The product

The gate, end to end.

How a request is classified, governed, routed and proven, the architecture beneath it, and the console that operates it.

Request access →

How it routesThe gate, in seven movements

ArchitectureReference architecture & regional cells

Platform & modulesThirteen modules and the economics

Policy StudioThe interactive OEM console

Trust & proof

Compliance as exhaust.

Sovereignty named honestly, fail-closed by construction, and the evidence the ledger produces on its own.

Request access →

Trust & sovereigntyTiers, security, compliance mapping

Example auditAn autonomous governance pack

The family

One massif, four names.

Heimdall is one face of the 3verest substrate: the sovereign AI platform, with Bifrost for inference and Forge for healthcare developers.

Visit 3verest →

3verestThe sovereign AI massif

BifrostSovereign AI inference

ForgeThe healthcare developer platform

3verest.com/heimdall Request access

The platform

One control plane,
thirteen modules.

Heimdall is standalone, but native to the 3verest family. Each module does one job on the data path or the control plane, and every state change is audit-logged, every API idempotent, every tenant isolated at every layer.

The modules

Gateway & Task API

The single enforcement point. mTLS + OAuth2, streaming, idempotency, prefix & semantic caching. No path to any model except through it.

Data plane

Task-class classifier

Verifies what the caller declares, task class against the schema registry, data class against an owned, on-gateway PHI detector.

Data plane

Policy engine

Compiles human-readable rules into per-request decisions in under a millisecond. Residency matrix, allowlists, budgets, fail-closed.

Data / control

Router & model registry

Resolves each request to the cheapest compliant rung on the depth ladder; manages a pinned, eval-gated model estate.

Data / control

Envelope enforcer

Bounds the cost and behaviour of every request, context caps, output schemas, agentic depth, hard budgets, queue-not-spend.

Data plane

De-identification gate

The trust boundary for any non-sovereign route. Pseudonymisation and anonymisation grades; the re-ID map never leaves sovereign storage.

Data plane

Ledger & metering

One immutable, hash-chained record per request across all pools, the source of truth for billing, simulation and evidence.

Data / control

Policy Studio

The visible control surface. Two skins, one engine. Rules as signable prose; nothing edits live state directly.

Control plane

Metering, billing & pricing

Turns ledger rows into four commercial shapes. Budget caps and alerts; invoices reconcile to ledger sums exactly, zero tolerance.

Control plane

Evidence & reporting

Compliance as exhaust. EU AI Act and DSPT evidence packs, scheduled or on demand, reproducible from the ledger.

Control plane

Governance operations

The concierge layer. Weekly drift sampling, rubric scoring, eval-suite runs, escalation playbooks, run by people on a cadence.

Control plane

Notifications & webhooks

HMAC-signed webhooks, email digests and a Studio inbox for policy activations, approvals, escalations, budget thresholds and drift flags.

Control plane

Administration & tenancy

OEM org and tenant provisioning, region assignment, locked-baseline management, credential lifecycle, read-only support impersonation.

Control plane

The control surface

Policy Studio. Sign what you can read.

Every rule is rendered as a sentence a governance lead can sign, and simulated against thirty days of the tenant's own traffic before it activates. Two skins, one engine: an OEM white-label and a customer-direct view, the same tree scoped and role-reduced. Nothing edits live state directly; change moves through draft → simulate → approve → activate, with instant rollback retained.

Exhibit 05Policy Studio, the residency matrix

RESIDENCY MATRIX · DATA CLASS × TIER

Data class	Sovereign	Resident	Open
Identifiable (PHI) locked	allowed	blocked	blocked
Pseudonymised	allowed	via gate	blocked
De-identified	allowed	allowed	via gate
Non-clinical	allowed	allowed	allowed

◆ 1 uncommitted change Identifiable · Resident → blocked Run simulation →

Statutory rows are tenant-immutable and 3verest-managed. Activation requires two signatures, Clinical Safety and Information Governance, and they cannot be the same person.

The economic engine

Make AI financially predictable.

AI is sold by the token and bought by the study. A product is priced on a fixed licence or a per-study fee, but the model underneath bills by the token, and token count is a random variable: context size, output verbosity, retry loops, agentic depth. Fixed revenue minus an unbounded cost is a margin that erodes silently, request by request. That mismatch is where healthcare AI margins go to die, and it is the reason clinically successful AI features get cut at contract.

ExhibitSame revenue, two cost regimes

Revenue is the same in both. Heimdall does not raise the price; it bounds the cost, so the margin stops being a function of how heavily the feature is used.

How a variable cost becomes a fixed price

01 · Task class

Name the work

Each unit of AI work is a named, versioned class, not an open-ended API call. You can only price what you have named.

02 · Envelope

Bound the request

Every class carries a token envelope: context cap, output cap, retry ceiling, agentic depth, max calls. The worst case is known in advance.

03 · Budgets

Cap the spend

Budgets per tenant, region and class. A soft alert at 80%, a hard queue at 100%, so the ceiling is set before the bill arrives, not after.

04 · Routing

Serve it cheaply

The cheapest compliant model wins. Owned capacity absorbs the routine 80%; frontier inference is reserved for the hard tail that needs it.

05 · Underwriting

Price the study

The per-study price is derived from real ledger variance, not a guess. The party that can manage the variance is the one that carries it.

Why sovereign is also the cheaper path

Owned inference is a capitalised, fixed-cost base; per-token APIs are pure variable cost. Above a crossover volume the owned path is simply cheaper, and two standard levers widen the gap, batch scheduling and prompt caching. So routing the bulk of traffic to sovereign capacity is the lower-cost path as well as the compliant one. The economic case and the sovereignty case point the same way, which is what makes the argument hard to refuse.

Indicative levers

Batch scheduling~50% lower

Prompt caching, cached inputup to 90% lower

Owned vs per-token crossovertens of M tok / day

Routine traffic on owned supply~70%

Indicative magnitudes, not a quote. Real figures fall out of the tenant's own ledger.

The hyperscalers sell cognition by the token and hope you do not do the maths. Heimdall is the maths, made into a product, and a per-study price a CFO can underwrite.

Commercial shapes · the meter, made priceable

Platform subscription

The base. Control plane, Studio, governance and evidence, the layer everything else accrues against.

Per-study

One known line item per study, underwritten from ledger variance, offered post-data, or with a lighthouse risk-share.

Volume tiers

Consumption banded for fleets, with soft (80%) and hard (100%) budget alerts that queue rather than overspend.

Capacity blocks

Forward-purchased sovereign GPU capacity, the customer treats cognition as a balance-sheet asset, not a surprise.

3verest sells neither the algorithm nor the tokens. The router's incentive, cheapest compliant supply, is the customer's incentive. That neutrality is the point.

Six pillars, one control plane

Columns of guarantees a CIO, CISO or IG lead can hold the platform to.

Governance

Plain-language policy (Studio)
Simulation on 30 days of traffic
Dual sign-off, clinical + IG
Versioned, attributed history
Fail-closed enforcement

Routing

Intent-based model resolution
Cheapest-compliant selection
Owned / specialist / frontier / human
Per-task token envelopes
Deterministic ≤ 2 ms routing

Sovereignty

Jurisdiction as routing authority
In-region weights (sovereign tier)
Sovereign → sovereign failover only
De-identification gate for frontier
Per-task-class residency

Economics

Per-study / per-slice pricing
Budget controls by tenant + region
Capacity blocks (capex-shaped)
Volume tiers
Underwritten from ledger data

Compliance

Immutable hash-chained ledger
Auditor-ready evidence packs
EU AI Act / UK / AU alignment
Version pinning for certification
Tamper alert ≤ 5 min

Operations

Single endpoint, drop-in deploy
Gateway-only / Forge / full-cloud
No re-certification between shapes
Real-time cognition dashboard
Multi-region sovereign footprint

Who operates it

Persona	Role	What they come for
OEM platform admin	Product ops at an imaging OEM	Per-customer policies; AI features that stay deployable and profitable.
OEM developer	Integration engineer	Integrate once via heimdall.run(); never manage a model lifecycle.
Trust IG lead	Information governance, health system	Lawful processing they can sign with confidence; evidence on demand.
Clinical safety officer	Clinical governance	Safe behaviour, human oversight, managed change, no silent model updates.
Finance / CFO	Budget owner	Predictable cognition cost and the right pricing shape. No bill shock.
3verest governance analyst	Clinical-AI ops · concierge	Drift audits, eval gating, escalation playbooks, run by people on a cadence.

Trust, security & sovereignty →