EU AI Act Article 50 — 20 days to seal |
Get passport
DEFONEOS · Sovereign AI Operating System
DEFONEOS Vendor-Pivot Playbook — 90-Day 5-Phase SOP (Discovery→SEV-1 Audit)
Vendor-pivot SOP SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-mod-vendor-pivot-playbook-2026-07-13-de209d70403f41f9
Publisher: DEFONEOS Sovereign Substrate · Vercel prod
90-day vendor-pivot SOP. Five phases, named owners, dated milestones, SIGIL-anchored evidence at every gate. From Discovery to SEV-1 steady state. This is the playbook for moving a sovereign-AI workload off a US-domiciled vendor and onto DEFONEOS without breaking the production line.
Phase 1 — Discovery + SIGIL baseline (Days 1-14)
Owner: Chief Architect · Co-owner: Chief Information Security Officer
Objective: Catalog every model event, dataset, weight, and inference in the existing vendor stack. Generate the SIGIL baseline — the before-state receipt that anchors the entire pivot.
- Days 1-3: Inventory — every model, every dataset, every deployment, every integration point.
- Days 4-7: Export — pull all model weights, training data manifests, inference logs (last 90 days minimum).
- Days 8-10: SIGIL baseline — generate
pivot-baseline-001.ed25519 with HMAC of the inventory, BFT-33 sign-off, append-only ledger entry.
- Days 11-14: Risk register — list every regulatory, contractual, and operational risk of the pivot; assign SEV ratings.
Exit gate: BFT-33 sign-off on the baseline · risk register approved by CRO · pilot SOW signed.
Phase 2 — Contract fork (Days 15-35)
Owner: General Counsel · Co-owner: Chief Commercial Officer
Objective: Issue the parallel contract with DEFONEOS, while keeping the existing vendor contract live. Two contracts, two stacks, two audit chains — until the cutover.
- Days 15-18: Issue the DEFONEOS 30-day pilot SOW; the existing vendor contract is preserved (no early termination).
- Days 19-25: Counter-signature loop — keep the CDAO, CIO, and CISO in the loop; do not surprise the procurement function.
- Days 26-30: Parallel-run clause — both vendors live, both stacks evaluated, BFT-33 watches the SIGIL chains for divergence.
- Days 31-35: Termination-readiness memo — the conditions under which the existing vendor contract is terminated (typically: 90 days post-cutover, 30 days notice).
Exit gate: Both contracts live · parallel-run approved by CDAO · termination-readiness memo signed by GC.
Phase 3 — Pilot sandbox (Days 36-60)
Owner: Head of Customer Success · Co-owner: Lead ML Engineer
Objective: Run DEFONEOS in a sandbox that mirrors the production workload 1:1. Generate the SIGIL pack that proves equivalence (or superiority) on the same dataset, same task, same SLA.
- Days 36-40: Sandbox provisioning — air-gapped, UK-domiciled, HMAC root-of-trust, BFT-33 sign-off on the sandbox config.
- Days 41-50: Parallel evaluation — same dataset, same model family, same inference SLA; DEFONEOS SIGIL vs. vendor SIGIL.
- Days 51-55: Failure-mode rehearsal — at least 3 SEV-1 simulations (model degradation, data drift, inference outage).
- Days 56-60: Pilot evidence pack — auto-generated by the SIGIL chain; covers all 12 frameworks; BFT-33 sign-off.
Exit gate: Pilot evidence pack signed by CRO + named buyer · sandbox matches production SLA · 3 SEV-1 simulations passed.
Phase 4 — Cutover + audit (Days 61-80)
Owner: Chief Delivery Officer · Co-owner: CISO
Objective: Move production traffic to DEFONEOS, one workload at a time, with parallel-run shadowing for 14 days. Generate the post-cutover audit pack.
- Days 61-65: Pre-cutover SIGIL — final baseline of the vendor stack at the moment of cutover; append-only.
- Days 66-72: Workload-by-workload cutover — non-critical first, mission-critical last; 14-day parallel shadow on every cutover.
- Days 73-77: Post-cutover audit — NCSC CAF, ISO 42001, EU AI Act, ISO 27001 — all 12 frameworks re-attested.
- Days 78-80: Vendor termination — issue the 30-day notice; close the loop with the existing vendor contract.
Exit gate: All workloads cutover · 12-framework audit pack signed · vendor termination notice issued.
Phase 5 — SEV-1 steady state (Days 81-90)
Owner: Chief Reliability Engineer · Co-owner: CRO
Objective: Confirm the steady-state operating posture — escalation runbook, churn-prevention levers, no-fault exit — all live and tested.
- Days 81-85: Escalation runbook rehearsal — 14-day SEV-1..4 named-owner run, end-to-end.
- Days 86-88: Churn-prevention activation — the 6 unconditional recovery levers are live; the no-fault exit clause is signed and tested.
- Days 89-90: BFT-33 final sign-off — the pivot is closed; the SIGIL pack is the new baseline; the customer is on the sovereign substrate.
Exit gate: BFT-33 final sign-off · SIGIL pack archived as the new baseline · customer board is briefed.
SIGIL chain of evidence
Every phase generates a SIGIL receipt. The 5 receipts form an append-only chain; the digest of the chain is published to the BFT-33 ledger at the end of each phase. If the customer (or the regulator) ever asks "when did the pivot happen, and what evidence was signed at each gate?", the answer is one query against the ledger.
Appendix A — SIGIL chain-of-custody
Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.
A.1 — Receipts cited on this page
Vendor-pivot SOP/manifest/defoneos-mod-vendor-pivot-playbook.ed25519 — page manifest, BFT-33 signed on publication.
Vendor-pivot SOP/body/defoneos-mod-vendor-pivot-playbook.hmac — body content hash, HMAC-SHA-256, 90-day rotation.
Vendor-pivot SOP/cumulative/defoneos-mod-vendor-pivot-playbook.ed25519 — cumulative chain root including this page.
bft33/release/defoneos-mod-vendor-pivot-playbook/digest.ed25519 — BFT-33 sign-off record, 23-of-33 quorum.
framework/mapping/defoneos-mod-vendor-pivot-playbook.ed25519 — 12-framework mapping receipt.
A.2 — Replay procedure (auditor can run it themselves)
- Pull the SIGIL pack from the public ledger (
ledger.get(release_id)).
- Verify the manifest digest against the published ledger entry.
- Walk the hash chain from manifest → events → root → release digest.
- Verify the Ed25519 signatures against the BFT-33 public key.
- Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
- Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
- Spot-check the framework mapping — verify 3-5 controls against the relevant standard.
Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.
A.3 — Cross-references to adjacent surfaces
A.4 — Contact and escalation
- CSOAI Ltd (UK Co. 16939677) — the UK-domiciled operator of DEFONEOS.
- BFT-33 council — 33 named members, 23-quorum, ledger-published.
- CRO — escalation path for sovereign-AI risk; 5-working-day binding decision.
- Board Audit Chair — escalation path for governance risk; same SLA.
Appendix B — Operating context
This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.
The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.
B.1 — Why this surface exists
Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.
B.2 — The 12-framework coverage
Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.
B.3 — The 5-year horizon
Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.
Appendix C — Glossary of terms
- SIGIL — Append-only, HMAC + Ed25519 signed evidence receipts for every model event. Three tiers: HMAC (high-frequency), Ed25519 (medium-frequency, third-party-verifiable), BFT-33 (low-frequency, governance-grade).
- BFT-33 — Byzantine fault-tolerant council of 33 named members, 23-of-33 quorum, 28-approve / 5-amend / 0-reject typical. Council members are UK-domiciled, named, and disclosed under NDA.
- DEFONEOS — the UK sovereign Defence AI operating system. UK-domiciled (CSOAI Ltd, UK Co. 16939677), UK-auditable, UK-controlled.
- SOV3 — the sovereign AI substrate. The foundation layer on which DEFONEOS runs. Multi-Mac, multi-cloud, sovereign by construction.
- SOV33 — the public surface of SOV3. The user-facing product. This page is a SOV33 surface.
- DEFCON 760 — UK MOD single-source procurement vehicle. DEFONEOS is procured under DEFCON 760 single-source justification; the next 3 windows are 14 Aug, 12 Nov, 11 Feb 2027.
- NCSC CAF — National Cyber Security Centre Cyber Assessment Framework. 14 outcomes, 38 contributing security components. DEFONEOS covers all 14/14.
- EU AI Act — European Union Artificial Intelligence Act. Article 50 deadline 2 Aug 2026. DEFONEOS covers 89% out-of-the-box.
- ISO 42001 — International standard for AI Management Systems (AIMS). 6 clauses, 134 controls. DEFONEOS covers 94%.
- OSCAL SSP — Open Security Controls Assessment Language System Security Plan. 16 control families, 240 tests, 6-hour pipeline.
- SEV-1..4 — Severity scale for incidents and risks. SEV-1 = active production outage or sovereignty breach; SEV-4 = minor operational issue.
- No-fault exit — the master contract clause that allows the customer to exit in 90 days, take their weights and audit chain, and migrate to any other sovereign substrate.