Trust, Security and Assurance
Security that holds because of where the system runs and who is allowed to reach it, not because of a clause you can never audit. Zero-egress by default, independently certified, and immune to extraterritorial control.
The Security Thesis
Most cloud security is a set of assurances written into a contract you are not allowed to inspect, running on infrastructure you cannot see, reachable by a government that is not yours. Sovereign security removes the gap between the claim and the proof.
When your data, your models and the evidence of what your systems did all live on a foreign control plane, security becomes a matter of trust in a vendor and a jurisdiction. Amanah closes that gap by moving the whole stack onto your soil, under your law, operated by your people. The controls are not clauses you have to take on faith. They are properties of where the system physically runs and who is allowed to reach into it.
Zero-egress is the architectural default, not a setting or a service level. Data, models and inference stay inside your perimeter because there is no path out.
On your ground and under your law, the system is immune to extraterritorial control such as the CLOUD Act. No outside authority can compel access to what sits inside your walls.
The posture is verified by independent bodies against real standards, from the EU 8-Pillar framework to the ISO management systems, rather than claimed on a slide.
You hold full source-code access, own the models and the weights, and your own team operates them. There is no black box you are asked to trust and forbidden to open.
The Controls
Not a security product bolted onto a foreign platform. The safeguards are woven through the Sovereign Stack, from the silicon to the applications your people use.
No inference, training data or document ever crosses your border. Nothing leaving is the default state of the architecture, not a promise layered on top of it.
Deployed on your soil and governed by your law, the platform is beyond the reach of any foreign statute, the CLOUD Act included. No external jurisdiction can compel your data.
Every record, index and model weight stays inside the geography and the perimeter you define. Residency is enforced in the runtime, not asserted in a policy document.
A guardrail runtime sits in the path of every request, with a safety, a PII and residency, and a bias and fairness model checking each step before a result is returned.
A policy and audit engine records who reached what, when and under which rule. The evidence of every action stays inside your borders, in reach of your own auditors.
Independently certified against the EU Full 8-Pillar Sovereignty framework and the ISO management systems, and aligned to DORA, BAFIN and NIS2.
How It Is Enforced
Sovereign security is not a perimeter you cross once. It is a runtime in the path of every request, and a ledger of everything that runtime did.
Requests pass through a guardrail runtime that calls a dedicated safety model, a PII and residency model, and a bias and fairness model. These are components of the Brain, invoked on every step, not external services data is shipped to.
A policy and audit engine applies your rules and writes an immutable record of every access, decision and model call. The trail of what happened lives on your infrastructure, never in another jurisdiction.
The whole runtime executes inside your walls on hardware you own. Around forty model calls can run on a single transaction and zero records leave your border, because the boundary is the architecture, not a firewall rule.
Trust is a property of the architecture, not a line in a contract.
Verifiable, Not Asserted
Certified by an independent body against the full European sovereignty framework. Sovereignty holds only when every one of the eight pillars does.
Our engineering team is one of the original fourteen certified for CNCF AI conformance, the standard for how AI is run on cloud-native infrastructure, at the level of the platform itself.
Zero-egress is the default of the architecture. No data, model or inference crosses your border to be processed anywhere you cannot see.
Certifications and Alignment
Held to independent, internationally recognized standards for information security, compliance, AI management and sovereign operation, so the posture is a matter of record, not of marketing.
The international standard for an information security management system, governing how information risk is managed across the organization.
The standard for a compliance management system, the framework for meeting legal, regulatory and internal obligations.
The management-system standard for artificial intelligence, covering how AI is governed, controlled and held accountable.
The highest maturity level of the Capability Maturity Model Integration, for optimizing and continuously improving engineering process.
Independently certified against the European Full 8-Pillar Sovereignty framework, measured across all eight mutually reinforcing pillars.
Our team is one of the original fourteen organizations certified for CNCF AI conformance.
Aligned to the Digital Operational Resilience Act for the resilience of digital operations in regulated finance.
Aligned to the supervisory expectations of Germany’s financial regulator for regulated financial institutions.
Aligned to the NIS2 directive for the security of network and information systems in essential and critical sectors.
Request a security briefing
Walk through the controls, the certifications and the audit evidence with our team, and see how the whole stack runs inside your perimeter with zero records leaving your border.
Full source-code access, and you own the models and the weights. Certified independently, operated by your own team, immune to extraterritorial control.