Digital sovereignty
The sovereignty model the industry now expects — control over location, access, exfiltration, evidence, isolation, and the ability to run without depending on a vendor's cloud — maps almost one-to-one onto how ScaledNative already works. This is the posture by construction, stated honestly: what's guaranteed by design, and where the honest caveat is.
What this page is
Digital sovereignty is a control model — popularized for the cloud, now expected of any platform that touches a regulated estate. ScaledNative applies it. Each pillar below traces to a real capability in the platform, not a marketing promise. We are not certified against it, and no cloud provider endorses us — we built the architecture the model describes.
The pillars, mapped to real architecture
For every pillar: the concept, the ScaledNative capability that delivers it, and the honest limit. Where a pillar is posture rather than guarantee, we say so.
Data residency
ScaledNative deploys into your own cloud account or data center — bring-your-own-cloud or private on-prem for any estate with a residency or egress constraint. Source, the tenant model adapter, and lineage are placed inside the perimeter you choose. We don't pull your estate into our cloud to work on it.
The honest limit
Residency is a property of where you deploy, and it's enforced by the profile you select. A managed plane exists only for fast, non-restricted pilots; the in-your-boundary profiles are what carry a residency requirement. We recommend a target with a documented rationale — the boundary is yours to set.
Operator access restriction
Tenant isolation, attribute-based access control, and role scoping compose into one rule: a request can never reach another tenant's resources, and even a permitted read returns only the fields that role is entitled to see. Access is denied unless a policy explicitly permits it — not the other way around.
The honest limit
Roles and attributes are configured to your org. The default policy is deny-by-default; you tighten it further, you don't loosen the floor.
Restricted-data control
A non-bypassable egress gate sits on every path that would leave your perimeter, including every model call. It blocks — not merely redacts — restricted source content headed anywhere not explicitly authorized for that exact class. An unaudited egress path is not permitted: if the gate can't record the decision, it blocks.
The honest limit
The gate enforces what's classified. Classification detectors ship with sane defaults and are tuned to your data; the deny-by-default posture holds regardless.
Transparency
Audit records are written into a per-tenant SHA-256 hash-chain and signed with Ed25519. Because each record folds in the previous record's hash, altering any earlier entry breaks every signature that follows. An independent verifier with the public key can confirm the chain — they don't have to trust us.
The honest limit
Formal third-party attestations (SOC 2, ISO, FedRAMP) are a separate process. This is the verifiable evidence substrate underneath them — not a substitute for them.
Tenant isolation
Each customer runs as an isolated instance with its own per-tenant model fork — a tenant LoRA adapter over the in-boundary base, not forked code. The platform is one codebase; the deployment is single-tenant. No shared model state, no cross-tenant data path, no co-mingled estate content — and the tenant boundary is asserted defensively in the access layer, not just by convention.
The honest limit
The single-tenant guarantee holds under the dedicated deployment profile you provision — it's a property of how the instance is deployed, not a fleet running for every customer today. The public demo plane is shared by design, and it only ever runs synthetic estates, never customer data.
Resilience
Before any agent tool runs, it passes a safety layer: a global and per-tenant kill-switch, per-tenant circuit breakers, cost and rate caps, and a blast-radius limit. A refused dispatch executes nothing and seals a tamper-evident refusal record. The CISO holds the switch to a live fleet.
The honest limit
This is operational control and containment — not a multi-region high-availability SLA. Availability targets are scoped per deployment, against the infrastructure you run it on.
Independence & survivability
The default model is the served in-boundary base — no external-foundation-model token meter on the default path. The private on-prem profile places every runtime component inside your boundary with a local runner and local-only data movement, so the platform keeps operating on a no-egress network that can't reach us.
The honest limit
Run-in-place is a deliberate deployment profile, not the zero-effort default. On-prem means you take on runtime patching and observability — the honest tradeoff for cutting the cord to our infrastructure.
The line we won't cross
The architecture above is verifiable today — the egress gate, the signed evidence chain, the in-boundary model, the on-prem profile, the isolation layer. What we will not do is dress posture up as something it isn't. We are not SOC 2, ISO, or FedRAMP certified, and we do not claim it. No cloud provider certifies or endorses ScaledNative — we apply the sovereignty model on our own architecture. As formal attestations are completed, they'll be published here with their scope and date.
We'll trace each pillar — residency, access, egress, evidence, isolation, and run-in-place — to your estate, your perimeter, and your regulators.