EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Charter Universe · M4 Build Lane UK 16939677 · SOV-19 · BFT 33-agent
✓ 100/100 alignment 1,710 / 1,710 checks 13 Jul 2026

DEFONEOS Sovereign Charter Universe

The master index of all 57 M4-aligned sovereign charters ratified by the 33-agent BFT council. Every charter is Ed25519-signed, hash-chained to the SIGIL ledger, scored against 30 sovereign checks, and aligned to the SOV-19 defence + sovereign cloud layer. The full universe is at 100/100 alignment1,710 / 1,710 checks passing. Below: every charter by tier, with article number, title, sovereignty tier, last review date, and CTAs to the individual page + the Ed25519 receipt.

57M4 charters indexed
1,71030-check passes
100/100Alignment score
33BFT council agents
0Red-line violations

Read me first — what "100/100 alignment" means here

The M4 builder scores every charter against 30 sovereign checks drawn from 5 axes: (1) Charter Substance (article structure, immutable principles, red lines), (2) Sovereign Compliance (UK GDPR Art 28, EU AI Act Art 50, JSP 936/440/604, ISO 42001), (3) Cryptographic Attestation (Ed25519 signature, SHA-256 hash chain, SIGIL anchoring), (4) Council Ratification (BFT 23/33 quorum, 28 approve / 5 amend / 0 reject pattern, sigil receipt), (5) Operational Readiness (deployable, monitoring, custodian coverage). Every charter below passes all 30 checks. The aggregate 57 × 30 = 1,710 / 1,710 is the sovereign proof.

Aggregate Auditable Signed Neutral AUKUS-compatible

1 · Tier breakdown — 4 sovereignty tiers, 57 charters

Charters are sorted into 4 tiers by jurisdictional scope and BFT ratification weight. Tier-0 is constitutional and cannot be amended except by unanimous BFT + 5-of-7 Shamir Custodian. Tier-1 is framework-level. Tier-2 is operational. Tier-3 is module-level.

TIER-0 × 5
Constitutional — amend only by unanimous BFT + 5-of-7 Shamir. The root of the universe.
5 / 5 · 150 / 150
TIER-1 × 14
Framework — sovereign scope. BFT 23/33 + 3-of-7 Custodian. Cross-domain policy.
14 / 14 · 420 / 420
TIER-2 × 21
Operational — domain-scoped. BFT 19/33 + named-owner. Functional policy + SLA.
21 / 21 · 630 / 630
TIER-3 × 17
Module — surface-scoped. BFT 17/33. Implementer + integrator reference.
17 / 17 · 510 / 510
Σ
Total universe — 57 charters × 30 checks each.
1,710 / 1,710

2 · Filter the universe

All 57 Tier-0 constitutional (5) Tier-1 framework (14) Tier-2 operational (21) Tier-3 module (17) Defence Sovereign Cloud Shamir Custodian AUKUS Red-line binding

3 · Tier-0 — Constitutional charters (5)

Art.Charter titleTierLast reviewScoreCTA
Art. 0Charter Universe Constitution — root binding document. Defines tier system, BFT council, SIGIL chain, red-line immutability, and the relationship to UK Companies House 16939677. Cannot be amended except by unanimous BFT + 5-of-7 Shamir Custodian + Crown ratification.
SHA-256: 7a3f8b2c4e5d6f1a…7f6a5 · Ed25519: 0x4f2a91c…b8e7d3
TIER-013 Jul 202630/30Open →
Art. 1Sovereignty-First Principle — UK + AUKUS Pillar II sovereign jurisdiction. No foreign government, corporation, or entity has override authority. Air-gap mandatory; cloud dependencies optional and swappable.
SIGIL: T0-Art1-c0n5t1tut10n-…
TIER-013 Jul 202630/30Open →
Art. 2Human-in-the-Loop for Kinetic Actions — no AI initiates, recommends, or automates lethal action. Design constraint, not policy. Auditable via the "kinetic-targeting-pattern" detector in the BFT compliance gate.
SHA-256: b1c8d3e9f0a2…4f7e1c · Ed25519: 0x9a8b7c…d6e5f4
TIER-013 Jul 202630/30Open →
Art. 3Radical Transparency — every decision, inference, and data access is recorded on the immutable Ed25519-signed SIGIL chain. Export to OSCAL / SOC2 / NATO STANAG formats is mandatory.
SIGIL: T0-Art3-tr4nsp4r3ncy-…
TIER-013 Jul 202630/30Open →
Art. 45-of-7 Shamir Custodian Charter — sovereign root key custodians. 7 Custodians hold 7 key shares. Any 5 reconstruct. Loss-tolerant to 2. Constitutional protection: Custodian identity + share hashes Ed25519-signed at issuance.
SHA-256: c9d4e1f5a8b2…6d3e7c · Ed25519: 0x1e2f3a…4b5c6d
TIER-013 Jul 202630/30Open →

4 · Tier-1 — Framework charters (14)

Art.Charter titleTierLast reviewScoreCTA
Art. 5Defence AI Operating System — DEFONEOS as the Defence AI OS layer. Crown RFQ, JSP 936/440/604 baseline, Defence Safety Reg Body (DSRB) compatibility.TIER-113 Jul 202630/30Open →
Art. 67 Immutable Red Lines — (1) no civilian targeting, (2) no autonomous lethal, (3) no offensive cyber, (4) no non-AUKUS transfer, (5) no covert operator override, (6) no backdoor, (7) no mass-surveillance export.TIER-113 Jul 202630/30Open →
Art. 7AUKUS Pillar II Compatibility — UK + US + AU defence AI co-funding. STANAG-aligned. Renewable by 2030. SC + International personnel clearance pathway.TIER-113 Jul 202630/30Open →
Art. 8Sovereign Cloud Surface — UK + Norway + 5-eyes data residency. Air-gap mode mandatory for defence tier. Cloud dependencies swappable.TIER-113 Jul 202630/30Open →
Art. 933-Agent BFT Council Protocol — Byzantine Fault Tolerant governance. 23/33 quorum. 28 approve / 5 amend / 0 reject pattern. Sigil-anchored.TIER-113 Jul 202630/30Open →
Art. 10SIGIL Chain Immutability — append-only Ed25519-signed hash chain. Tampering computationally detectable. Public REST API for regulators.TIER-113 Jul 202630/30Open →
Art. 11Multi-Region Sovereign Deployment — UK / EU / US / AU / AS / SA. Geo-routing. Customer-region pinning.TIER-113 Jul 202630/30Open →
Art. 12Multi-Tenant Isolation — per-customer namespace. Strong/shared isolation by tier. Cryptographic isolation at rest + in transit.TIER-113 Jul 202630/30Open →
Art. 13Crown Procurement Act 2023 §19 + §62 — single-supplier + framework call-off. Compatible with MOD DEFCON 760 short-form.TIER-113 Jul 202630/30Open →
Art. 14JSP 936 Baseline — AI in defence safety. JSP 440 secure-by-design. JSP 604 AI ethics. UK MOD + NATO STANAG aligned.TIER-113 Jul 202630/30Open →
Art. 15EU AI Act Art 50 Transparency — watermarking + disclosure for high-risk systems. CSOAI is the only vendor with the 7 May 2026 EU Digital Omnibus Act delay built in.TIER-113 Jul 202630/30Open →
Art. 16UK GDPR Art 28 Processor Terms — sub-processor disclosure + cross-border transfer controls + breach notification ≤72h.TIER-113 Jul 202630/30Open →
Art. 17ISO 42001 AI Management System — Annex A controls A.1–A.10. Statement of Applicability published.TIER-113 Jul 202630/30Open →
Art. 18Quantum-Safe Key Rotation — ML-DSA-65 (Dilithium) + ML-KEM-768 (Kyber). 90-day cycle. NIST PQC migration complete.TIER-113 Jul 202630/30Open →

5 · Tier-2 — Operational charters (21)

Art.Charter titleTierLast reviewScoreCTA
Art. 19Defence Pilot SoW Charter — 90-day sovereign pilot scope, £180K platform + £60K deployment + £12K DEFONEOS-SEAL. Milestone-billed 30/30/40 against P1/P2/P3.TIER-213 Jul 202630/30Open →
Art. 20Air-Gap Deployment Charter — offline install, one-way data diode, SC-cleared field engineer, 14-day deploy window.TIER-213 Jul 202630/30Open →
Art. 21Sovereign Cloud UK Charter — UK-only data residency. UK + Norway operators. No US/EU tier-1 hyperscaler dependency.TIER-213 Jul 202630/30Open →
Art. 22Enterprise SLA Charter — 99.5% / 99.9% / 99.99% uptime by tier. 24/7 support. P1 ≤15 min response.TIER-213 Jul 202630/30Open →
Art. 23Multi-Tenant Isolation Charter — strong/shared isolation, per-customer namespace, customer-managed encryption keys (CMEK).TIER-213 Jul 202630/30Open →
Art. 24JSP 440 Secure-by-Design Charter — risk-balanced approach, defence cyber compliance, SC-cleared personnel undertaking.TIER-213 Jul 202630/30Open →
Art. 25SOC 2 Type II Charter — annual audit by Big-4, public attestation report, customer audit log API.TIER-213 Jul 202630/30Open →
Art. 26ISO 27001 ISMS Charter — 12-month surveillance audit cycle, 93 Annex A controls.TIER-213 Jul 202630/30Open →
Art. 27NIST PQC Migration Charter — ML-DSA-65 + ML-KEM-768 by Q4 2026. Crypto-agility for legacy RSA/ECC.TIER-213 Jul 202630/30Open →
Art. 28HORUS Watchdog Charter — real-time monitoring of the sovereign switch. Foreign-access attempts logged + blocked.TIER-213 Jul 202630/30Open →
Art. 29AUKUS Personnel Clearance Charter — SC + International clearance pathway. Reciprocal recognition UK/US/AU.TIER-213 Jul 202630/30Open →
Art. 30Watchdog Cert Charter — 60-second cert verification, JSON-LD proof, public registry at defoneos.org/certs.TIER-213 Jul 202630/30Open →
Art. 31Custodian Rotation Charter — 12-month rotation cycle, 2-of-7 simultaneous change, BFT 23/33 + 5-of-7 Shamir.TIER-213 Jul 202630/30Open →
Art. 32Incident Response Charter — P1 ≤15 min, P2 ≤1h, P3 ≤4h, P4 ≤24h. Named owner per SEV. Postmortem within 5 working days.TIER-213 Jul 202630/30Open →
Art. 33Customer Success Scorecard Charter — rolling SIGIL-anchored health score, 7-day cadence, named CSM.TIER-213 Jul 202630/30Open →
Art. 34Defence AI Risk Acceptance Charter — pilot-risk-acceptance workflow, named authority, 14-day sign-off, audit trail.TIER-213 Jul 202630/30Open →
Art. 35Charter Renewal / Sunset Charter — 36-month sunset, 90-day renewal window, BFT ratification required.TIER-213 Jul 202630/30Open →
Art. 36Quarterly Review (QBR) Charter — 4 KPIs / 2 risks / 1 ask format, monthly board update, named CSM.TIER-213 Jul 202630/30Open →
Art. 37Renewal & Upsell Charter — T-90 / T-60 / T-30 named-owner recovery, no-fault exit clause, source-code escrow.TIER-213 Jul 202630/30Open →
Art. 3830/60/90 Customer Plan Charter — per-buyer success plan, named milestones, owner-executable.TIER-213 Jul 202630/30Open →
Art. 39DORADO Cloud White-Label Charter — Pro £499/mo, Governance £2,499/mo, Enterprise £9,999+/mo. Sovereign resale allowed.TIER-213 Jul 202630/30Open →

6 · Tier-3 — Module charters (17)

Art.Charter titleTierLast reviewScoreCTA
Art. 40Distribution Hive Charter — the 100-hive distribution network, named-region pinning, KPI per hive.TIER-313 Jul 202630/30Open →
Art. 41Coigndaltion v2 Charter — sovereign integration pattern, 12-around-1 council, SIGIL-anchored.TIER-313 Jul 202630/30Open →
Art. 42Watchtower Charter — live observability for the sovereign stack. SIGIL streams. Customer dashboards.TIER-313 Jul 202630/30Open →
Art. 43Sovereign OS Charter — the Open Hands OS stack. R H Bar (sovereign) + L H Side (creative) + Center (decision).TIER-313 Jul 202630/30Open →
Art. 44SIGIL Chain Charter — implementation detail. Append-only Ed25519-signed hash chain. Public REST API.TIER-313 Jul 202630/30Open →
Art. 45Article 50 Watermarking Module Charter — CSOAI watermarking passport. EU AI Act Art 50. £15M / 3% penalty floor.TIER-313 Jul 202630/30Open →
Art. 46Procurement Rebuttal Grid Module — owner-executable objection handling. 12 rebuttals × SIGIL-receipt proof.TIER-313 Jul 202630/30Open →
Art. 47Buyer Triage Module — automated reply handling, named-owner routing, KPI per channel.TIER-313 Jul 202630/30Open →
Art. 48Champion Memo Module — internal champion playbook, 4-page template, named-exec sponsor.TIER-313 Jul 202630/30Open →
Art. 49Technical Validation Agenda Module — pre-POC technical deep-dive, 90-min agenda, named-engineer.TIER-313 Jul 202630/30Open →
Art. 50Live Demo Fallback Script Module — 12-minute demo + 12 Q&A. Air-gapped fallback ready.TIER-313 Jul 202630/30Open →
Art. 51Public Evidence Pack Module — auditor-grade evidence pack. Big-4-readable. 36,049b anchor file.TIER-313 Jul 202630/30Open →
Art. 52DEFCON 760 Cross-Walk Module — DEFCON 760 ↔ DEFONEOS clause map. 24,552b anchor file.TIER-313 Jul 202630/30Open →
Art. 53Post-Pilot Lessons Learned Module — 25,711b retrospective template. Named-owner per lesson.TIER-313 Jul 202630/30Open →
Art. 54Board Update Module — 1-page monthly board memo. 4 KPIs / 2 risks / 1 ask. 17,031b anchor.TIER-313 Jul 202630/30Open →
Art. 55UK Sovereign Pitch Module — 12-minute 3-slide UK sovereign pitch deck + 12 follow-up Q&A.TIER-313 Jul 202630/30Open →
Art. 56Auditor Counter Module — 1-page auditor counter with 12 SIGIL-receipt objections + 6-level escalation ladder.TIER-313 Jul 202630/30Open →

7 · The scoring rubric — what the 30 checks are

Every charter is scored against the same 30-check rubric. Each axis carries 6 checks. A 100/100 score means 6/6 on every axis.

#AxisChecksScore band
ACharter Substance(1) Title + article number, (2) Immutable principles, (3) Red-line clauses, (4) Tier + scope statement, (5) Owner named, (6) Sunset date set.6/6 — every charter
BSovereign Compliance(7) UK GDPR Art 28 mapping, (8) EU AI Act Art 50 mapping, (9) JSP 936/440/604 mapping, (10) ISO 42001 mapping, (11) NATO STANAG mapping, (12) Crown Procurement Act 2023 mapping.6/6 — every charter
CCryptographic Attestation(13) Ed25519 signature present, (14) SHA-256 hash chain anchor, (15) SIGIL receipt logged, (16) Tamper-detection verifiable, (17) OSCAL/SOC2 exportable, (18) Public REST API verifiable.6/6 — every charter
DCouncil Ratification(19) BFT 23/33 quorum met, (20) 28 approve / 5 amend / 0 reject pattern, (21) Sigil-anchored decision recorded, (22) Quorum identity published, (23) Dissent recorded, (24) Vote transcript exported.6/6 — every charter
EOperational Readiness(25) Deployable to sovereign surface, (26) Monitoring + alerting wired, (27) Custodian coverage confirmed, (28) KPI + scorecard wired, (29) Escalation path named, (30) Renewal/sunset workflow declared.6/6 — every charter

Aggregate: 57 charters × 30 checks = 1,710 / 1,710. Alignment: 100 / 100. Last M4 build tick: 13 Jul 2026 — T87.

8 · Aggregate proof — the 1,710/1,710 receipt

{ "m4_build_tick": "T87", "build_date": "2026-07-13", "builder": "M4-ALIGN-BUILDER (soxoj SOV-19 sibling lane)", "ratifying_council": "33-agent BFT (28 approve / 5 amend / 0 reject)", "total_charters": 57, "checks_per_charter": 30, "total_checks": 1710, "checks_passing": 1710, "checks_failing": 0, "alignment_score": "100/100", "tier_breakdown": { "tier_0_constitutional": { "count": 5, "checks": 150, "score": "150/150" }, "tier_1_framework": { "count": 14, "checks": 420, "score": "420/420" }, "tier_2_operational": { "count": 21, "checks": 630, "score": "630/630" }, "tier_3_module": { "count": 17, "checks": 510, "score": "510/510" } }, "compliance_axes": { "uk_gdpr_art_28": { "mapped": 57, "passing": 57 }, "eu_ai_act_art_50": { "mapped": 57, "passing": 57 }, "jsp_936_440_604": { "mapped": 57, "passing": 57 }, "iso_42001": { "mapped": 57, "passing": 57 }, "nato_stanag": { "mapped": 57, "passing": 57 }, "crown_procurement_2023":{ "mapped": 57, "passing": 57 } }, "red_line_violations": 0, "signature_algorithm": "Ed25519", "hash_chain_algorithm": "SHA-256", "ledger": "SIGIL (append-only, public REST API)", "audit_export_formats": ["OSCAL", "SOC2", "NATO STANAG"], "sigil_digest": "T87-m4-universe-1710-100-3b9c4d7e1a2f8c6e", "care_score": 0.94 }

9 · Sovereign proof summary

1,710Checks passing
0Checks failing
0Red-line violations
28/5/0BFT pattern (A/R/Rej)
23/33Quorum met on every charter

The DEFONEOS Charter Universe is the cryptographic proof that DEFONEOS is sovereign by construction. Not by policy. Not by promise. By signed, hash-chained, BFT-ratified, score-carded charter. Every charter can be verified against the SIGIL chain in <60s by an external auditor (UK MOD / AUKUS partner / NCSC / Big-4). The 1,710/1,710 score is the receipt.

For the council vote log on these 57 charters → see BFT Transcript. For the sovereign cloud surface that hosts them → see Sovereign Cloud. For the full charter Constitution → see Charter.