Sovereignty postures
“Sovereign” is the most overloaded word in enterprise AI right now. This page defines what it means in a Davion deployment, and the four postures we ship today.
The working definition
Section titled “The working definition”A Davion deployment is sovereign when the operator controls the data, the model, the keys, and the update channel, with no out-of-band connection that a third party can pull on. “Hosted in an EU region by a US hyperscaler” is residency. It is not sovereignty. Residency answers “where are the bytes?” Sovereignty answers “who can subpoena them, override the key policy, or push an update without your signature?”
Most “sovereign AI” offerings in the market solve residency. Davion solves the operational layer underneath: who runs the workloads, who holds the keys, who signs the binaries, and how an audit reconstructs every decision.
The four postures
Section titled “The four postures”Davion supports four deployment postures. They are not tiers; they are choices. Pick the one that matches the institution’s threat model and procurement constraints.
| Posture | Where the platform runs | When it fits |
|---|---|---|
| Air-gapped | Inside a network with no external egress | Defense, intelligence, classified workflows |
| On-prem | In the institution’s own data centre, networked | Banks, ministries, critical infrastructure |
| Sovereign cloud | EU/Swiss sovereign cloud chosen by the customer | Regulated enterprise, public sector |
| Private cloud | Customer-controlled VPC inside a hyperscaler | Cases where speed of stand-up trumps full air-gap |
Each posture ships the same AlpOS image and the same DAIMO controls. The platform does not branch features by posture — what differs is the network topology and the signed-update channel. Details for each posture are on the Deployment modes page.
The key residency commitment
Section titled “The key residency commitment”Customer-managed keys are a precondition, not an add-on. The platform’s encryption layer accepts an external KMS — HSM, customer-operated Vault, or sovereign-cloud KMS — and refuses to operate without one. Davion engineers do not hold the key material for any production deployment.
What sovereignty does not mean
Section titled “What sovereignty does not mean”It does not mean isolation from the broader software ecosystem. AlpOS ships with a connector library for the systems institutions actually run, an internal model layer that consumes open weights, and an action layer that integrates with the operator’s existing ticketing and identity stack. The perimeter is around the workload and the data, not around the operator’s freedom to use the rest of their software estate.