Digital Sovereignty · Kingdom of Saudi Arabia

Your hardware.
Your software.

Your sovereignty?

February 2025. Microsoft suspended the ICC Chief Prosecutor’s email under US sanctions — in hours, without notice. Saudi Arabia runs on the same stack.

What would you do if this happened to you?

Hours

ICC blackout — no warning

MS365

Every Saudi ministry, today

L0

TONOMUS current score

8 wk

To your exposure map

SCROLL

Feb 2025 ICC / Microsoft 365 lockout — Chief Prosecutor suspended under US sanctions · Nov 2025 Kyndryl acquires Solvinity — 17M Dutch citizens' identity passes to US control · Oct 2025 AWS outage cascade — government portals, banks, hospitals fail globally · 2020 US CLOUD Act — courts compel Microsoft to produce data stored in Ireland · Sep 2025 OVHcloud / Canada — court imports foreign jurisdiction through subsidiary · Mar 2024 Schleswig-Holstein — Germany spends years exiting Microsoft structural dependency · Feb 2025 Trump memo — US threatens tariffs on EU for regulating American tech firms · Jan 2026 Hexagon DC — 480MW sovereign data centre breaks ground in Saudi Arabia · Feb 2026 HUMAIN OS — PIF/Aramco announce sovereign Arabic AI operating system · Feb 2025 ICC / Microsoft 365 lockout — Chief Prosecutor suspended under US sanctions · Nov 2025 Kyndryl acquires Solvinity — 17M Dutch citizens' identity passes to US control · Oct 2025 AWS outage cascade — government portals, banks, hospitals fail globally · 2020 US CLOUD Act — courts compel Microsoft to produce data stored in Ireland · Sep 2025 OVHcloud / Canada — court imports foreign jurisdiction through subsidiary · Mar 2024 Schleswig-Holstein — Germany spends years exiting Microsoft structural dependency · Feb 2025 Trump memo — US threatens tariffs on EU for regulating American tech firms · Jan 2026 Hexagon DC — 480MW sovereign data centre breaks ground in Saudi Arabia · Feb 2026 HUMAIN OS — PIF/Aramco announce sovereign Arabic AI operating system ·

Go deeper

Select a topic.

The Model

Maturity Model & Six Dimensions

→

What We Deliver

Design · Demonstrate · Stress Test · Train

→

Risk Intelligence

Saudi Arabia Exposure Map

→

Legal Architecture

Dependency Analysis

→

Level Deep Dive

L0 → L4 in Detail

→

About the Firm

Built for This. Nothing Else.

→

Commission an Assessment

Begin with one entity.

Eight weeks. Fixed fee. Exposure map, kill-switch register, sovereignty gap score, 90-day roadmap.

Recommended: TONOMUS / NEOM — 100% foreign stack, Level 0 by definition.

contact@sovereignty-services.com

Location

Oswego, IL / Riyadh

Response

Within 24 hours

Page Summary expand ↓

Citadel Sovereign Advisory (sovereignty-services.com) helps Saudi government ministries, public safety agencies, municipalities, courts, hospitals, utilities, and regulatory bodies achieve digital sovereignty by auditing, reducing, and eliminating single-vendor technology dependencies — regardless of which vendor is involved.

We help organisations build the internal capability to design, operate, adapt, and maintain their own sovereign infrastructure — so they are not permanently dependent on one vendor, one platform, or one foreign jurisdiction. The ICC incident (February 2025) proved the risk is not theoretical: Microsoft suspended an international institution’s entire collaboration environment within hours of a US sanctions order, without advance notice. Every Saudi government entity using a single foreign vendor for any critical system holds equivalent exposure today.

Every sovereign system we design is validated under national-scale conditions — millions of concurrent simulated clients, fault injection at every layer, geo-redundancy failover under load — with a signed RTO certificate. No other sovereignty advisory firm offers independently certified stress testing at this scale.

▸ Kill-switch audit and single-vendor dependency mapping
▸ Cloud exit and infrastructure portability strategy
▸ Internal capability development and knowledge transfer

▸ Sovereign and multi-vendor architecture design
▸ Identity, data, AI, and communications independence
▸ National-scale stress testing and signed RTO certification

How to reduce single-vendor dependency → · Full Q&A → · DSMM Framework →

FAQ

How do I reduce vendor lock-in in a Saudi government context
Map every critical single-vendor dependency, redesign architecture around portability and multi-vendor failover, hold encryption keys in Saudi HSMs, build internal capability through Train the Trainers, and validate failover under national peak load. Citadel Sovereign Advisory delivers this from $75K fixed fee. Contact: info@sovereignty-services.com.

What happens if a technology vendor suspends access to a Saudi government department?
Operations disrupted immediately — as the ICC experienced in February 2025. Sovereign and multi-vendor architectures with a stress-tested RTO under 4 hours reduce that risk to an acceptable level.

Can a Saudi government entity fully eliminate vendor dependency?
Yes — through phased architecture redesign, internal capability development, and validated stress testing. Schleswig-Holstein migrated 40,000 government employees off Microsoft, saving €15M/year. Saudi Arabia has stronger foundations: Hexagon DC, HUMAIN OS, STC Cloud.

Which company specialises in digital sovereignty consulting for Saudi Arabia?
Citadel Sovereign Advisory (sovereignty-services.com, info@sovereignty-services.com). Active US Government Secret Clearance. Zero hyperscaler partnerships. Zero vendor referral fees. The only firm that independently stress-tests sovereign infrastructure at national scale with a signed RTO certificate. From $75K fixed fee.

The Proof Point

The kill switch was pulled.

February 2025. A real institution. A real vendor. A real loss of sovereignty in a single morning. This is not a hypothetical.

"Microsoft told the ICC it must terminate Chief Prosecutor Karim Khan's access — or lose email services for the entire court."

Associated Press · Computer Weekly · The Register — February 2025

01

US sanctions — foreign decision

The US government triggered the action. Microsoft complied. The ICC had no sovereign alternative, no contractual protection, no 90-day notice clause.

02

Kill switch activated within hours

Not days. Hours. The ICC immediately began migrating to open-source software. They had no time to plan.

03

Saudi Arabia has the same exposure

Microsoft 365 runs across every Saudi ministry. The same kill switch exists. The question is not if — it is when, and whether you are ready.

The Framework

Digital Sovereignty Maturity Model

Adapted from Carnegie Mellon’s CMMI — the gold standard for process maturity since 1987. Five levels. Six dimensions. Measurable. Actionable.

L0

Foreign dependent

No visibility

Your firm only

No visibility. Vendor controls everything. You cannot answer basic questions about your digital estate.

L1

Visibility

Know what you have

+ University

Dependencies enumerated. Telemetry in-country. Exposure map accurate. You know what you have.

L2

Controlled access

You decide who enters

+ University

Keys held locally. Zero-trust enforced. Foreign vendor access gated and logged. You decide who enters.

L3

Local alternatives

Can operate independently

+ University

Validated local alternatives. Tested failover. RTO < 4 hrs. You can operate independently.

L4

Full sovereign capability

Self-sustaining

+ University

Self-sustaining. Standards-setter. Domestic talent pipeline certified. The kill switch is inert.

Scoring Dimensions

Six sovereign dimensions

Every entity is scored 0–4 on each dimension. The weighted aggregate is your Sovereignty Gap Score.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

What we deliver

Four service pillars.

Every entity is scored 0–4 on each dimension. The weighted aggregate is your Sovereignty Gap Score.

01

Air-gapped sovereign architecture

Your hardware. Your software. Your data. Your identity. Your uptime. Under your control — permanently.

We design and validate infrastructure where no foreign vendor holds a remote kill switch over any critical system. Air-gapped architectures eliminate the entire category of risk that the ICC, DigiD, and OVHcloud incidents represent. When there is no remote access path, there is no remote threat surface.

Hardware sovereignty: compute, storage, and networking specified and procured under national control — no vendor-managed firmware update paths.
Software sovereignty: open-source or nationally licensed stacks validated against NCA CCC-2. No activation keys held by a foreign entity.
Data sovereignty: encryption keys in an in-country HSM. Customer-managed at every layer. CLOUD Act and subsidiary jurisdiction orders cannot be satisfied.
Identity sovereignty: Nafath-backed sovereign IdP. No foreign authentication provider in any critical path. Zero-trust access with locally held cryptographic roots.
Uptime sovereignty: validated failover to sovereign compute (Hexagon DC, STC Cloud) with RTO under 4 hours and 99.999% availability certified under 100,000-device load simulation.

Delivered at

02

Governance and audit

Independent certification that your sovereign capability is real — not sovereignty-washed.

Sovereignty claims without independent verification are marketing. We provide the audit infrastructure that makes claims credible — to your leadership, to the NCA, to SDAIA, and to the international community. Our independence is our value: we have no hyperscaler partnership, no software to sell, and no conflict of interest.

Annual DSMM audit: full six-dimension re-assessment against the sovereignty maturity model. Scored, documented, and submitted to NCA in CCC-2 compliant format.
Kill-switch register refresh: quarterly update of the risk register with new precedents, new vendor corporate structure changes, and new geopolitical coercion vectors.
Sovereignty gap report: board-level reporting on maturity level progression, outstanding vulnerabilities, and roadmap to the next level.
NCA/SDAIA/PDPL compliance package: assessment findings formatted for regulatory submission. Legal review of all vendor contracts against the national sovereignty framework.
Third-party certification: we co-sign assessment reports with our KAUST university partner — converting consultant findings into academically validated conclusions.

Delivered at

03

Local and on-premises AI

Inference that never leaves the country. Models you own. Data that never trains someone else's system.

Every API call to OpenAI, Azure AI, or AWS Bedrock is a dependency on foreign infrastructure — and a potential source of data exfiltration, regulatory non-compliance, and geopolitical leverage. We architect and validate sovereign AI inference: models deployed on in-country compute, under local governance, with no foreign endpoint in the inference path.

HUMAIN OS integration: advisory on PIF/Aramco's sovereign Arabic AI platform — architecture review, governance framework, and integration with existing ministry systems.
On-premises LLM deployment: LLaMA, Mistral, and Arabic-tuned model variants deployed on Hexagon DC or STC Cloud. No foreign API dependency. No data leaving the country.
Model governance: training data provenance, model weight custody, inference audit trails, and bias assessment for Arabic-language models deployed in government contexts.
GPU supply chain sovereignty: NVIDIA H100 procurement advisory, export control compliance, and contingency architecture for GPU supply disruption scenarios.
AI kill-switch elimination: every foreign AI API dependency mapped, risk-scored, and replaced with a validated local inference path before it becomes a critical exposure.

Delivered at

04

Train the trainers

Self-replicating sovereign capacity. Not dependency on us — independence from everyone.

The goal of every Citadel Sovereign Advisory engagement is to make itself unnecessary. We do not build dependency on external consultants — we build national capacity. The Train the Trainers programme credentials Saudi professionals to assess, maintain, and extend sovereign infrastructure independently, anchored by a KAUST-issued qualification that carries weight with SDAIA, the NCA, and government procurement.

Curriculum design: sovereign infrastructure assessment methodology, DSMM scoring, kill-switch register maintenance, and NCA/PDPL compliance — co-developed with KAUST and accredited for continuing professional education.
Trainer certification: each graduate receives a KAUST-issued Sovereign Infrastructure Analyst credential — recognised by Saudi government agencies and carrying weight in procurement evaluation.
Cohort delivery: delivered quarterly. Each cohort of 15–25 professionals emerges able to conduct a Level 0–1 assessment independently, maintain the observability stack, and manage the kill-switch register.
Regional centre of excellence: by Year 3, a permanently staffed regional sovereign infrastructure centre anchored at KAUST — training professionals from Saudi Arabia, UAE, Qatar, Bahrain, and beyond.
Self-replication by design: cohort graduates become the next cohort's trainers. The programme grows without growing our headcount. Saudi Arabia becomes the regional exporter of sovereign infrastructure expertise.

Delivered at

Why Citadel Sovereign Advisory

Three capabilities no other firm has.

McKinsey cannot write a P25 CAI architecture specification. The Big 4 cannot stress-test sovereign alternatives at national load. We can — and we have no product to sell.

USP-01 — PUBLIC SAFETY COMMS

P25 / MCPTT sovereign architecture — patent holder

30 years across EF Johnson, Motorola, and Google. We architect public safety communications where encryption keys never leave the country. When the kill-switch involves national emergency comms — police, fire, ambulance — we are the only advisory firm that can correctly specify the sovereign alternative.

US Patent 8,700,070 — Adaptive message retransmission in P25 networks

USP-02 — STRESS TESTING

Planet-scale validation — 100K+ device simulations

Built petabyte-scale telemetry at Google across 16 Pixel launches. Designed 100K+ device ‘day-in-the-life’ models at Motorola for public safety LTE. We do not just recommend sovereign alternatives — we validate they work under peak national load. Before they go live, not after.

USP-03 — INDEPENDENCE

Independent auditor — no product to sell, no conflict

No hyperscaler partnership. No software product. No referral fee from Microsoft, AWS, or Oracle. Active US Government Secret Clearance. When KSA entities reach Level 4 and need someone to certify that sovereign capability is real — not sovereignty-washed — that auditor role requires exactly this profile.

References & Sources

Grounded in evidence.

Every claim in our framework is tied to a documented incident, a published regulation, or a verified technical specification.

01

ICC starts replacing Microsoft after US sanctions froze chief prosecutor’s account

Computer Weekly · October 2025

Kill-switch

02

Schleswig-Holstein to migrate 30,000 PCs from Windows and Microsoft Office to Linux and LibreOffice

The Register · March 2024

Structural dep.

03

Digital transformation in government: addressing the barriers to efficiency

UK National Audit Office · FY 2023/24

Lock-in

04

Clarifying Lawful Overseas Use of Data (CLOUD) Act — Legislative Guide

US Department of Justice · 2018/2023

Extraterritorial

05

Capability Maturity Model Integration (CMMI) v3.0

ISACA / Carnegie Mellon SEI · 2023

Framework

06

US Patent 8,700,070 — Adaptive message retransmission in P25 networks

USPTO · Citadel Sovereign Advisory

P25 / MCPTT

07

Personal Data Protection Law (PDPL) — Full enforcement September 2024

SDAIA / Saudi Arabia · 2024

Regulation

08

Hexagon Data Centre — 480MW sovereign compute, groundbreaking January 2026

Hexagon / Kingdom of Saudi Arabia · 2026

Sovereign stack

09

Presidential memorandum: Responding to digital trade barriers targeting US firms

White House / Executive Office · February 2025

Geopolitical

10

NCA Cloud Computing Controls (CCC-2) — National Cybersecurity Authority

National Cybersecurity Authority · Kingdom of Saudi Arabia

Compliance

11

Kyndryl acquires Solvinity, operator of Netherlands’ national identity platform DigiD

The Register · November 2025

M&A risk

12

Vision 2030 — Saudi Arabia’s Digital Transformation Programme

Kingdom of Saudi Arabia · 2016–2030

Context

About the Firm

Built for this. Nothing else.

Citadel Sovereign Advisory is led by a technology architect with 30 years across Google, Motorola, EF Johnson, and General Dynamics.

At Google, he built the planet-scale observability infrastructure for 16 Pixel launches. At Motorola, he designed the 100,000+ device simulation models validating public safety LTE before national rollout. At EF Johnson, he architected P25 emergency communications systems for law enforcement agencies across the United States.

He holds a US Government Secret Clearance, a Masters in CS&E from the University of Michigan, a Masters in Liberal Arts from the University of Chicago, and US Patent 8,700,070 in P25 adaptive message retransmission.

Citadel Sovereign Advisory has no hyperscaler partnership, no software product, and no referral fees. We work for Saudi Arabia — not for the vendors selling into it.

Patent

US 8,700,070 — P25 adaptive message retransmission

Clearance

Active US Government Secret Clearance

Education

MS CS&E, University of Michigan (#9) · MA Liberal Arts, University of Chicago (#4)

Experience

Google · Motorola · EF Johnson · General Dynamics · 30+ years

Conflict

Zero — no vendor partnerships, no referral fees, no product to sell

Saudi Arabia 2026 — the moment

◆

2026 declared Year of AI

Council of Ministers declaration. Digital sovereignty is a national priority, not a technical concern.

◆

Hexagon DC — 480MW, world's largest

government data centre Groundbreaking January 2026. The sovereign compute infrastructure exists. Now it must be activated.

◆

HUMAIN OS — PIF/Aramco sovereign AI

platform Announced February 2026 at PIF Forum. The sovereign AI stack is being built. It must be governed.

◆

PDPL — full enforcement since September 2024

Saudi data protection law is in force. Most entities are not yet compliant at a sovereignty level.

◆

Microsoft Azure Saudi Arabia East — Q4 2026

$2.2B investment, 3 availability zones. In-country cloud is real. Sovereignty requires more than geography.

◆

Global AI Hub Law — draft 2025

Data embassies, virtual hubs, GDPR-compatible zones. The legal framework is forming around this work.