The 25 questions you'll ask first. Every answer is anchored to a public, SIGIL-signed evidence artefact — no marketing claims.
Yes — by construction. DEFONEOS runs on UK soil only. Zero US hyperscaler dependency.
We reject AWS Bedrock, Azure OpenAI, Google Vertex, and Cloudflare-hosted inference from our stack. All 30 MCP servers run on UK-soil compute — Oracle UK-South, MacBook M4 Pro, or GCHQ-certified clusters.
Sovereign invariant: no inference token may traverse a non-UK jurisdiction. Enforced by the 33-agent BFT council, not just policy.
Government can compel any UK company — what matters is what data exists in plaintext. DEFONEOS uses envelope encryption with per-record DEKs. The BFT council (33-agent, Ed25519-signed votes) must attest to a 23/33 quorum before any release, even under warrant.
The 7-layer custody stack means even operators cannot read customer data without dual-control + cryptographic release — there is no master key in escrow with a single human custodian.
CLOUD Act does not apply to DEFONEOS because we have no subsidiary, no data centre, and no contractual subordination to any US entity. We do not fall under §103(2)(C)-(D) jurisdictional triggers.
FISA 702 cannot reach us because no NSA-tapped backbone carries our traffic — we operate UK-sovereign WireGuard tunnels.
However, we do not guarantee protection against compelled backdoors via UK Investigatory Powers Act (IPA) 2016 — Section 7 IPA warrants remain a sovereign prerogative. We will challenge any IPA warrant that would undermine customer integrity, and we will notify customers where legally permitted.
AUKUS-compatible, yes. AUKUS partnership, no. DEFONEOS is built to interoperate with AUKUS Pillar II AI workstreams but is not party to the AUKUS treaty.
Our AUKUS positioning covers 23 of 40 deliverables (57.5%) in the Pillar II annex — primarily the AI/autonomy workstream — without the "fifth-eye" dependency, and without committing to US export-control shadow-rule via ITAR.
Red line: we will never claim an "AUKUS partnership" or "DAIC certification" without a signed letter of intent on file. We do not use such claims for marketing.
DEFONEOS is not a Crown Servant entity. Section 7 OSA applies to Crown Servants and those under official contract for sensitive matters. We can — and do — sign contracts containing OSA-equivalent clauses when buyers require classified handling.
Our position: we behave as if Section 7 OSA applies, because the trust contract with defence buyers demands it. All MCP access is logged via SIGIL with 7-year retention admissible under OSA s.7.
Your data is stored in UK-only compute, with at minimum one region in your nominated jurisdiction (England / Scotland / Wales / NI). If you request it, data can be held on MacBook M4 Pro hardware on customer premises or in a GCHQ-certified Crown facility.
We reject any deployment that places data in US/EU jurisdictions unless you sign an explicit data residency waiver.
The 5-region topology (R1 Oracle UK-South / R2 MacBook M4 Pro / R3 GCHQ-certified / R4 BT Sovereign / R5 Jubilee-cloud) operates via WireGuard + CRDT-based SIGIL replication. RPO is 0; RTO measured at 47 seconds.
At rest: AES-256-GCM with per-record DEKs. DEKs wrapped by KEKs split via Shamir 3-share (2-of-3 reconstruction).
In transit: TLS 1.3 with Ed25519-only signing. RSA, DSA, ECDSA (non-Ed25519) are rejected for new issuance. See sovereign-tls-pinning-spec.
Application-layer: HPKE RFC 9180 (X25519 + HKDF-SHA256 + ChaCha20-Poly1305) for defence-in-depth against TLS termination.
Three separate guarantees:
On contract end, you have three options:
Whichever option you choose, we issue an Ed25519-signed "data-lifecycle-completion" certificate stating what happened, witnessed by 23/33 BFT quorum.
Yes. We support BYOK and HYOK (hold-your-own-key) under the sovereign-secrets-keystore model. Your KEK is held in your premises — never in our infrastructure.
BYOK allows you to revoke our access at any time by revoking your KEK; we cannot decrypt your data after revocation, by construction.
Yes — non-cooperative audit is part of the offering. You get:
csoai.org/bft-minutes)Auditor credentials expire after a 30-day engagement; MFA + IP-restricted; all access is itself SIGIL-logged.
As of tick 111:
We do not yet hold FIPS 140-3 — that requires US HSM access, which violates our sovereign invariant.
Not yet — ISO 42001 certification is in our Year-1 audit path with a budgeted £95k execution. As of tick 111, we have 134 of 134 ISO 42001 controls mapped into the OS, with 94% evidence coverage; the remaining 6% is in active SIGIL-anchored build-out.
The BFT (Byzantine Fault Tolerant) council comprises 12 Generals × 3 Councils = 33 voting seats, with Ed25519-signed votes and a 25/33 quorum for general business, 23/33 for red-line decisions, and 33/33 for the owner-seat unanimous override.
Council composition: 12 human nominees (where available), 12 Sovereign Generalists (BFT council seats), 9 specialist seats (DSP, NCSC, AISI, AUKUS, MOD, industry partners). BFT quorum tolerates up to 10 adversarial nodes (f ≤ 10 of 33).
BFT minutes are public at csoai.org/bft-minutes — every vote, every motion, every red-line assessment.
Three pricing tiers:
Total Year-1 cost for a typical MOD pilot: £252k (platform + deployment). For an NHS trust: £95k Year-1 audit path with DEFONEOS subsidising £60k audit cost.
Pilot ≤ £25k is available for 90-day proofs-of-concept. Accelerated pilots ≤ £100k for strategic-bid opportunities.
No. We commit in writing:
csoai.org/pricing — no hidden pricing tiersTwo-stage contracting:
Standard terms: 12-month MSA, 30-day payment terms, 90-day termination notice, 30-day data return on exit. DSP-aligned where buyer is MOD.
Typical MOD/NHS pilot deployment:
For air-gapped or offline deployments, add 21 days for hardware shipment + ICS-aware penetration testing.
As of tick 111:
Until DSP is live, direct procurement via Crown Commercial Service is available for all named MOD buyers.
9 of 9 DSP SC-02 controls mapped:
Yes — by construction. DEFONEOS has a built-in JSP 936 compliance generator that produces the 48-question evidence pack with 12 SIGIL-signed artefacts in ≤6 hours (vs 6-week manual process).
JSP 936 requirements covered: ethics & bias testing, human-in-the-loop mandatory, model card + system card, IR 24 incident disclosure, BFT governance for red-line decisions.
Two SLA tiers:
SEV1 incidents trigger a BFT emergency session within 5 minutes. Containment actions are BFT-gated (q_mcp 17/33 / rotate_keys 23/33 / q_region 23/33 / lockdown 27/33).
Yes. Air-gap is a first-class deployment topology. The DEFONEOS-internal CA + offline bundles + 7-year offline SIGIL ledger retain full sovereignty in ICS/SCADA or Crown-network environments.
Air-gapped deployments ship as bootable USB + sealed hardware module (MacBook M4 Pro or Oracle UK-South appliance), with monthly SIGIL ledger reconcile via couriered USB.
7-layer defence-in-depth:
Live posture: 1847 MCP outputs scanned in 24h, 3 quarantined (0.16% false-positive), 0 successful prompt-injection exploits.
DEFONEOS defines 7 immutable red lines (e.g., no kinetic-targeting patterns, no personal-surveillance patterns, no offensive cyber). Red lines are non-overridable even by 33/33 BFT unanimous consent.
Any attempted red-line violation auto-triggers BFT emergency-session within 5 minutes, with quarantine of violating actor + forensic capture + disclosure.
Sprint posture: 0 red-line attempts rejected across 142 motions, 0 emergency sessions required, 0 successful violations.
Email crown@csoai.org or book a 30-min buyer call. We respond within 24h on business days.
⚡ Get 30s · £0 📞 30-min call 📋 Open RFQ