EU sovereignty platform

A managed SSH honeypot deception layer for EU governments and regulated European enterprise.

Bayesian attacker-behaviour modelling on every observed session. Tamper-evident SHA-256 / keccak256 evidence batches stored in an EU-region Supabase project. A tiered SLA model your procurement file can defend, whether you are buying for a member-state cyber agency or a regulated European F500.

Rue de la Loi 200, 1000 BrusselsEngineering and operations both EU-based

What the platform does

Four operational properties, stated declaratively.

The platform runs a managed SSH honeypot deception layer for member-state cyber agencies and regulated European enterprise. Adversaries engage the decoy environment; production systems remain unaffected.

Every observed session feeds a Bayesian model that maintains a working hypothesis of attacker intent, with confidence weights exposed as auditable session metadata. The session payload is hashed with SHA-256 (keccak256 variant available) and batched into an append-only evidence log.

Evidence batches and customer data live in an EU-region Supabase project. No transatlantic data movement by default. The threat model and data-flow diagram are available under NDA for procurement review.

Attacker sessionSSH ingress(decoy perimeter)Honeypot captureSession log(attacker-only data)Bayesian inferenceBehaviour hypothesis+ confidence weightsEvidence batchSHA-256 / keccak256append-only logEU-region SupabaseEVIDENCE CHAIN

Workflow notation. The dotted line under the evidence-batch node indicates storage region, not a sub-process.

Tier matrix

Four tiers. Documented response times. Annual fee under NDA.

The public columns of the matrix appear below. The fee column and the SLA-breach remediation policy are part of the procurement file shared under NDA.

PropertyBronzeSilverGoldClassified
Response time (first acknowledgment)One business dayEight hoursFour hoursOne hour
Honeypot environmentsUp to 3Up to 10Up to 30By engagement
EU-region data residencyIncludedIncludedIncludedIncluded
Tamper-evident evidence batchingSHA-256SHA-256SHA-256 / keccak256SHA-256 / keccak256
Bayesian behaviour modellingIncludedIncludedIncludedIncluded
Annual fee per tierUnder NDAUnder NDAUnder NDAUnder NDA

Tier model and response-time commitments are published as part of every procurement engagement; the annual fee and SLA-breach remediation policy are shared after NDA execution.

Two procurement tracks

One platform. Two procurement contexts.

Government

For EU member-state cyber agencies

Architected for ministry-of-interior cyber teams, national CSIRTs, and the cyber units inside defense and digital-affairs ministries. Procurement-file-friendly: EU residency, tamper-evident logging, tiered SLA.

  • EU-hosted operations and EU-region storage
  • Tier matrix, response-time commitments, and SLA-breach policy in the procurement file
  • Documented threat model and data-flow diagram under NDA
  • Engagement scoped per ministry; per-jurisdiction legal review for evidence handling

Enterprise

For regulated European enterprise

The same managed deception layer, scoped for F500-equivalent regulated European enterprise. GDPR-aware logging, NIS2-aware incident handling, attacker-only data scope.

  • Honeypot environment never ingests customer or employee PII
  • EU-region storage by default; data-residency configurable on request
  • Annual fee per tier; no per-event charges
  • Reference customers available under written permission

Procurement

Start with the procurement file.

The procurement file contains the tier matrix, the SLA-breach remediation policy, the EU-region data-flow diagram, the cryptographic scheme for evidence batching, and the annual fee per tier. Different addresses for government and enterprise procurement; both respond within one business day.