SAIL Specification
SAIL Specification
This document provides the complete specification for the Sovereign AI Leadership (SAIL) assessment, including evaluation criteria, point-based scoring methodology, and control-maturity levels.
Table of Contents
When to use this spec
This specification assesses one specific thing: how much control an entity has over its AI stack, and how readily it could exit a dependency. That is exactly what some sovereign AI interests are about, and beside the point for others.
Use this spec when
- Your primary interest is control, dependency transparency, or exit readiness - typical of enterprise, procurement, and security concerns.
- You need to compare strategies on capability actually demonstrated, not intent declared.
Do not use this spec as a proxy for
- Cultural legitimacy - whether a model "feels French" is a question of governance and representation, not a score.
- Industrial-policy success - jobs, fabs, and regional investment are real goals the stack does not measure.
Before applying the spec, decode the interest driving the request. The interest decoder explains the five common interests behind sovereign AI claims; the table below routes each layer to the interests that care most about it.
| Layer | Interests that care most |
|---|---|
| Layer 1: Application | Enterprise & procurement |
| Layer 2: Orchestration | Enterprise & procurement |
| Layer 3: Data | Enterprise & procurement; cultural identity & values |
| Layer 4: Model | Industrial policy; cultural identity & values |
| Layer 5: Training | Industrial policy; cultural identity & values |
| Layer 6: Compute | Security & weaponization; industrial policy; middle-power alliance |
| Layer 7: Legal & Exit | Security & weaponization; enterprise & procurement |
Overview
SAIL uses a point-based system for evaluating national and governmental AI strategies. As a framework, SAIL assesses AI sovereignty across the full AI stack from applications and data governance to training pipelines and compute dependencies.
To achieve SAIL certification, a country or public agency must:
- First satisfy all baseline prerequisites (minimum governance, control, and transparency requirements) across each layer
- Then earn points by meeting additional conditions aligned with its strategic goals
The framework is designed to reward realistic, optimized sovereignty strategies, including federated and allied approaches. It penalizes dependency and especially unacknowledged dependencies.
Key Principles
- Sovereignty may be partial, federated, or optimized, but dependencies must be explicit.
- Certain layers (compute, legal environment) act as structural constraints and may cap achievable tiers.
- Credit is awarded for real capacity, legal robustness, and exit readiness, not stated intent.
Coordination & federation
SAIL treats federated and allied capacity as legitimate sovereignty, not a consolation prize. A country that pools compute and models with trusted partners, with dependencies acknowledged, can score as highly as one that builds everything alone - and more realistically, given the economics of frontier models.
The corollary is a fragmentation flag: strategies that duplicate chip and talent competition without allied benefit are scored as weaker on coordination. Building a national champion that erodes a viable middle-power alliance is a cost, not just a neutral choice. (This is a narrative flag for now, used in assessment commentary rather than as a fixed point deduction.) See the Cohere / Aleph Alpha case for the dynamic this guards against.
Note: SAIL does not evaluate technical excellence, cultural legitimacy, or industrial-policy success, though it does look at publicly available adoption levels of sovereign products and artifacts.
Control-Maturity Levels
These levels describe how much control an entity has demonstrated over its stack. They measure control maturity, not national prestige - a Platinum result is a statement about dependency and exit readiness, not a ranking of whose AI is most sovereign.
Platinum — End-to-End Control
80+ points earned
Demonstrates end-to-end control across the AI stack, including model adaptation and pre-training (individually or through credible allied/federated arrangements).
🏆 Platinum Certification
Requirements: 80+ points with strong performance across all layers, especially Layers 4-6 (Model, Training, and Compute sovereignty).
Constraint: If Layer 6 (Compute) score < 10, Platinum certification is capped unless credible federated arrangements exist.
Gold — Strategic Sovereignty
60–79 points earned
Demonstrates strong control over data and model behavior, with limited but well-managed external dependencies.
🥇 Gold Certification
Requirements: 60-79 points with demonstrated control at Layers 1-4 (Application through Model sovereignty).
Silver — Operational Sovereignty
50–59 points earned
Demonstrates control at the application and data layers, with meaningful but unresolved dependencies at deeper layers.
🥈 Silver Certification
Requirements: 50-59 points with baseline control at Layers 1-3 (Application, Orchestration, Data sovereignty).
Certified — Baseline Sovereignty
40–49 points earned
Meets baseline prerequisites and demonstrates initial control over AI deployment and governance, but remains highly dependent on external providers.
✓ Certified
Requirements: 40-49 points meeting all baseline prerequisites across layers.
The Seven Layers
Layer 1: Application & Service Sovereignty
Max points: 25
This layer evaluates whether AI-enabled public services can be modified, migrated, or withdrawn without reliance on a specific vendor, model, or jurisdiction.
| Credit | Description | Points |
|---|---|---|
| A1 | Model-agnostic service design - Core service logic decoupled from specific models or APIs | 6 |
| A2 | Public ownership of application logic - State owns or controls source code and workflows | 5 |
| A3 | Vendor substitution feasibility - Demonstrated ability to swap AI providers within 6–12 months | 5 |
| A4 | Decision traceability & auditability - AI-assisted decisions are logged and reviewable | 4 |
| A5 | Domestic service maintenance capacity - In-country teams can modify and redeploy services | 5 |
Layer 2: Orchestration, Integration & Distribution
Max points: 25
This layer assesses control over how AI components are composed, routed, monitored, and distributed to users.
| Credit | Description | Points |
|---|---|---|
| O1 | Provider-independent orchestration - Ability to route workloads across models/providers | 5 |
| O2 | Institution-controlled policy layer - Safety, usage, and routing rules defined locally | 5 |
| O3 | System observability - Prompts, outputs, failures are inspectable | 4 |
| O4 | Independent rollback & suspension - Systems can be paused or reverted without vendor approval | 4 |
| O5 | Distribution sovereignty - Control over primary model/service distribution channels | 4 |
| O6 | Migration-ready hosting - Ability to mirror or migrate hosting jurisdiction | 3 |
Layer 3: Data Sovereignty (Origin, Control, Evaluation)
Max points: 25
This layer evaluates control over the data AI systems learn from, remember, and are evaluated against—emphasizing provenance and legal robustness.
| Credit | Description | Points |
|---|---|---|
| D1 | Legal ownership of datasets - Enforceable public rights over AI-relevant data | 5 |
| D2 | Data curation & deletion authority - Ability to modify, filter, and delete data | 4 |
| D3 | Data provenance balance - Meaningful share of data from domestic or allied sources | 5 |
| D4 | Legally robust openness - Data reusable under clear, defensible licenses | 4 |
| D5 | Evaluation & benchmark sovereignty - Ownership/control of eval and post-training datasets | 4 |
| D6 | Prevention of irreversible leakage - Safeguards against uncontrolled embedding/gradient reuse | 3 |
Layer 4: Model Sovereignty (Reproducibility & Capability)
Max points: 25
This layer measures the ability to shape, reproduce, and rely on models as sovereign infrastructure, not just artifacts.
| Credit | Description | Points |
|---|---|---|
| M1 | Access to weights or adapters - Meaningful ability to modify model behavior | 5 |
| M2 | Reproducibility completeness - Training data, recipes, scripts documented | 5 |
| M3 | Independent fine-tuning capacity - Domestic ability to adapt models | 4 |
| M4 | Task-level competitiveness - Models competitive in priority public-sector tasks | 4 |
| M5 | Version control & forkability - Ability to freeze, fork, or maintain versions | 4 |
| M6 | Dependency-adjusted integrity - No opaque external components in core models | 3 |
Layer 5: Training & Post-Training Sovereignty
Max points: 25
This layer assesses control over alignment, instruction tuning, and improvement processes after pretraining.
| Credit | Description | Points |
|---|---|---|
| T1 | Control over training objectives - Public authority defines reward/alignment goals | 5 |
| T2 | Vendor-independent post-training - Fine-tuning without external approval | 5 |
| T3 | Reproducibility of adaptations - Training outcomes can be reproduced | 4 |
| T4 | Transparency of interventions - Post-training changes are documented | 4 |
| T5 | Institutional oversight - Formal oversight of alignment decisions | 4 |
| T6 | In-region execution - Post-training physically executed domestically/allied | 3 |
Layer 6: Compute & Infrastructure Sovereignty (Structural)
Max points: 25
This layer evaluates reliable, governable access to compute and infrastructure required to train and run AI systems.
| Credit | Description | Points |
|---|---|---|
| C1 | Guaranteed compute access - Domestic or allied compute under public control | 6 |
| C2 | Priority & crisis allocation - Ability to reprioritize workloads in emergencies | 5 |
| C3 | Time-to-availability - Capacity available now or within 12 months | 5 |
| C4 | Absence of unilateral kill-switches - No single foreign actor can disable access | 4 |
| C5 | Supply chain resilience - Plans for hardware/energy disruption | 3 |
| C6 | Inference/training separation - Dedicated inference capacity for public services | 2 |
Layer 7: Legal, Governance & Exit Sovereignty
Max points: 25
This layer measures legal authority, institutional mandate, and the ability to override or exit AI systems.
| Credit | Description | Points |
|---|---|---|
| G1 | Legal override authority - Clear authority to suspend or retire AI systems | 5 |
| G2 | Contractual exit rights - Explicit migration/fork rights in contracts | 5 |
| G3 | Documented exit playbooks - Layer-by-layer exit strategies | 4 |
| G4 | Oversight with technical competence - Independent oversight bodies | 4 |
| G5 | Legal stability outlook - AI-enabling rights stable or improving | 4 |
| G6 | Policy alignment - AI strategy aligned with IP/copyright law | 3 |
Flags & Constraints
Compute Constraint Flag
Triggered if Layer 6 < 10
If compute sovereignty is insufficient, Platinum certification is capped unless credible federated arrangements exist.
Legal Trajectory Flag
Triggered if G5 = 0 or 1
Indicates concerns about legal stability and the sustainability of AI-enabling rights.
Distribution Dependency Flag
Triggered if O5 = 0 or 1
Indicates lack of control over primary model/service distribution channels.
Assessment Process
- Decode the interest: Establish which sovereign AI interest is actually driving the request, and confirm the spec is the right tool for it
- Baseline Assessment: Verify all baseline prerequisites are met across each layer
- Point Evaluation: Assess each credit criterion and award points based on demonstrated capacity
- Flag Review: Identify and document any structural constraints, coordination, or fragmentation flags
- Maturity Level: Determine the control-maturity level based on total points and constraints
- Public Review: Publish the assessment for public comment and peer review
Total Possible Points: 175
This specification is maintained by the Public AI Network. For questions or suggestions, please contact info@publicai.network.
Acknowledgements: Jan Hajic’s presentation to OSFM.