A buyer of the Sovereign Stack receives a licensed L1 chain instance: their own chain ID, genesis, gas token, state machine, mempool, governance, and dedicated infrastructure pipe. JIL's existing 14-of-20 BFT validator network (10 active scaling to 20 active plus 20 standby, distributed across 13+ jurisdictions) runs consensus for the buyer's chain in parallel with JIL's own SCN reference chain. The buyer never operates validators. JIL never custodies buyer keys or buyer gas tokens. All commercial payments are in USD or stablecoin. JIL retains 100% of source code, IP, and the right to maintain the platform; the buyer cannot fork, decompile, or operate disconnected from the JIL control plane. Verticals (CourtChain™, CREB™, Verdict Engine, Bad Actor Registry, Wallet Intelligence, Pre-Clearance) are not part of the stack and are licensed separately.
| Audience | Sovereign nations and jurisdictional operators; federal channel partners (Accenture, Leidos, SAIC, Peraton); large financial institutions with high-assurance L1 mandates; foundations and institutional grant operators; enterprise treasuries with their own settlement and tokenization requirements. |
| Buyer | Sovereign Wealth Treasurer / Central Bank Head of Innovation / CIO / CTO / Head of Government Procurement / GC. |
| What Is Sold | A working production L1 chain instance, validated by JIL, with JIL operating the consensus layer. Never source code. Never the right to fork. Never the right to disconnect from the JIL control plane. |
| Commercial Structure | Two contracts per buyer: (1) Master Sovereign Stack License Agreement (covers L1 licence + Validation Service); (2) Master Custom Development Services Agreement (framework for SOW-driven custom work, cost-plus 15-25%). |
| What Is Excluded | Verticals: CourtChain™, CREB™, Verdict Engine, Bad Actor Registry, Asset Intelligence, Wallet Intelligence, Pre-Clearance, Attestyx, RUWI, Signal, Bi-Directional Payment Integrity Network, Secure Document Vault. Each is a separate commercial engagement. |
Own chain ID, genesis, gas token, state machine, mempool, governance, application namespace. Not a shard. Not a subnet. Not a sidechain. A parallel sovereign instance of the JIL L1 code.
Each JIL validator runs N consensus processes in parallel (one per assigned buyer chain plus JIL's SCN), each with chain-specific or hierarchically derived signing keys. Operational cap at launch: 5 buyer chains plus SCN per validator.
One pipe per chain. Failure isolation, per-chain throughput SLA, jurisdictional data residency, clean per-chain audit boundaries. Pipe is placed in the sovereign vault matching the buyer’s jurisdiction.
Slashing conditions are scoped per chain. A validator slashed on one buyer chain for a chain-specific protocol violation is not slashed on other chains it operates. No cross-chain blast radius.
Ed25519 + Dilithium-III hybrid for signatures, ML-DSA-65 for protocol-level digital signatures, Kyber KEM for key encapsulation. HSM-backed validator keys with hierarchical derivation. No platform component uses only a classical primitive in a position where forward secrecy or non-repudiation matters.
Cryptographic. Every component verifies its connection to the JIL control plane at startup and during operation. Disconnection beyond a configurable grace window causes the component to refuse to sign or process new transactions. Tampering is a material breach.
A buyer chain hitting a mempool storm or a flood of bad-actor traffic does not pressure JIL's SCN or any other buyer's chain. Each chain has its own ingestion, propagation, and event streams.
Dedicated pipes let JIL guarantee transactions per second at the infrastructure level and enforce tiered SLAs (Standard / Enhanced / Premier) without cross-tenant contention.
EU, UAE, Singapore, and Brazil buyers have jurisdiction-of-data requirements. Dedicated pipes can be physically placed in the correct sovereign vault (US / CH / UAE / SG / BR currently operating).
Per-chain pipes give clean evidentiary boundaries for any audit, slashing event, or downstream evidence work the buyer wants to do. Per-chain consensus process + per-chain pipe = per-chain forensic record.
If sovereign action affects one vault (legal demand, sanctions, seizure), the architecture is designed so consensus across remaining vaults continues. Chains placed inside the affected vault are subject to the action; others are not.
Pipes are provisioned and rebalanced through the control plane. Capacity can be added without disrupting other buyer chains because the pipes are independent. Per-validator chain caps protect SCN headroom.
| Buyer Tier | License Fee (Annual) | Validation Service (Annual) | Implementation (One Time) |
|---|---|---|---|
| Sovereign / jurisdictional operator | $5M - $20M | $2M - $6M | $2M - $8M |
| Federal channel partner (Accenture / Leidos / SAIC / Peraton) | Negotiated per engagement, generally 50/50 split on end-customer revenue. Validation Service + Implementation bundled. | ||
| Large financial institution | $3M - $10M | $1.5M - $4M | $1M - $3M |
| Foundation / institutional grant operator | $750K - $3M | $500K - $1.5M | $250K - $750K |
| Enterprise (non-financial) | $1.5M - $5M | $1M - $2.5M | $500K - $1.5M |
| JIL Owns | Consensus layer, transport layer (Kafka / Red Panda pipes), the JIL control plane, the cryptography stack, validator key custody, signed-binary integrity attestation, threat intelligence distribution, 24x7 incident response across all five vaults. |
| Buyer Owns | Application layer on the buyer’s chain, KYC and custody integration, the buyer’s smart contracts, operational use of the chain, application-layer access control, key management for application-layer signers (not validators). |
| Validator compromise | JIL problem. JIL stands behind it. |
| Buyer smart contract bug | Buyer problem. Buyer remediates. |
| BFT / pipe / control-plane break | JIL problem. Per SLA, Sev-1 response within 30 minutes; post-incident review within five business days. |
| Buyer KYC / custody integration breach | Buyer problem. Buyer remediates; JIL assists per support tier. |
| Cross-chain interaction | Default off. Bridges are a vertical and require a separate license. Each cross-chain edge is engineered, audited, and licensed individually. |
Country X needs in-jurisdiction data residency for all government vendor payments and wants its own L1 chain to anchor settlement. Country X signs the Master Sovereign Stack License Agreement. Order Form: tier Sovereign / jurisdictional operator, chain ID jil-countryx-1, gas token CXGAS, pipe placed in US vault (Country X's regulator's choice), Premier SLA, 14-of-20 validator allocation across JIL's existing global ring.
JIL runs the genesis ceremony. Validators start signing blocks on jil-countryx-1 in parallel with their existing duties on JIL's SCN and other buyer chains. The dedicated Kafka pipe goes live in the US vault. Country X's payment ministry integrates its existing ERP through documented APIs. SCN is configured for Country X's transfer restrictions, sanctions screening, and vendor-eligibility policies.
Country X pays JIL $12M annual License Fee + $4M annual Validation Service Fee + a one-time $5M Implementation Fee, all in USD. JIL operates the validators. Country X does not custody any JIL keys. JIL does not custody any CXGAS. Verticals (CourtChain™, CREB™, Verdict Engine) remain on JIL's SCN - Country X licenses CREB™ separately if it wants admissible payment-integrity evidence anchored on the JIL evidence substrate.
At end of term, if Country X chooses not to renew, the chain is paused, the validators stop signing, the buyer's chain state is exported in a portable format for archival, and the chain cannot be operationally continued without JIL (because the validators are JIL's). Continuity assurance is delivered through contractual uptime guarantees and a committed JIL-operated successor instance.
| Multi-chain BFT | 14-of-20 quorum across 10 active validators in 13+ jurisdictions; target 20 active + 20 standby. Each validator runs N consensus processes in parallel (one per buyer chain plus SCN), capped at 5 buyer chains + SCN at launch. |
| Per-tenant isolation | Own chain ID, genesis, gas token, state, mempool, governance, application namespace. Dedicated Kafka / Red Panda pipe placed in the buyer's jurisdiction. No shared block space, no shared mempool, no shared message bus. |
| Cryptography | Ed25519 + Dilithium-III hybrid signing; ML-DSA-65 protocol-level signatures; Kyber KEM key encapsulation; SHA-3 + BLAKE3 hashing; HSM-backed validator keys with per-chain hierarchical derivation. |
| Control plane | Non-optional. Cryptographic enforcement. License validation, integrity attestation, software updates, threat intel, validator monitoring, pipe provisioning, per-chain telemetry. Disconnection = component refuses to operate. |
| Five sovereign vaults | US, CH, UAE, SG, BR. Each is a physically distinct deployment with its own infrastructure, staff, jurisdictional posture. Pipe and validator placement follows buyer jurisdiction. |
| SLA | Premier default. 99.9 percent monthly uptime, 4-hour RTO, 1-hour RPO, 30-minute Sev-1 response 24x7, dedicated TAM, quarterly business review. |
| Commercial | USD or stablecoin only. Three streams (License Fee, Validation Service, Implementation) + optional fourth (Custom Development cost-plus 15-25 percent). Two contracts: Master Sovereign Stack License Agreement + Master Custom Development Services Agreement. |
| Exit | Chain pauses. State exported in portable format. Buyers retain archival; operational continuation requires JIL-operated successor instance per contractual continuity terms. |