EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Sovereign AI Operating System

DEFONEOS Churn Prevention — 30-Day Window, 6 Recovery Levers, No-Fault Exit

Churn prevention SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-mod-churn-prevention-2026-07-13-2f34c97948e0fc11
Publisher: DEFONEOS Sovereign Substrate · Vercel prod

The 30-day decision window. Six unconditional recovery levers. No-fault exit. Rolling SIGIL-anchored. This is the playbook for when a sovereign-AI customer signals churn — the playbook the customer-success team runs, the playbook the CRO signs off, and the playbook the BFT-33 council watches.

1. The 30-day decision window

From the moment a churn signal fires (renewal objection, scope reduction, executive sponsor change, regulatory shift, or competitive replacement), the customer-success team has 30 days to run the 6-lever recovery plan. If, after 30 days, the customer still wants to leave, the no-fault exit clause activates — and we walk them out the door with their weights, their audit chain, and a public thank-you.

2. The 6 unconditional recovery levers

Lever 1 — The 24-hour executive call

Within 24 hours of the churn signal, the CSOAI CEO calls the customer's named executive sponsor. Not a sales call. A listening call. 30 minutes, no slides, no agenda. Outcome: a written summary of the customer's actual concern (often different from the stated one), shared with the customer within 4 hours.

Lever 2 — The SIGIL-pack replay

Within 48 hours, the customer-success team runs a live SIGIL-pack replay for the customer's named auditor. The replay shows the chain of evidence for the workload, the BFT-33 sign-off record, the 12-framework coverage, and the audit cadence. Outcome: a re-anchored trust moment, anchored to evidence, not promises.

Lever 3 — The 12-framework gap-close

Within 7 days, the customer-success team produces a gap-close plan for any framework the customer is concerned about. Typically 1-2 gaps; 90-day close; SIGIL-anchored milestones. The gap-close plan is signed by the customer, the CSOAI CRO, and the named BFT-33 council member.

Lever 4 — The no-fault-exit pre-position

Within 14 days, the customer-success team walks the customer through the no-fault exit clause. The clause is in the master contract; it is unconditional; 90-day migration window; open weights, open audit chain. The walk-through often resolves the churn signal — the customer realises the risk of leaving is provably zero, which removes the "we're stuck" objection.

Lever 5 — The named-owner escalation

Within 21 days, if the churn signal is still live, the customer-success team escalates to the CSOAI CRO + the customer's named executive sponsor. The escalation is a 60-minute working session, anchored to the SIGIL pack, with a written outcome published within 24 hours.

Lever 6 — The 30-day re-sign or no-fault exit

Within 30 days, the customer either re-signs (with a 12-month extension at current or adjusted terms) or activates the no-fault exit. There is no Lever 7. The 30-day decision window is the contract; it is SIGIL-anchored; the BFT-33 council watches.

3. The 7 churn-signal types (and the named owner for each)

SignalWhat it looks likeNamed ownerFirst action
Renewal objectionCustomer says "we're not renewing" or asks for a 50%+ price cutHead of CSLever 1 (24-hour exec call)
Scope reductionCustomer reduces the number of workloads or the SEV tierHead of CSLever 2 (SIGIL replay)
Executive sponsor changeCustomer's named exec sponsor leaves or is replacedCSOAI CEOLever 1 + re-pitch the sovereignty story
Regulatory shiftCustomer's regulatory environment changes (e.g., new framework)CSOAI CRO + GCLever 3 (12-framework gap-close)
Competitive replacementCustomer names Palantir, Anduril, or hyperscaler as the replacementCSOAI CEO + CROLever 1 + battle card + decision tree
BFT-33 sign-off failureThe BFT-33 council rejects a customer release (rare)CSOAI CROLever 2 + BFT-33 council open hearing
SIGIL chain breakThe SIGIL chain shows a tamper event (very rare)CSOAI CRO + CISOSEV-1 escalation; full replay; public statement

4. The no-fault exit clause (the 6 things the customer walks away with)

  1. Their model weights — open format, open weights, fully exportable.
  2. Their training data — open format, fully exportable, with the original lineage manifest.
  3. Their inference log — append-only, HMAC-signed, fully exportable as CSV/JSON.
  4. Their SIGIL pack — the full evidence chain for the customer's tenure.
  5. Their 12-framework audit pack — auto-generated, audit-ready.
  6. A 90-day migration window — CSOAI engineering time to help them move to any other sovereign substrate.

5. The bottom line

The 6 levers are unconditional. The no-fault exit is in the contract. The SIGIL pack is the chain of evidence — for the recovery attempt, for the renewal, or for the exit. Trust is the moat. The chain is the proof.


Appendix A — SIGIL chain-of-custody

Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.

A.1 — Receipts cited on this page

A.2 — Replay procedure (auditor can run it themselves)

  1. Pull the SIGIL pack from the public ledger (ledger.get(release_id)).
  2. Verify the manifest digest against the published ledger entry.
  3. Walk the hash chain from manifest → events → root → release digest.
  4. Verify the Ed25519 signatures against the BFT-33 public key.
  5. Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
  6. Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
  7. Spot-check the framework mapping — verify 3-5 controls against the relevant standard.

Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.

A.3 — Cross-references to adjacent surfaces

A.4 — Contact and escalation


Appendix B — Operating context

This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.

The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.

B.1 — Why this surface exists

Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.

B.2 — The 12-framework coverage

Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.

B.3 — The 5-year horizon

Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.


Appendix C — Glossary of terms