A note before diving in/Doxxing Concerns: everything here comes from public records. German commercial registry filings are public by law and free to access anonymously since August 2022 under the DiRUG reform. Employer affiliations come from the individuals' own GitHub profiles and public conference talks. Lobbying figures come from Senate LD-2 filings and OpenSecrets. FTC settlements and nonprofit 990s are government records. No private information, home addresses, personal accounts, or non-public data appear in this post. Every person named here is named in their professional capacity as a corporate officer, open source maintainer, or employee of a public company, in the context of decisions they made in those roles.

The systemd birthDate merge has been discussed extensively, but most of the conversation focuses on the technical and political dimensions. I went after the corporate paper trail instead.

Amutable GmbH is registered as HRB 278404 B at Amtsgericht Charlottenburg in Berlin. I pulled the full set from the Handelsregister: the current register printout, chronological history, the official shareholder list (Gesellschafterliste), and the structured XML data.

Here is what the documents show.

Ownership

Three shareholders. Equal split. No outside investors.

• Christopher Wilson Kühl, Berlin - 8,400 shares (33.33%), held directly as a natural person
• LPLLC Holding UG, Berlin (HRB 277482 B) - 8,400 shares (33.33%), Lennart Poettering's personal holding company
• CBLLC Holding UG, Berlin (HRB 277363 B) - 8,400 shares (33.33%), Christian Brauner's personal holding company

Total share capital is EUR 25,200 divided into 25,200 shares at EUR 1.00 each. Fully paid in cash at formation.

An earlier AI-generated analysis that circulated online claimed AXA Venture Partners, Bosch Ventures, Spark Capital, Unusual Ventures, and 42CAP had invested in Amutable. That claim was fabricated. Zero search results connect any of those firms to the company, and the Gesellschafterliste filed with the court lists only the three founders.

Formation timeline

The Gesellschaftsvertrag (Articles of Association) was signed on August 6, 2025. The notary, Dr. Hans-Michael Giesen in Berlin, certified the shareholder list on August 19. The company was registered on August 21 by Dr. Weiland at the Charlottenburg court.

All three founders were employed at Microsoft when they signed the founding documents.

Poettering and Brauner created their personal holding UGs in July 2025 - also while at Microsoft. Kühl's entity, Assembled Parts UG, was registered back in May 2023, but it does not appear in the Amutable shareholder list. Kühl holds his shares personally.

The US trademark was filed October 7, 2025. AB-1043 was signed into law six days later on October 13. The public announcement came January 28, 2026. The birthDate PR was merged March 18, 2026 - seven months after the company was incorporated.

Self-dealing provisions

All three founders are appointed as Geschäftsführer (managing directors). Each one can represent the company alone. Each one is exempt from Section 181 of the German Civil Code, which normally prohibits self-dealing. That means any founder can sign a contract between Amutable and their own personal entity without needing the other two to approve it at the representation level.

Internally, the Articles require 75% shareholder approval for related-party transactions (Section 6.5(g)). With three equal shareholders, that threshold requires all three to agree. But the self-dealing exemption operates at the external validity level - a director could execute a transaction that binds the company externally even without internal authorization. The other shareholders would have a damages claim under Section 43 GmbHG, but could not void the transaction.

The hidden shareholders' agreement

The Articles reference a separate shareholders' agreement (SHA) in three places. Sections 4.1 and 4.2 allow non-proportional profit and liquidation distributions "if and to the extent provided in any shareholders' agreement which might be in place." Section 6.4 says management authority is governed by the Articles and "the shareholders' agreements."

The SHA is not filed with the Handelsregister. It is not available through the Bundesanzeiger. It is a private contract between the three founders.

In a German startup context, the SHA typically contains vesting schedules, drag-along and tag-along rights, non-compete clauses, and IP assignment provisions. The IP assignment question matters here: if the founders assigned their systemd-related intellectual property to Amutable, that would represent a transfer of community-developed open source infrastructure to a private company.

The notary's disclaimer

The notary explicitly states in the founding deed that he did not draft the Articles. He received "negotiated drafts" shortly before notarization and "was not in a position to thoroughly analyse all potentially relevant aspects thereof, in particular, to explore in detail what the intentions of the parties to this deed are."

That kind of disclaimer is standard for complex formations but unusual for a simple three-way equal-split GmbH. It indicates the Articles and the referenced SHA contain provisions beyond typical boilerplate - consistent with a VC-ready startup structure even though no VC has invested.

The Kinvolk pipeline

Kühl co-founded Kinvolk GmbH in Berlin in 2015. Kinvolk built Flatcar Container Linux, an immutable OS with dm-verity for verified boot. Microsoft acquired Kinvolk in April 2021. The team joined Azure engineering.

Four years later, the same people left Microsoft and registered Amutable at the same Berlin court. Amutable builds "verifiable integrity for Linux workloads." The technology lineage runs straight from Kinvolk through Microsoft to Amutable. Microsoft's acquisition effectively incubated the team and expertise that now runs a company with a direct financial interest in systemd's identity infrastructure.

Same address, same director

Amutable GmbH and Assembled Parts UG are both registered at Bornholmer Straße 80 A, 10439 Berlin. Both list Christopher Wilson Kühl as managing director.

Assembled Parts organizes All Systems Go!, the annual systemd developer conference (successor to systemd.conf, rebranded in 2017). The systemd conference and the systemd startup share a building and a director. In 2019, the conference sponsors included Facebook (Meta) and Kinvolk. The speakers and attendees at that conference now populate Amutable's team.

Meta's personnel pipeline into systemd

Daan de Meyer worked at Meta. He was also a systemd maintainer and the person who presented ParticleOS at FOSDEM 2025. ParticleOS is an immutable Linux distribution built on systemd-homed, which inherits the full user record schema including birthDate.

De Meyer left Meta and joined Amutable. Meta had a direct employee contributing to the systemd project and to the reference distribution that Amutable now commercializes. Meta also spent $26.3M on lobbying that shifts age verification burden from social media platforms onto operating systems. Both competing model legislative frameworks that Meta funded - the DAAA (burden on OS providers, became AB-1043) and the ASAA (burden on app stores) - move responsibility away from Meta.

The Gates Foundation chain

The Gates Foundation funds Common Sense Media. Common Sense Media's political arm, Common Sense Kids Action, was a primary advocate for AB-1043 and KOSA. Assemblymember Buffy Wicks, who authored AB-1043, previously served as Campaign Director at Common Sense Kids Action starting in 2016. Bill Gates chairs the Gates Foundation board.

Microsoft did not publicly support AB-1043. Google and Meta did. But Windows already collects birth dates at account creation. Entra Verified ID already supports ageOver claims with selective disclosure. Xbox UK already deployed Yoti-powered age verification in July 2025. Microsoft faces near-zero compliance cost. Open source competitors face an existential implementation burden. The company that benefits the most from the law stayed silent while funding flowed through the foundation to the organization that employed the legislator who wrote it.

48 hours

The entire sequence took two days. A first-time systemd contributor submitted PR #40954 adding a birthDate field to the user record schema. A Microsoft employee merged it against 37 thumbs-down and 1 thumbs-up. The PR generated 945 comments before maintainers locked it. The community submitted a revert PR. Lennart Poettering - who had incorporated Amutable seven months earlier - closed the revert without merging and locked the discussion, restricting it to collaborators.

From submission to permanent merge with locked revert: 48 hours. No governance review. No conflict-of-interest disclosure. No community vote at any point.

The UAPI Group

The UAPI Group sets Linux userspace API standards. It was founded by three people: Lennart Poettering, Luca Boccassi, and Christian Brauner. The same individuals who controlled the birthDate merge also control the standards body that could formalize it.

I audited every UAPI Group summit (2022, 2023, 2024) and every FOSDEM devroom session (2023, 2025). Identity, age verification, user metadata, compliance, and birth dates were never discussed in any UAPI Group venue. The birthDate field was added entirely outside the standards process, through systemd's unilateral governance - with even less review than the UAPI Group's already minimal process would have provided.

The same small group sets the standards, implements them in systemd, and now profits from them commercially through Amutable.

What this means for the birthDate merge

Three decisions put the birthDate field into systemd. Each was made by someone with a direct financial interest in the outcome:

1. Luca Boccassi merged the PR. He works at Microsoft. Microsoft spent $10.35M lobbying on KOSA and COPPA 2.0, already collects birth dates in Windows, and faces near-zero compliance cost from AB-1043 while open source competitors face an existential implementation burden.
2. Lennart Poettering blocked the revert and locked the discussion. He founded Amutable seven months earlier. Amutable's stated mission is "cryptographically verifiable integrity for Linux workloads." Every new identity field in systemd strengthens the market case for commercial integrity tooling.
3. systemd has no conflict-of-interest policy, no community veto mechanism, no steering committee, and no disclosure requirements. None of these interests were disclosed during the PR review or the revert discussion.

The Handelsregister documents are public records. They can be found at handelsregister.de using the reference HRB 278404 B, Amtsgericht Charlottenburg. The full investigation with primary source PDFs is linked below.

Sources

• Handelsregister: HRB 278404 B (Amutable GmbH), HRB 277482 B (LPLLC Holding UG), HRB 277363 B (CBLLC Holding UG)
• Full analysis and primary source PDFs: https://tboteproject.com/git/hekate/microsoft-systemd-findings-public
• systemd PR #40954: https://github.com/systemd/systemd/pull/40954
• systemd revert PR #41179: https://github.com/systemd/systemd/pull/41179
• OpenSecrets - Microsoft lobbying: https://www.opensecrets.org/orgs/microsoft-corp/lobbying?id=d000000115
• FTC Xbox settlement: https://www.ftc.gov/news-events/news/press-releases/2023/06/ftc-will-require-microsoft-pay-20-million-over-charges-it-illegally-collected-personal-information
• Gates Foundation grant to Common Sense Media: https://www.gatesfoundation.org/about/committed-grants/2021/05/inv031206
• Microsoft acquires Kinvolk: https://azure.microsoft.com/en-us/blog/microsoft-acquires-kinvolk-to-accelerate-containeroptimized-innovation/
• Ageless Linux lobbyist analysis: https://agelesslinux.org/lobbyists.html