The Sovereign Standard · Technical Substance

Capability inside your environment. Not access to someone else's.

Most AI tools deliver capability through a third-party API. Your data leaves your environment, is processed on overseas servers, and returns with no audit trail you control. For an organisation handling regulated data, that is an unauthorised disclosure waiting to be found.

BlackVault™ inverts the model. We deploy verified open-source large language models inside your own AWS ap-southeast-2, Azure Australia East, or GCP Sydney environment. The model runs where your data lives. Nothing is sent out. Nothing is shared. Every inference is logged, retained, and auditable.

The Three Layers

One architecture, layered from the infrastructure up.

Layer 1

Sovereign Infrastructure

Verified open-source models deployed inside your Australian cloud region. The model runs where your data lives; no external API dependency at inference.

Layer 2

Compliance Governance Framework

The governance documentation set that makes the infrastructure auditable — the evidence a regulator asks for, prepared before they ask.

Layer 3

Sector Compliance Module

The regulatory obligations specific to your sector, layered on top of the baseline framework.

Security Baseline

Every claim is evidenceable.

The controls below are implemented and documented on every deployment — not a roadmap, a baseline.

Dedicated isolated environment — no shared tenancy.
RBAC access control · AES-256 encryption at rest · TLS 1.3 in transit.
Full inference audit trail, retained and version-controlled.
Annual independent penetration testing by a certified third party.
ACSC Essential Eight controls implemented; Maturity Level uplift included in scope.
ISO/IEC 27001:2022 certified information security management system.

See what sovereign deployment looks like in your environment.