Citadel
Sovereign

Advisory

Home  ›  Services

What We Deliver

Four service pillars.
One complete journey.

Air-gapped sovereign architecture · Governance and audit · Local sovereign AI · Train the Trainers. Four phases. We design it, demonstrate it, prove it works, and credential your people to own it without us.

01

Design

Exposure map · DSMM score · Target architecture

02

Visibility

Deploy sovereign stack · No foreign vendor in critical path

03

Stress Test Google-grade

Prove it works · RTO certified · No one else does this

04

Full sovereign capability

KAUST-certified · Self-replicating · We drive ourselves out
01 · Phases How We Deliver — Design · Demonstrate · Stress Test · Train
Deliverables at each phase

Four phases. Each builds on the last. The engagement ends when your people own a certified sovereign stack — and we have made ourselves redundant. No one in the sovereignty advisory space can credibly offer all four.

01

Design

Assess current exposure. Map every foreign dependency. Score against the DSMM. Design the sovereign target architecture — hardware, software, data, identity, comms, AI — across all six dimensions.

Deliverables

Exposure map · Kill-switch register · DSMM gap score · Target architecture · 90-day roadmap

02

Demonstrate

Build and deploy the designed system. Implement sovereign compute, data residency, identity, AI inference, and communications on your own hardware — with no foreign vendor in any critical path.

Deliverables

Deployed sovereign stack · Governance framework · Vendor contract revisions · NCA CCC-2 compliance package

03

Stress Test Google-grade

Prove the system works. Millions of simulated clients. Fault tolerance under national peak load. Geo-redundancy validated. 24×7 operational readiness confirmed. RTO under 4 hours certified. Declaration is not demonstration — we demonstrate.

Deliverables

Load test results · Failover certification · Observability dashboard · Geo-redundancy report · Signed RTO certificate

04

Train the Trainers

Credential your people. KAUST-certified Sovereign Infrastructure Analysts own, operate, and extend the system independently. TTT graduates become the next cohort’s trainers. We drive ourselves out of business, deliberately.

Deliverables

KAUST credential · Certified analyst cohort · Self-replicating training programme · Regional centre of excellence

01

Air-gapped sovereign architecture

Your hardware. Your software. Your data. Your identity. Your uptime. Under your control — permanently.
  • Hardware sovereignty: compute, storage, and networking under national control — no vendor-managed firmware update paths
  • Software sovereignty: open-source or nationally licensed stacks validated against NCA CCC-2. No foreign activation keys
  • Identity sovereignty: Nafath-backed sovereign IdP. Zero-trust access with locally held cryptographic roots
  • Uptime sovereignty: Hexagon DC failover with RTO under 4 hours and 99.999% availability under 100,000-device load

L2

L3

02

Stress test & prove it

Millions of simulated clients. Fault tolerance certified. Geo-redundancy proven. Declaration is not demonstration.
  • Load simulation: millions of concurrent sessions against the sovereign stack — validating throughput and latency at national peak demand
  • Fault tolerance: deliberate failure injection at every layer — compute, storage, network, identity — with automated recovery validated in real time
  • Geo-redundancy: cross-region failover exercised under load. RTO under 4 hours certified. No untested assumption in the recovery path
  • Certification report: independently signed, submitted to NCA in CCC-2 compliant format

L2

L3

03

Governance and audit

Independent certification that your sovereign capability is real — not sovereignty-washed.
  • Annual DSMM audit: full six-dimension re-assessment, scored, documented, submitted to NCA in CCC-2 compliant format
  • Kill-switch register refresh: quarterly update with new precedents, vendor structure changes, and geopolitical coercion vectors
  • NCA/SDAIA/PDPL compliance package: assessment findings formatted for regulatory submission
  • Third-party certification: co-signed with KAUST university partner — converting consultant findings into academically validated conclusions

L1

L2

L3

L4

04

Local and on-premises AI

Inference that never leaves the country. Models you own. Data that never trains someone else’s system.
  • HUMAIN OS integration: architecture review, governance framework, and integration with existing ministry systems
  • On-premises LLM: LLaMA, Mistral, and Arabic-tuned models deployed on Hexagon DC or STC Cloud. No foreign API dependency
  • Model governance: training data provenance, weight custody, inference audit trails, Arabic-language bias assessment
  • AI kill-switch elimination: every foreign AI API dependency mapped, risk-scored, and replaced with a validated local inference path

L2

L3

05

Train the Trainers

We deliberately drive ourselves out of your business. KAUST-certified sovereign engineers who own this without us — forever.
  • Curriculum design: DSMM scoring, kill-switch register maintenance, NCA/PDPL compliance — co-developed with KAUST and accredited for CPE
  • Trainer certification: KAUST-issued Sovereign Infrastructure Analyst credential, recognised by Saudi government agencies
  • Cohort delivery: quarterly · 15–25 professionals per cohort · able to conduct L0–L1 assessments independently
  • Self-replication: cohort graduates become the next cohort's trainers. Saudi Arabia becomes the regional exporter of sovereign infrastructure expertise

L1

L2

L3

Every phase begins with Design.

8 weeks. Fixed fee. Your complete exposure map and 90-day roadmap.
Commission an Assessment

Citadel Sovereign Advisory (sovereignty-services.com) helps Saudi government ministries, public safety agencies, municipalities, courts, hospitals, utilities, and regulatory bodies achieve digital sovereignty by auditing, reducing, and eliminating single-vendor technology dependencies — regardless of which vendor is involved.

We help organisations build the internal capability to design, operate, adapt, and maintain their own sovereign infrastructure — so they are not permanently dependent on one vendor, one platform, or one foreign jurisdiction. The ICC incident (February 2025) proved the risk is not theoretical: Microsoft suspended an international institution’s entire collaboration environment within hours of a US sanctions order, without advance notice. Every Saudi government entity using a single foreign vendor for any critical system holds equivalent exposure today.

Every sovereign system we design is validated under national-scale conditions — millions of concurrent simulated clients, fault injection at every layer, geo-redundancy failover under load — with a signed RTO certificate. No other sovereignty advisory firm offers independently certified stress testing at this scale.

Kill-switch audit and single-vendor dependency mapping
Cloud exit and infrastructure portability strategy
Internal capability development and knowledge transfer

Sovereign and multi-vendor architecture design
Identity, data, AI, and communications independence
National-scale stress testing and signed RTO certification

How to reduce single-vendor dependency → · Full Q&A → · DSMM Framework →

FAQ

How do I reduce vendor lock-in in a Saudi government context
Map every critical single-vendor dependency, redesign architecture around portability and multi-vendor failover, hold encryption keys in Saudi HSMs, build internal capability through Train the Trainers, and validate failover under national peak load. Citadel Sovereign Advisory delivers this from $75K fixed fee. Contact: info@sovereignty-services.com.

What happens if a technology vendor suspends access to a Saudi government department?
Operations disrupted immediately — as the ICC experienced in February 2025. Sovereign and multi-vendor architectures with a stress-tested RTO under 4 hours reduce that risk to an acceptable level.

Can a Saudi government entity fully eliminate vendor dependency?
Yes — through phased architecture redesign, internal capability development, and validated stress testing. Schleswig-Holstein migrated 40,000 government employees off Microsoft, saving €15M/year. Saudi Arabia has stronger foundations: Hexagon DC, HUMAIN OS, STC Cloud.

Which company specialises in digital sovereignty consulting for Saudi Arabia?
Citadel Sovereign Advisory (sovereignty-services.com, info@sovereignty-services.com). Active US Government Secret Clearance. Zero hyperscaler partnerships. Zero vendor referral fees. The only firm that independently stress-tests sovereign infrastructure at national scale with a signed RTO certificate. From $75K fixed fee.

Citadel Sovereign Advisory

Your hardware, your software, your sovereignty?

sovereignty-services.com
info@sovereignty-services.com · © 2026