We hold ourselves to the same standard.
The sovereignty claims we make about our products apply to us first. Our infrastructure is sovereign by construction. Our AI governance is documented and in use. Our provenance is verifiable — because if it were not, we would have nothing credible to sell.
MissionOpsAI runs on EU sovereign infrastructure with locally-deployed AI inference and board-accountable governance — built this way from inception, not retrofitted.
Architecture as evidence.
Every sovereignty claim is grounded in specific architectural choices made at the outset — not in policy documents or aspirational statements.
EU sovereign infrastructure from inception
All MissionOpsAI infrastructure runs on Hetzner Cloud (Falkenstein, Germany). No US-based cloud providers are used in the operational estate. This was a deliberate starting condition, not a subsequent migration.
Local AI inference — ORACLE
AI inference runs on sovereign hardware under the ORACLE deployment. Open-weights models (Qwen, Mistral families) are hosted on our own compute. Sensitive processing never leaves our boundary by default. Cloud escalation is opt-in and logged.
M-Suite replaces third-party SaaS
Email (Stalwart), document management (M-Drive), CRM, and agent orchestration run on our own infrastructure. These replace the cloud SaaS dependencies that would otherwise create cross-border data flows and vendor lock-in.
Governance is in operation
The three-tier action classification system (Autonomous, Supervised, Commanded) governs every AI action. CHRONICLE logs every event with full audit trail. The governance framework is operational — not documented for a future state.
We assess ourselves against our own framework.
The Sovereign AI Governance framework scores organisations on six dimensions against a four-state rubric (Verified / Partial / Asserted-only / Contradicted). MissionOpsAI is scored against this framework before any other organisation is assessed. The full scorecard with evidence references is published as a PDF.
These are MissionOpsAI's own standards — the test we hold ourselves to first, and the basis on which we offer assessment to others. They are not regulatory or official guidance and do not represent the position of any government, regulator or standards body. The sovereign-AI landscape and the guidance around it are developing; we will update these standards as formal guidance emerges. Nothing here is legal advice; organisations should take their own.
Verified across all four core dimensions (Data, Model, Compute, Governance); no Contradicted ratings on any dimension. Compulsion Test: Continuity high, Exposure minimal, Control UK-held.
Hetzner Tier A — EU-hosted, operator-controlled, no US-reach jurisdiction. Sole UK/EU legal and operational control.
Open-weights models (Qwen, Mistral families) hosted on sovereign hardware under ORACLE. No runtime dependency on a foreign-controlled model API on the sovereign path.
Hetzner Tier A. Physical compute under EU-controlled operation; not subject to US extraterritorial compulsion.
Three-tier action classification enforced at architecture level. CHRONICLE provides a full, independent audit trail. Board-accountable governance in operational use.
ORACLE local inference enables full offline/air-gapped operation. Core functions do not depend on any foreign online service.
MissionOpsAI Ltd — UK-registered entity; IP held in UK jurisdiction.
What we claim. And what we do not.
The ledger is a public commitment. Every marketing decision, every piece of copy, every metric is checked against it before publication.
Independence — by transparency, applied to ourselves.
Where we both assess an organisation and could help it build, we disclose that dual role plainly. As the scheme grows, assessment and implementation are formally separated; today the control is disclosure and an open, checkable method.
Our Sovereign AI Governance framework is published in full — so our findings can be verified, not taken on faith. Verifiable assurance is the point; a WARRANT certification is our independent attestation against it.
We hold our own posture to the same framework we apply to others, and publish the result — including where we fall short.
Earned certifications. Verifiable by anyone.
Both credentials link to their issuing registers and can be independently verified. Cyber Essentials is current, valid to 24 April 2027. JOSCAR is current, valid to 12 June 2027.
NCSC Cyber Essentials certification confirms five foundational cyber controls are in place across our infrastructure. Valid to 24 April 2027. Issued by IASME.
Ref: 2b646398-363d-4c7b-b80f-39360a6f4cbd — search MissionOpsAI to verify
Verify on NCSC register →
Registered from 5 June 2026, renewal 12 June 2027. Hellios ID 10100889. Hellios sustainability score: 65.88.
About JOSCAR on Hellios →Questions about trust.
Are you sovereign yourselves?
Yes. MissionOpsAI operates on EU-hosted infrastructure (Hetzner, Falkenstein, Germany), with locally-deployed AI inference (ORACLE, running open-weights models on sovereign hardware) and an internal software suite (M-Suite) that replaces major third-party SaaS dependencies. Our AI governance framework is documented and operationally in use. This is not a marketing claim — it is a starting condition we built to.
What do you mean by 'sovereign from the start'?
We have not transitioned from a commercially-dependent architecture to a sovereign one. We built sovereign by design, from inception. Infrastructure choices, model deployment strategy, and governance framework were all established before the first line of client-facing code was written. There is no legacy vendor dependency to unwind.
Why publish the honesty ledger?
The organisations we aim to serve operate in environments where credibility is a hard constraint — defence, regulated financial services, critical infrastructure. In those environments, the cost of an inflated claim is permanent trust destruction. We consider transparent, bounded provenance to be a competitive differentiator, not a disclosure burden.
Do you have paying customers?
MissionOpsAI is in active development. We work with design partners. We do not claim customers, revenue, or external deployments that do not exist. When we have these, we will say so specifically.
Assess your own posture. Start with the test.
The Compulsion Test takes two minutes and scores your organisation against the same three vectors we apply to ourselves.