EU Sovereignty
Built in Europe. Hosted in Europe. Reasoned in Europe.
For organisations subject to EU data-residency requirements — financial services under DORA, government and defence procurement, critical infrastructure, healthcare with EU patient data, or any enterprise with contractual data-residency obligations — SPNT offers a Sovereign deployment mode that goes beyond the standard EU-hosted SaaS posture.
Why sovereignty matters for SPNT specifically
A platform that runs autonomous reasoning over your security data has two data-residency questions, not one. The first is where the data is stored. The second is where the reasoning happens — because LLM inference is itself a data-processing operation.
Most platforms answer the first question (EU storage) but not the second. Inference is routed to whichever provider region has capacity, including non-EU regions. For organisations with strict data-residency obligations, this is a problem.
SPNT's Sovereign mode addresses both questions.
What changes in Sovereign mode
EU-hosted inference enforcement. All LLM inference for reasoning operations is routed through EU-hosted endpoints only. No data crosses the EEA boundary for reasoning operations. This is enforced at the platform level, not at the configuration layer — it is not a setting an engineer can disable.
Self-hosted LLM option.For organisations that require all processing on their own infrastructure, the Sovereign tier includes a self-hosted large-language-model option. The model runs entirely on customer-controlled infrastructure — no inference traffic leaves the customer's network at all.
EU data-residency SLA. A contractual guarantee covering substrate data, LLM inference, and telemetry processing. The SLA names the EU region(s) the data is stored in and commits to no transfers outside the named region(s).
Per-organisation sovereignty enforcement. The sovereignty policy is enforced at the platform level for each organisation independently. A Sovereign organisation cannot accidentally inherit a non-Sovereign provider routing through shared configuration.
Government-procurement documentation package. Sub-processor list, DPA with SCC annexes, NIS2 controller-processor mapping, and the deployment-mode comparison documentation, prepared in the formats EU procurement processes expect.
Sovereignty without Sovereign tier
Even on the Standard and Enterprise tiers, SPNT is an EU platform by default. Production infrastructure is EU-hosted. Data does not leave the EU by default. The Standard and Enterprise tiers include Standard Contractual Clauses for any transfers that require them (e.g., the standard LLM provider routing).
The Sovereign tier goes further: it removes the "by default" qualifier and provides contractual guarantees, EU-hosted inference enforcement, and the self-hosted LLM option.
Who needs Sovereign tier?
Air-gapped deployment
For organisations requiring complete network isolation — for example, classified government environments or highly regulated financial infrastructure — the Sovereign tier includes an air-gapped deployment option.
In air-gapped mode, the entire SPNT platform runs in the customer's network. There is no connectivity to SPNT infrastructure. Updates are delivered via signed release packages. The self-hosted LLM option is required; external LLM inference is not available.
Air-gapped deployments require a professional services engagement for initial deployment and are scoped per customer.
Evaluate the Sovereign tier
For regulated buyers, government procurement, or organisations with strict EU data-residency requirements — schedule a technical review to discuss the Sovereign deployment options.