EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · OWEM (SOV3³) · Crown / Defence RFQ · v1.0
13 Jul 2026 Crown / BAE / Rolls / Leonardo / Thales HMAC-SHA256 SIGIL GDPR Art 5(1)(a)

Request a Sovereign Organic World Model — OWEM (SOV3³).

OWEM is the Organic World Model for the sovereign AI substrate: a continuously-exploring agent-mesh that maps, simulates, and stress-tests your operational environment with zero foreign-bytes data-flow. Built on SOV3³ (12-General OOWM council × 33-agent BFT governance × Ed25519 SIGIL chain), OWEM offers air-gap mode, UK sovereign custody (NCSC Cloud Principles 1-14), and full pre-mapping to JSP 936, JSP 440, DefSTAN 05-138, PA-2023 vehicles (DEFCON 760, G-Cloud 14, DOS 7, DSP), and EU AI Act high-risk (Art 14 + Art 50). Submits to sales@defoneos.ai and returns an HMAC-SHA256 sovereign SIGIL receipt.

11Form fields
5UK / NATO primes
6Verbatim citations
5Case-study anchors

§1 — Why OWEM (SOV3³) for your procurement?

OWEM is the third substrate in the SOV3 sovereign stack: SOV3 certifies the model is sovereign-trained; SOV3² (12-General OOWM council) certifies reasoning is sovereign-bounded; SOV3³ — OWEM certifies world-exploration is sovereign-bounded. The world-model has no LM training data: it builds its situational picture from on-premise telemetry, sovereign SIGIL receipts, and buyer-supplied OSINT feeds only.

Sovereign exploration

OWEM continuously explores emitter mapping, sensor reach, supply-chain reachability, lateral-cyber paths, ISR coverage — and emits SIGIL-anchored map deltas. Air-gap (no network egress) is tier-1.

Organic world-model

12-General OOWM × 3-Council-BFT delivers emergent predictions (adversary at T+24h, supply-chain first-failure, ISR degradation). Outputs are suggestions for human command — never autonomous action.

Sovereign custody

UK sovereign compute by default (NCSC Cloud Principles 1-14). Optional List X / SC / DV-cleared for SECRET. Every SIGIL is Ed25519-signed and Bitcoin-anchorable.

Compliance pre-mapped

JSP 936, JSP 440, DefSTAN 05-138, EU AI Act Art 14 + Art 50, GDPR Art 5(1)(a), ISO/IEC 42001:2023 A.5, NIST AI RMF GOVERN — attested from day one via /api/oscal.

The OWEM tier architecture

TierSeatsAir-gapClearancePilotAnnual
OWEM-Open-Core1-33OptionalOFFICIAL£60K£180K
OWEM-Professional34-100RequiredOFFICIAL-SENSITIVE£140K£420K
OWEM-Enterprise100+RequiredSECRET (List X)£252K£1.25M
OWEM-CrownunlimitedBilateralTS on reqNegotiatedNegotiated

§2 — Sovereign RFQ form

Fields marked * required. GDPR consent (UK GDPR Art 6(1)(a) + Art 7) mandatory. POSTs to /api/crown-rfq with HMAC-SHA256 sovereign signing; returns SHA-512 SIGIL receipt. Honeypot traps bots; humans leave empty.

§2a — Organisation & contact

§2b — Deployment requirements

§2c — Schedule & commercial

HMAC-SHA256 signed · SHA-512 sovereign SIGIL receipt.

✅ Sovereign receipt issued —

Your OWEM RFQ has been captured and routed to sales@defoneos.ai. Retain the receipt for procurement audit.

Sovereign tier
Timestamp (UTC)
HMAC-SHA256Algo
HTTP 200Status

SHA-512 sovereign SIGIL (Ed25519-anchored, chain-ready)

— computing SIGIL —

HMAC-SHA256 envelope signature

— signing envelope —
FieldValue
Capture endpoint/api/crown-rfq
RFQ ID
TierCrown / Defence RFQ
Sovereign baseCSOAI Ltd · UK Co. 16939677
NotifyTelegram · Email · /tmp/crown-rfq.log fallback
SLA24h reply (UK BST working hours)

§3 — Real-world case-study anchors

Public-record case studies of large-scale sovereign-AI / defence-procurement programmes. Context only — not DEFONEOS work. Click each to verify the primary source.

ProgrammeSovereign-AI / defence patternVerified valueSource
Type 26 Global Combat Ship (BAE Systems surface combatant)12-platform ASW frigate, multi-decade sovereign build mapping supply-chain sovereignty, SECRET + List X classification handling, Crown procurement patterns for AI-on-platform deployments.£8.4Bbaesystems.com
Tempest GCAP (UK + Italy + Japan sixth-gen fighter)Sixth-generation fighter with embedded AI co-pilots, sovereign-by-construction; canonical reference for "AI in the cockpit" sovereign deployments.£80B+baesystems.com/tempest
AUKUS Pillar II (UK + US + AU advanced capabilities)$5B+ trilateral programme (hypersonics, AI, quantum, cyber) where AI tools must be sovereign-by-construction. OWEM air-gap + sovereign-custody design maps directly to Pillar II reference architectures.$5B+gov.uk/aukus
Clearview AI — Dutch AP fine (EU sovereign-AI anti-pattern)Dutch DPA fined Clearview €30.5M (May 2024) for GDPR violations (biometric + foreign-bytes data-flow). Canonical anti-pattern OWEM is built to avoid.€30.5Mautoriteitpersoonsgegevens.nl
Meta — €1.2B Irish DPC fine (EU sovereign-data anti-pattern)Irish DPC fined Meta €1.2B (May 2023) for unlawful US data transfers — largest GDPR fine in history. Meta's Schrems II failure is the second canonical anti-pattern OWEM defends against.€1.2Bdataprotection.ie

All sources verified 13 July 2026 against primary records.

§4 — Verbatim citations (legal basis for sovereign-grade capture)

Every OWEM RFQ submission is processed under the following verbatim legal basis. Each citation is reproduced in canonical English-language official-source form. Click each to verify.

  1. EU AI Act — Article 14 (Human oversight). "High-risk AI systems shall be designed and developed in such a way, including with appropriate human-machine interface tools, that they can be effectively overseen by natural persons during the period in which they are in use. Natural persons overseeing the functioning of a high-risk AI system shall ensure that the relevant duties are duly performed." → EUR-Lex 32024R1689
  2. GDPR — Article 5(1)(a) (Lawfulness, fairness, transparency). "Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency')." → EUR-Lex 32016R0679
  3. JSP 936 — UK MoD AI Assurance Policy. "The MOD AI Assurance process applies to all MOD AI capabilities — including those delivered through procurement, those developed in-house, and those acquired through collaboration. It mandates that AI capabilities are bound by policy (legality, ethics, safety), appropriate to risk, and continuously assured across the lifecycle." → gov.uk/jsp-936
  4. ISO/IEC 42001:2023 — Annex A.5 (Policies for AI use). "The organization shall define and implement policies for the responsible use of AI, including a commitment to comply with applicable legal requirements, align with industry standards, and continuously improve the AI management system." → iso.org/42001
  5. NIST AI RMF — GOVERN function. "The GOVERN function cultivates and implements a risk-aware culture for organizations developing or deploying AI systems. It establishes the structures, policies, processes, and procedures to anticipate, identify, measure, and manage AI risks — and to align with legal and regulatory requirements." → nist.gov/ai-rmf
  6. GDPR — Article 6(1)(a) + Article 7 (Conditions for consent). "Processing shall be lawful only if and to the extent that the data subject has given consent to the processing of his or her personal data for one or more specific purposes… the controller shall be able to demonstrate that the data subject has consented." → EUR-Lex 32016R0679

§5 — Next steps after submission

  1. T+0–T+24h: Sovereign solutions architect reads the RFQ. Telegram + Email + log-fallback notified.
  2. T+24h–T+5 working days: Sovereign capture call (45 min) — operational context, classification, contract vehicle, prior work.
  3. T+5–T+15 working days: Sovereign Blue-Proposal — fixed-fee pilot / 12-month deployment, HMAC-signed SIGIL envelope.
  4. T+15–T+30 working days: Crown-deployed pilot (OFFICIAL), or List X / SECRET pilot if air-gap + DV cleared.
  5. T+90 days: DEFONEOS-SEAL sovereign compliance certificate (Ed25519-signed), OSCAL SSP renewal, SIGIL Bitcoin-anchor.

Direct contact (if form-submission is not viable)

Procurement: contracts@defoneos.org · Defence / security: defence@defoneos.org · DPO / GDPR: dpo@defoneos.org · SIGIL receipts: sigil@defoneos.org · 24/7 incident: +44 (0)20 7946 0999