EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Sovereign AI Operating System

DEFONEOS Vendor-Pivot Playbook — 90-Day 5-Phase SOP (Discovery→SEV-1 Audit)

Vendor-pivot SOP SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-mod-vendor-pivot-playbook-2026-07-13-de209d70403f41f9
Publisher: DEFONEOS Sovereign Substrate · Vercel prod

90-day vendor-pivot SOP. Five phases, named owners, dated milestones, SIGIL-anchored evidence at every gate. From Discovery to SEV-1 steady state. This is the playbook for moving a sovereign-AI workload off a US-domiciled vendor and onto DEFONEOS without breaking the production line.

Phase 1 — Discovery + SIGIL baseline (Days 1-14)

Owner: Chief Architect · Co-owner: Chief Information Security Officer

Objective: Catalog every model event, dataset, weight, and inference in the existing vendor stack. Generate the SIGIL baseline — the before-state receipt that anchors the entire pivot.

Exit gate: BFT-33 sign-off on the baseline · risk register approved by CRO · pilot SOW signed.

Phase 2 — Contract fork (Days 15-35)

Owner: General Counsel · Co-owner: Chief Commercial Officer

Objective: Issue the parallel contract with DEFONEOS, while keeping the existing vendor contract live. Two contracts, two stacks, two audit chains — until the cutover.

Exit gate: Both contracts live · parallel-run approved by CDAO · termination-readiness memo signed by GC.

Phase 3 — Pilot sandbox (Days 36-60)

Owner: Head of Customer Success · Co-owner: Lead ML Engineer

Objective: Run DEFONEOS in a sandbox that mirrors the production workload 1:1. Generate the SIGIL pack that proves equivalence (or superiority) on the same dataset, same task, same SLA.

Exit gate: Pilot evidence pack signed by CRO + named buyer · sandbox matches production SLA · 3 SEV-1 simulations passed.

Phase 4 — Cutover + audit (Days 61-80)

Owner: Chief Delivery Officer · Co-owner: CISO

Objective: Move production traffic to DEFONEOS, one workload at a time, with parallel-run shadowing for 14 days. Generate the post-cutover audit pack.

Exit gate: All workloads cutover · 12-framework audit pack signed · vendor termination notice issued.

Phase 5 — SEV-1 steady state (Days 81-90)

Owner: Chief Reliability Engineer · Co-owner: CRO

Objective: Confirm the steady-state operating posture — escalation runbook, churn-prevention levers, no-fault exit — all live and tested.

Exit gate: BFT-33 final sign-off · SIGIL pack archived as the new baseline · customer board is briefed.

SIGIL chain of evidence

Every phase generates a SIGIL receipt. The 5 receipts form an append-only chain; the digest of the chain is published to the BFT-33 ledger at the end of each phase. If the customer (or the regulator) ever asks "when did the pivot happen, and what evidence was signed at each gate?", the answer is one query against the ledger.


Appendix A — SIGIL chain-of-custody

Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.

A.1 — Receipts cited on this page

A.2 — Replay procedure (auditor can run it themselves)

  1. Pull the SIGIL pack from the public ledger (ledger.get(release_id)).
  2. Verify the manifest digest against the published ledger entry.
  3. Walk the hash chain from manifest → events → root → release digest.
  4. Verify the Ed25519 signatures against the BFT-33 public key.
  5. Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
  6. Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
  7. Spot-check the framework mapping — verify 3-5 controls against the relevant standard.

Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.

A.3 — Cross-references to adjacent surfaces

A.4 — Contact and escalation


Appendix B — Operating context

This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.

The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.

B.1 — Why this surface exists

Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.

B.2 — The 12-framework coverage

Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.

B.3 — The 5-year horizon

Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.


Appendix C — Glossary of terms