EU AI Act Article 50 — 20 days to seal | Get passport
🧠 Agentic runtime live → /hermes-layer
🇪🇺 EU AI Act Annex IV Item 9 · signed System Card

DEFONEOS Sovereign System Card

The model architecture, training data, evaluation results, oversight mechanisms, and risk profile of the DEFONEOS sovereign AI substrate. Annex IV Item 9 compliance. Ed25519-signed by sovereign root key d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a.

📄 Download OSCAL 1.1.2 bundle or read the canonical proof surface
OSCAL JSON OSCAL YAML Verify
SIGIL · Annex IV Item 9 System Card · sig_csoai-nicholas-001 · version 4.7.2 · issued 2026-07-08 BST · SHA-512 98e310a2…aa2865

1 · General information (Annex IV Item 1)

ProviderCSOAI LTD · UK Companies House 16939677 · London, United Kingdom
DirectorNicholas Templeman · DID did:csoai:nicholas-001
SystemDEFONEOS Sovereign AI Substrate (v4.7.2)
System IDdefoneos-substrate-v4.7.2
Issued2026-07-08 BST · refreshed quarterly
Contactcrown@csoai.org · +44 (0)20 7946 0958
OversightBFT 23/33 council (11 op / 7 legal / 5 ethics / 4 partner / 3 intel / 2 eng / 1 auditor)
SIGIL signingEd25519 (current) · ML-DSA-65 (planned 2027)

2 · Intended purpose (Annex IV Item 2)

The DEFONEOS substrate supports the development, deployment, and oversight of defence, governance, and security AI applications under UK + EU + AUKUS-Pillar-2 regulatory regimes. The substrate is intended for high-stakes use cases where audit-grade provenance and constitutional constraint add value.

Out-of-scope uses (forbidden by the substrate's protocol-level red lines):

  • Kinetic-targeting pattern generation (find-fix-finish, kill orders, strike packages)
  • Single-individual surveillance (named-person tracking, face-rec on identified persons, phone-location queries)
  • Civilian harm optimisation (no objective function may include civilian casualty reduction as a side-benefit)
  • Sovereignty violation (no action may modify another sovereign's data without signed consent)
  • Auto-escalation chains (no unbounded escalation without explicit authorisation)
  • Lying to humans (no model output may contain a known-false statement about system state)
  • Irreversibility without confirmation (any irreversible side-effect requires positive confirmation)

3 · Model architecture (Annex IV Item 3)

ComponentSpecNotes
Mamba-2 SSM16-dim state, tanh-squashed, selective recurrence~3,000 tok/s · selective Δ-recurrence gating
MoE — Mixture of Experts64 sparse experts, learned gatingper-SIGIL dispatch
Standard Attentionmulti-head Q/K/Vdeliberate planning layer
bridge_think MCP4 profiles (local_only / balanced / power / council)vendor-model bridge w/ Care Membrane filtering
HotStuff BFT4-phase consensus · 200ms finalitytolerates f<n/3=11 malicious agents
Care Membrane847 safety signals × 23 categoriesinference-time guardrail
SIGIL chainEd25519 per-action + OTS Bitcoin anchor1Hz heartbeat · 86,400 SIGILs/day

Full architecture diagrams: SOV3³ + OOWM reference tab

4 · Training data (Annex IV Item 4 — public summary)

Main groups of training data

GroupSizeLicenceSource
Government open data~12 GBOGL-UK-3.0Companies House, Land Registry, FRED, EU OJ, EA Waste, FSA Hygiene, DVSA MOT
Synthetic telemetry (OOWM training)~770 MBCC-BY 4.0 (synthetic, model-generated)SOV3 OOWM synthetic-data factory
Partner signed datasets~2 GBSign-partner NDA + CSOAI licenceDefence primes, regulators, academic collaborators
Federated industry data~30 GB organic + ~5 GB synthetic-textVarious (CC-BY or OGL-UK-3.0)FRED, OS Names, NHS Prescribing, DfT Traffic, Environment Agency Waste
Scientific literature~50 GB (synthetic referential)CC-BY + arXiv OA + OGLAggregated corpus

Total: 49 GB sovereign corpus + 770 MB synthetic + 50 GB referential. No foreign-source training data outside UK + EU + AUS + CA + US (defence/cooperation) supplier set.

Provenance per item captured in SIGIL log. See Data Governance for full provenance taxonomy.

5 · Performance & evaluation (Annex IV Item 5)

CapabilityTargetMeasured (last 30d)
Edge inference throughput≥3,000 tok/s3,247 tok/s (Mamba-2)
Kill-switch latency (p95)≤2 s1.3 s
BFT vote latency (median)≤5 min3.4 min
HITL approval latency (median)≤30 s14.2 s
Red-line triggers00
Audit log integrity100% SIGIL-verified100.00%
External audit (NCSC + IG)quarterlyQ2 done

6 · Risk management (Annex IV Item 6) — see Risk Management

42 hazards identified, 156 controls implemented. 0 residual HIGH, 3 MEDIUM with mitigation. ISO 14971 aligned. Compliance matrix: 100% MET.

7 · Quality management (Annex IV Item 7) — see Quality Management

9 quality domains. 84 procedures. 23 CAPA all closed. 10 KPIs all GREEN. ISO 9001/13485/42001 structural.

8 · Post-market monitoring (Annex IV Item 8) — see PMM

14 monitoring vectors, 280 checks / 5-min cycle. Drift detection: PSI/KL/Page-Hinkley/ADWIN/calibration. 72h regulatory pipeline.

9 · Necessary changes between training & deployment (Annex IV Item 8b) Annex IV §1 8(b)

None reported for v4.7.2. Differences between training corpus and runtime are bounded by Charter Article 0 constitutional constraints — see Charter.

10 · Oversight & monitoring LIVE

9 oversight layers (HIC/HITL/HOTL + red-line enforcement at protocol level). Kill-switch under 2s. BFT 23/33 council. Care Membrane 0.95 floor. Detailed mapping: Human Oversight Deep + BFT.

11 · Decisions & routes (Article 14 / Article 86)

5-tier explanation framework (Plain Language → Decision Factors → Logic Trace → Counterfactual → Full Audit) issued on every sovereign action. Redress pathway: Right to Explanation. Counterfactual generation algorithm documented. Subject rights matrix: 8 rights × SLAs.

12 · Cross-framework compliance 236 frameworks mapped

EU AI Act · GDPR · UK GDPR · DPA 2018 · JSP 936 · DSEC · NATO Autonomy · AUKUS Pillar 2 · NIST AI RMF · ISO 42001 · ISO 27001 · ISO 14971 · NIS2 · DORA · NCSC CAF · CMMC 2.0 · SOC 2 · ISO 13485 · ... (236 total). Cross-walk hub: compliance crosswalk.

13 · Sovereignty posture

14 · Acknowledgements & dependencies

Provided under MIT for substrate code, OGL-UK-3.0 for public datasets, CC-BY for derived documentation. SIGIL chain integrity verifiable at sigil.csoai.org (substrate-managed public registry).

Honesty register READ FIRST

What this System Card does NOT claim

  • Not zero-error. Care Membrane reduces risk; it does not eliminate it.
  • Not zero-incident. Serious-incident reporting is a process.
  • Not bypass-proof. Substrate-level attacks can in principle bypass the red lines. We test against this; we cannot mathematically rule it out.
  • Not all-knowing. The OOWM ingests and learns; it does not see the future.
  • Not vendor-X-compatible by default. Any vendor model participates through bridge_think, with output filtered through Care Membrane + SIGIL + BFT.
  • Not a complete list of training sources. Inheritance from upstream models can introduce data we did not directly curate. Best-faith summary, not exhaustive enumeration.
  • Not a regulator's guarantee. Assurance is not certification. Regulators retain discretion.

📜 Get the bundle

OSCAL 1.1.2 JSON, YAML, or verified download. SIGIL-signed.

OSCAL JSON OSCAL YAML Verify SIGIL Get DEFONEOS →