Digital Sovereignty Advisory — Kingdom of Saudi Arabia

Your hardware.
Your software.

Your sovereignty?

In February 2025, Microsoft suspended the ICC Chief Prosecutor’s email under US government sanctions. The kill switch was pulled on a global institution. Saudi Arabia’s critical infrastructure faces the same exposure — today, at every ministry, bank, and energy asset in the Kingdom.

This is not a hypothetical.
This actually happened.

What would you do if this happened to you?

17

Critical KSA entities assessed

6

Sovereign dimensions measured

L0

TONOMUS current DSMM score

8wk

To your complete exposure map

The Proof Point

The kill switch was pulled.

February 2025. A real institution. A real vendor. A real loss of sovereignty in a single morning. This is not a hypothetical.

"Microsoft told the ICC it must terminate Chief Prosecutor Karim Khan's access — or lose email services for the entire court."

Associated Press · Computer Weekly · The Register — February 2025

01

US sanctions — foreign decision

The US government triggered the action. Microsoft complied. The ICC had no sovereign alternative, no contractual protection, no 90-day notice clause.

02

Kill switch activated within hours

Not days. Hours. The ICC immediately began migrating to open-source software. They had no time to plan.

03

Saudi Arabia has the same exposure

Microsoft 365 runs across every Saudi ministry. The same kill switch exists. The question is not if — it is when, and whether you are ready.

The Framework

Digital Sovereignty Maturity Model

Adapted from Carnegie Mellon’s CMMI — the gold standard for process maturity since 1987. Five levels. Six dimensions. Measurable. Actionable.

L0

Foreign dependent

No visibility

Your firm only

No visibility. Vendor controls everything. You cannot answer basic questions about your digital estate.

L1

Visibility

Know what you have

+ University

Dependencies enumerated. Telemetry in-country. Exposure map accurate. You know what you have.

L2

Controlled access

You decide who enters

+ University

Keys held locally. Zero-trust enforced. Foreign vendor access gated and logged. You decide who enters.

L3

Local alternatives

Can operate independently

+ University

Validated local alternatives. Tested failover. RTO < 4 hrs. You can operate independently.

L4

Full sovereign capability

Self-sustaining

+ University

Self-sustaining. Standards-setter. Domestic talent pipeline certified. The kill switch is inert.

Scoring Dimensions

Six sovereign dimensions

Every entity is scored 0–4 on each dimension. The weighted aggregate is your Sovereignty Gap Score.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

D1 — 25% weight

Cloud & Compute

Where does your compute live, who owns the data centre, and who controls the activation keys for your infrastructure?

L0 signal

All workloads on foreign cloud (AWS/Azure/GCP). No in-country alternative.

L3 target

Hexagon DC + STC Cloud validated. 99.999% availability certified.

What we deliver

Four service pillars.

Every entity is scored 0–4 on each dimension. The weighted aggregate is your Sovereignty Gap Score.

Air-gapped sovereign architecture

Your hardware. Your software. Your data. Your identity. Your uptime. Under your control — permanently.

We design and validate infrastructure where no foreign vendor holds a remote kill switch over any critical system. Air-gapped architectures eliminate the entire category of risk that the ICC, DigiD, and OVHcloud incidents represent. When there is no remote access path, there is no remote threat surface.

Hardware sovereignty: compute, storage, and networking specified and procured under national control — no vendor-managed firmware update paths.
Software sovereignty: open-source or nationally licensed stacks validated against NCA CCC-2. No activation keys held by a foreign entity.
Data sovereignty: encryption keys in an in-country HSM. Customer-managed at every layer. CLOUD Act and subsidiary jurisdiction orders cannot be satisfied.
Identity sovereignty: Nafath-backed sovereign IdP. No foreign authentication provider in any critical path. Zero-trust access with locally held cryptographic roots.
Uptime sovereignty: validated failover to sovereign compute (Hexagon DC, STC Cloud) with RTO under 4 hours and 99.999% availability certified under 100,000-device load simulation.

Delivered at

Governance and audit

Independent certification that your sovereign capability is real — not sovereignty-washed.

Sovereignty claims without independent verification are marketing. We provide the audit infrastructure that makes claims credible — to your leadership, to the NCA, to SDAIA, and to the international community. Our independence is our value: we have no hyperscaler partnership, no software to sell, and no conflict of interest.

Annual DSMM audit: full six-dimension re-assessment against the sovereignty maturity model. Scored, documented, and submitted to NCA in CCC-2 compliant format.
Kill-switch register refresh: quarterly update of the risk register with new precedents, new vendor corporate structure changes, and new geopolitical coercion vectors.
Sovereignty gap report: board-level reporting on maturity level progression, outstanding vulnerabilities, and roadmap to the next level.
NCA/SDAIA/PDPL compliance package: assessment findings formatted for regulatory submission. Legal review of all vendor contracts against the national sovereignty framework.
Third-party certification: we co-sign assessment reports with our KAUST university partner — converting consultant findings into academically validated conclusions.

Delivered at

Local and on-premises AI

Inference that never leaves the country. Models you own. Data that never trains someone else's system.

Every API call to OpenAI, Azure AI, or AWS Bedrock is a dependency on foreign infrastructure — and a potential source of data exfiltration, regulatory non-compliance, and geopolitical leverage. We architect and validate sovereign AI inference: models deployed on in-country compute, under local governance, with no foreign endpoint in the inference path.

HUMAIN OS integration: advisory on PIF/Aramco's sovereign Arabic AI platform — architecture review, governance framework, and integration with existing ministry systems.
On-premises LLM deployment: LLaMA, Mistral, and Arabic-tuned model variants deployed on Hexagon DC or STC Cloud. No foreign API dependency. No data leaving the country.
Model governance: training data provenance, model weight custody, inference audit trails, and bias assessment for Arabic-language models deployed in government contexts.
GPU supply chain sovereignty: NVIDIA H100 procurement advisory, export control compliance, and contingency architecture for GPU supply disruption scenarios.
AI kill-switch elimination: every foreign AI API dependency mapped, risk-scored, and replaced with a validated local inference path before it becomes a critical exposure.

Delivered at

Train the trainers

Self-replicating sovereign capacity. Not dependency on us — independence from everyone.

The goal of every Citadel Sovereign Advisory engagement is to make itself unnecessary. We do not build dependency on external consultants — we build national capacity. The Train the Trainers programme credentials Saudi professionals to assess, maintain, and extend sovereign infrastructure independently, anchored by a KAUST-issued qualification that carries weight with SDAIA, the NCA, and government procurement.

Curriculum design: sovereign infrastructure assessment methodology, DSMM scoring, kill-switch register maintenance, and NCA/PDPL compliance — co-developed with KAUST and accredited for continuing professional education.
Trainer certification: each graduate receives a KAUST-issued Sovereign Infrastructure Analyst credential — recognised by Saudi government agencies and carrying weight in procurement evaluation.
Cohort delivery: delivered quarterly. Each cohort of 15–25 professionals emerges able to conduct a Level 0–1 assessment independently, maintain the observability stack, and manage the kill-switch register.
Regional centre of excellence: by Year 3, a permanently staffed regional sovereign infrastructure centre anchored at KAUST — training professionals from Saudi Arabia, UAE, Qatar, Bahrain, and beyond.
Self-replication by design: cohort graduates become the next cohort's trainers. The programme grows without growing our headcount. Saudi Arabia becomes the regional exporter of sovereign infrastructure expertise.

Delivered at

Case Studies

Eight incidents. Eight lessons.

Every risk in our model has a real-world precedent. Click any case to read the full analysis.

National Exposure Assessment

Saudi Arabia's digital exposure

17 critical entities. 6 sectors. Kill-switch risk assessed. This is not a model — these are real vendors, real contracts, real vectors.

Sector Risk Table

Sector	Key Entities	Cloud / Primary Stack	ERP Dependency	Kill-Switch Vector	Risk
Government	MCIT / SDAIA, MOI, MOH, MOE, MOJ	AWS, Azure, MS365	SAP, Oracle	MS365 lockout; SAP licence non-renewal	HIGH
Energy & Utilities	Saudi Aramco, SEC, NEOM	Google JV, AWS, Azure	SAP S/4HANA	SAP / Google JV termination; GPU export controls	CRITICAL
Banking & Finance	SNB, SAMA, Al Rajhi Bank	AWS Bahrain, Oracle Cloud	Temenos, FLEXCUBE	SWIFT exclusion; core banking licence dispute	CRITICAL
Telecoms	STC, Mobily	STC Cloud, Tencent JV	Oracle, SAP	Tencent export restrictions; US pressure on 5G supply	HIGH
Healthcare	MOH hospitals (250+)	AWS Bahrain, hybrid	SAP; GE/Philips clinical	Clinical system firmware; medical device kill-switch	CRITICAL
Transport & Infra	GACA, Mawani, TONOMUS	AWS, Azure, DataVolt	SAP, Oracle	Thales/Raytheon ATC; TONOMUS 100% foreign stack	CRITICAL

SWIFT (banking) and GACA air traffic control (Thales/Raytheon) carry the highest kill-switch concentration. Microsoft 365 runs across every government ministry.

Why Citadel Sovereign Advisory

Three capabilities no other firm has.

McKinsey cannot write a P25 CAI architecture specification. The Big 4 cannot stress-test sovereign alternatives at national load. We can — and we have no product to sell.

USP-01 — PUBLIC SAFETY COMMS

P25 / MCPTT sovereign architecture — patent holder

30 years across EF Johnson, Motorola, and Google. We architect public safety communications where encryption keys never leave the country. When the kill-switch involves national emergency comms — police, fire, ambulance — we are the only advisory firm that can correctly specify the sovereign alternative.

US Patent 8,700,070 — Adaptive message retransmission in P25 networks

USP-02 — STRESS TESTING

Planet-scale validation — 100K+ device simulations

Built petabyte-scale telemetry at Google across 16 Pixel launches. Designed 100K+ device ‘day-in-the-life’ models at Motorola for public safety LTE. We do not just recommend sovereign alternatives — we validate they work under peak national load. Before they go live, not after.

USP-03 — INDEPENDENCE

Independent auditor — no product to sell, no conflict

No hyperscaler partnership. No software product. No referral fee from Microsoft, AWS, or Oracle. Active US Government Secret Clearance. When KSA entities reach Level 4 and need someone to certify that sovereign capability is real — not sovereignty-washed — that auditor role requires exactly this profile.

References & Sources

Grounded in evidence.

Every claim in our framework is tied to a documented incident, a published regulation, or a verified technical specification.

01

ICC starts replacing Microsoft after US sanctions froze chief prosecutor’s account

Computer Weekly · October 2025

Kill-switch

02

Schleswig-Holstein to migrate 30,000 PCs from Windows and Microsoft Office to Linux and LibreOffice

The Register · March 2024

Structural dep.

03

Digital transformation in government: addressing the barriers to efficiency

UK National Audit Office · FY 2023/24

Lock-in

04

Clarifying Lawful Overseas Use of Data (CLOUD) Act — Legislative Guide

US Department of Justice · 2018/2023

Extraterritorial

05

Capability Maturity Model Integration (CMMI) v3.0

ISACA / Carnegie Mellon SEI · 2023

Framework

06

US Patent 8,700,070 — Adaptive message retransmission in P25 networks

USPTO · Citadel Sovereign Advisory

P25 / MCPTT

07

Personal Data Protection Law (PDPL) — Full enforcement September 2024

SDAIA / Saudi Arabia · 2024

Regulation

08

Hexagon Data Centre — 480MW sovereign compute, groundbreaking January 2026

Hexagon / Kingdom of Saudi Arabia · 2026

Sovereign stack

09

Presidential memorandum: Responding to digital trade barriers targeting US firms

White House / Executive Office · February 2025

Geopolitical

10

NCA Cloud Computing Controls (CCC-2) — National Cybersecurity Authority

National Cybersecurity Authority · Kingdom of Saudi Arabia

Compliance

11

Kyndryl acquires Solvinity, operator of Netherlands’ national identity platform DigiD

The Register · November 2025

M&A risk

12

Vision 2030 — Saudi Arabia’s Digital Transformation Programme

Kingdom of Saudi Arabia · 2016–2030

Context

About the Firm

Built for this. Nothing else.

Citadel Sovereign Advisory is led by a technology architect with 30 years across Google, Motorola, EF Johnson, and General Dynamics.

At Google, he built the planet-scale observability infrastructure for 16 Pixel launches. At Motorola, he designed the 100,000+ device simulation models validating public safety LTE before national rollout. At EF Johnson, he architected P25 emergency communications systems for law enforcement agencies across the United States.

He holds a US Government Secret Clearance, a Masters in CS&E from the University of Michigan, a Masters in Liberal Arts from the University of Chicago, and US Patent 8,700,070 in P25 adaptive message retransmission.

Citadel Sovereign Advisory has no hyperscaler partnership, no software product, and no referral fees. We work for Saudi Arabia — not for the vendors selling into it.

Patent

US 8,700,070 — P25 adaptive message retransmission

Clearance

Active US Government Secret Clearance

Education

MS CS&E, University of Michigan (#9) · MA Liberal Arts, University of Chicago (#4)

Experience

Google · Motorola · EF Johnson · General Dynamics · 30+ years

Conflict

Zero — no vendor partnerships, no referral fees, no product to sell

Saudi Arabia 2026 — the moment

◆

2026 declared Year of AI

Council of Ministers declaration. Digital sovereignty is a national priority, not a technical concern.

◆

Hexagon DC — 480MW, world's largest

government data centre Groundbreaking January 2026. The sovereign compute infrastructure exists. Now it must be activated.

◆

HUMAIN OS — PIF/Aramco sovereign AI

platform Announced February 2026 at PIF Forum. The sovereign AI stack is being built. It must be governed.

◆

PDPL — full enforcement since September 2024

Saudi data protection law is in force. Most entities are not yet compliant at a sovereignty level.

◆

Microsoft Azure Saudi Arabia East — Q4 2026

$2.2B investment, 3 availability zones. In-country cloud is real. Sovereignty requires more than geography.

◆

Global AI Hub Law — draft 2025

Data embassies, virtual hubs, GDPR-compatible zones. The legal framework is forming around this work.

Commission an Assessment

Begin with one entity.

Eight weeks. Fixed fee. We deliver your complete digital exposure map — dependency map, kill-switch register, sovereignty gap score, and 90-day roadmap to Level 1. The findings speak for themselves.

Recommended first engagement: TONOMUS / NEOM — 100% foreign stack, Level 0 by definition.

[email protected]

Location

Oswego, IL / Riyadh

Response

Within 24 hours