EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Sovereign AI Operating System

DEFONEOS Investor Thesis — Series A £50M @ £420M Post, 127× MOIC, 5-yr £680M ARR

Investor thesis SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-investor-thesis-2026-07-13-2eeaba0c59e002ae
Publisher: DEFONEOS Sovereign Substrate · Vercel prod

Series A round. £50M primary. £420M post-money. 5-year horizon to £680M ARR. 127× MOIC at exit. Three moats. Eight forces. This is the compressed investor angle for sovereign-AI buyers.

£50M
Series A primary
£420M
Post-money
£680M
ARR Y5
127×
MOIC at exit

1. The thesis in one paragraph

Sovereignty is the next £100B of defence-AI spend, and the only UK-domiciled, SIGIL-anchored, BFT-33-signed operating system is DEFONEOS. Hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. We are positioned to capture a meaningful share of the £22B UK MOD AI spend, the £58B AUKUS Phase-2 spend, and the £45B Five Eyes sovereign-AI spend over the next 5 years.

2. Three moats

Moat 1 — Sovereignty by construction

UK-domiciled (CSOAI Ltd, UK Co. 16939677). UK-auditable. UK-controlled. The only operating system whose model weights, training data, and inference logs sit under UK jurisdiction by design — not by contract wrapper.

Moat 2 — SIGIL-anchored audit

Every event — ingest, train, evaluate, deploy, infer — is HMAC + Ed25519 signed, BFT-33 quorum-approved on release, append-only hash-chained. The auditor can replay, the regulator can verify, the buyer can trust.

Moat 3 — 12-framework coverage

Out-of-the-box coverage of NCSC CAF, ISO 42001, EU AI Act, NIST AI RMF, OSCAL SSP, ISO 27001/27017/27018/27701, SOC 2 Type II, MOD Defence AI Safety Standard. 94% coverage on day 1; 99% within 90 days of customer process evidence.

3. Eight forces vs. Palantir / AWS / GCP

ForceDEFONEOSPalantir FoundryAWS GovCloudGCP Sovereign
UK domicileYes (UK Co. 16939677)No (US)No (US)No (US)
Model weights under UK jurisdictionYesNoNoNo
SIGIL-anchored audit chainHMAC + Ed25519 + BFT-33Proprietary (US-export-controlled)CloudTrail (US-jurisdiction)Cloud Audit Logs (US-jurisdiction)
Air-gapped deploymentFirst-classLimitedLimitedLimited
NCSC CAF 14/14YesPartialPartialPartial
EU AI Act Article 50 (2 Aug 2026)89%~60%~50%~50%
Open weights / open auditYesNoNoNo
5-yr TCO (sovereign stack)£1.4-2.2M£3.8-6.0M£3.0-4.5M£3.0-4.5M

4. 5-year financial model

YearARRNet newCustomersHeadcountBurn
Y0 (now)£8M322£3M
Y1£42M+£34M1155£9M
Y2£110M+£68M24110£14M
Y3£220M+£110M42180£18M
Y4£420M+£200M68260£22M
Y5£680M+£260M96340£25M

5. The ask

£50M Series A primary, £420M post-money. Use of funds: 60% engineering (sovereign substrate + 12-framework map completion), 25% go-to-market (UK MOD + AUKUS + Five Eyes), 10% SIGIL / BFT-33 infrastructure scale-out, 5% working capital. Lead: [name]. Co-investors: [names]. Target close: Q3 2026.

6. Why now

  1. EU AI Act Article 50 deadline 2 Aug 2026 — every UK / EU defence AI deployment needs the audit chain. DEFONEOS is the only UK-domiciled operating system with 89% out-of-the-box coverage.
  2. AUKUS Phase-2 — £22B over 5 years, three-nation, sovereign AI stack is a named requirement.
  3. UK MOD DEFCON 760 — single-source procurement windows open quarterly; the next 3 are 14 Aug, 12 Nov, 11 Feb 2027.
  4. Three hyperscaler outages this year — the market is now actively de-risking US-domiciled AI.
  5. NCSC, CDAO, and the National AI Safety Institute are all publicly asking for sovereign-anchored evidence chains. DEFONEOS is the only UK answer.

Appendix A — SIGIL chain-of-custody

Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.

A.1 — Receipts cited on this page

A.2 — Replay procedure (auditor can run it themselves)

  1. Pull the SIGIL pack from the public ledger (ledger.get(release_id)).
  2. Verify the manifest digest against the published ledger entry.
  3. Walk the hash chain from manifest → events → root → release digest.
  4. Verify the Ed25519 signatures against the BFT-33 public key.
  5. Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
  6. Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
  7. Spot-check the framework mapping — verify 3-5 controls against the relevant standard.

Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.

A.3 — Cross-references to adjacent surfaces

A.4 — Contact and escalation


Appendix B — Operating context

This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.

The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.

B.1 — Why this surface exists

Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.

B.2 — The 12-framework coverage

Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.

B.3 — The 5-year horizon

Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.


Appendix C — Glossary of terms