After its sole maintainer stepped down, a coalition of cloud and database firms—including AWS, Percona, Supabase and Tiger Data—has pledged funding to keep pgBackRest alive, safeguarding a critical component of PostgreSQL backup and recovery and helping customers meet GDPR, CCPA and other data‑protection obligations.

pgBackRest gets a safety net from the PostgreSQL ecosystem

The open‑source backup extension pgBackRest – a de‑facto standard for PostgreSQL disaster recovery – was left without a maintainer in June 2025 when David Steele, the project’s long‑time steward, announced he could no longer devote the required time. The tool underpins thousands of production databases, from startups on Supabase to enterprise workloads on Amazon RDS and Azure Database for PostgreSQL.

Why the maintainer’s departure matters for data‑protection law

Under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), data controllers must be able to restore personal data promptly after loss, corruption or ransomware attacks. Article 32 of GDPR explicitly requires “the ability to restore the availability and access to personal data in a timely manner.” A broken backup solution can be interpreted as a failure to implement appropriate technical and organisational measures, exposing organisations to fines of up to €20 million or 4 % of global turnover.

When Steele warned that pgBackRest might become unmaintained, the risk was not just a technical inconvenience; it was a compliance risk for any company that relied on the extension to meet its backup‑and‑restore obligations.

The industry response

A coalition of five companies announced a joint sponsorship program in early May 2026:

Amazon Web Services (AWS) – will allocate engineering time to review security patches and integrate pgBackRest more tightly with Amazon RDS for PostgreSQL.
Percona – will fund a full‑time maintainer and provide its Expert Support for PostgreSQL customers with direct access to the upstream code.
Supabase – will embed pgBackRest into its managed platform and contribute CI resources.
pgEdge – will help test distributed‑PostgreSQL scenarios and ensure the tool works with multi‑node clusters.
Tiger Data (creators of TimescaleDB) – will sponsor feature work that improves backup of hypertables.

Peter Farkas, CEO of Percona, said the collaboration “removes the single‑point‑of‑failure risk and gives the community the confidence that pgBackRest will continue to receive security updates, bug fixes and new features.” The sponsors have pledged an initial $2 million in cash and in‑kind contributions, enough to cover at least two years of development.

What this means for users and compliance officers

Continued security updates – Regular patches will address vulnerabilities that could otherwise be exploited to compromise backup files, a scenario that regulators view as a breach of the “integrity” principle in GDPR Article 5.
Predictable support SLA – Percona’s involvement brings a formal support agreement, allowing organisations to cite a documented backup‑recovery process in their DPIA (Data Protection Impact Assessment).
Audit‑ready documentation – The sponsor consortium has committed to publishing a public changelog and a compliance guide that maps pgBackRest features to GDPR‑Article 32 and CCPA‑Section 1798.150 requirements.
Reduced reliance on a single maintainer – By spreading stewardship across several companies, the risk of sudden abandonment – which could trigger a compliance gap – is dramatically lowered.

Next steps for the community

The pgBackRest project is now actively seeking additional sponsors and volunteers. Interested parties can contribute in three ways:

Financial sponsorship – via the project’s OpenCollective page: https://opencollective.com/pgbackrest.
Code contributions – the source lives on GitHub (pgBackRest repo); newcomers are encouraged to start with the “good first issue” label.
Documentation and compliance work – the community is drafting a compliance matrix that will be hosted in the repo’s docs/ folder.

For organisations that already use pgBackRest, the immediate action is to review their backup‑policy documentation and reference the new sponsor‑backed roadmap. Updating internal SOPs to cite the renewed maintenance guarantees will help demonstrate due diligence in the event of a regulator audit.

The rescue of pgBackRest illustrates how open‑source stewardship directly influences legal compliance. When critical infrastructure tools receive stable backing, businesses can focus on delivering services rather than scrambling to patch a broken backup pipeline.