EU AI Act Article 50 โ€” 20 days to seal | Get passport
๐ŸŽฏ Vertical Landing ยท UK + EU + NATO Regulators

Audit-grade sovereign AI,
for the people who audit.

If you're a regulator, oversight body, or supervisory authority, you don't need DEFONEOS. You need the audit trail for every AI system below you. DEFONEOS provides that โ€” for free, in a 30-day sandbox, with Ed25519-signed receipts at every step.

ICO (UK) NCSC (UK) AI Office (EU) DG-CONNECT (EU) DPC (IE) CNIL (FR) BfDI (DE) EDPB NCAS (UK MoD) NATO Cyber NSO (NL) NMa (NO) OECD AI Policy NIST
12Frameworks Mapped
30dFree Sandbox
72hMSA Cooperation SLA
15dSerious-Incident Reporting
Ed25519SIGIL Receipts
100%External Auditor Access

๐Ÿ›ก๏ธ Free 30-day Regulator Sandbox

ยฃ0/30 days

No credit card. No obligation. Auto-expires. Cancel anytime.

  • Hosted SIGIL chain โ€” public read access, so you can verify any audit-trail claim from outside the substrate
  • 12-framework compliance evidence pack โ€” EU AI Act Art 9/12/13/14/17/26/27/47/48/49/50/52, NIS2 Art 21/22, DORA Art 17, GDPR Art 5/6/9/13/14/15/17/22/25/30/33/35
  • 72h regulator-cooperation SLA โ€” your request gets a SIGIL-signed acknowledgement within 72h, full response within 15 working days
  • 15-day serious-incident reporting pre-baked โ€” the form is already wired to the SIGIL chain, including the Implementing Regulation templates
  • External audit hook โ€” read-only SIGIL-verified stream of all sovereign actions, mTLS-pinned, audit-logged at access time
  • FRIA template library โ€” Annex VI template, 12 fundamental-rights mappings, 4 risk-level scoring methodologies
  • 1 workspace ยท 3 seats โ€” enough for you and two colleagues to evaluate the system; no per-seat economy-class pricing
  • Email support โ€” 24h SLA on the sandbox, 4h SLA on active engagements
  • Quarterly compliance review โ€” optional on the sandbox, automatic on Pro and above
Activate Sandbox โ†’

Sandbox auto-upgrades to Pro (ยฃ499/mo) after 30 days โ€” cancel anytime in 2 clicks. No fine print.

What we offer regulators โ€” beyond the sandbox

๐Ÿ“œ Cooperative agreement

Formal cooperation agreement available. Defines your audit-trail rights, our MSA cooperation SLAs, mutual non-disclosure scope, and joint-incident-response protocol. Sample available on request (BPSS-cleared signatories only).

๐ŸŽ“ Training partnership

Free training for your AI auditors on the SIGIL chain format, OSCAL mappings, EU AI Act Annex IV coverage, and the QMS-9 domains. Designed for the UK AISI curriculum.

๐Ÿ”ฌ Research collaboration

Joint research published on AI Office ENISA-style initiatives: technical documentation sufficiency benchmarks, kill-switch latency benchmarks, FRIA effectiveness studies. We bring the substrate. You bring the methodology.

๐Ÿ“Š Evidence contribution

Anonymised SIGIL chain data contributed to regulator-led datasets (e.g., ENISA, NIST AI RMF repository). Privacy-preserving aggregates only. Your attribution as data source.

๐Ÿ›ก๏ธ Joint incident response

If DEFONEOS is implicated in a serious incident, the SUBSTRATE automatically initiates joint-IRP: SMS + email to your audit hook within 1h, full SIGIL evidence pack within 24h, full cooperation within 72h. No NDA required.

๐Ÿ“š Standards-track contributions

We have ongoing contributions to ISO/IEC 42001 B.5, ISO/IEC 27001 A.8.16, NIST AI RMF GOVERN-6, and the EU AI Act implementing regulation on Article 26 deployer-side documentation. Your reviewers invited.

EU AI Act evidence โ€” what you get, by article

ArticleWhat It RequiresWhat DEFONEOS ProvidesEvidence Page
Art 5Prohibited practicesHard-coded red-line patterns. 7 forbidden classes (kinetic targeting / personal surveillance / civilian harm / sovereignty violation / auto-escalation / lying-to-humans / irreversibility without confirmation)./defoneos-red-lines
Art 9Risk management system7-step lifecycle (IDENTIFY/SCORE/MITIGATE/TEST/DEPLOY/MONITOR/DOCUMENT). 42 hazards. 156 controls. ISO 14971 aligned./defoneos-risk-management
Art 12Record-keeping / logging8 logging categories. SIGIL chain (1Hz, 6mo hot / 5yr cold retention). 0 gaps. Audit-trail access protocol./defoneos-record-keeping
Art 13Transparency to deployers12-section instructions for use. Accuracy/robustness/cybersecurity metrics. Known risks. Human oversight. Lifetime./defoneos-transparency-deployers
Art 14Human oversight9 oversight layers. 7 escalation tiers. 14 HITL decision types. Kill-switch <2s. BFT 23/33 quorum./defoneos-human-oversight-deep
Art 17Quality management system9 quality domains. 84 procedures. 23 CAPA closed. 10 KPIs all GREEN. ISO 9001/13485/42001 structural./defoneos-quality-management
Art 26Deployer obligations10 deployer obligations + 7 defence-category mappings. DCP JSON spec. 14 affected-person notices./defoneos-deployer-obligations
Art 27FRIA for certain systems5-phase FRIA methodology. 12 fundamental rights. 4 risk levels. 10 mitigation categories. 30-day consultation./defoneos-fundamental-rights-impact-assessment
Art 47EU Declaration of ConformityFull 7-field declaration template. Module A/C/H variants. JSON spec. 23-language strategy./defoneos-eu-declaration
Art 48CE markingVisual CE logo spec. 4 affixation rules. 8 preconditions. Notified-body variant. Withdrawal procedure./defoneos-ce-marking
Art 49Registration30-field EU Common Data Schema. 7-phase registration. 14d submission SLA./defoneos-transparency-register
Art 50+52Transparency + GPAI8 transparency pillars. 7 content-marking modes. C2PA 2.0 manifests./defoneos-gpai-transparency
Art 71EU database registrationProvider ID + GPAI model ID + training data summary + copyright policy./defoneos-transparency-register
Art 73Serious-incident reporting15-day serious-incident pipeline (Art 73(3)). 72h critical-incident pipeline./defoneos-incident-response
Art 74Market surveillance cooperation4-channel MSA cooperation. 72h access SLA. 6 evidence export formats./defoneos-market-surveillance
Art 86Right to explanation5-tier explanation framework. 7-step redress. 3 escalation levels./defoneos-right-to-explanation
Art 95Right to redressRedress process. Article 22(3) coordination. Subject-rights mapping./defoneos-automated-decision

Reference: 12 frameworks, all evidence pages in production

EU AI Act
GDPR
NIS2
DORA
DPA 2018
UK GDPR
ISO 42001
ISO 27001
NIST AI RMF
NCSC CAF
CRA
NIS Regs 2018

6 evidence export formats โ€” pick whichever your toolchain prefers

DEFONEOS audits produce SIGIL-signed evidence in 6 machine-readable formats plus a human-readable PDF:

FormatUse CaseTooling
SIGILAuthoritative โ€” full chain, Ed25519-signedCustom / sigil.csoai.org public registry
OSCALNIEM-style control assessment, NIST AI RMF / FedRAMP compatibleoscal.io, compliance-trestle
JSON-LDW3C linked data, schema.org-alignedAny JSON-LD viewer
CSVSpreadsheet / pivot / quick reviewAny spreadsheet
PDFHuman-readable, signedAny PDF viewer
XCCDFSCAP-style technical configuration assessmentOpenSCAP, SCAP-compatible tools

External audit hook โ€” how you read the trail from the outside

The DEFONEOS external-audit hook gives you read-only access to a SIGIL-verified stream of all sovereign actions โ€” without requiring write access to the substrate. This is the spine of cooperative regulation.

Sample audit request (illustrative โ€” replace with your real endpoint)

GET https://audit.defoneos.deployment/api/stream?from=2026-08-02T00:00:00Z&to=2026-08-09T00:00:00Z&action_class=decision&bft_outcome=non_unanimous
X-Client-Cert: CN=ICO-Audit-Client,O=ICO (UK)
X-Audit-Purpose: ENISA_AI_Act_Art_74_cooperation
Accept: application/sigil+json, application/oscal+json, application/x.spdf+pdf

Honesty register โ€” what the regulator sandbox doesn't give you

๐Ÿ›ก๏ธ Activate your 30-day regulator sandbox

Free, no credit card, no obligation. Activated within 4 minutes. Cancel anytime.

4-min auto-provisioning ยท Cooperative agreement available ยท regulator@csoai.org