▶ Try Live Demo Book a Strategic AI Session →
Songlines Shared Responsibility Model

Sovereignty is an operating model,
not a hosting claim.

Most "sovereign AI" claims fail when a CISO asks where the boundary actually sits. Cetus AI is precise about this. The Songlines Shared Responsibility Model makes the boundary explicit — so boards, procurement teams, and security assessors know exactly what Cetus AI governs and what the enterprise must enforce.

Request Architecture Session Download Shared Responsibility Model (PDF) Download Security Audit (PDF) Request Enterprise Evidence Package
4
Defined boundary layers
3
Deployment tiers with explicit sovereignty implications
100%
Boundary transparency — no ambiguity
0
Unsubstantiated sovereignty claims
The Problem with "Sovereign AI"

Why most sovereignty claims don't survive scrutiny

The term "sovereign AI" is used loosely across the industry. Cetus AI takes a different position: sovereignty is only meaningful when the boundary is explicit, auditable, and assigned.

What most vendors claim

Hosting location = sovereignty

The common claim is that running AI workloads in an Australian data centre makes them "sovereign." This conflates infrastructure location with governance — and leaves the most critical questions unanswered.

  • Who controls the model weights and updates?
  • Who governs identity and access to the AI layer?
  • Who owns the audit trail and can it be tampered with?
  • What happens when the enterprise's Entra ID is compromised?
  • Which telemetry leaves the jurisdiction and to whom?
What Cetus AI means by sovereignty

Sovereignty is an operating model

Cetus AI defines sovereignty as the explicit assignment of governance responsibilities across every layer of the AI stack — from hosting through to the enterprise's own downstream systems.

  • Every layer has a named owner: Cetus AI or the enterprise
  • The boundary is documented, not implied
  • Deployment tier selection changes the boundary explicitly
  • Boards and procurement teams can assess it directly
  • Security assessors can audit against it
The Right Questions

What a CISO should ask — and how Cetus AI answers

These are the questions that expose whether a sovereignty claim is substantive or marketing. Cetus AI has precise answers to all of them.

1

Where does the data actually go?

Not just at rest — in transit, during inference, in telemetry, in logs. Every hop matters for a genuine sovereignty assessment.

Cetus AI: All data processed within the Songlines boundary stays within the nominated hosting region. Telemetry is scoped to the Songlines platform layer. No data is sent to third-party model providers without explicit enterprise routing configuration. Audit logs are immutable and regionally scoped.
2

Who controls the model, and can they update it without notice?

Model updates can change behaviour, introduce new data flows, or alter compliance characteristics. Governance requires control over when and how models change.

Cetus AI: Model routing is governed by the Songlines control layer. Enterprises select approved model endpoints; Cetus AI does not push model changes without configuration review. Sovereignty-flagged routes enforce approved model lists. Azure OpenAI deployments remain under the enterprise's own Azure subscription and contract.
3

What happens if the enterprise's identity provider is compromised?

If Entra ID or the enterprise's PAM is breached, what is the blast radius within the AI layer? This is the question that separates genuine sovereignty architecture from hosting claims.

Cetus AI: The Songlines platform maintains its own RBAC layer, independent of the enterprise identity provider. A compromised Entra ID does not automatically grant access to the Songlines control plane. However, the enterprise is responsible for enforcing MFA, conditional access, and PAM — these are explicitly in the Enterprise column of the Shared Responsibility Model.
4

Can the audit trail be tampered with — by anyone?

An audit trail that can be modified by the vendor, the enterprise, or a privileged user is not an audit trail for compliance purposes. Immutability must be architectural, not policy-based.

Cetus AI: Every AI interaction is cryptographically signed at ingestion. Records cannot be modified or deleted by any party — including Cetus AI administrators. The audit trail is ISO 27001 aligned and IRAP-ready, with one-click CSV export for regulatory submissions.
Shared Responsibility Model

The Songlines boundary — layer by layer

The Songlines Shared Responsibility Model assigns every governance obligation to either Cetus AI or the enterprise. There are no grey areas. If it is in the Cetus AI column, Cetus AI is accountable. If it is in the Enterprise column, the enterprise must enforce it — and Cetus AI cannot compensate for its absence.

"The right question is not 'Is this sovereign?' — The better question is: 'Which sovereignty boundary are we claiming, and what must the enterprise enforce to preserve it?'"
Layer
Cetus AI Governs
Enterprise Must Enforce
1
Platform Hosting
Infrastructure, data residency, and operational telemetry within the Songlines boundary
Cetus AI
  • Hosting region selection and enforcement
  • Platform telemetry scoping and retention
  • Immutable audit record storage
  • Policy log integrity and availability
  • Infrastructure security and patching
  • Data residency compliance within the Songlines layer
Enterprise
  • Deployment tier selection (SaaS / Private Cloud / On-Premise)
  • Assurance requirements and certification obligations
  • Network-level controls to the Songlines endpoint
  • Data classification policies upstream of the platform
2
Model Routing
AI model selection, endpoint governance, and sovereignty-aware routing decisions
Cetus AI
  • Endpoint controls and approved model registry
  • Routing rules and policy enforcement at inference
  • Sovereignty flags for PII and sensitive data routing
  • Cost optimisation and fallback routing logic
  • Model-level audit logging and attribution
  • Zero-change integration via OpenAI-compatible API
Enterprise
  • Azure OpenAI deployment and subscription management
  • Model provider contracts and data processing agreements
  • Approved model list configuration within Songlines
  • Data residency requirements communicated to Cetus AI
3
Identity & Access
Authentication, authorisation, and privileged access management across the AI control layer
Cetus AI
  • Platform RBAC — roles, permissions, and scope enforcement
  • User activity logging within the Songlines boundary
  • Session management and token lifecycle
  • API key governance and rotation policies
  • Least-privilege enforcement at the platform layer
Enterprise
  • Microsoft Entra ID (Azure AD) configuration and health
  • Multi-factor authentication enforcement
  • Conditional access policies for AI platform access
  • Privileged Access Management (PAM) for admin roles
  • Identity provider breach response and incident management
4
Enterprise Ecosystem
Downstream systems, SIEM integration, and organisational controls outside the Songlines boundary
Cetus AI
  • Logs, alerts, and telemetry inside the Songlines boundary
  • Webhook and API delivery of events to enterprise systems
  • Structured export formats for SIEM ingestion
  • Alert thresholds and anomaly detection within the platform
Enterprise
  • Downstream SaaS integrations and their data flows
  • SIEM configuration, rules, and retention policies
  • Network controls and firewall rules beyond the Songlines endpoint
  • Organisational data retention and destruction policies
  • Third-party vendor assessments for connected systems
View full model with deployment tier implications on Songlines →
Deployment Tiers

Sovereignty implications by deployment tier

The deployment tier an enterprise selects directly changes the sovereignty boundary. Choosing a higher tier does not automatically make the deployment more sovereign — it shifts more of the responsibility to the enterprise to enforce.

Control / Gateway
Managed SaaS — commercial enterprise
  • Hosted by Cetus AI in Australian region
  • Cetus AI manages infrastructure, patching, and availability
  • Establishes AI visibility and audit within the Songlines-managed Australian boundary
  • Immutable audit trail with enterprise export
  • RBAC and user management via Songlines platform
Sovereignty boundary Cetus AI governs Layers 1–3 within the Songlines platform. Enterprise governs identity provider health, model provider contracts, and all downstream ecosystem controls.
Most Common
Platform (BYOC)
Bring Your Own Cloud — government & critical infrastructure
  • Data plane deployed into customer’s Azure tenancy
  • Enterprise controls the hosting region and network perimeter
  • Supports IRAP / PSPF / PROTECTED classification requirements
  • Full audit trail within enterprise-controlled storage
  • Integrates with enterprise Entra ID and PAM
Sovereignty boundary Enterprise governs Layer 1 (hosting infrastructure). Cetus AI governs Layers 2–3 within the Songlines platform. Enterprise governs identity, model contracts, and ecosystem.
Maximum Control
Private Deployment
Air-gapped / on-premises — highly regulated / classified
  • No Cetus AI-managed components in the data path
  • Deployed entirely within enterprise-owned infrastructure
  • No external network dependency for core AI operations
  • Custom SLAs and assurance packages available
  • Suitable for PROTECTED and above classifications
Sovereignty boundary Enterprise governs all four layers. Cetus AI provides the platform software and governance framework. The enterprise is responsible for enforcing every obligation in the model.
Enterprise Obligations

What the enterprise must enforce

Sovereignty is not passive. The Songlines model is only as strong as the enterprise's enforcement of its own column. These are the obligations that cannot be delegated to Cetus AI.

Identity & Access Management
The enterprise's identity provider is the front door to the AI layer. A misconfigured or compromised Entra ID is outside the Songlines boundary — and the enterprise must treat it accordingly.
  • Enforce MFA for all users with access to Songlines
  • Configure conditional access policies for AI platform access
  • Implement PAM for all administrative roles
  • Conduct regular access reviews and deprovisioning
  • Maintain an incident response plan for identity compromise
Model Provider Contracts
When the enterprise routes workloads to Azure OpenAI or other model providers, the data processing agreement is between the enterprise and that provider — not Cetus AI.
  • Maintain current DPAs with all model providers in use
  • Ensure model provider contracts meet Australian Privacy Act requirements
  • Review model provider data retention and training policies
  • Notify Cetus AI of approved model endpoints for routing configuration
Network & Perimeter Controls
Network controls upstream and downstream of the Songlines endpoint are the enterprise's responsibility. Cetus AI governs what happens inside the platform boundary.
  • Firewall rules and network segmentation to the Songlines endpoint
  • TLS certificate management for enterprise-controlled endpoints
  • VPN or private link configuration for Private Cloud deployments
  • Egress controls for data leaving the enterprise network
Downstream SIEM & Retention
Cetus AI delivers logs and alerts to the enterprise boundary. What happens to those logs after delivery — retention, correlation, alerting — is the enterprise's obligation.
  • Configure SIEM to ingest Songlines event streams
  • Define and enforce log retention policies per regulatory requirements
  • Build detection rules for AI-specific anomalies
  • Integrate Songlines alerts into the enterprise SOC workflow
CISO Readiness

Sovereignty readiness checklist

Use this checklist to assess whether your organisation is ready to make a substantive sovereignty claim — not just a hosting claim.

Is the AI platform hosted in an Australian data centre?
Cetus AI — Yes
Is every AI interaction logged with an immutable, tamper-proof audit trail?
Cetus AI — Yes
Are routing rules enforced at the point of AI execution — not after the fact?
Cetus AI — Yes
Is PII and sensitive data routed only to approved, sovereign-flagged endpoints?
Cetus AI — Yes
Does the enterprise have current DPAs with all model providers in use?
Enterprise obligation
Is MFA enforced for all users with access to the AI control layer?
Enterprise obligation
Are SIEM rules configured to detect AI-specific anomalies from Songlines event streams?
Enterprise obligation
Has the board been briefed on which sovereignty layer the enterprise is claiming?
Shared — Cetus AI provides the model; enterprise must brief the board
Is there a documented incident response plan for AI-related data incidents?
Shared — Cetus AI provides platform alerts; enterprise owns the response plan
Can the organisation demonstrate sovereignty compliance to an external assessor?
Cetus AI — Yes, via audit export and the Shared Responsibility Model documentation
Compliance Alignment

Frameworks the Songlines model addresses

The Shared Responsibility Model is designed to support compliance with the following Australian and international frameworks. It does not replace a formal compliance assessment — it provides the governance architecture that assessors need to evaluate.

Privacy Act 1988

Australian Privacy Act

The immutable audit trail, data residency controls, and PII routing flags directly support Privacy Act compliance obligations for AI-processed personal information.

APS AI Policy

APS Interim Generative AI Policy

The Shared Responsibility Model maps directly to the APS policy's requirements for human oversight, auditability, and responsible deployment of generative AI in government contexts.

ISO 27001

ISO/IEC 27001 Aligned

Songlines Control® is designed to support ISO 27001 information security management requirements, with particular alignment to access control, audit logging, and incident management controls.

ISO 42001

ISO/IEC 42001 — AI Management

The emerging ISO 42001 AI management system standard requires documented governance of AI systems. The Shared Responsibility Model provides the governance architecture ISO 42001 assessors need.

IRAP

IRAP Assessment Ready

For Australian government agencies requiring IRAP assessment, the Songlines architecture is designed to support the assessment process with documented controls, audit evidence, and clear boundary definitions.

Essential Eight

ACSC Essential Eight

The Songlines platform supports Essential Eight controls including application control, multi-factor authentication (at the platform layer), and audit logging — with the enterprise responsible for enforcing the remaining controls in their column.

ISM

Information Security Manual

The ACSC Information Security Manual (ISM) provides a cybersecurity framework for Australian government. The Songlines Shared Responsibility Model maps directly to ISM control categories, supporting documented evidence for system security plans.

PSPF

Protective Security Policy Framework

The PSPF governs how Australian government entities protect their people, information, and assets. The Songlines deployment model — particularly the BYOC and Private Deployment tiers — is designed to support PSPF information security obligations for PROTECTED and above classifications.

Compliance Evidence Package

Preparing for IRAP or ISO 27001?

Request a compliance evidence package. Our compliance report covers IRAP ISM controls, ISO 27001:2022 Annex A mapping, data residency confirmation, access control evidence, encryption status, and a full immutable audit log export — everything your assessor needs in one document.

Request Evidence Package Download Security Audit (PDF)
What’s Included
IRAP

IRAP Evidence Summary

ISM control mapping: audit logging, access control, data residency, anomaly detection, encryption

ISO 27001

ISO 27001:2022 Annex A Mapping

Controls A.5, A.8 — policies, access, cloud services, evidence collection, logging, cryptography

Data Residency

Data Residency Confirmation

Songlines platform boundary confirmation — covers telemetry, audit logs, and policy records within the managed SaaS boundary. Enterprise-layer sovereignty is documented in the Shared Responsibility Matrix.

Access Control

Access Control Evidence

Zero-trust access controls: SHA-256 hashed API key inventory, RBAC role enforcement at procedure level, session management, per-key rate limiting. Cryptographic integrity: HMAC-SHA256 outbound webhook signatures, TLS 1.2+ in transit, no plaintext secrets stored.

Encryption

Encryption & Security Status

TLS 1.2+, HMAC-SHA256, JWT, Helmet.js headers, Stripe webhook verification

Audit Logs

Full Immutable Audit Log Export

Up to 500 records with cryptographic signatures; CSV export for complete dataset

Security Architecture

Cetus AI-enforced vs enterprise-enforced controls

The following table maps specific security controls to their responsible party per SRM layer. Controls in the Cetus AI column are enforced by the platform. Controls in the Enterprise column must be enforced by the customer organisation.

SRM Layer Cetus AI Enforces Enterprise Enforces
Platform Hosting
  • TLS 1.2+ in transit
  • HMAC-SHA256 webhook signatures
  • Helmet.js security headers
  • 1MB body parser limit
  • Network perimeter and firewall rules
  • DDoS protection
Model Routing
  • SHA-256 hashed API key validation
  • Per-key rate limiting
  • RBAC enforced at procedure level
  • Azure OpenAI RBAC
  • Model access policies
Identity & Access
  • JWT session cookies (httpOnly, secure, sameSite)
  • OAuth callback rate limiting (20 req/min)
  • Session expiry enforcement
  • Entra ID configuration and health
  • MFA enforcement
  • Conditional access policies
  • Privileged Access Management (PAM)
Enterprise Ecosystem
  • Marketplace endpoint authentication
  • Audit log immutability
  • SIEM integration and configuration
  • Webhook destination security
  • Data retention policies

Independent security audit: The Songlines platform was independently audited in May 2026. The report recorded 0 critical findings and 12 remediated issues. Download the full audit report (PDF) →

Ready to make a sovereignty claim that holds up?

Book a sovereignty briefing with the Cetus AI team. We will walk through the Shared Responsibility Model layer by layer, map it to your deployment context, and identify exactly which obligations sit with your organisation.

Book a Sovereignty Briefing → Download Shared Responsibility Model (PDF)