Getamazednow AI · Digital Sovereignty Reference Architecture
ADSRA · seven sovereignty pillars · six-level maturity model · measurable KRIs
Draft v0.2 · For peer review July 2026
Australian Digital Sovereignty Reference Architecture

Your data is in Sydney.
So why isn't it sovereign?

ADSRA treats digital sovereignty as a first-class enterprise architecture domain — not a compliance checkbox. Seven control pillars, twenty fundable capabilities, a six-level maturity model, and a handful of telemetry-derived KRIs a Risk Committee can actually govern.

Residency asks

Where is the data stored?

Sovereignty asks

Who can be compelled to hand it over — and what could they actually produce?

Draft v0.2 · For peer review By Duane · Enterprise Architect July 2026 Financial services · Banking · Retail · Healthcare · Utilities · Education
The sovereignty moment

The regulatory clock is already running

No single instrument requires "sovereignty" by name. The obligation emerges from their intersection — which is precisely why it keeps falling between organisational cracks.

1 Jul 2025
APRA CPS 230 in force

Critical operations, board-approved tolerance levels, material service provider registers, and a 24-hour notification clock for tolerance-breaching disruptions.

✓ In force
Jun 2025
Privacy statutory tort live

A statutory tort for serious invasions of privacy, atop the 2022 penalty uplift: the greater of $50m, 3× the benefit, or 30% of adjusted turnover.

✓ Live
30 Apr 2026
CPS 230 amendments finalised

Targeted amendments for certain non-traditional service providers, effective 1 Jul 2026.

✓ Finalised
1 Jul 2026
Provider-contract transition ends

Pre-existing provider contracts captured by the earlier of renewal or 1 Jul 2026. That deadline has now passed.

✓ Deadline passed
2025–26
AI policy consolidates

Guidance for AI Adoption (Oct 2025) supersedes the Voluntary AI Safety Standard; the National AI Plan (Dec 2025) relies on existing law plus an AI Safety Institute — no standalone AI Act. The National framework for the assurance of AI in government (2024) sets a principles-based assurance expectation, binding on public agencies and a benchmark for regulated industry.

→ Evidence under existing law

The US CLOUD Act (2018) can compel US-headquartered providers to produce data regardless of where it is stored. Residency alone is not sovereignty.

The organising idea

Sovereignty sits above technology — not below it

ADSRA does not start with technology. It places a sovereignty control layer between the enterprise's obligations and its platforms, so every workload inherits sovereignty controls rather than negotiating them one at a time.

Business strategyValue, measures, investment and returns
ObligationsCPS 230 / CPS 234 · Privacy Act · SOCI · ISM · Hosting Certification
Sovereignty layer Data · Identity · Crypto · Operations · AI · Governance · Observability
Policy enforced by platformEvidenced by telemetryGoverned like any capability
Enterprise platformsApplications · Integration · Data · AI · Analytics
Cloud & infraAWS · Azure · Google Cloud · Private cloud · SaaS

Every workload below the line inherits the controls of the sovereignty layer. Exceptions are explicit, time-boxed and risk-accepted.

The seven pillars

Seven questions every board should be able to answer

Each pillar is specified with control objectives (stable IDs engineering can build against), a reference pattern, indicative AWS/Azure/GCP mappings, and the KRIs that evidence it. A board can fund, measure and govern a pillar — it cannot fund a vibe.

1

Data

Who can legally compel access to our information?

Classification with sovereignty tiers, residency and cross-border controls, tokenisation, DLP, privacy assessment in delivery.

2

Identity

Who is acting, from where, and with what privilege?

Australian-controlled IdP, Zero Trust conditional access, just-in-time elevation, session recording. Standing privilege extinct.

3

Cryptographic

Who controls the keys that control trust?

Customer-managed keys, HSM-backed roots of trust, and — surgically — hold-your-own-key. Encryption is the last defence, if you hold the keys.

4

Operational

Who administers production — and from which jurisdiction?

Australian operations and SOC, provider-access approval workflows, jurisdiction-aware break-glass, exit plans actually tested.

5

AI

Where do prompts, embeddings, inference and training occur — and who governs the outputs?

Prompt gateway, policy engine, PII detection, governed RAG, model registry, output validation — the model never talks directly to users. Plus decision assurance for AI-influenced decisions: impact assessment, explainability, contestability and human oversight.

6

Governance

Is compliance enforced by the platform, or a policy PDF?

Policy-as-code, pipeline gates that fail closed for critical tiers, auto-expiring exceptions. Every deployment inherits compliance — aligned to AS ISO/IEC 42001 and the national AI-assurance framework.

7

Observability

Can we prove, audit and continuously measure sovereignty?

The underdeveloped pillar — and the highest-leverage investment. A control without evidence is treated as absent. Position

Pillar 5 in practice

The model is the least interesting part of your AI architecture

What matters is everything you wrap around it — the difference between an AI use case your board can approve and one it can't. No user, application or agent ever addresses a model directly.

Userchannel
Prompt Gatewayauthenticate
Policy Engineuse-case check
PII Detectionredact
Enterprise RAGgoverned corpus
Approved ModelAU region
LLM Gateway+ model registry
Response Validationleakage check
Usergoverned answer
Immutable audit & AI observability — prompts, retrievals, model versions, decisions, tokens, cost, and the jurisdiction of inference for every request.

Overhead versus a raw model call: tens of milliseconds. Value: the use case becomes approvable. Position

The model registry may point at a global frontier model or an Australian-owned sovereign model on onshore compute — building sovereign models is a supply-side effort; ADSRA is the demand-side complement that governs and measures how any model is consumed. Beyond residency, the flow now evidences decision assurance: an algorithmic/impact assessment, explainability and a contestability path for decisions that significantly affect individuals — the same axis the 10 Dec 2026 ADM-transparency obligation makes a hard constraint. Position

The maturity model

From cloud adoption to autonomous sovereignty

Most Australian enterprises sit at Levels 2–3 today Position. ADSRA targets Levels 4–5 within roughly 36 months. Level 6 is the model's genuinely new contribution.

Level 1

Cloud Adoption

Workloads migrating; controls inherited ad hoc.

Level 2

Cloud Security

Essential Eight hardening; MFA; SIEM.

Level 3

Cloud Governance

Landing zones, tagging, policy governance.

Level 4

Digital Sovereignty

Classification drives residency, keys and AU operations.

Level 5

AI Sovereignty

All AI via gateway and registry; RAG governance; ADM readiness.

Level 6

Autonomous Sovereignty

The platform assesses and remediates its own posture.

At Levels 1–5, sovereignty is an audit question answered quarterly, by humans, from samples. At Level 6 it becomes a continuously computed property of the platform — quarantine the workload, force the key rotation, fail inference back in-region — under human oversight proportionate to blast radius. Deliberately aspirational: pilots, not production, are the realistic 36-month target. Position
Business value, investment and returns

Measures a Risk Committee can govern quarterly

None of these is an attestation. All are computable from telemetry — the difference between claiming sovereignty and measuring it. Reported quarterly to the Architecture Board and Risk Committee: trend, target, tolerance.

%

High/Critical data under customer-managed keys.

Target: 100%

Privileged sessions administered from Australia — and recorded.

Target: 100% for Critical
AI

AI inference executed in-region via the LLM gateway.

Target: 100% on High/Critical

First-time pass rate through policy-as-code gates.

Target: ≥ 90%

Mean time to detect a cross-jurisdiction data movement.

Target: < 1 hour for Critical

Recency of tested exit plans for material providers.

Target: ≤ 12 months
An honest ledger

Sovereignty is not free — both columns, stated plainly

Architecture papers love benefits. Investment committees trust ledgers. The managed position is not maximal sovereignty — it is tiered sovereignty, consciously priced.

▲ The return side

  • Penalty & tort exposure avoided. Privacy penalties reach the greater of $50m, 3× the benefit, or 30% of adjusted turnover; the statutory tort adds per-incident exposure.
  • Regulatory speed. Pre-approved patterns collapse architecture and risk-approval cycle times — a new AI use case becomes a configuration review, not a first-principles debate.
  • Concentration risk made visible. CPS 230 registers plus sovereignty KRIs quantify what Risk Committees previously accepted implicitly.
  • The licence to deploy AI at all. Evidenced control is becoming the precondition for board approval of customer-facing AI.

▼ The cost side

  • Sovereign controls tax capability. HYOK and client-side encryption break real native cloud features — apply surgically, not universally.
  • In-region AI lags the frontier. Australian-region model availability trails global releases, sometimes by a capability generation — though Australian-owned sovereign model and compute options are beginning to narrow the gap. Position
  • Over-classification is self-harm. Default everything to Critical and you tax low-risk workloads and teach the organisation to route around the scheme.
  • Skills are scarce. Policy-as-code, key custody and AI governance are thin markets — and thinning as CPS 230 programs compete.
The managed position. Four tiers (Low → Critical); the sovereignty premium spent only where obligations demand; residual risk measured and accepted in the open. A national retailer runs its product catalogue on a global public CDN — no premium at all — because classification said it could.
Roadmap

Three horizons to Level 4–5

Sovereignty priced as risk reduction, speed and trust — sequenced so investment tracks maturity.

Horizon 1 · 0–6 months

Foundations

  • Sovereignty classification of Critical/High data estates
  • Baseline maturity assessment across 20 capabilities
  • Stand up LLM gateway + model registry for all AI pilots
  • Sovereignty KRIs on the Risk Committee dashboard
Horizon 2 · 6–18 months

Enforcement

  • CMK/HSM coverage for Critical tier; policy-as-code gates in all pipelines
  • Australian operations & privileged session recording
  • RAG governance and PII detection in production AI
  • Exit / substitution plans tested for material providers
Horizon 3 · 18–36 months

Assurance

  • Continuous sovereignty assurance (Level 5 → 6 pilots)
  • Agentic compliance monitoring across clouds
  • Sovereignty posture in annual report & regulator engagement
  • Publish and iterate the reference architecture
The pack

Published as a draft — deliberately, for peer review

Reference architectures earn authority through scar tissue, not polish. TOGAF, SABSA and the Essential Eight all got better by being argued with. Every regulatory claim is anchored to a primary source in the Technical Reference evidence register; author judgement is marked Position.

Deck · 17 slides

Executive Briefing

The board conversation: why now, the pillars, industry lenses, KRIs, three horizons, and the ask.

Document · ~26 pp

Technical Reference

Control objectives with stable IDs, AWS/Azure/GCP mappings, the capability model, industry blueprints, and the evidence register.

Narrative · ~4,500 words

White Paper

Sovereignty by Design — the argument that sovereignty is an architecture problem, not a compliance one.

Series · 6 articles

Article Series

Publication-ready essays for serialisation — from the seven questions to the open peer-review invitation.

Please break it.

Where I most want challenge: the tier boundaries, the HYOK guidance, the Level 6 governance question, the technology mappings, and the new utilities and education blueprints — the regulation-heavy public-adjacent sectors where this architecture earns its keep. Cite the instrument, name the workload, bring the counter-example.

Read the seven questions ↑