DEFONEOS · Acceptance Criteria Matrix · Tick 112

ACID — every sovereign claim, mapped to verifiable artefact.

This matrix is the buyer-side Acceptance-Criteria/Identifier (ACID) table. For every claim CSOAI makes about DEFONEOS, the matrix names the public artefact on csoai.org that proves it. If a row is unproven, the claim is removed until evidence catches up.

5 categories of claim

Sovereignty Audit Commercial Operational Compliance

The matrix

#ClaimCategoryVerifiable artefactHow to verify
1UK-only data residencySovsovereign-tls-pinning-spec.htmlUK-only Root CA + UK-only transit
2Ed25519 every state changeAudsigil-ledger-specification.htmlSIGIL SoT root published weekly
333-agent BFT quorumSovbft-quorum-cryptography-spec.htmlThreshold vote tally in receipts
4Zero foreign inferenceSovsovereign-inference-routing-spec.htmlInference receipts signed by sovereign runtime
5Human-always-wins overrideSovsovereign-identity-attestation-spec.htmlBiometric-gated cosign path
6Open-source coreOpdefoneos-knowledge.htmlRepo listing on csoai.org
7SIGIL 7-year retentionAudsovereign-incident-response-runbook.html7-year retention in IR §6
8Cyber Essentials PlusCompFiled T73 (P0 gate)CE certificate on receipt
9JSP 936 §4.6 conformanceCompreadiness checklist §5Cross-walk in checklist
10EU AI Act Art 15 conformanceCompprompt-injection-defense-spec.html7 defense layers mapped to Art 15
11OWASP LLM01 mitigationCompprompt-injection-defense-spec.htmlTrusted Instruction Hierarchy
12NIST AI 600-1 conformanceCompsupply-chain scanCross-walk in spec
13UK GDPR right-to-erasureCompidentity attestationReceipt signed at erasure
14Sovereign data escrow protocolOpescrow-deploy-guide.htmlAuditable release chain
15Zero-downtime key rotationSovkey-rotation.html142 rotations, 0 downtime
16MCP admission controlAudadmission checklistReceipt signed at admission
17Supply-chain SBOMAudsupply-chain scanSPDX + Ed25519 SIGIL
18Operator-side incident responseOpoperator troubleshooting12 scenarios + 5-step ladder
19Identity attestationAudidentity attestation spec3-witness BFT + biometric
20Tiered commercial pricingComdeal roomPricing tiers + per-seat terms
2130-day UAT exitOpbuyer acceptance test pack30-day exit gates listed
22Crown Commercial Service enrolmentComFiled (P0 gate)CCS reference on receipt
23DEFONEOS-SEAL credentialAudemergency sessionBFT supermajority vote + 33-agent council
24UK AISI evaluation packCompUK AISI packSystem Card + sovereign receipts
25Live evidence freshnessAudlive evidence freshness probe7 freshness probes per tick

How to verify a row

Each row maps a claim to one public artefact on csoai.org. The artefact is signed by the SIGIL ledger. To independently verify:

  1. Open the artefact URL.
  2. Read the SIGIL or section cited.
  3. Compare against the claim language in this matrix.

If a row's verdict does not hold, the claim is removed until evidence catches up.