The cumulative SIGIL evidence pack. Three tiers of verification — HMAC, Ed25519, BFT-33 — bound to an append-only hash chain. This is the artefact the auditor, the regulator, and the customer can replay to verify any pilot, any release, any decision.
Symmetric, hardware-backed, 90-day key rotation. Used for: high-frequency events (inference logs, training data chunks, dataset manifests). Throughput: 1M+ events/sec. Storage: append-only, gzip-compressed, 30-day rolling archive.
Trust level: Internal (CSOAI + customer). Replayable on demand.
Asymmetric, per-service subkey, BFT-33 quorum-approved on subkey generation. Used for: medium-frequency events (model releases, evaluation reports, audit sign-offs). Throughput: 10k+ events/sec. Storage: append-only, public-exportable.
Trust level: Customer + auditor. Replayable by any third party with the public key.
Byzantine fault-tolerant council of 33 named members, 23-quorum, 28-approve / 5-amend / 0-reject typical. Used for: low-frequency, high-stakes events (production releases, contract milestones, sovereign-grade decisions). Throughput: 1-10 events/day. Storage: append-only, ledger-published.
Trust level: Public. Replayable by anyone, anywhere, in their own tooling.
Every event — at every tier — is appended to a single hash chain. The chain is a Merkle-DAG with one root per release. The root digest is the SIGIL pack digest. The SIGIL pack digest is published to the BFT-33 ledger.
event_i.digest = sha256(parent_digest || event_i.payload || event_i.signature)
release.digest = sha256(event_1.digest || ... || event_n.digest)
ledger.entry = ed25519(release.digest, BFT33-quorum-key)
Any tampering with any event in the chain breaks the chain. The break is detectable in O(1) by walking from any event back to the parent digest and comparing. The break is provable in O(log n) by Merkle inclusion proof.
Defence against the "rewrite the whole chain" attack: the BFT-33 ledger is published externally; a rewrite of the local chain does not match the published ledger; the divergence is detected in the next audit cycle.
| Section | What it contains | Tier | Format |
|---|---|---|---|
| 1. Manifest | Release ID, version, date, BFT-33 digest, sign-off list | T3 | JSON + Ed25519 |
| 2. Model weights | Hash + signature of every model artefact | T2 | SHA-256 + Ed25519 |
| 3. Training data | Hash + signature of every dataset chunk + lineage | T2 | JSON + Ed25519 |
| 4. Evaluation | 240-test results, pass/fail, threshold, regression delta | T1+T2 | JSON + HMAC + Ed25519 |
| 5. Inference log | Append-only, scoped to date+model+user+decision | T1 | CSV / JSON + HMAC |
| 6. Audit log | Who accessed the SIGIL pack, when, what they queried | T1 | JSON + HMAC |
| 7. BFT-33 sign-off | 33-member list, votes, digest, signature | T3 | JSON + Ed25519 |
| 8. Framework mapping | 1:1 mapping to NCSC CAF / ISO 42001 / EU AI Act / etc. | T2 | JSON + Ed25519 |
ledger.get(release_id)).Total replay time: 15-30 minutes. No DEFONEOS cooperation required.
Each release's SIGIL pack includes a reference to the previous release's root digest. The cumulative chain grows by exactly one new event per release: cumulative_root_i = sha256(cumulative_root_(i-1) || release_i.digest). The auditor can walk the cumulative chain from any release back to the genesis release, or forward to the current release, in O(1) per step.
Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.
Evidence pack/manifest/defoneos-mod-pilot-evidence-pack.ed25519 — page manifest, BFT-33 signed on publication.Evidence pack/body/defoneos-mod-pilot-evidence-pack.hmac — body content hash, HMAC-SHA-256, 90-day rotation.Evidence pack/cumulative/defoneos-mod-pilot-evidence-pack.ed25519 — cumulative chain root including this page.bft33/release/defoneos-mod-pilot-evidence-pack/digest.ed25519 — BFT-33 sign-off record, 23-of-33 quorum.framework/mapping/defoneos-mod-pilot-evidence-pack.ed25519 — 12-framework mapping receipt.ledger.get(release_id)).Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.
This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.
The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.
Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.
Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.
Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.