Roadmap honesty
We do not publish roadmap items as though they were shipped controls. Every claim on /security and in pilot conversations describes what ships today. Forward work is labeled as forward work, with a target and a deferral condition.
Principles
How we operate, in writing.
Counterparties evaluating a trust-broker product should be able to see the commitments behind the signatures. The principles below are operationally defended in our internal doctrine, not aspirational. If you find us acting against any of them, name the gap.
Named attester, not a platform
Sovereign Ledger is a third-party attestation and data feed your compliance team consumes alongside existing screening vendors — the same shape as SGS or Refinitiv World-Check, not the same shape as a consortium platform you must adopt. We are never the bank, the insurer, the inspector of record, or the network.
Every bank-consortium-platform pitch in this space has failed (TradeLens, Marco Polo, we.trade, Contour). Every named-attester and data-feed pitch has succeeded. If a conversation with us starts to look like “we need you to adopt our network,” we have drifted from this principle — name the gap.
No concrete
We provide verification, financing-as-a-service, data, and market infrastructure. We do not own physical infrastructure — terminals, pipelines, reactors, refineries, data centers. Capex stays off the balance sheet by design. If we ever start owning hard assets, we have stopped being the company you contracted with; that would be a material change you should hear about explicitly.
A vendor breach is the customer’s breach — no euphemism
When a SaaS vendor is breached, the structural victims are its customers. They lose data they don’t control, absorb regulator and reputational cost they can’t decline, and the vendor’s incentives push toward minimizing communication.
Our incident communication will say “security incident under investigation,” not “scheduled maintenance.” The Subscriber Dashboard is the delivery channel; the language standard is committed in writing in our internal doctrine before the first paid Subscriber.
Disclosure is a runbook, not an inbox
A security@getsovereignledger.com address is necessary but not sufficient. We commit to a written first-response template, a named coordinator with a backup, an acknowledgement SLA, and /.well-known/security.txt before the first paid Subscriber. See /security for the current policy.
No lobbying for our own mandate
We track regulatory developments — EU CBAM, EPA OOOOb/c, EU Methane Regulation, EU Battery Regulation, and analogues — and we file public comments where useful. We do not lobby for our product to be mandated. The play is to be the dominant existing implementation when verifiable digital provenance becomes a regulatory requirement. If you see us advocating for a rule that would specifically require purchase of our product, that would violate this principle.
Standing invitation: pushback expected
We publish these principles so counterparties can hold us to them. If a meeting, a contract draft, a pilot conversation, or a public statement contradicts any of the above, the most useful response is to point at the gap. We will read pushback against this page as a feature of the relationship, not a friction in it.
Send a note to hello@getsovereignledger.com with the specific principle and the specific gap.