Citizen data and
AI agents require
sovereign governance.
Government agencies deploying AI for citizen services, policy analysis, and internal operations need governance that keeps data sovereign, decisions auditable, and systems NIS2-compliant.
Why public sector AI needs sovereign governance
The EU AI Act classifies most public sector AI as high-risk. You can't rely on US-hosted SaaS for governance.
Citizen PII leaving sovereign infra
Your citizen services chatbot sends national IDs and tax records to a US-hosted LLM. GDPR Art. 44–49 prohibits this.
EU AI Act high-risk classification
Public sector AI is high-risk under EU AI Act. Art. 9 risk management, Art. 12 record-keeping, Art. 14 human oversight required.
Classified information exposure
An internal AI assistant summarises a restricted document. The content flows to an external LLM with no clearance controls.
NIS2 incident detection
NIS2 Art. 21 requires risk management. Art. 23 requires incident reporting within 24 hours. Most AI stacks can't detect AI security incidents.
Adversarial attacks on public AI
State-sponsored actors target government AI with prompt injection and data poisoning. Citizen-facing chatbots become attack vectors.
Transparency and accountability
Citizens have a right to understand AI decisions that affect them. Benefit denials need explainable audit trails.
Sovereign AI governance for public sector
Self-hosted, sovereign, auditable. Zero data leaves your infrastructure.
Self-hosted deployment
Deploy on your own infrastructure. Air-gapped deployment available. No telemetry, no phone-home.
- Docker, Kubernetes, Helm chart
- Air-gapped deployment guide
- No external dependencies
Classification-aware routing
Route data based on classification level. Restricted data stays on-premise. Internal goes to EU providers. Public routes anywhere.
- Multi-level classification
- LLM-assisted classification
- Forbidden zones for classified paths
NIS2-compliant logging
Hash-chained audit trail with SIEM export. Art. 21 risk management. Art. 23 incident reporting with auto-detection.
- CEF, OCSF, JSON export
- OpenTelemetry distributed tracing
- Webhook and Slack incident alerts
Human oversight (Art. 14)
Approval gates for high-impact decisions. Benefit applications, permits, enforcement actions, all require sign-off.
- Configurable approval workflows
- Break-glass with policy engine
- Tiered authorisation levels
Adversarial defence
Comprehensive multi-layer pipeline with proven red-team validated coverage. Injection, exfiltration, memory poisoning, all covered.
- Broad security benchmark coverage
- State-sponsored attack patterns
- Continuous canary testing
EU AI Act toolkit
Pre-built guardrail rules across multiple compliance packs. Ready-made compliance for GDPR, EU AI Act, NIS2.
- Art. 9 risk management via pipeline
- Art. 12 record-keeping via audit trail
- Trust attestation with signed JWTs
Sovereign AI governance for sovereign data.
Self-hosted. No telemetry. EU-built. NIS2 and EU AI Act ready.