Citadel
Sovereign

Advisory

Level 0

Foreign dependent

Phase active

01 Design

You are here. Phase 1 — Design — maps every foreign dependency, scores your DSMM position across all six dimensions, and produces the target architecture to reach L1. This is the beginning of the journey and the foundation every subsequent phase builds on.

All critical digital infrastructure, software, and data flows are controlled by foreign vendors. The organisation has no ability to audit, interrupt, or substitute any component. A vendor decision, sanction, or outage is indistinguishable from a national crisis.

Status at this level — across all six dimensions

Infrastructure

  • Foreign-hosted; no local presence
Data residency
  • Data exits borders; location unknown
Identity & access
  • Vendor-controlled; no audit trail
AI & analytics
  • All inference hits foreign endpoints
Public safety comms
  • Foreign vendor activation keys
Legal / contractual
  • No data residency clauses
Key moves to reach this level
Map all foreign dependencies
Map all foreign dependencies
Map all foreign dependencies

Our edge

Our entry point: the Sovereignty Risk Assessment. Clients at Level 0 cannot accurately map their own exposure — we deliver that map. In 4 weeks we produce a three-dimension dependency map, top-5 kill-switch register, and a 30-day action list. In 8 weeks, the complete six-dimension picture.

Level 1

Visibility

+ University

Phase active

01 Design ✓
02 Demonstrate
Phase 1 is complete — you know what you have. Phase 2 — Demonstrate — now deploys the sovereign stack: in-country compute, local key custody, zero-trust access controls, and data residency architecture. The system is being built.
The organisation can see and enumerate its foreign dependencies. Telemetry, logging, and asset registries exist in-country. No substitution capability yet — but the exposure map is accurate and maintained. You can answer ‘what do we depend on and who controls it.’

Status at this level — across all six dimensions

Infrastructure
  • Inventoried; still foreign-hosted
Data residency
  • Data flows mapped; some in-country
Identity & access
  • Logs centralised locally
AI & analytics
  • Model dependencies documented
Public safety comms
  • Vendor dependencies mapped
Legal / contractual
  • Data residency clauses drafted

Key moves to reach this level

Deploy sovereign observability stack
Build asset criticality registry
Establish SLO/KPI baselines locally

Our edge

Our differentiator: sovereign-native observability (OpenTelemetry / Prometheus / Grafana) — no Datadog, no foreign SaaS in the monitoring path. Your telemetry stack is itself sovereign from day one.

University enters here

University co-investigator signs onto assessment reports — converting consultant findings into jointly validated academic conclusions. Graduate researchers handle dependency-mapping legwork at research-assistant rates. First cohort of train-the-trainers candidates identified from top students.

Level 2

Controlled access

+ University

Phase active

02 Demonstrate ✓
03 Stress Test →
The sovereign stack is deployed and access-controlled. Phase 3 — Stress Test — now proves it works. Millions of simulated clients. Fault injection. Geo-redundancy under load. 24×7 observability live. This is the gate between L2 and L3 — and no one else in the sovereignty space can certify you through it.
Encryption keys are held locally. Foreign vendor access is cryptographically gated and logged. No vendor can act unilaterally on your systems without your cryptographic consent. Microsoft 365 lockout at L2 is technically impossible — the keys are yours.
Commission an assessment
Ready to reach Level 2?
Ready to reach Level 2? Commission an assessment and we will architect the key-custody and zero-trust framework that makes vendor lockout technically impossible.
Commission an assessment →
Level 3

Local alternatives

+ University

Phase active

03 Stress Test →

04 Train the Trainers →

The stress test is passed. This is the only level gated by certified proof, not just implementation. RTO under 4 hours signed. National peak load validated. Phase 4 — Train the Trainers — now begins: credentialing your people through KAUST so they own this without us.

Validated sovereign alternatives exist for every critical foreign dependency. Failover has been tested under national peak load. The organisation can operate independently of any single foreign vendor for 99.999% of its critical functions, with a recovery time under 4 hours.
Commission an assessment
Ready to reach Level 3?
Level 3 is the full Demonstrate and Stress Test phase. Sovereign compute deployed on Hexagon DC. Local Arabic AI inference live on HUMAIN OS. Failover drilled under peak national load with millions of simulated clients. RTO under 4 hours certified. Declaration becomes demonstration — with a signed certification report. Commission an assessment to scope your Level 3 journey.
Commission an assessment →
Level 4

Full sovereign capability

+ University

All phases complete
04 Train ✓ — We leave
All four phases are complete. Your KAUST-certified Sovereign Infrastructure Analysts own, operate, and extend the stack independently. TTT graduates train the next cohort. Saudi Arabia is now a net exporter of sovereign infrastructure expertise. Citadel is no longer needed — which was always the goal.
The organisation is fully self-sustaining. No single foreign vendor holds a kill-switch over any critical function. Domestic talent certified to maintain and extend the sovereign stack independently. Saudi Arabia becomes a standard-setter — exporting sovereign infrastructure expertise to the GCC rather than importing dependency.
Commission an assessment
Ready to reach Level 4?
Level 4 is where we train your people and then leave. KAUST-certified Sovereign Infrastructure Analysts own, operate, and extend the system without us. TTT graduates become the next cohort’s trainers — Saudi Arabia exports this model to the GCC. Our stated goal is to make ourselves redundant. Commission the engagement that ends with you not needing us.
Commission an assessment →

Citadel Sovereign Advisory

Your hardware, your software, your sovereignty?

sovereignty-services.com
info@sovereignty-services.com · © 2026