Trust & sovereignty

Compliance
as exhaust.

Regulation now demands logging, traceability, version control and human-oversight evidence that neither hospitals nor vendors are equipped to produce. Heimdall produces it as a by-product of doing the work, because the ledger that prices the request is the same ledger that proves it.

The sovereignty tier model

The tier model is the product. The labels are honest.

Heimdall does not pretend residency equals sovereignty. Each tier is named for what it is, the choice is recorded in the ledger, and statutory rules are locked per region, 3verest-managed, never weakened by a customer override.

How the gate enforces it
Tier 01 · Sovereign

Processed and answered inside the border.

Owned weights on owned metal, zero external calls. UK GDPR / DSPT in-region processing; the default for identifiable PHI.

Tier 02 · Resident

In-jurisdiction, behind the de-identification gate.

A frontier model in the customer's region, reached only with a pseudonymised payload. Transfer mechanisms documented per gated class; honest RES-geo labelling.

Tier 03 · Open

Non-clinical work, by signed exception.

For classes the tenant's signed policy explicitly permits, anonymisation-grade by default, never assumed.

Security architecture

Identity & access

OIDC against the tenant IdP (Entra ID; NHS CIS2 where mandated); phishing-resistant MFA for signers. Machine identity via short-lived OAuth2 + mTLS, scoped to tenant, class and environment.

Encryption & keys

TLS 1.3 external, mTLS internal, AES-256-GCM at rest. Per-tenant data keys in an in-region KMS backed by HSM; the de-ID map sits in a separate HSM partition under split administration.

Data minimisation

Inference payloads are processed in memory and not persisted after response. Logs are payload-free by policy, enforced by lint and a runtime scrubber. Drift samples retain de-identified output only.

Audit by construction

Every control-plane mutation is hash-chained, immutable, in-region, eight-year default. Support impersonation is read-only, time-boxed and customer-visible. Tamper detection alerts within five minutes.

Separation of duties

Activation requires two signatures, Clinical Safety and Information Governance, and one principal cannot hold both for a single change. Locked baselines cannot be modified in any draft, by any role.

Fail-closed, always

With the policy engine unreachable, requests carrying identifiable or pseudonymised data are refused within 200 ms, no upstream call made. Verified continuously in the chaos suite.

The sovereignty engine

Residency is not a setting. It is a decision.

Most platforms treat residency as a dropdown, a region you pick and hope holds. Heimdall makes it the routing logic itself: the jurisdiction is not where the data is stored, it is the legal authority under which every decision is made.

United Kingdom

UK GDPR · NHS DSPT

In-country weights, sovereign tier default for identifiable PHI.

Europe · Germany

EU AI Act · BDSG

In-region inference; high-risk logging posture native to the cell.

United States

HIPAA · state regimes

In-country processing; BAA-ready, audit by construction.

Canada

PIPEDA · provincial law

Onshore inference under federal and provincial health-data rules.

Australia

Privacy Act · My Health Records

Onshore processing under the Australian successor regime.

Worked exampleA request from a Berlin hospital
ORIGIN
Berlin hospital
request in-region
POLICY
German rules bind
jurisdiction = authority
MODEL
German-approved
from the in-region set
LEDGER
German ledger
recorded under DE authority
EVIDENCE
German pack
provable, in-country
Fail-closed: if no compliant model is available in the jurisdiction, the request does not fall back to a foreign one. It does not run at all. Sovereignty that can be silently overridden is not sovereignty, it is a setting.
Regulatory position

The record a compliance officer hands to a regulator, without a translation layer.

RegimeHeimdall's position
EU AI ActLogging and oversight infrastructure for high-risk systems: decision records, version history and human-oversight routing map to Articles 12, 14 and 26. Evidence packs regenerate retroactively from the ledger as interpretation shifts.
UK GDPR / DSPTIn-region processing for the sovereign tier; transfer mechanisms (IDTA / SCC + TRA) documented per gated class; a DSPT evidence-pack template generated on demand.
ISO 27001 / SOC 2Target certification within twelve months of GA; control mapping maintained from day one rather than retrofitted.
HIPAA (US, later)BAA-ready posture; audit and minimum-necessary by construction, not by addendum.
SovereigntyThe tier model, Sovereign / Resident / Open, is the product's core, with statutory rules locked per region and managed by 3verest.
Evidence, reproducible

Same inputs,
same pack hash.

An evidence pack, model versions in force by date, change history with approvals, oversight routing, drift results, generates in under five minutes for a twelve-month tenant history. Because it is derived from an immutable ledger, the same inputs always produce the same artefact. The proof is not assembled; it is recalled.

EU AI Act pack

Decision records, version history, human-oversight routing, Articles 12 · 14 · 26. Signed PDF + machine-readable export.

DSPT pack

Data-security and protection evidence, mapped to the template, drawn straight from in-region audit events.

Reconciliation

Invoice totals reconcile to ledger sums exactly, a nightly, zero-tolerance job. The bill and the proof share one source.

See an example board audit, generated autonomously

Heimdall · the gate

The span asserts the bridge is sound. The gate asserts it is watched.

See the architecture that makes the proof automatic, or talk to us about a lighthouse deployment.

Email the team Read the architecture