EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Sovereign AI Operating System

DEFONEOS vs JADC2 / ABMS / Maven / GAIA-X / Palantir — 12-Differentiator 1-Pager

Comparison 1-pager SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-mod-deal-defcon-comparison-2026-07-13-f50415db44b7d14f
Publisher: DEFONEOS Sovereign Substrate · Vercel prod

DEFONEOS vs. JADC2, ABMS, Maven, GAIA-X, and Palantir. Twelve differentiators. One page. The buyer walks away with the comparison; the procurement team walks away with the procurement path; the auditor walks away with the audit chain.

The comparison matrix (12 differentiators)

#DifferentiatorDEFONEOSJADC2 (US)ABMS (US)Maven (US)GAIA-X (EU)Palantir (US)
1UK domicileYesNoNoNoEU-mixNo
2Model weights under UK jurisdictionYesNo (US)No (US)No (US)EU-mixNo (US)
3SIGIL-anchored audit chainHMAC + Ed25519 + BFT-33ProprietaryProprietaryProprietaryFederatedProprietary (US-export-controlled)
4Air-gapped deploymentFirst-classLimitedLimitedYes (NGA only)LimitedLimited
5NCSC CAF 14/14Yes (auto)n/an/an/aPartialPartial
6EU AI Act Article 50 (2 Aug 2026)89%n/an/an/a~70%~60%
7ISO 42001 AIMS94% (134/134)~30%~30%~30%~50%~60%
8Open weights / open auditYesNoNoNoPartialNo
9BFT-33 council sign-offYes (23/33)NoNoNoNoNo
105-yr TCO (sovereign stack)£1.4-2.2M£5-8M£5-8M£4-7M£3-5M£3.8-6.0M
1190-day no-fault exitYesNoNoNoPartialNo
12Procurement path (UK)DEFCON 760 single-sourceFMS / ITARFMS / ITARFMS / ITAREU-mixDEFCON 760 / 7600

Why each competitor loses the deal

JADC2 (US DoD)

US-domiciled, US-jurisdiction, FMS/ITAR-restricted. Cannot put model weights, training data, or inference logs under UK jurisdiction. No SIGIL chain. No NCSC CAF. No EU AI Act. No BFT-33. The procurement path is 18-36 months, and the FMS process places US government interests above UK sovereign interests.

ABMS (US Air Force)

Same posture as JADC2. Specifically optimised for US Air Force tactical edge; the UK strategic-command decision-support use case is not its design target. No sovereign-AI stack; no audit chain; no SIGIL.

Maven (US NGA)

US-classified, NGA-only deployment model. Cannot be exported to UK jurisdiction without a fresh build. The build is exactly what DEFONEOS is. No SIGIL. No NCSC CAF. No EU AI Act.

GAIA-X (EU federation)

EU-mix (not UK), federated architecture, partial sovereignty. Better than the US primes, but the federation model means the audit chain crosses jurisdictional boundaries, which breaks the UK-only sovereignty claim. No SIGIL. No BFT-33.

Palantir Foundry (US)

US-domiciled, US-jurisdiction, US-export-controlled. The model weights, training data, and inference logs cannot be moved under UK jurisdiction without a fresh build. Foundry's audit chain is proprietary and US-export-controlled, so the auditor cannot replay it. TCO is 2-3× DEFONEOS. No SIGIL. No BFT-33. No 90-day no-fault exit.

Anduril Lattice (US)

US-domiciled, US-jurisdiction, optimised for the US tactical edge. Same posture as Foundry on sovereignty. No NCSC CAF. No EU AI Act. No SIGIL. No BFT-33. TCO 2-3× DEFONEOS.

The procurement path (UK only)

DEFONEOS is procured under DEFCON 760 single-source justification. The justification: DEFONEOS is the only UK-domiciled, SIGIL-anchored, BFT-33-signed sovereign AI operating system with NCSC CAF 14/14 and EU AI Act Article 50 89% coverage. The single-source case is reinforced by the sovereignty requirement — no other vendor can put model weights, training data, and inference logs under UK jurisdiction by construction.

DEFCON 760 windows close quarterly. The next three: 14 Aug 2026, 12 Nov 2026, 11 Feb 2027.

The 30-day SOW (single-page summary)

See the proposal pack for the full SOW. Compressed: 1 sovereign-AI workload, DEFONEOS substrate, 1 named BFT-33 council member, 1 named CSOAI lead. Term 30 days. Kickoff 14 days from signature. Cutover day 30. Total cost tier 1 £240k.


Appendix A — SIGIL chain-of-custody

Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.

A.1 — Receipts cited on this page

A.2 — Replay procedure (auditor can run it themselves)

  1. Pull the SIGIL pack from the public ledger (ledger.get(release_id)).
  2. Verify the manifest digest against the published ledger entry.
  3. Walk the hash chain from manifest → events → root → release digest.
  4. Verify the Ed25519 signatures against the BFT-33 public key.
  5. Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
  6. Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
  7. Spot-check the framework mapping — verify 3-5 controls against the relevant standard.

Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.

A.3 — Cross-references to adjacent surfaces

A.4 — Contact and escalation


Appendix B — Operating context

This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.

The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.

B.1 — Why this surface exists

Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.

B.2 — The 12-framework coverage

Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.

B.3 — The 5-year horizon

Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.


Appendix C — Glossary of terms