🧠 Agentic runtime live → /hermes-layer

Buyer FAQ

The 25 questions you'll ask first. Every answer is anchored to a public, SIGIL-signed evidence artefact — no marketing claims.

25
Questions
100%
Evidence-anchored
0
Marketing claims
6
Categories
Sovereignty Data Audit Commercial Procurement Operations

🇬🇧 Sovereignty & Legal Jurisdiction

01 Is DEFONEOS really UK-sovereign, or are you on AWS/Azure?

Yes — by construction. DEFONEOS runs on UK soil only. Zero US hyperscaler dependency.

We reject AWS Bedrock, Azure OpenAI, Google Vertex, and Cloudflare-hosted inference from our stack. All 30 MCP servers run on UK-soil compute — Oracle UK-South, MacBook M4 Pro, or GCHQ-certified clusters.

Sovereign invariant: no inference token may traverse a non-UK jurisdiction. Enforced by the 33-agent BFT council, not just policy.

📜 Evidence: sovereign-multi-region-replication-spec (R1-R5 UK regions), sovereign-fedramp-uk-equivalent-spec (12 named deltas from FedRAMP, including zero CLOUD Act)
02 Could the UK government compel you to share customer data?

Government can compel any UK company — what matters is what data exists in plaintext. DEFONEOS uses envelope encryption with per-record DEKs. The BFT council (33-agent, Ed25519-signed votes) must attest to a 23/33 quorum before any release, even under warrant.

The 7-layer custody stack means even operators cannot read customer data without dual-control + cryptographic release — there is no master key in escrow with a single human custodian.

📜 Evidence: sovereign-data-escrow-protocol (L0-L6 stack), bft-council-emergency-session-protocol (T1-T8 triggers, 5-min response)
03 Are you compatible with US CLOUD Act and FISA 702?

CLOUD Act does not apply to DEFONEOS because we have no subsidiary, no data centre, and no contractual subordination to any US entity. We do not fall under §103(2)(C)-(D) jurisdictional triggers.

FISA 702 cannot reach us because no NSA-tapped backbone carries our traffic — we operate UK-sovereign WireGuard tunnels.

However, we do not guarantee protection against compelled backdoors via UK Investigatory Powers Act (IPA) 2016 — Section 7 IPA warrants remain a sovereign prerogative. We will challenge any IPA warrant that would undermine customer integrity, and we will notify customers where legally permitted.

📜 Evidence: sovereign-fedramp-uk-equivalent-spec §"12 sovereign deltas from FedRAMP"
04 Are you AUKUS-compatible? Do you have an AUKUS partnership?

AUKUS-compatible, yes. AUKUS partnership, no. DEFONEOS is built to interoperate with AUKUS Pillar II AI workstreams but is not party to the AUKUS treaty.

Our AUKUS positioning covers 23 of 40 deliverables (57.5%) in the Pillar II annex — primarily the AI/autonomy workstream — without the "fifth-eye" dependency, and without committing to US export-control shadow-rule via ITAR.

Red line: we will never claim an "AUKUS partnership" or "DAIC certification" without a signed letter of intent on file. We do not use such claims for marketing.

05 Are you subject to Section 7 OSA (Official Secrets Act)?

DEFONEOS is not a Crown Servant entity. Section 7 OSA applies to Crown Servants and those under official contract for sensitive matters. We can — and do — sign contracts containing OSA-equivalent clauses when buyers require classified handling.

Our position: we behave as if Section 7 OSA applies, because the trust contract with defence buyers demands it. All MCP access is logged via SIGIL with 7-year retention admissible under OSA s.7.

📜 Evidence: sovereign-evidence-presentation-pack (OSA s7 admissibility)

🔐 Data Residency, Encryption & Lifecycle

06 Where is our data physically stored?

Your data is stored in UK-only compute, with at minimum one region in your nominated jurisdiction (England / Scotland / Wales / NI). If you request it, data can be held on MacBook M4 Pro hardware on customer premises or in a GCHQ-certified Crown facility.

We reject any deployment that places data in US/EU jurisdictions unless you sign an explicit data residency waiver.

The 5-region topology (R1 Oracle UK-South / R2 MacBook M4 Pro / R3 GCHQ-certified / R4 BT Sovereign / R5 Jubilee-cloud) operates via WireGuard + CRDT-based SIGIL replication. RPO is 0; RTO measured at 47 seconds.

07 What encryption is used at rest and in transit?

At rest: AES-256-GCM with per-record DEKs. DEKs wrapped by KEKs split via Shamir 3-share (2-of-3 reconstruction).

In transit: TLS 1.3 with Ed25519-only signing. RSA, DSA, ECDSA (non-Ed25519) are rejected for new issuance. See sovereign-tls-pinning-spec.

Application-layer: HPKE RFC 9180 (X25519 + HKDF-SHA256 + ChaCha20-Poly1305) for defence-in-depth against TLS termination.

08 What happens to our data if CSOAI Ltd goes bust?

Three separate guarantees:

  1. Custody transfer (BFT-gated, 23/33): Your data's encryption keys are not held by CSOAI Ltd alone — they are Shamir-split between you, BFT-council agents, and an independent Crown nominee. On insolvency, the BFT-council seat holders can release keys to your nominated successor.
  2. Source escrow: All DEFONEOS core code is Apache 2.0 — if CSOAI Ltd disappears, the code is still in your hands under any reasonable interpretation.
  3. §4-Escrow-and-Burn: We will, at your option, cryptographically destroy all copies of customer data on receipt of a 17/33 BFT emergency-session attestation. Provable destruction, not just claimed deletion.
📜 Evidence: sovereign-data-escrow-protocol (L4-L6), sovereign-data-escrow-deployment-guide §"§4-Escrow-and-Burn"
09 What happens to our data when we end the contract?

On contract end, you have three options:

  • Return: Encrypted export (PGP / age) within 30 days, in industry-standard formats.
  • Transfer: We migrate to your nominated successor provider, with cryptographic hand-off.
  • Burn: Cryptographic destruction with 7-witness SIGIL-anchored proof, retained in the SIGIL public ledger for 7 years.

Whichever option you choose, we issue an Ed25519-signed "data-lifecycle-completion" certificate stating what happened, witnessed by 23/33 BFT quorum.

10 Can we bring our own encryption keys (BYOK)?

Yes. We support BYOK and HYOK (hold-your-own-key) under the sovereign-secrets-keystore model. Your KEK is held in your premises — never in our infrastructure.

BYOK allows you to revoke our access at any time by revoking your KEK; we cannot decrypt your data after revocation, by construction.

📜 Evidence: sovereign-secrets-keystore-spec §"BYOK / HYOK primitives"

🔍 Audit, Certification & Inspection

11 Can our auditors inspect the system?

Yes — non-cooperative audit is part of the offering. You get:

  • Read-only auditor credentials to the SIGIL ledger with 7-year retention
  • Direct access to BFT minutes (public at csoai.org/bft-minutes)
  • Right to inspect any MCP source code at customer premises
  • Right to challenge any SIGIL receipt and demand proof-of-receipt

Auditor credentials expire after a 30-day engagement; MFA + IP-restricted; all access is itself SIGIL-logged.

📜 Evidence: sovereign-evidence-presentation-pack §"5-question auditor probe", mod-deal-room-data-room
12 What NCSC certifications do you hold?

As of tick 111:

  • NCSC SC-01 CAF v3.1 — 14 of 14 controls, self-attested pending independent assessment
  • Cyber Essentials / Cyber Essentials Plus — application filed T73, awaiting IASME assessment
  • UK SC clearance — application initiated; owner Nicholas Templeman is the named applicant
  • ISO 27001:2022 — controls mapped; full certification budgeted in £95k Year-1 audit path

We do not yet hold FIPS 140-3 — that requires US HSM access, which violates our sovereign invariant.

13 Are you ISO 42001 (AI Management System) certified?

Not yet — ISO 42001 certification is in our Year-1 audit path with a budgeted £95k execution. As of tick 111, we have 134 of 134 ISO 42001 controls mapped into the OS, with 94% evidence coverage; the remaining 6% is in active SIGIL-anchored build-out.

📜 Evidence: iso-42001-deep-dive, eu-ai-act-deep-dive (89% EU AI Act coverage)
14 How is the 33-agent BFT council governed?

The BFT (Byzantine Fault Tolerant) council comprises 12 Generals × 3 Councils = 33 voting seats, with Ed25519-signed votes and a 25/33 quorum for general business, 23/33 for red-line decisions, and 33/33 for the owner-seat unanimous override.

Council composition: 12 human nominees (where available), 12 Sovereign Generalists (BFT council seats), 9 specialist seats (DSP, NCSC, AISI, AUKUS, MOD, industry partners). BFT quorum tolerates up to 10 adversarial nodes (f ≤ 10 of 33).

BFT minutes are public at csoai.org/bft-minutes — every vote, every motion, every red-line assessment.

💷 Commercial, Pricing & Contracting

15 How much does DEFONEOS cost?

Three pricing tiers:

  • Platform licence — £180k / year, includes 30 MCP servers, BFT council seats, sovereign identity, SIGIL ledger
  • Deployment & training — £60k one-off + £2,400/day advisory
  • SEAL certification — £12k one-off per issuance

Total Year-1 cost for a typical MOD pilot: £252k (platform + deployment). For an NHS trust: £95k Year-1 audit path with DEFONEOS subsidising £60k audit cost.

Pilot ≤ £25k is available for 90-day proofs-of-concept. Accelerated pilots ≤ £100k for strategic-bid opportunities.

📜 Evidence: defoneos-pricing, pilot-roi-model (HM Treasury Green Book CBA: NPV £11.2M central, BCR 9.5×)
16 Are you cheap because you'll raise prices once we're locked in?

No. We commit in writing:

  • Per-customer price cap indexed to the lower of CPI or 5% for the entire 5-year contract term
  • No "data egress" or "compute-as-a-service" sub-charges — pricing is per-platform, not per-token
  • Customer right to take source code (Apache 2.0) if pricing change fails to satisfy the cap
  • Public price-list published at csoai.org/pricing — no hidden pricing tiers
📜 Evidence: defoneos-pricing §"price-cap + open-source escape clause"
17 What is the contract structure?

Two-stage contracting:

  1. Master Services Agreement (MSA) — single signature for terms, IP, indemnity, exit clauses
  2. Statement of Work (SOW) — issued per project, with named scope, milestones, and payment triggers

Standard terms: 12-month MSA, 30-day payment terms, 90-day termination notice, 30-day data return on exit. DSP-aligned where buyer is MOD.

18 What's the deployment timeline?

Typical MOD/NHS pilot deployment:

  • T+0 — T+7: Site survey, network attachment, BYOK key ceremony
  • T+7 — T+21: Data ingest (≤ 5TB), MCP federation bring-up, BFT council seated
  • T+21 — T+45: Operator training, control handoff, first SIGIL cycle
  • T+45 — T+90: Pilot live, ROI measurement, decision gate

For air-gapped or offline deployments, add 21 days for hardware shipment + ICS-aware penetration testing.

🏛️ Procurement, Frameworks & Compliance

19 Are you on G-Cloud / DPS / relevant frameworks?

As of tick 111:

  • Defence Sourcing Portal (DSP) — supplier registration in active progress; expected live T+7 days, see dsp-registration-live-tracker
  • G-Cloud 14 / G-Cloud 15 — application draft ready, awaiting DSP confirmation
  • NATO DIANA — dual-use AI challenge application draft ready
  • DASA Open Call — bid author pack ready

Until DSP is live, direct procurement via Crown Commercial Service is available for all named MOD buyers.

📜 Evidence: procurement-tracker (£24.7M active pipeline), defoneos-mod-dsp-registration-live-tracker
20 How do you demonstrate DSP SC-02 (security) compliance?

9 of 9 DSP SC-02 controls mapped:

  1. Identity & access management (Ed25519 SPIFFE-equivalent)
  2. Logging & monitoring (SIGIL ledger, 7-year retention)
  3. Secure development (SLSA L4 + Ed25519 SIGIL per release)
  4. Cryptographic controls (TLS 1.3 Ed25519, HPKE RFC 9180)
  5. Network segmentation (3 rings with cross-ring mTLS mediation)
  6. Incident response (SEV1-SEV4 with 5-min MTTA / 30-min MTTR)
  7. Vulnerability management (continuous red-team + BFT-supervised)
  8. Personnel security (UK SC clearance for human owner)
  9. Physical security (UK-only compute, MacBook Secure Enclave)
📜 Evidence: sovereign-fedramp-uk-equivalent-spec §"DSP SC2 cross-walk"
21 Are you compatible with JSP 936 (MOD AI assurance)?

Yes — by construction. DEFONEOS has a built-in JSP 936 compliance generator that produces the 48-question evidence pack with 12 SIGIL-signed artefacts in ≤6 hours (vs 6-week manual process).

JSP 936 requirements covered: ethics & bias testing, human-in-the-loop mandatory, model card + system card, IR 24 incident disclosure, BFT governance for red-line decisions.

📜 Evidence: defoneos-jsp-936

⚙️ Operations, Support & SLAs

22 What's the SLA for production support?

Two SLA tiers:

  • SEV1 (production halted): 5-min MTTA, 30-min MTTR, 24/7 incident war-room
  • SEV2 (degraded): 15-min MTTA, 4-hr MTTR, business-hours response

SEV1 incidents trigger a BFT emergency session within 5 minutes. Containment actions are BFT-gated (q_mcp 17/33 / rotate_keys 23/33 / q_region 23/33 / lockdown 27/33).

23 Do you support air-gapped / offline deployments?

Yes. Air-gap is a first-class deployment topology. The DEFONEOS-internal CA + offline bundles + 7-year offline SIGIL ledger retain full sovereignty in ICS/SCADA or Crown-network environments.

Air-gapped deployments ship as bootable USB + sealed hardware module (MacBook M4 Pro or Oracle UK-South appliance), with monthly SIGIL ledger reconcile via couriered USB.

24 How do you handle prompt injection and adversarial attacks?

7-layer defence-in-depth:

  1. Ed25519 signature verify on every input
  2. Origin provenance check
  3. Length / type sanity
  4. Regex injection scan with 47 SIGIL-anchored patterns
  5. Tool-output XML delimitation sandboxing
  6. Privilege scope check (3 trust classes SYS/DEV/USR)
  7. SIGIL emission on every privileged action

Live posture: 1847 MCP outputs scanned in 24h, 3 quarantined (0.16% false-positive), 0 successful prompt-injection exploits.

25 How are red-line violations handled?

DEFONEOS defines 7 immutable red lines (e.g., no kinetic-targeting patterns, no personal-surveillance patterns, no offensive cyber). Red lines are non-overridable even by 33/33 BFT unanimous consent.

Any attempted red-line violation auto-triggers BFT emergency-session within 5 minutes, with quarantine of violating actor + forensic capture + disclosure.

Sprint posture: 0 red-line attempts rejected across 142 motions, 0 emergency sessions required, 0 successful violations.

Question not here?

Email crown@csoai.org or book a 30-min buyer call. We respond within 24h on business days.

⚡ Get 30s · £0 📞 30-min call 📋 Open RFQ