ADSRA treats digital sovereignty as a first-class enterprise architecture domain — not a compliance checkbox. Seven control pillars, twenty fundable capabilities, a six-level maturity model, and a handful of telemetry-derived KRIs a Risk Committee can actually govern.
Where is the data stored?
Who can be compelled to hand it over — and what could they actually produce?
No single instrument requires "sovereignty" by name. The obligation emerges from their intersection — which is precisely why it keeps falling between organisational cracks.
Critical operations, board-approved tolerance levels, material service provider registers, and a 24-hour notification clock for tolerance-breaching disruptions.
✓ In forceA statutory tort for serious invasions of privacy, atop the 2022 penalty uplift: the greater of $50m, 3× the benefit, or 30% of adjusted turnover.
✓ LiveTargeted amendments for certain non-traditional service providers, effective 1 Jul 2026.
✓ FinalisedPre-existing provider contracts captured by the earlier of renewal or 1 Jul 2026. That deadline has now passed.
✓ Deadline passedPrivacy policies must disclose substantially automated decisions that significantly affect individuals (APP 1.7–1.9) — a direct constraint on AI architecture.
⏳ ForthcomingGuidance for AI Adoption (Oct 2025) supersedes the Voluntary AI Safety Standard; the National AI Plan (Dec 2025) relies on existing law plus an AI Safety Institute — no standalone AI Act. The National framework for the assurance of AI in government (2024) sets a principles-based assurance expectation, binding on public agencies and a benchmark for regulated industry.
→ Evidence under existing lawThe US CLOUD Act (2018) can compel US-headquartered providers to produce data regardless of where it is stored. Residency alone is not sovereignty.
ADSRA does not start with technology. It places a sovereignty control layer between the enterprise's obligations and its platforms, so every workload inherits sovereignty controls rather than negotiating them one at a time.
Every workload below the line inherits the controls of the sovereignty layer. Exceptions are explicit, time-boxed and risk-accepted.
Each pillar is specified with control objectives (stable IDs engineering can build against), a reference pattern, indicative AWS/Azure/GCP mappings, and the KRIs that evidence it. A board can fund, measure and govern a pillar — it cannot fund a vibe.
Classification with sovereignty tiers, residency and cross-border controls, tokenisation, DLP, privacy assessment in delivery.
Australian-controlled IdP, Zero Trust conditional access, just-in-time elevation, session recording. Standing privilege extinct.
Customer-managed keys, HSM-backed roots of trust, and — surgically — hold-your-own-key. Encryption is the last defence, if you hold the keys.
Australian operations and SOC, provider-access approval workflows, jurisdiction-aware break-glass, exit plans actually tested.
Prompt gateway, policy engine, PII detection, governed RAG, model registry, output validation — the model never talks directly to users. Plus decision assurance for AI-influenced decisions: impact assessment, explainability, contestability and human oversight.
Policy-as-code, pipeline gates that fail closed for critical tiers, auto-expiring exceptions. Every deployment inherits compliance — aligned to AS ISO/IEC 42001 and the national AI-assurance framework.
The underdeveloped pillar — and the highest-leverage investment. A control without evidence is treated as absent. Position
What matters is everything you wrap around it — the difference between an AI use case your board can approve and one it can't. No user, application or agent ever addresses a model directly.
Overhead versus a raw model call: tens of milliseconds. Value: the use case becomes approvable. Position
The model registry may point at a global frontier model or an Australian-owned sovereign model on onshore compute — building sovereign models is a supply-side effort; ADSRA is the demand-side complement that governs and measures how any model is consumed. Beyond residency, the flow now evidences decision assurance: an algorithmic/impact assessment, explainability and a contestability path for decisions that significantly affect individuals — the same axis the 10 Dec 2026 ADM-transparency obligation makes a hard constraint. Position
Most Australian enterprises sit at Levels 2–3 today Position. ADSRA targets Levels 4–5 within roughly 36 months. Level 6 is the model's genuinely new contribution.
Workloads migrating; controls inherited ad hoc.
Essential Eight hardening; MFA; SIEM.
Landing zones, tagging, policy governance.
Classification drives residency, keys and AU operations.
All AI via gateway and registry; RAG governance; ADM readiness.
The platform assesses and remediates its own posture.
None of these is an attestation. All are computable from telemetry — the difference between claiming sovereignty and measuring it. Reported quarterly to the Architecture Board and Risk Committee: trend, target, tolerance.
High/Critical data under customer-managed keys.
Target: 100%Privileged sessions administered from Australia — and recorded.
Target: 100% for CriticalAI inference executed in-region via the LLM gateway.
Target: 100% on High/CriticalFirst-time pass rate through policy-as-code gates.
Target: ≥ 90%Mean time to detect a cross-jurisdiction data movement.
Target: < 1 hour for CriticalRecency of tested exit plans for material providers.
Target: ≤ 12 monthsArchitecture papers love benefits. Investment committees trust ledgers. The managed position is not maximal sovereignty — it is tiered sovereignty, consciously priced.
Sovereignty priced as risk reduction, speed and trust — sequenced so investment tracks maturity.
Reference architectures earn authority through scar tissue, not polish. TOGAF, SABSA and the Essential Eight all got better by being argued with. Every regulatory claim is anchored to a primary source in the Technical Reference evidence register; author judgement is marked Position.
The board conversation: why now, the pillars, industry lenses, KRIs, three horizons, and the ask.
Control objectives with stable IDs, AWS/Azure/GCP mappings, the capability model, industry blueprints, and the evidence register.
Sovereignty by Design — the argument that sovereignty is an architecture problem, not a compliance one.
Publication-ready essays for serialisation — from the seven questions to the open peer-review invitation.
Where I most want challenge: the tier boundaries, the HYOK guidance, the Level 6 governance question, the technology mappings, and the new utilities and education blueprints — the regulation-heavy public-adjacent sectors where this architecture earns its keep. Cite the instrument, name the workload, bring the counter-example.
Read the seven questions ↑