Home/Docs/Pillars/05 - Sovereign Stack

JIL Sovereign Stack

Turnkey deployment of the JIL platform for nation-states and central banks. Each deal is $10M-$50M upfront + multi-year ops. Moonshot pillar - multi-hundred-million per signed country.

NDA Confidential Version 2026-04-21
How the 4 pillars relate

Four pillars, one shared substrate, plus Sovereign Stack as a productized deployment

Every pillar captures value from the attestation work the platform produces anyway. This pillar is highlighted in gold. Sovereign Stack is the productized deployment of the whole stack - see /sovereign.

Shared Substrate
fleet-signer attestation engine L1 anchor MPC asset-intelligence YubiKey trust
01
RAN
Regulator-facing API
02
CourtChain
Litigation artifact
03
PoCS
Settlement rail
04
Sealed Escrow
Cross-industry primitive

JIL Sovereign Stack

Productized offering · Not one of the 4 thesis pillars. See /sovereign for the public marketing page.

Document ID: SOVEREIGN-PILLAR-001 Version: 1.0 Status: Planning. Ready for executive review. Owner: Jeff Mendonca (exec sponsor); Head of Government + Central Bank Affairs (TBH); platform engineering lead TBD. Shared substrate: see pillars README

1. The thesis

Nation-states and central banks are building sovereign compliance + settlement infrastructure because they don't want to depend on US fintechs. BIS Project Nexus, Project Agora, EU DORA-driven onshoring, Singapore Project Guardian, MAS Purpose-Bound Money, FINMA wholesale CBDC, HKMA e-HKD, UAE VARA - every one of these programs involves sovereign deployment of payment/compliance infrastructure.

The problem: no sovereign wants to build from scratch. Building the L1 + attestation layer + Sovereign Compliance Network (SCN) validator fleet + MPC + regulator surface + audit trail is 3-5 years of custom dev. No country is going to do it. They want a turnkey deployment of a mature stack, licensed under sovereign terms.

JIL has exactly that stack. Ship it as a white-label product.

The business: large multi-year licenses to national governments and central banks. Each deal is $10M-$50M upfront + multi-year ops + escalators. One signed country is a company-defining contract.

2. Market gap

Active sovereign programs (known as of 2026-04)

Program Owner Status Addressable scope
BIS Project Agora BIS + 7 central banks design phase → pilot 2026-2027 cross-border wholesale CBDC + compliance
BIS Project Nexus BIS + SG + MY + TH + PH + IN pilot instant cross-border retail payments
MAS Project Guardian Singapore MAS pilot with JPM, DBS, SBI tokenized asset settlement
MAS Purpose-Bound Money Singapore MAS live programmable payments
HKMA Project Ensemble HKMA + multi-bank consortium pilot tokenized deposits + wholesale CBDC
FINMA Wholesale CBDC Swiss National Bank pilot with SIX Digital Exchange wholesale interbank
ECB Digital Euro ECB rulebook 2025, launch 2028-2030 retail CBDC
BOE Digital Pound BOE design retail CBDC
UAE VARA + mBridge Dubai live (VARA); mBridge pilot VASP licensing + cross-border
Saudi SAMA SAMA design retail CBDC + Vision 2030 digital economy
Japan Digital Yen BOJ pilot retail CBDC
Brazil Drex Banco Central do Brasil pilot retail CBDC + tokenization
India Digital Rupee RBI live pilot retail + wholesale CBDC
mBridge China PBoC + UAE + HK + Thailand live, expanding cross-border wholesale CBDC

What every sovereign is asking for (from public RFPs + conference statements)

  1. Compliance built-in, not bolted-on. Sanctions screening + AML + Travel Rule must be native to the payment rail.
  2. Cryptographic attestation of every transaction - auditability by design.
  3. Post-quantum readiness - sovereign systems need to survive Q-Day.
  4. Multi-party control - no single vendor or government unit can unilaterally alter history.
  5. Modular compliance - jurisdiction-specific check catalogs, configurable per deployment.
  6. On-premises / in-country data residency.
  7. Legal admissibility of every transaction record in domestic civil + criminal courts.
  8. Interoperability with neighboring jurisdictions' systems (esp. BIS programs).

JIL delivers all eight. No other vendor delivers more than 2-3 of them.

3. Product structure

3.1 JIL Sovereign Stack - Core Deployment

What it is: a turnkey deployment of the full JIL platform onto sovereign infrastructure: - L1 ledger (jil5600-core customized) - 10-to-20 SCN validator fleet in-country (central bank-designated nodes) - Country-specific trust bundle rooted in the central bank's HSM - Jurisdiction-specific FWEA check catalog (e.g. SAMA-specific AML rules, MAS-specific Travel Rule, BaFin-specific reporting) - In-country regulator portal (RAN-equivalent) - MPC for custody/escrow products - Post-quantum-bound attestation from day one

Customer: national government, central bank, or sovereign wealth vehicle.

Sold as: upfront license + multi-year ops + annual escalators.

Pricing: $10M-$50M upfront license + $2M-$10M/year ops + 1-3 year implementation SOW.

3.2 JIL Sovereign Interop - BIS-Compatible Bridge

What it is: an interop module that lets a sovereign deployment settle with neighboring deployments under BIS Agora/Nexus frameworks, with attestation passthrough.

Customer: any sovereign customer joining BIS or regional programs.

Sold as: add-on to Core Deployment.

Pricing: $5M upfront + ongoing relay ops.

3.3 JIL Sovereign Custody - CBDC + Tokenized Asset Custody

What it is: the MPC + attestation layer tailored for central-bank-grade custody. Tokenized bonds, tokenized treasuries, CBDC reserves - all held with MPC + quorum-signed attestation.

Customer: central banks directly, sovereign wealth funds, state investment vehicles.

Sold as: per-deployment SOW + AUM-based recurring.

Pricing: $5M-$25M upfront + 0.5-2 bps of AUM.

3.4 JIL Sovereign Embassy - cross-jurisdiction compliance concierge

What it is: a managed service wrapping a sovereign deployment with a staffed JIL "embassy" team - compliance engineers, regulatory counsel, threat intel analysts - embedded in-country or regional. Turnkey operations for sovereigns that don't have deep crypto expertise.

Customer: smaller sovereigns, emerging markets, state-owned banks.

Sold as: multi-year managed service contract.

Pricing: $5M-$15M/year per embassy.

4. Target customers

Tier 1 - highest likelihood, fastest contract (Year 1-3)

Country Why them Status
UAE (Dubai) already crypto-forward; VARA + mBridge; sovereign wealth appetite direct outreach feasible; ADGM + DIFC contacts
Singapore MAS is pragmatic; existing PBM infrastructure; tokenized bond experience high; MAS partnerships through Project Guardian network
Switzerland FINMA + SIX Digital Exchange; neutrality positioning medium; cryptography thought-leadership is door-opener
Brazil Drex pilot in flight; large BD appetite for foreign partnerships medium; Brazilian banks as channel

Tier 2 - strategic importance, longer cycle (Year 2-5)

Country Status
Saudi Arabia (SAMA) Vision 2030 digital economy; very large deals possible; slow procurement
South Korea BOK CBDC pilot; chaebol banks as channel
Japan (BOJ) large addressable flow; conservative procurement
Hong Kong (HKMA) Project Ensemble; tokenized deposits
Mexico CoDi / CBDC interest
India (RBI) digital rupee pilot; large scale
Thailand (BOT) mBridge + retail CBDC

Tier 3 - emerging markets + smaller sovereigns (Year 3-7)

  • Kenya, Nigeria, Ghana (African Union mCBDC initiative)
  • Philippines, Indonesia, Vietnam (ASEAN Nexus)
  • Colombia, Peru, Chile (Pacific Alliance)
  • Eastern European + Baltic states seeking EU-compatible stacks

Why NOT the US as Tier 1

The US has too many competing agencies + procurement takes 5+ years. Treasury, Fed, FinCEN, OCC, state AGs all want different things. Contrast: MAS or VARA can decide in 6-12 months with a single regulator driving.

5. Service architecture

Sovereign Stack is the productization of the entire JIL stack as a deployable bundle. No new core technology - it's a packaging + customization + support layer around everything else.

deploy/sovereign/
├── README.md                       # deployment operator guide
├── blueprint/                      # infrastructure-as-code
│   ├── terraform/
│   │   ├── aws.tf                  # for sovereigns using AWS GovCloud
│   │   ├── azure-gov.tf            # Azure Government
│   │   ├── gcp-sovereign.tf        # GCP Sovereign Cloud
│   │   └── on-premises/
│   │       ├── bare-metal.tf       # in-country bare-metal (most central banks)
│   │       └── kubernetes.yaml
│   │
│   ├── ansible/                    # config management
│   │   ├── validator-setup.yml
│   │   ├── hsm-anchor.yml          # binds trust bundle to central bank's HSM
│   │   └── kafka-mtls.yml
│   │
│   └── helm/                       # Kubernetes charts
│       ├── jil-core/
│       ├── jil-attestation/
│       └── jil-ran/
│
├── customization/
│   ├── fwea-checks/
│   │   ├── sama/                   # SAMA jurisdiction-specific check catalog
│   │   ├── mas/
│   │   ├── vara/
│   │   ├── finma/
│   │   └── custom-template/        # starter for new jurisdictions
│   │
│   ├── trust-bundle-template.json  # jurisdiction-specific trust bundle skeleton
│   ├── locale/                     # languages + regional formatting
│   │   ├── ar-ae/
│   │   ├── pt-br/
│   │   ├── id-id/
│   │   └── ...
│   │
│   └── regulator-portal/           # RAN portal customization per jurisdiction
│
├── compliance-packages/
│   ├── fips-140-3/                 # FIPS 140-3 module integration (US)
│   ├── gdpr-dora/                  # EU regulatory compliance package
│   ├── mas-tech-risk/              # Singapore Technology Risk Management
│   ├── sama-cyber/                 # Saudi Cyber Security Framework
│   └── ...
│
└── runbook/
    ├── deployment-stages.md        # 18-month typical deployment
    ├── go-live-checklist.md
    ├── operator-training.md
    └── escalation-tree.md

services/sovereign-control/          # meta-service: manages per-deployment config
├── src/
│   ├── index.ts
│   ├── tenant-isolation.ts          # per-sovereign data partition
│   ├── customization-api.ts         # runtime config for per-jurisdiction rules
│   └── license-meter.ts             # tracks contract usage

What's technically custom per deployment

  • FWEA check catalog (which checks apply, what thresholds, what legal citations)
  • Trust bundle rooting (central bank's HSM vs JIL HSM vs dual)
  • SCN Validator operator set (local banks vs independent nodes vs central bank)
  • Locale + language + date formatting
  • Regulator portal branding + workflows
  • Interop partners (which other sovereign deployments to relay with)

6. Pricing

Deployment size Upfront license Annual ops Total 3-year contract
Small sovereign (pop <20M, GDP <$500B) $10M $2M $16M
Mid sovereign (pop 20-100M) $25M $5M $40M
Large sovereign (pop 100M+, major financial center) $50M $10M $80M
BIS-level cross-border bridge add-on $15M $3M $24M
Sovereign Embassy managed service - $10M $30M

Per-country ARR runs $10-30M after Year 2. Two sovereigns live by Year 3 is a $50M+ ARR business on its own. Five live by Year 5 is $150-300M ARR, with gross margins ~70% after the embassy team is staffed.

7. Phased build

Phase 1 - Deployment Blueprint (Months 0-6)

Goal: go from "bespoke deployment" to "repeatable 6-month deployment playbook."

Ship: - Terraform + Ansible + Helm templates for all major substrates (AWS, Azure, GCP, bare-metal Kubernetes) - Customization framework - FWEA check catalog is parameterized per-jurisdiction - Trust-bundle templating tool (generates jurisdiction-rooted trust bundles) - Deployment runbook - operator guide with 18-month stage plan - Compliance packages for 3 starter jurisdictions: UAE, Singapore, Switzerland

Team: 2 engineers (platform + security) + 1 BD lead for sovereigns. Cost: ~$500K loaded. Milestone: a dry-run deployment to a lab environment demonstrating end-to-end.

Phase 2 - First pilot deployment (Months 6-18)

Goal: first sovereign signs + deploys. Target: UAE (ADGM or DIFC sandbox deployment, pre-production).

Ship: - Actual in-country deployment - Jurisdiction-specific FWEA pack (VARA + CBUAE reporting) - Arabic-language regulator portal - Integration with UAE HSM infrastructure - Training + ops transition plan

Team: +2 engineers (on site for transition), +1 regulatory counsel (UAE). Cost: ~$2M loaded + travel + counsel. Milestone: UAE pilot live, transacting.

Phase 3 - Second + third pilots in parallel (Months 12-24)

Goal: prove repeatability. Target: Singapore + Switzerland simultaneously.

Ship: - Singapore deployment (MAS-tailored) - Switzerland deployment (FINMA + SNB-tailored) - BIS interop bridge between all 3 deployments (UAE + SG + CH) - cross-border attestation relay

Team: per-deployment team (+3 per deployment, shared platform team). Cost: ~$8M loaded. Milestone: 3 deployments live; cross-sovereign settlement demo at BIS Innovation Summit.

Phase 4 - Scale (Months 24-48)

Goal: 5-10 deployments live. Embassy teams staffed. BIS Agora / Nexus partner status.

Team: scaling org, per-region embassy teams, central platform team. Cost: ~$20M loaded across 5 deployments. Milestone: $100M+ ARR from Sovereign Stack alone.

8. Sales motion

Entry points

  1. Regulatory sandboxes. Every target jurisdiction has a regulatory sandbox (VARA, MAS, FINMA, ADGM). Entry is straightforward: apply, get admitted, run a pilot. This is how you get the first meeting with the central bank.
  2. BIS Innovation Hubs. Paris, London, Hong Kong, Singapore, Frankfurt, Basel. Participation in BIS programs opens multi-country conversations.
  3. World Bank + IMF partnerships. Emerging market entry.
  4. Sovereign wealth fund BD. Mubadala, ADIA, QIA, PIF, Temasek, GIC - they invest in pilots AND they're the ones who fund the sovereign purchase.

Sales cycle

Typical 18-36 months, but compressed possible with the right entry point: - Sandbox admission: 2-4 months - Pilot deployment: 6-12 months - Contract negotiation: 6-12 months - Go-live: 6-12 months after contract

Accelerant: if we can get one lighthouse sovereign live by Month 18, the second and third sign faster because they can visit + inspect.

Competitive landscape

Competitor What they offer Why JIL wins
R3 Corda permissioned ledger for sovereigns no built-in compliance; no PQ; no attestation; DLT but not full stack
Hyperledger Besu / Fabric open-source DLT same gaps; also no enterprise support model
Chainlink CCIP cross-chain messaging transport layer only - no compliance, no sovereignty, no attestation
Stellar payment network not sovereign; not PQ; no on-prem
Palantir data analytics not a settlement system; no DLT
Consensys (Ethereum-stack) Ethereum-family infrastructure not built for sovereignty; no PQ; no compliance-built-in
In-house central bank builds custom 3-5 years of custom dev; no sovereign wants that

9. Risks

Risk Mitigation
Procurement drags 36+ months Sandbox entries are faster; emerging markets are faster; first signing sets the template
One sovereign decides to build instead of buy Even if they do, our patent portfolio + published methodology means the fast path is via us
Geopolitical risk on a specific customer Diversify across regions (Middle East, Asia, Latin America, Europe); no single country > 40% of revenue
Export control / sanctions (US-based vendor) Structure via JIL Sovereign Holdings subsidiaries per region; neutral Swiss holding if needed
Central bank insists on 100% local operators Support it - ship deployment playbook + training; central bank runs, JIL audits
Cybersecurity incident on a sovereign deployment Per-tenant isolation + independent incident response + force-majeure terms + $X insurance
Competitor wins a country first Stay focused on Tier 1 + the fast-movers; BIS interop means even a competitor-country is eventually interoperable with ours

10. Strategic value

Sovereign Stack is the moonshot. It's the pillar that turns JIL from a $100M ARR compliance startup into a multi-billion valuation geopolitical infrastructure company.

Every sovereign deal is: - Non-fungible - once a country picks you, they don't switch easily - Reference-selling - each signed sovereign makes the next easier - Geopolitical - brings JIL into bilateral trade + policy discussions

Expected timeline: - Year 1: deployment playbook + first pilot - Year 2: first signed contract (UAE target) - Year 3: 3 live - Year 5: 5-10 live, $200-500M ARR, BIS-embedded - Year 10: 20-40 live, $1B+ ARR, infrastructure for a meaningful fraction of global stablecoin + CBDC flow

Even at 5 live deployments, the valuation multiple attached to this business is not a compliance-SaaS multiple - it's a sovereign-infrastructure multiple (closer to Palantir than Chainalysis).

This is the pillar that justifies the other four.

Pricing estimates · Pillar 5 · Sovereign Stack

Pricing & revenue profile

All figures below are illustrative estimates. Final pricing is scoped per engagement; contact sales for a firm quote.

Tier 1
1-3 months · Attestation Gateway
$2M-$5M
setup + $500K-$1.2M/yr ops
Pre-settlement attestation API, regulator dashboard, 2 in-country SCN validators.
Tier 2
3-6 months · Attestation + CourtChain
$5M-$15M
setup + $1.5M-$3M/yr ops
Tier 1 + CourtChain evidence portal + 4 in-country SCN validators + DR.
Tier 3
6-12 months · Full sovereign stack
$15M-$40M
setup + $3M-$8M/yr ops
Tier 2 + sealed escrow + settlement layer + 7+ SCN validators multi-DC.
Year-10 trajectory
$1B+ ARR
20-40 live sovereign deployments
Palantir-class sovereign-infrastructure multiple, not a compliance-SaaS multiple. This is the pillar that justifies the other four.
Full Sovereign Stack page → Sovereign conversation