EU AI Act Article 50 — 20 days to seal | Get passport

DEFONEOS Data Governance

GDPR · DPA 2018 · UK GDPR · Data Minimisation · Sovereign Storage · Subject Rights Automation
Version 1.0 · 5 Jul 2026 · Ed25519: b2e5f8a1c3d7e902 · ICO Registration: ZA##### (pending)

DEFONEOS operates under the principle of sovereign data sovereignty: all personal data stays within UK jurisdiction, processed on UK-based infrastructure, under UK law (DPA 2018 + UK GDPR). No data crosses to foreign infrastructure. No data trains foreign models. Every data action is SIGIL-recorded for audit.

0
Data Items Leaving UK
7
GDPR Principles Enforced
8
Subject Rights Automated
90d
Forensic Data Retention Max

1. GDPR Principles → DEFONEOS Implementation

GDPR PrincipleArticleDEFONEOS ImplementationStatus
Lawfulness, Fairness, TransparencyArt 5(1)(a)Every data processing action logged to SIGIL chain with purpose. Data subjects can request full processing history.ENFORCED
Purpose LimitationArt 5(1)(b)Data collected for defence/public safety purposes may NOT be repurposed. Purpose hash recorded at collection time.ENFORCED
Data MinimisationArt 5(1)(c)PII redaction at source. Only operationally necessary data collected. Camera feeds auto-blur faces. Audio feeds anonymise voices.ENFORCED
AccuracyArt 5(1)(d)Sensor data timestamped and source-attributed. Confidence scores attached. No data presented without provenance.ENFORCED
Storage LimitationArt 5(1)(e)Operational data: 30-day rolling window. Forensic data: 90-day max. SIGIL chain: permanent (hash only, no PII).ENFORCED
Integrity & ConfidentialityArt 5(1)(f)Ed25519 signatures on all data. Quantum-safe key rotation (ML-DSA-65 by 2027). Air-gapped deployment option.ENFORCED
AccountabilityArt 5(2)3-layer audit chain (OrgKernel): L1 Identity → L2 Execution → L3 Compliance. Every action cryptographically attributed.ENFORCED

2. Data Categories & Handling

CategoryExamplesLegal BasisRetentionStorage
Special Category (Art 9)Biometrics (face blur only), health (medevac)Art 9(2)(g) — substantial public interest30 daysOn-device only, never persisted
Operational Sensor DataCamera feeds, AIS, weather, air qualityArt 6(1)(e) — public task30 days rollingUK sovereign VM
Agent CommunicationsSIGIL entries, BFT votes, council decisionsArt 6(1)(f) — legitimate interestPermanent (hash only)SIGIL chain (no PII)
System LogsAccess logs, error logs, performance metricsArt 6(1)(f) — legitimate interest90 daysUK sovereign VM
User Account DataName, email, role, RBAC permissionsArt 6(1)(b) — contractAccount lifetime + 30dUK sovereign VM (encrypted)
Forensic EvidenceIncident artifacts, chain of custodyArt 6(1)(c) — legal obligation90 days (unless legally required longer)Air-gapped storage

3. Data Subject Rights Automation

RightArticleHow DEFONEOS SatisfiesResponse Time
Right of AccessArt 15SIGIL explorer API: subject can query all processing actions involving their data (PII-redacted references)≤30 days
Right to RectificationArt 16Self-service portal: user can correct account data. Operational sensor data is immutable (timestamped).≤30 days
Right to ErasureArt 17Account data: immediate deletion. SIGIL references: pseudonymised (hash remains, PII removed).≤30 days
Right to Restrict ProcessingArt 18User can flag their data as restricted. System marks all related SIGIL entries as restricted.≤30 days
Right to Data PortabilityArt 20Export API: user data exported as JSON/CSV with full processing history.≤30 days
Right to ObjectArt 21User can object to specific processing. BFT council reviews objection within 30 days.≤30 days
Right Not to Be Subject to Automated Decision-MakingArt 225-level human oversight framework. All SEV-1 decisions require human authority. No fully autonomous kinetic decisions.Immediate
Right to Withdraw ConsentArt 7(3)One-click withdrawal in user portal. Processing stops immediately, data queued for deletion.Immediate

4. Sovereign Storage Architecture

📡 Sensor Input
🔒 PII Redaction
🇬🇧 UK VM Storage
⛓️ SIGIL Hash
⏰ 30d Expiry

Storage Locations

LayerLocationEncryptionBackup
Primary VMUK GCP (meok-backend)AES-256 at restDaily snapshot, UK region
Edge CacheOn-device (M2/M3/M4 Mac)FileVault + AES-256Local Time Machine
Air GapPhysical USB (offline)VeraCrypt containerManual rotation
SIGIL ChainDistributed (Mac + VM)Ed25519 signedHash-chained (tamper-evident)

No Foreign Transfer — Ever

DEFONEOS guarantees zero international data transfers. The system is architected so that:

5. Data Protection Impact Assessment (DPIA) — Summary

DPIA ElementDEFONEOS Response
System DescriptionSovereign AI OS for defence/public safety. 30 MCP servers, 33-agent BFT council, SIGIL audit chain.
Necessity & ProportionalityData minimisation at source. PII redaction before storage. Only operationally necessary data collected. 30-day retention.
Risks to Rights & FreedomsMass surveillance risk → mitigated by 7 red lines. Discrimination risk → mitigated by BFT council diversity. Data breach risk → mitigated by Ed25519 + quantum-safe rotation.
Risk Mitigation MeasuresPII redaction, SIGIL audit chain, BFT governance, red-line enforcement, human oversight, sovereign storage, 90-day forensic cap.
DPO Sign-offPENDING — DPIA drafted, requires DPO review before live deployment.

6. UK GDPR + DPA 2018 Specifics

DPA 2018 ProvisionDEFONEOS Implementation
Part 2, Ch 2 — General ProcessingAll standard GDPR principles applied as above.
Part 2, Ch 3 — Law Enforcement ProcessingIf used for law enforcement: separate controller agreement, additional safeguards, crime-specific retention schedule.
Schedule 1 — Substantial Public Interest ConditionsDefence and national security fall under Schedule 1(2). Appropriate policy document required — DEFONEOS Charter serves this role.
s170 — Unlawful Obtaining of Personal DataSIGIL chain + DORADO foreign access detector prevent and log all unauthorised data access attempts.
National Security Exemption (s26)DEFONEOS documents which exemptions are claimed and why — never blanket-applied. SIGIL chain records the claim.

7. Automated Compliance Pipeline

┌──────────────────────────────────────────────────────────┐
│              DATA GOVERNANCE PIPELINE                     │
├──────────────────────────────────────────────────────────┤
│                                                           │
│  INPUT          REDACT          STORE          AUDIT      │
│  ┌─────┐       ┌─────┐        ┌─────┐       ┌─────┐     │
│  │Data │──────▶│PII  │───────▶│UK VM│──────▶│SIGIL│     │
│  │In   │       │Blur │        │Encr │       │Chain│     │
│  └─────┘       └─────┘        └─────┘       └─────┘     │
│                    │              │              │        │
│                    ▼              ▼              ▼        │
│               No faces       AES-256        Ed25519      │
│               No voices      FileVault      Hash-chain   │
│               No plates      Air-gap opt   BTC anchor    │
│                                                           │
│  EXPIRE:  30 days operational  |  90 days forensic        │
│  EXPORT:  Art 20 JSON/CSV     |  Art 15 SIGIL query      │
│  DELETE:  Art 17 immediate    |  Art 17(3) hash remains  │
│                                                           │
└──────────────────────────────────────────────────────────┘

8. Breach Notification Protocol

StepActionTimelineResponsible
1Breach detected by Gods-Eye scanner or DORADOT+0Autonomous
2SEV-1 classification, BFT council emergency sessionT+30sBFT 23/33
3Containment (see Incident Response Playbook)T+2minBFT + System
4Breach assessment: scope, data types, affected subjectsT+1hDPO (human)
5If risk to rights & freedoms: notify ICO≤72hDPO + Nick
6If high risk: notify affected data subjects≤72hDPO + Nick
7Breach record created on SIGIL chain≤72hAutonomous
8Post-breach review and hardening≤7 daysBFT + DPO

9. Controller / Processor Roles

EntityRoleResponsibilities
CSOAI Ltd (UK 16939677)Data ControllerDetermines purposes and means of processing. Maintains DPIA. ICO point of contact.
MEOK AI LabsProcessor (internal)Builds and maintains DEFONEOS infrastructure. Acts on controller instructions.
End User Organisation (e.g., MOD)Joint ControllerDetermines operational use. Subject to their own DPIA.
UK GCP InfrastructureSub-processorProvides compute. Data Processing Agreement (DPA) in place. UK region only.

📋 Honesty Register

10. Compliance Crosswalk

FrameworkArticle/ControlDEFONEOS Coverage
UK GDPRArts 5-22Full — all 7 principles + 8 rights implemented
DPA 2018Parts 2-4 + Schedule 1Framework documented. Schedule 1 policy = DEFONEOS Charter
EU AI ActArt 10 — Data GovernanceTraining data governance, bias mitigation, provenance tracking
EU AI ActArt 14 — Human Oversight5-level oversight framework, Art 22 automated decision rights
JSP 440Defence InfoSecUK MOD data handling compatible. SIGIL chain provides audit trail.
NIS Regulations 2018Security of Network & Info SystemsIncident notification pipeline. Operators of Essential Services compatible.
Cyber Essentials5 Technical ControlsFirewall, secure config, access control, malware protection, patch management
ISO 27001Annex A.8 — Asset ManagementData classification, handling, retention schedule