initiative: Drupal Is All In on AI. Now Comes the Hard Part

Drupal Planet -

Original article posted by Christoph Breidert on 1xINTERNET website

Over a decade ago, I co-founded 1xINTERNET on the conviction that Drupal was the best platform for ambitious web applications. That bet paid off. But recently, as AI began disrupting our industry, I found myself facing an unfamiliar feeling: uncertainty. For the first time in my career, the path forward wasn't entirely clear.

If you are a decision-maker navigating this shift, you likely feel the same way. We are all trying to figure out how to leverage AI's huge potential without compromising enterprise security, compliance, or content quality.

The good news is that while the broader AI landscape remains turbulent, the direction for content management systems is becoming clear.

Christoph Breidert


Christoph Breidert facilitating a Drupal AI workshop at DrupalCon Chicago 2026.

When the Drupal AI Initiative was founded in June 2025 by 1xINTERNET, Acquia, DropSolid, FreelyGive, and Salsa Digital, our mission was to chart that exact path. Today, alongside Niels Aers, my role is to manage the AI product direction so that organizations can confidently bring AI into production.

Since the founding, over 30 leading companies have joined the initiative. But a defining moment happened recently at DrupalCon Chicago 2026. During his keynote - the "Driesnote" - Drupal founder Dries Buytaert bluntly asked the community regarding the AI shift: Are you in or are you out?

The undeniable energy from the community and the rapidly intensifying momentum proved one thing: Drupal is all in on AI.

But what does "all in" actually mean? We aren't just talking about adding superficial features like chatbots or simple text generators. We have built a powerful agentic infrastructure natively into Drupal. This provides us with a robust foundation, allowing organizations to build complex AI applications and deploy autonomous agents capable of executing multi-step workflows on their behalf.

What an Agentic CMS actually requires

Let’s be clear: Agentic AI delivers incredible velocity, and every organization from SMEs to global enterprises needs that speed. But deploying autonomous agents without control is a liability. You need AI infrastructure that accelerates your workflows while ensuring that this speed doesn't destroy your content quality or violate your compliance rules.

This requires a robust governance foundation to run the infrastructure safely. The Drupal AI Initiative has spent the past months building exactly that. These are the final pieces we have built to complete the production-ready foundation:

  • AI Guardrails: Configurable rules that intercept both outgoing requests and incoming AI responses. Whether it's preventing the exposure of personal data (PII), ensuring prompt safety, or mitigating legal liability, guardrails keep the AI agents within defined boundaries.
  • AI Observability: Complete transparency into what your AI agents are doing. Every prompt, token usage metric, and model response is logged, providing a clear audit trail for compliance and cost optimization.
  • Context Control Center: AI models are useless without context. This system acts as a router, intelligently feeding the right organizational data (and only the right data) to the LLM based on the user's specific task.
Introducing AI Content Reviews

Let’s separate the hype from reality: The core foundation of Drupal AI is production-ready today. With a secure governance infrastructure now in place, we are shifting from building the engine to delivering the applications. We are shipping out-of-the-box features so organizations can immediately benefit without building complex workflows from scratch.

The first major capability rolling out is AI Content Reviews. This is not a future roadmap concept, it is a real, tangible feature designed to close the quality gap for large websites by acting as a continuous, background quality assurance partner.

It provides scalable, AI-assisted content governance that integrates naturally into how editors already work. The system evaluates content against your organization's specific rules, such as brand voice, legal compliance, SEO, and accessibility. It flags issues, explains them in plain language, and proposes concrete fixes. Crucially, human oversight remains the starting point: an editor simply reviews the flagged issues and can apply the suggested fixes with a single click.


AI Review Management Overview

Upcoming features

AI Content Reviews is just the first application of our agentic infrastructure. Following close behind is AI-powered semantic search with synthesized summaries. This allows visitors to find what they need through meaning rather than keywords, enabling the site to surface direct answers instead of just a list of results. 

We are also actively packaging AI assistants embedded natively across editorial workflows, site-building, and end-user interfaces. These capabilities have been thoroughly explored and validated in our innovation workstream and are now being readied for production use.

Want to see the full picture of what we are building? You can explore the complete Drupal AI Roadmap to see exactly where the initiative is heading next.


Overview Drupal AI Roadmap 2026.

Drupal’s architectural advantage

Why build this directly into Drupal instead of relying on external AI services or other CMS platforms? It comes down to a fundamental technological advantage. Many modern CMS platforms, especially closed SaaS products and pure headless systems, force you to rely on disconnected external API wrappers to communicate with AI. This architectural limitation means your developers have to manually rebuild your existing user permissions, workflows, and access rules in a separate middleware layer just to keep the AI secure.

Drupal AI has a distinct head start because of its deep internal architecture:

  • Co-location with the Content Graph: AI models are only as good as the context they can access. By embedding AI orchestration directly within Drupal, the AI has native, zero-latency access to your entire structured content graph. There is no integration friction.
  • Native Permissions & Access Control: Because Drupal's entity system and field-level access controls are so deeply integrated, the AI operates entirely within your existing permissions. It cannot expose, analyze, or modify content the user shouldn't see.
  • Provider-Agnostic Abstraction: Similar to what makes frameworks like LangChain powerful, Drupal AI abstracts the LLM providers (OpenAI, Anthropic, local models, etc.). But unlike external middle-tiers, Drupal enforces strict schema typing before data ever hits your database, ensuring structural integrity.

An Unmatched Ecosystem for AI Agents: Autonomous agents need tools to interact with the outside world. Because Drupal already possesses a massive, deeply established ecosystem of enterprise integrations, your AI agents can directly interact with your CRMs, ERPs, and marketing platforms. You don’t have to build custom API connectors for your AI to take action across your broader tech stack.

Moving forward

The uncertainty of the AI era remains, no one knows exactly what the landscape will look like in three years. I'm being honest about that. But what I do know is that the architecture we are building is solid, the foundation is ready, the community driving it is fully committed and has the resources.

If you are evaluating whether Drupal is the right foundation for AI-powered content management, you don't have to figure that out alone. The Drupal AI Partners network brings together specialized agencies with deep experience deploying exactly these capabilities. If you are ready to move from evaluation to implementation, that is the right place to start.

We are all building in conditions none of us have navigated before.
The difference is what we are building on.

I've Seen This Movie Before.

Phase II Technology -

I've Seen This Movie Before. kdavis Thu, 04/16/2026 - 14:23

Back in October 1992, I walked into the Moscone Center in San Francisco for Interop, one of the biggest networking conferences of the era. I'd seen a lot of tech demos before, but one stopped me in my tracks.

A small booth was showing something called 10Base-T (Ethernet over ordinary Cat-5 telephone cable). Two computers, quietly exchanging data, surrounded by a deliberately hostile environment: electric motors running, vacuum cleaners humming, devices designed to generate every kind of electrical interference imaginable. And the data transfer was rock solid.

It doesn't sound like much today. But what I understood in that moment was that Ethernet had just escaped the lab. It no longer needed expensive, cumbersome thick coaxial cable snaked through walls by specialists. Now it could run over the same phone wiring already in every office building in the world. That demo didn't just show a better cable. It showed the beginning of the Internet revolution: the moment a transformative technology became something anyone could use, anywhere.

I hadn't felt that feeling again in thirty-plus years.

Until last week at HumanX 2026.
 

 

Welcome to the Next Revolution
HumanX brought together a remarkable cross-section of AI's most consequential voices: thousands of leaders, all under one roof at the same Moscone Center from Interop 34 years ago. The speaker roster read like a who's who of the AI world: Fei-Fei Li, Matt Garman, Bret Taylor, Andrew Ng, Ali Ghodsi, Vinod Khosla, Al Gore, Ray Kurzweil, and voices from Snowflake, Anthropic, NVIDIA, Perplexity, Zoom, Cursor, Salesforce, and dozens more. Speaker after speaker, I kept having the same déjà vu: agentic AI has been talked about for a while now, but this felt like the point where it stops being a topic and starts being a reality.

Not AI as a chatbot or a co-pilot that helps you write emails faster, but AI as an autonomous agent: something that can take a goal, connect to your systems and data, make decisions, take actions, and deliver results, all without a human clicking through each step.

The parallels to 1992 are striking. Just as 10Base-T democratized networking by making it accessible and practical, agentic AI is doing the same for intelligent automation. The question is no longer can AI do this? It's how do we actually deploy it at scale?

The Signal Through the Noise
Across every session and panel, a few themes surfaced over and over again:

  1. Agents are where the value actually lives. Every major platform company (Salesforce, AWS, Vercel, Sierra) agreed that generative AI's biggest ROI isn't in content creation. It's in agents that take action inside real business workflows: customer service, sales prep, code generation, HR processes. The companies winning are the ones moving from "demos" to production agents doing real work at scale.
  2. Adoption is a culture problem, not a technology problem. The companies successfully scaling AI aren't the ones with the best models; they're the ones that normalized AI use across every role, embedded it in existing workflows, and gave employees permission to experiment. The biggest adoption killers? Cultures where you have to be the smartest person in the room, or where using AI feels like admitting weakness.
  3. The workforce reskilling challenge is urgent and underestimated. Andrew Ng made a bold call: everyone should learn to code. Not because they'll write code by hand, but because AI makes it possible for non-engineers to build things, and those who can will dramatically outperform those who can't. Meanwhile, the gap between the pace of AI change and universities' ability to update their curricula is widening fast.
  4. Humans need to stay in the loop. Despite all the agentic enthusiasm, speaker after speaker was clear: humans still need to own the decisions that matter. AI handles the rote, the repetitive, the data-gathering, but accountability, judgment, and empathy remain human responsibilities. "People plus AI is a new way to work" was practically the conference motto.
     

Data Is the Hardest Problem, Still
If there was one problem that came up again and again, sometimes directly and sometimes quietly lurking under the surface, it was data. Specifically, the challenge of connecting AI to the right data, in the right context, with enough quality and trust to actually act on it.

The "garbage in, garbage out" problem is very real in the agentic era. When an agent can autonomously cancel an order, qualify a loan, or generate a report, bad data doesn't just produce a wrong answer, it can trigger a costly wrong action.

Several distinct data challenges kept surfacing:

  • Most enterprise data is unstructured and hard to use. The good stuff isn't in clean spreadsheets. It's in videos, PDFs, Slack threads, email chains, and Confluence pages. RAG search and vector databases help, but they don't fully solve the problem of extracting reliable, contextual intelligence from this kind of data at scale.
  • Data is siloed, and quality varies wildly. Agents need context from a dozen systems simultaneously, but those systems don't naturally talk to each other. And even when you can connect them, the quality of what's in them matters enormously.
  • Data governance adds another layer of complexity. Not everyone should see everything, and neither should every agent. Different people have different access levels across different systems, and when an AI tries to synthesize information across all of them, enforcing those boundaries while still delivering useful answers is a genuinely hard problem. It's not just a technical challenge; it's an organizational and legal one too.


I've been working through exactly these challenges firsthand. Our team has been building what we call an Intelligence Layer for client projects: an agent that connects to the full project ecosystem (Slack, Google Drive, Jira, GitHub, Salesforce, and more). The goal is to give anyone on a project team the ability to ask natural language questions about project status, technical decisions, client context, and get accurate, grounded answers.

It works remarkably well, until you hit the data relationship problem. When the same information exists in multiple systems, which source is authoritative? If Jira says a ticket is closed but the related GitHub PR is still open, what does the agent say? If a client question was answered in a Slack thread and later updated in a Google Doc, which is current? These aren't AI problems; they're data integrity problems that AI inherits.

Some vendors are tackling this directly. DevRev's "Computer" product, for example, is built around the concept of Computer Memory: a unified, AI-ready layer that ingests data from across your tools and systems (structured and unstructured) into a single source of truth that agents can query and act on. It's an approach I’m watching closely.

I’m Here For It
HumanX 2026 felt like Interop 1992: the moment a transformative technology became practical, accessible, and unstoppable. Agentic AI is no longer a research project or a vendor pitch. It's running in production at companies around the world, doing real work, at real scale.

Not everything you see today will survive. Not every agent platform, not every AI startup, not every use case will make it. That's fine. The dotcom era gave us a lot of Pets.coms, but it also gave us Amazon.

The question for every practitioner and leader isn't whether to engage with agentic AI. It's whether you're going to be in the driver's seat when the revolution arrives, or scrambling to catch up after it passes you.

I know which side I plan to be on.

Interested in talking more about the Intelligence Layer we're building, or how AI agents can be applied to your business?

I'd love to connect.

Publication Date Thu, 04/16/2026 - 14:04 Mike Potter Principal Engineer, CMS

Mike’s career started as an experimental neutrino particle physicist before creating the first WWW home page for Los Alamos National Laboratory. Mike has extensive experience architecting, designing, and overseeing the implementation of many complex enterprise solutions for Phase2, and also architected and led the development of the Open Atrium collaboration framework product.

Featured Blog Post? Yes Has this blog post been deprecated? No Summary HumanX brought together a remarkable cross-section of AI's most consequential voices: thousands of leaders, all under one roof at the same Moscone Center from Interop 34 years ago. Topic Artificial Intelligence HumanX Blog Banner Image Promo Image

The Drop Times: Erdfisch Expands nerdfisch DevBits into Public Drupal Code Archive

Drupal Planet -

Reusable fixes often remain confined to individual projects, forcing developers to solve the same problems repeatedly. erdfisch has expanded its internal DevBits system into a publicly accessible archive, exposing working Drupal code snippets drawn directly from project work. The collection prioritises immediate implementation over explanation, making internal solutions available without reshaping them into long-form documentation.

Drupal Starshot blog: Differentiating Marketplace Site Templates and Community Site Templates

Drupal Planet -

Site templates are available through two distinct pathways, each serving different needs within the community.

The official Drupal.org Marketplace provides a curated collection of site templates that meet certain quality standards, and are built on top of Drupal CMS as a foundation.

Community templates offer an alternative pathway for innovation and experimentation without the constraints of the curation process, by publishing the template as a general project on Drupal.org.

Official Marketplace Site Templates

The Drupal.org Marketplace are built on top of Drupal CMS, and curated to provide new users with confidence that they're starting with a consistent, solid and professionally built foundation that follows established best practices.

Key characteristics

  • Templates undergo a review processes

  • Must follow Drupal CMS best practices for security, accessibility (WCAG 2.2 AA), performance, and code quality

  • In the beginning, focus is solely on growing Drupal CMS adoption; site templates accelerate adoption of Drupal CMS by providing context relevant demo content and Drupal Canvas-compatible theme

  • Clear documentation, maintenance commitments, and user support expectations

  • Currently open to Drupal Certified Partners (for organizations) and Ripplemakers (for individuals or very small companies). Apply to become a creator here.

Benefits

  • Consistency for users who need reliable, production-ready starting points

  • Quality assurance through professional review processes

  • Support and maintenance commitments for long-term sustainability

  • Revenue opportunities for professional template creators

  • Sustainability for the Drupal Association through revenue sharing

Community Site Templates

Anyone interested in contributing a template can do so now, by publishing it as a general project on Drupal.org. All free site templates, including marketplace templates, are general projects for packaging and distribution purposes. Community site templates will be considered for inclusion in the Drupal.org Marketplace based on their compatibility with the outlined criteria.

Key characteristics

  • Can be published without formal review or approval

  • Not bound by the same standards as Marketplace templates

  • Can be built using Drupal CMS or Drupal Core

  • Available to all community members

  • Can take risks and explore directions that might not fit Marketplace criteria

Benefits:

  • Innovation by removing barriers to experimentation

  • Diversity of approaches and implementations

  • Learning opportunities for the community to explore what's possible

  • Stepping stones that might eventually evolve into Marketplace templates

  • Lower barriers to entry for community contribution

Security advisories: Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Drupal Planet -

Project: Drupal coreDate: 2026-April-15Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingAffected versions: >= 11.3.0 < 11.3.7CVE IDs: CVE-2026-6367Description: 

Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5.

The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user.

Solution: 

Install the latest version:

  • If you use Drupal 11.3.x, update to Drupal 11.3.7
  • Drupal versions below 11.3 are not affected by this vulnerability
Reported By: Fixed By: Coordinated By: 

Security advisories: Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Drupal Planet -

Project: Drupal coreDate: 2026-April-15Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget ChainAffected versions: >= 8.0.0 < 10.5.9 || >= 10.6.0 < 10.6.7 || >= 11.0.0 < 11.2.11 || >= 11.3.0 < 11.3.7CVE IDs: CVE-2026-6366Description: 

Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a vector that can be used to achieve remote code execution or SQL injection if the application deserializes untrusted data due to another vulnerability.

This issue is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

Solution: 

Install the latest version:

Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: Fixed By: Coordinated By: 

Security advisories: Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Drupal Planet -

Project: Drupal coreDate: 2026-April-15Security risk: Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingAffected versions: >= 8.0.0 < 10.5.9 || >= 10.6.0 < 10.6.7 || >= 11.0.0 < 11.2.11 || >= 11.3.0 < 11.3.7CVE IDs: CVE-2026-6365Description: 

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability.

Solution: 

Install the latest version:

Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: Fixed By: Coordinated By: 

Drupal Association blog: DrupalCon Chicago 2026: Where Innovation Meets the Open Web

Drupal Planet -

Written by members of the DrupalCon Chicago Steering Committee.

Contributors: Stephen Mustgrave, Avi Schwab, Nikki Flores, and Rosie Gladden.

DrupalCon Chicago 2026 brought together leading experts in digital experience development, open source innovation, and enterprise technology.

The event provided a unique opportunity to connect with decision-makers, technical leaders, and innovators shaping the future of digital experiences.  More than 1,300 tech leaders, CEOs, developers, marketing executives, agencies, and enterprise decision-makers gathered to help define the future of the Open Web.


Image: Group photo in Chicago (Photo by Curt Rochon, CC BY-NC 4.0)

​A Diverse and Multilingual Global Community

Participants from 26 separate countries brought with them an estimated 15+ languages, reflecting the rich linguistic and cultural diversity of the Drupal ecosystem.  The United States (82.4%), Canada (6%), India (2%), Germany (1.2%) and Costa Rica (1.1%) were topping the list in terms of attendee numbers, with Brazil (1%), Colombia (0.8%) and the United Kingdom (0.8%) close behind.

This global span not only highlights Drupal’s widespread adoption, but also underscores the strength of a community shaped by varied perspectives, experiences, and ideas from around the world. Next year we’d love to add more blue!​

​Event Attendance

A total of 1,316 participants attended in Chicago, an increase from 1,288 for Atlanta 2025.  Of these we saw 394 first-time attendees, marking a 10.67% increase from those new to the event in 2025.  

539 of 1,316 also chose to extend their learning at the Summits & Trainings, with the AI Summit seeing the largest turnout in its first year, with 104 attendees joining to learn about the latest insights connected to Drupal AI.

Welcoming the Next Generation: Drupal in a Day

Outside of the main conference, and following the successful Drupal in a Day organized ahead of DrupalCon Vienna by Hilmar Kári Hallbjörnsson, DrupalCon Chicago saw the North America inaugural program take place alongside the contribution day. 

The training session, organized and staffed by ten volunteers, welcomed 55 learners of high school and college age to interact with Drupal CMS for the first time, helping to expand the reach of the community to new users of all ages. We thank the mentors and supporters who made this event a welcoming place for students, and particularly thank all the individual donors who made this happen, as well as Acquia for sponsoring, and Martin Anderson-Clutz and Jordan Thompson for instructing.


Image: Drupal in a day in Chicago (Photo by Paul Johnson, CC BY-NC 4.0)

Grassroots to Global 

Building on the momentum of 2025, the local community ticket-sharing initiative (1 complimentary ticket for every 5th sold through participating organizations) resulted in an increase of 77.5% of ticket purchases which were affiliated with a local group at registration.  This initiative continued to grow in both reach and impact, what began as a strong show of grassroots participation has evolved into a more connected and collaborative global network of local camps and meetups celebrating together at DrupalCon. 

Participation has expanded beyond the initial groups, with 61 communities engaging through shared resources, cross-promotion, and increased visibility at the 2026 conference. This growth reflects not just higher numbers, but a deeper alignment across the community, where local leaders feel empowered, recognized, and increasingly integrated into the broader Drupal ecosystem.​

A Community Spanning All Skill Levels

DrupalCon Chicago 2026 showcased a well-balanced and highly skilled community, with attendees representing every stage of the Drupal journey. Experienced professionals made up the majority, including 348 advanced practitioners (32%) and 301 self-identified Drupal experts (27.7%), creating a strong foundation for in-depth technical exchange and innovation.

Intermediate attendees accounted for 297 participants (27.3%), playing a key role in connecting emerging talent with seasoned leaders. At the same time, the event remained welcoming to newcomers, with 117 beginners (10.8%) and 25 individuals completely new to Drupal (2.3%) joining the community.​

Special Luncheons 

The Drupal Association formerly required sponsors, who provided programming support for community interest luncheons. These were folded into general programming this year, and we’d like to acknowledge that not all programs had an assigned, designated host. In the next year, our focus is on strengthening local, regional, topical, and community interest groups, so please reach out to us on how to get connected.

Breakfast & Luncheons Registered Black in Drupal Luncheon 68 Ripple Makers Breakfast 200 Women in Drupal Luncheon 200 Total 468 See You in Orlando

DrupalCon Orlando will see vision meet execution. Whether you're architecting enterprise platforms, launching your next big project, or scaling what you've already built in Drupal, this is the event that meets you where you are and pushes you further. 

Save the date!

DrupalCon News & Updates: Measuring What Matters: Building More Sustainable DrupalConEur

Drupal Planet -

 

As DrupalCon continues to evolve, so does our responsibility to understand and reduce the impact of the events we create.

Great digital experiences don’t exist in isolation. They are shaped not only by the technology we build and the communities we nurture, but also by the environmental footprint we leave behind.

At DrupalCon Vienna 2025, we took an important step forward by measuring the event’s carbon footprint in detail, with measurement conducted by TerraVerde Sustainability, and the results tell a meaningful story.

 

Image

 

 

Why measuring impact matters

Sustainability is not a one-time achievement. It is an ongoing process of learning, improving, and making better decisions over time.

The 2025 Event Carbon Measurement Report provides a comprehensive view of DrupalCon’s environmental impact, helping us move from assumptions to data-driven action.

The total carbon footprint of the event was 512.8 tCO₂e, down significantly from 1,574.57 tCO₂e in 2024.

This progress reflects not only better planning, but also more intentional decisions, particularly in location and venue selection, where more efficient energy use and improved waste management played a key role.

 

Image

 

What we learned from DrupalCon Vienna 2025

One of the most important insights is clear: Travel remains the dominant source of emissions.

94–95% of emissions came from delegate travel, mostly driven by flights.

 

Image

 

However, while travel still represents the largest share, overall travel emissions were significantly lower than in 2024, supported in part by Vienna’s central location and strong rail connectivity.

The remaining emissions are distributed across several categories. Excluding travel, the total footprint was 26.97 tCO₂e, with heating accounting for 48% of emissions, while materials, food & beverage, and accommodation were other large contributors.

Across the event, we also saw:

  • Energy consumption significantly decreased compared to previous years
  • Waste was reduced through improved recycling and diversion strategies
Image

 

These insights help us move from general intentions to targeted action.

 

What sustainability looks like at DrupalCon

Sustainability at DrupalCon is built through intentional choices across the entire event experience:

  • Catering – Plant-forward meals, locally sourced ingredients, no disposables, and food donation
  • Wellbeing – Quiet spaces, wellness activities, and opportunities to recharge
  • Climate action – Energy-efficient venues, low-emission travel, and carbon reduction strategies
  • Community – Inclusive programs, scholarships, and initiatives that support diverse participation
  • Waste reduction – Minimal printing, refill stations, and reduced single-use materials
  • Partnerships – Working with sponsors and suppliers to align on sustainability goals

 

A shared responsibility

Drupal has always been more than just technology. It is a global community built on collaboration, openness, and shared values. Sustainability is a natural extension of those values.

By sharing these insights openly, we invite the Drupal community to be part of the solution.

Whether you are:

  • Choosing more sustainable travel options
  • Stay in green-certified hotels
  • Being mindful of materials and waste
  • Supporting more responsible event practices
  • Providing more detailed travel information during registration to help improve measurement accuracy

Your decisions matter.

Together, we can continue building DrupalCons that are not only impactful and inspiring, but also responsible and sustainable.

 

Image

Drupal Starshot blog: Drupal CMS leadership changes

Drupal Planet -

We're excited to announce updates to the Drupal CMS leadership team, with the addition of Bálint Kléri as our new Frontend Lead.

Bálint Kléri named Drupal CMS Frontend Lead

Bálint Kléri has been named Frontend Lead, a new leadership role created to oversee the frontend architecture for Drupal CMS, Mercury and Mercury-based themes. Bálint is a full-time contributor to Drupal Canvas, leading the development of Code Components for Acquia and a key contributor to Mercury, the Drupal CMS design system. 

During development of Mercury, Bálint stepped in to guide the Tailwind CSS implementation and advocate for the use of best practices. We are grateful for his contributions already, and are excited to have him formally join the team. The addition of this frontend role is critical as we refine the Drupal CMS design system, providing users with a modern and adaptable foundation for Drupal sites and site templates.

Pamela Barone promoted to Product Lead

Pamela Barone is now Drupal CMS Product Lead, overseeing product direction, roadmap, prioritization, and delivery. Serving as Product Owner previously, this shift recognizes the product management responsibilities that Pamela has taken on during the evolution of Drupal CMS.

She will continue to work closely with me as I lead the Drupal CMS initiative. I’ll continue to set direction, align teams, and ensure we have the support and momentum to achieve our goals.

We appreciate the ongoing support from Technocrat support in giving Pamela the time to contribute to Drupal CMS.

Tim Plunkett is stepping down as Technical Lead

Tim Plunkett is transitioning out of his role as Drupal CMS Technical Lead to dedicate his full focus to the development of Drupal Canvas. We thank Tim for his leadership and his employer Acquia for all of his contributions.

Adam Hoenich, Lead Architect for Drupal CMS, has been ably overseeing all things technical in the meantime and he will remain in that role. Adam's contribution to Drupal CMS is generously supported by Acquia.

Looking ahead

During DrupalCon Chicago, our leadership team met to discuss the future of Drupal CMS. The first question we asked was 'Do we still think this initiative is important for Drupal's future?' We think it is. We're proud of what we have delivered so far in version 2, with Canvas enablement and site templates as the highlights, but we know there is a lot more to do to meet our objective: To enable marketing teams to launch fully-branded, professional websites in hours, not weeks.

The leadership team is currently working to define the product roadmap for the next 6-12 months, with a strategic focus on launching sites faster with Drupal. We'd love to see new site templates in the marketplace and want to promote easier pathways from installation to going live with a range of hosting options. Other areas we are looking to pursue are: onboarding, better AI tooling, multilingual support for Canvas and site templates, and better support for common third-party integrations.

Pages

Subscribe to www.hazelbecker.com aggregator - Drupal feeds