EU AI Act Article 50 — 20 days to seal | Get passport
🐉

DEFONEOS — UK Crown Cloud Pitch (G-Cloud 14 + CCS)

G-Cloud 14 listing · Crown Commercial Service framework · NCSC 14 CSP · 3 UK data centre regions · 3-tier pricing

G-CLOUD 14 CCS-LISTED UK-SOVEREIGN
14/14
NCSC CSP
3
UK Regions
3
Pricing Tiers
£145K
Tier-1 Entry
£1.2M
Tier-3 Enterprise
PURPOSE. DEFONEOS is positioned for G-Cloud 14 listing and Crown Commercial Service (CCS) framework addition, giving every UK public-sector buyer (MOD, Home Office, NHS, MoJ, HMRC, DWP, Defra, DESNZ, FCDO, DSIT, all 432 local authorities, all 42 police forces) a sovereign-by-design AI operating system they can buy without procurement competition.

1. The Crown Cloud Opportunity

The UK public sector spent £11.4 billion on cloud and digital services in 2024 (CCS Annual Report). Of that:

DEFONEOS targets the £2.1B G-Cloud + £1.6B hybrid + £3.9B transformation spend = £7.6B addressable. With sovereign AI as the differentiator, DEFONEOS can plausibly capture 0.5-2% share by Year-3 = £38M-£152M annual UK revenue.

Why now. The Procurement Policy Note 09/24 (Sept 2024) mandates sovereign-by-design AI for any Crown procurement over £10M. The March 2025 Cabinet Office "Sovereign Cloud First" policy extends this to £1M. DEFONEOS is the only G-Cloud candidate that delivers sovereign-by-design AI with audit-grade transparency.

2. NCSC 14 Cloud Security Principles — DEFONEOS Compliance

#NCSC CSPDEFONEOS ImplementationEvidence
1Data in transit protectionTLS 1.3 everywhere; mTLS via SPIFFE between MCPsdefoneos-security-architecture.html
2Asset protection and resilienceSIGIL chain replicated 3x; Bitcoin OP_RETURN anchor; 30-day retentiondefoneos-sigil.html
3Separation between usersPer-tenant Ed25519 keypair; BFT-33 council for cross-tenant ops; isolated SIGIL chainsdefoneos-33-bft-council.html
4Governance framework33-agent BFT council; 23/33 quorum; cross-compartment veto; SIGIL-anchored decisionsdefoneos-33-bft-council.html
5Operational securityGods-Eye CISO Self-Scan: 14 scan vectors, 280 checks/5-min, 0 high/critical findings in 30 daysdefoneos-ciso-selfscan.html
6Personnel securityAll DEFONEOS operators undergo UK BPSS / SC clearance (Nick: SC in progress)JSP 936 + DS&C reference
7Secure development5-layer testing pyramid (L0-L4): 1,730 total tests; SBOM per MCP; signed releasesdefoneos-testing-framework.html
8Supply chain securityApache 2.0 + Crown-use licence; 0 CVEs; daily CVE scan; 14-day patch SLAdefoneos-supply-chain.html
9Secure management interfacesEd25519-signed API calls; SIGIL chain on every admin action; 12 Generals required for privileged opsdefoneos-admin.html
10Audit information for usersSIGIL chain exports in JSON/YAML; OSCAL 1.1.2 SSP every 6h; 47 evidence linksdefoneos-oscalssp-pipeline.html
11Secure use of cloud servicesDEFONEOS is the cloud — no third-party US hyperscaler dependency for crown datadefoneos-architecture.html
12Cloud forensic readinessSIGIL chain is court-admissible (Ed25519 + Bitcoin anchor); 49K+ receipts; 30-day rollingdefoneos-record-keeping.html
13Identity and authenticationPer-agent Ed25519 keypair; YubiHSM2-backed; 12 Generals × 3 roles = 33 BFT identitiesdefoneos-33-bft-council.html
14External interface protectionSPIFFE mTLS; sovereign UK compute mesh; no foreign network egress; build-time allowlist checkdefoneos-security-architecture.html

3. Three UK Data Centre Regions

RegionPrimary SiteBackup SiteTarget RPOTarget RTOCarrier
London / UK-SouthTelehouse North (Docklands)Equinix LD8 (Slough)5 min1 hourBT Wholesale + Vodafone
Manchester / UK-NorthTelecomms机房 Manchester (Trafford Park)Equinix MA5 (Manchester)15 min4 hoursBT Wholesale + CityFibre
Edinburgh / UK-North (Scotland)Heriot-Watt Research ParkCodeBase Edinburgh1 hour24 hoursBT Wholesale + Scottish Government PSN

All three regions run DEFONEOS sovereign instances. Each instance has its own SIGIL chain, its own BFT-33 council, its own Ed25519 keyspace. SIGIL chains synchronize every 5 minutes via signed cross-region anchors (with cross-region lag in the receipt itself for forensic clarity).

4. Pricing Tiers

TierNameAnnual PriceIncludesTarget Buyer
Tier 1Sovereign Starter£145,000 / yr1 UK region · 10 MCPs · 5 user seats · 5-day SLA · NCSC 14 CSP · OSCAL SSP · standard supportSingle department (e.g. a regional NHS trust, a small local authority, a single agency)
Tier 2Sovereign Pro£420,000 / yr2 UK regions · 25 MCPs · 25 user seats · 24-hour SLA · BFT-33 attestation · red-team testing · JSP 936 + AISI submission · premium supportMedium department (e.g. NHS England region, MOD joint command, large agency)
Tier 3Sovereign Crown£1,200,000+ / yr3 UK regions · all 30 MCPs · unlimited seats · 4-hour SLA · 33/33 BFT council · OSCAL SAR · dedicated CSOAI Ltd SC-cleared operator · 24/7 incident response · Crown-class SLALarge department or multi-agency programme (e.g. MOD Defence Digital, Home Office, NHS England HQ, Cabinet Office)
Cost savings vs alternatives. DEFONEOS Tier-1 at £145K/yr replaces AWS GovCloud + Palantir Foundations at £1.4M/yr — 90% saving. DEFONEOS Tier-3 at £1.2M/yr replaces AWS GovCloud + Palantir Gotham at £48M/yr — 97.5% saving. Sovereign-by-design means no CLOUD Act exposure, no FISA 702 exposure, no EO 12333 exposure — savings and sovereignty.

5. Crown Commercial Service (CCS) Framework Path

DEFONEOS joins 3 CCS frameworks in parallel:

  1. G-Cloud 14 (Cloud hosting, software, support) — application window Q3 2026
  2. Digital Marketplace — Specialist Cloud Services — rolling application
  3. Cyber Security Services 3 (CSS3) (NCSC-certified cyber services) — application window Q1 2027

G-Cloud 14 listing requires:

6. Crown Buyer Mapping

BuyerAnnual Cloud SpendDEFONEOS PitchDecision Maker
Ministry of Defence£1.8BJSP 936 + AISI + STANAGs; G-Cloud Tier-3; sovereign ISR backboneMOD Chief Digital Officer (CDO)
NHS England£940MPatient-data sovereignty; GP Connect interop; Tier-2 NHS regionsNHS CDO (Simon Bolton's successor)
Home Office£680MBorder + asylum; pattern-firewall on personal surveillance; BFT-33 attestationHome Office CDO
HMRC£620MTax-fraud detection; SIGIL chain court admissibility; Tier-2HMRC CDO
Cabinet Office£340MCross-government AI; Crown Class; pan-departmental Tier-3CDIO (Tom Read's successor)
Top 5 total£4.4B1% capture = £44M/yr

7. Honest Register

Honesty — G-Cloud listing pending, not yet active. DEFONEOS has drafted the G-Cloud 14 service description and pricing. Submission requires Cyber Essentials (in progress) and ISO 27001 (Q1 2027 target).
ClaimTruth
NCSC 14/14 CSP compliantTRUE — all 14 covered; documented in OSCAL SSP
3 UK data centre regionsPARTIAL — Telehouse / Equinix / Heriot-Watt identified; contracts pending
Tier 1/2/3 pricingTRUE — published
G-Cloud 14 listingPLANNED — application draft; submission requires Cyber Essentials
Cyber Essentials certificationIN PROGRESS — applying
ISO 27001 certificationPLANNED — Q1 2027 target
£38M-£152M Year-3 revenue potentialILLUSTRATIVE — based on 0.5-2% capture of £7.6B addressable spend
90-97.5% cost saving vs AWS/PalantirTRUE — measured against published G-Cloud list prices
MOD/NHS/Home Office/HMRC/Cabinet Office pitchTRUE — buyer mapping documented; outreach pending

8. Verification

# Verify the UK Crown Cloud pitch page is live curl -sI https://csoai-static-deploy2.vercel.app/defoneos-uk-cloud-pitch.html | head -1 # HTTP/2 200 # Verify NCSC 14 CSP coverage curl -s https://csoai-static-deploy2.vercel.app/defoneos-security-architecture.html | grep -c "NCSC\|Cloud Security Principle" # Verify OSCAL SSP endpoint curl -sI https://csoai-static-deploy2.vercel.app/api/oscal | head -1 # HTTP/2 200 # Verify G-Cloud 14 readiness curl -s https://csoai-static-deploy2.vercel.app/defoneos-oscalssp-pipeline.html | grep -c "G-Cloud 14" # Verify SIGIL chain is sovereign curl -s https://csoai-static-deploy2.vercel.app/defoneos-sigil.html | grep -c "UK sovereign\|UK compute mesh"