HomeThe Framework
Digital Sovereignty Maturity Model

Five levels. Six dimensions.
Measurable. Actionable.

Adapted from Carnegie Mellon's CMMI. The model tells you where you are. The four phases are how you move. Phase 3 — the Stress Test — is the gate between L2 and L3 that no one else can certify you through.

01
Design
Exposure map · Kill-switch register · Target architecture across six dimensions
02
Demonstrate
Build and deploy the sovereign stack — compute, data, identity, AI, comms
03
Stress Test Google-grade
Millions of simulated clients. Fault tolerance. Geo-redundancy. RTO certified. No one else does this.
04
Train the Trainers
KAUST-certified sovereign engineers. Self-replicating. We drive ourselves out — deliberately.
01 · Levels Digital Sovereignty Maturity Model — L0 to L4
5 levels · CMMI-adapted · Phase 3 is the gate

Phase 1 (Design) produces your L0→L1 gap score. Phase 2 (Demonstrate) drives L1→L2. Phase 3 (Stress Test) is the gate between L2 and L3 — the threshold no one else can certify you through. Phase 4 (Train) completes L3→L4 and makes us redundant.

L0
Foreign dependent
No visibility
Kill-switch fully exposed
Data location unknown
No audit capability
01 Design
L1
Visibility
Know what you have
Kill-switch register live
Sovereign observability
90-day roadmap active
01 Design ✓02 Demonstrate
L2
Controlled access
You decide who enters
HSM/KMS sovereign
CMEK deployed
P25 key sovereignty
02 Demo ✓03 Stress Test →
L3
Local alternatives
Can operate independently
Hexagon DC failover live
HUMAIN OS deployed
100K+ device validated
03 Stress ✓04 Train →
The gate no one else can certify you through
L4
Full sovereign capability
Self-sustaining
National framework law
GCC standard-setter
TTT graduates deployed
04 Train ✓ — We leave
02 · Dimensions Six Scoring Dimensions
Scored 0–4 each · weighted aggregate = Sovereignty Gap Score
D1 — 25% weight
Cloud & Compute
Where does your compute live, who owns the data centre, and who controls activation keys for your infrastructure?
L0 All workloads on foreign cloud. No in-country alternative.
L3 Hexagon DC + STC Cloud validated. 99.999% availability certified.
D2 — 20% weight
Data Residency
Where does your national data actually live — and who holds the encryption keys? PDPL compliance is the floor, not the ceiling.
L0 Data location unknown. Exits borders freely. No PDPL compliance.
L3 All sensitive data in-country. SDAIA audit trail complete. CMEK enforced.
D3 — 15% weight
Identity & Access
Who controls authentication for your citizens and officials? A suspended IdP is a suspended government.
L0 Vendor-controlled IdP (Azure AD/Okta). No local audit trail.
L3 Nafath as primary. OpenLDAP/Keycloak fallback. HSM local keys. NCA-certified.
D4 — 15% weight
AI & Analytics
Who trained the models making decisions inside your government? Whose laws govern the inference?
L0 All inference hits foreign endpoints. Model weights not inspectable.
L3 HUMAIN OS + local Arabic LLM. On-prem inference. Foreign AI dependency eliminated.
D5 — 15% weight
Public Safety Comms
P25 / MCPTT emergency networks. Who holds the activation keys for police, fire, and ambulance communications?
L0 Motorola/Harris KKEK held by vendor. Remote deactivation possible.
L3 In-country KMF. KKEK sovereign. 3GPP MCPTT on STC 5G as fallback.
D6 — 10% weight
Legal & Contractual
Do your vendor contracts give you a kill-switch right? Whose jurisdiction applies? Change-of-control clauses in place?
L0 No data residency clauses. No kill-switch rights. No change-of-control protection.
L3 Kill-switch termination rights in all contracts. SLA penalties enforced. SAGIA-compliant.
03 · Services Five Service Pillars
Architecture · Stress Test · Governance · AI · Train the Trainers
01
Air-gapped sovereign architecture
Your hardware. Your software. Your data. Your identity. Your uptime. Under your control — permanently.
Hardware sovereignty: compute, storage, and networking under national control — no vendor-managed firmware update paths
Software sovereignty: open-source or nationally licensed stacks validated against NCA CCC-2. No foreign activation keys
Identity sovereignty: Nafath-backed sovereign IdP. Zero-trust access with locally held cryptographic roots
Uptime sovereignty: Hexagon DC failover with RTO under 4 hours and 99.999% availability under 100,000-device load
L2L3
02
Stress test & prove it
Millions of simulated clients. Fault tolerance certified. Geo-redundancy proven. Declaration is not demonstration.
Load simulation: millions of concurrent sessions against the sovereign stack — validating throughput and latency at national peak demand
Fault tolerance: deliberate failure injection at every layer — compute, storage, network, identity — with automated recovery validated in real time
Geo-redundancy: cross-region failover exercised under load. RTO under 4 hours certified. No untested assumption in the recovery path
Certification report: independently signed, submitted to NCA in CCC-2 compliant format
L2L3
03
Governance and audit
Independent certification that your sovereign capability is real — not sovereignty-washed.
Annual DSMM audit: full six-dimension re-assessment, scored, documented, submitted to NCA in CCC-2 compliant format
Kill-switch register refresh: quarterly update with new precedents, vendor structure changes, and geopolitical coercion vectors
NCA/SDAIA/PDPL compliance package: assessment findings formatted for regulatory submission
Third-party certification: co-signed with KAUST university partner — converting consultant findings into academically validated conclusions
L1L2L3L4
04
Local and on-premises AI
Inference that never leaves the country. Models you own. Data that never trains someone else's system.
HUMAIN OS integration: architecture review, governance framework, and integration with existing ministry systems
On-premises LLM: LLaMA, Mistral, and Arabic-tuned models deployed on Hexagon DC or STC Cloud. No foreign API dependency
Model governance: training data provenance, weight custody, inference audit trails, Arabic-language bias assessment
AI kill-switch elimination: every foreign AI API dependency mapped, risk-scored, and replaced with a validated local inference path
L2L3
05
Train the Trainers
We deliberately drive ourselves out of your business. KAUST-certified sovereign engineers who own this without us — forever.
Curriculum design: DSMM scoring, kill-switch register maintenance, NCA/PDPL compliance — co-developed with KAUST and accredited for CPE
Trainer certification: KAUST-issued Sovereign Infrastructure Analyst credential, recognised by Saudi government agencies
Cohort delivery: quarterly · 15–25 professionals per cohort · able to conduct L0–L1 assessments independently
Self-replication: cohort graduates become the next cohort's trainers. Saudi Arabia becomes the regional exporter of sovereign infrastructure expertise
L1L2L3
04 · Evidence Eight Incidents. Eight Lessons.
Every risk in the model has a real-world precedent
01
ICC / Microsoft 365 Lockout
Feb 2025 · Email & Collab · Kill-switch activated
 02
DigiD / Kyndryl Acquisition
Nov 2025 · Identity · M&A sovereignty risk
 03
OVHcloud Canada Court Order
Sept 2025 · Data Residency · Geography ≠ protection
 04
AWS East-1 Outage
Oct 2025 · Cloud & Compute · Single-vendor failure
 05
UK Apple iCloud Backdoor Order
2024 · Legal · Five Eyes extraterritorial reach
 06
Schleswig-Holstein Microsoft Exit
Oct 2025 · Email & OS · Alternatives proven at scale
 07
NVIDIA GPU Export Controls
2024–2025 · AI & Semiconductors · Supply chain risk
 08
View all case studies →
Full library at cases_index.html
Ready to see where you sit?

Phase 1 — Design — delivers your complete six-dimension DSMM score in 8 weeks.

Explore each level → Commission an Assessment