Structural guarantees document

Sovereignty and Trust Framework

The Neutrality Charter defines what we will not do. This Framework explains why we structurally cannot.

Published by AGPT Ltd. Effective from the date of Platform launch.

Purpose

This document addresses a legitimate concern: when a Platform publishes legitimacy indices for officials exercising governmental authority across 27 EU member states, governments and institutions need assurance that the Platform cannot be used as an instrument of foreign influence, that citizen data remains under sovereign control, and that no actor – including the Platform operator – can manipulate the results.

1. Data Sovereignty

Where citizen data lives, how it is separated, and what the operator never stores.

1.1

Jurisdictional data residency

Citizen data for each country is stored on servers within that country's territory wherever possible. Where national infrastructure does not yet meet the Platform's security, uptime, and compliance requirements, data is stored within the EU in jurisdiction-appropriate infrastructure. In no case is citizen data transferred outside the EU.

1.2

National data independence

Every country's data exists in its own independent infrastructure. Databases are fully separated – not logically partitioned within a shared system, but independently deployed. A security incident affecting one country's infrastructure does not expose data from any other country. Cross-country data queries are architecturally impossible.

1.3

No centralized personal data store

There is no central database containing identifiable information about citizens from multiple countries. AGPT Ltd operates the Platform but does not aggregate personal data across jurisdictions. The only cross-country data are published aggregated indices – which are public by design.

1.4

Data minimization

The Platform does not collect names, ID numbers, addresses, or any personal identifiers. The only link between a citizen and their account is a one-way cryptographic hash (SHA-256 with a seasonal salt) derived from eID verification. This hash cannot be reversed to identify the person.

2. Operator Constraints

What AGPT Ltd – the Platform operator – is structurally unable to do.

2.1

The operator cannot identify citizens

AGPT Ltd does not have access to the identity verification process in a way that reveals who any citizen is. The eID-to-hash conversion happens at the authentication boundary. What enters the system is a fingerprint, not a person.

2.2

The operator cannot modify indices

Legitimacy indices are computed automatically from aggregated citizen judgments using published formulas. There is no administrative interface for manually changing an index value. The computation pipeline is deterministic: given the same inputs, it always produces the same outputs. This is enforced architecturally, not by policy.

2.3

The operator cannot access individual judgments

The system stores only the current state of each account's judgment toward each official (trust, distrust, or neutral). These states are anonymous and cannot be linked to a person. There is no mechanism to query "how did citizen X judge official Y" – the data model does not support it.

2.4

The operator cannot selectively suppress or amplify

Publication rules are uniform: every official at every level is subject to the same thresholds, the same confidence interval calculations, the same anomaly detection. There is no per-official configuration that could be used to delay publication, raise thresholds, or otherwise treat any official differently.

3. Algorithmic Verifiability

How anyone can verify that the numbers are computed correctly.

3.1

Published methodology

The complete index calculation methodology is published in the White Paper and summarized on every national Platform. This includes: the formula, the confidence interval method, publication thresholds, rounding rules, and anomaly flagging criteria. Anyone with the aggregated inputs can independently verify the output.

3.2

Independent audits

AGPT Ltd commits to periodic independent audits by third-party organisations covering: security (annual penetration testing), methodology (academic review), privacy (data protection architecture review), and compliance (legal review of GDPR adherence). Audit results are published.

3.3

Platform Journal as change log

Every change to the algorithm, publication thresholds, or operational parameters is documented in the Platform Journal (teisond.com/journal) before it takes effect. The Journal is a public, versioned, permanent record. There are no silent updates.

4. Independence Guarantees

4.1

No governmental funding

AGPT Ltd does not receive funding from any government, intergovernmental organisation, or state-affiliated entity. This applies to all jurisdictions where the Platform operates.

4.2

No governmental access to data

No government has privileged access to Platform data beyond what is publicly available. Law enforcement requests are handled through standard legal processes (court orders) in the relevant jurisdiction, and only to the extent technically possible – which is limited, given that the Platform does not store identifiable personal data.

4.3

No kill switch

The Platform architecture has no mechanism for a single actor (including AGPT Ltd management) to shut down, suspend, or materially alter a country's deployment without a documented process. Emergency procedures exist for security incidents but are logged, auditable, and disclosed in the Platform Journal.

4.4

Revenue independence

Platform revenue comes from fixed-price subscriptions paid by officials and institutions. Subscription fees are fixed by authority level (€1.90–€19.90/month), uniform across all 27 EU countries, and do not depend on the index value. The subscription buys depth of analysis, not influence over results.

4.5

Structural resilience

If AGPT Ltd ceases to operate, the methodology (published in the White Paper), the source code architecture (documented), and the aggregated data (public) exist independently of the company. The Platform is designed so that its public outputs could be verified, replicated, or continued by another operator using the same published methodology.

Ownership Trajectory

The Platform is designed to transfer from operator control to citizen ownership. This is not a future promise – it is a current architectural commitment. The infrastructure being built today is built to be handed over. The timeline, mechanism, and governance pathway are documented in the White Paper (Section 9).

What This Framework Does Not Guarantee

No technical architecture eliminates all risk. This Framework is honest about limitations.

Coordinated campaigns by real, verified citizens are possible. The Platform detects and flags them but cannot prevent citizens from organising.

Governments may attempt legal pressure through local courts. AGPT Ltd operates under UK law and maintains legal reserves for jurisdictional challenges.

The Platform depends on eID infrastructure operated by national governments. If a government degrades its own eID system, verification quality in that country may be affected.

These are real risks. The Framework's purpose is not to claim perfection but to ensure that the Platform operator is never the source of the problem.

The Sovereignty and Trust Framework is a permanent public document. Any amendments are published in the Platform Journal with full rationale before taking effect. Previous versions remain in the public archive.

AGPT Ltd – Advanced Global Polling Technology Ltd, United Kingdom · teisond.com