On-premise
The full platform inside the institution's data centre, on infrastructure the CISO already controls, aligned with ISO 27001 posture.
Public-sector operations under national sovereignty
AI inside the sovereign perimeter, procurement-ready by design.
Deeplinq deploys on-premise, on a sovereign cloud aligned with national data-protection regimes, or air-gapped — and produces, on every model-assisted decision, the evidence your procurement scrutiny, your oversight bodies, and your data-protection officer expect to see.
The sovereignty envelope
The operating envelope.
National sovereignty frames where data resides and where inference runs. Citizen-data protection defines handling and traceability. Public-tender transparency demands every procurement decision be reconstructable. Internal-control and data-protection officers expect a reviewable record on every model-assisted decision.
Deeplinq brings AI inside this envelope rather than around it. Three workflow families — citizen-facing services, inter-service knowledge work, procurement and vendor surveillance — plus the evidence layer and deployment envelope.
Why this exists
Why public sector needs a different AI posture
Public-sector decisions are records under citizen-data-protection regimes, procurement trails reviewable years later, reconstructions an oversight body may request without notice, and restricted-diffusion content whose classification handling is non-negotiable. Residency is a qualification gate. Model provenance is a reviewability obligation.
A citizen-facing output without a reconstructible trace is not an output the institution can defend under a subject-access request. A procurement-surveillance summary without citations back to the tender file does not pass the due-diligence gate.
Deeplinq keeps the entire chain inside the institution's perimeter — orchestration, connectors, agents, model router, prompt archive, retrieval index, decision trace. On-premise, on a sovereign cloud aligned with ISO 27001, SecNumCloud, or RGS-equivalent, or air-gapped where the data class requires it.
Workflow 1
Citizen-facing services, under data-protection regimes
Benefit-eligibility reviews. Document-processing at scale — declarations, applications, claims. Subject-access request fulfilment. Citizen-correspondence triage. Run against case-management systems, irregularly digitized archives, and form-intake platforms each configured differently — under an obligation to respond within a defined window.
Deeplinq deploys agents against this substrate. Ask in plain language — "summarize the declared income situation for case file X with citations back to source", "reconstruct the interaction history a subject-access request would cover" — and receive cited answers a case officer can verify and a data-protection officer can trace.
Every agent interaction is archived with prompt, retrieval context, model version, and decision trace — so when a citizen requests the record of every AI-assisted touch point on their file, the institution exports a structured bundle, not a reconstruction project.
Every citizen-service workflow stays strictly inside the single institution that holds the primary citizen relationship. Deeplinq does not federate citizen data across administrations, does not build cross-service citizen intelligence, does not reach into systems operated by other public institutions. The citizen relationship you already hold, made queryable inside the walls you already defend.
Workflow 2
Inter-service knowledge work, inside the institution's walls
Policy drafting. Ministerial-brief preparation. Note preparation across directorates. A decade of circulars, internal memos, commissioned reports, inter-directorate correspondence — each service in its own document management system. The answers are in there. They haven't been queryable in practice.
Deeplinq deploys agents against the institution's own archive. "Retrieve the policy rationale developed across the last three inter-directorate reviews on topic X." "Prepare the background section of a briefing note on topic Z drawing only from circulars this institution has produced or formally received." Answers with citations, model version and retrieval context pinned.
Restricted-diffusion content follows the institution's classification posture. Access control aligns with the classification scheme; retrievals that cross a boundary surface as controlled exceptions, not silent redactions.
Every retrieval, every inference, every archived trace stays inside the institution's walls. Deeplinq does not federate inter-service knowledge work across administrations, does not build cross-agency policy intelligence, does not pull note-preparation patterns from outside the institution's own archive. The knowledge work you already run, made queryable inside the walls it already operates behind.
Workflow 3
Procurement and vendor surveillance, inside your control
Tender preparation files. Vendor-submission archives. Due-diligence reports. Contract-performance surveillance. Post-award audit reports. Citizen-facing requests under public-tender transparency. Reconstructing the procurement trail on a single contract means opening four systems and reading a decade of files against a clock the oversight body sets.
Deeplinq deploys agents against the procurement function's own archive. "Cross-reference the last three vendor submissions on this product category against due-diligence findings." "Prepare the procurement-history index an oversight request would produce on this tender." Answers with citations back to source files.
Audit-readiness works proactively. Agents surface commitments in awarded contracts with thin performance evidence. Due-diligence findings incomplete against current procurement-compliance expectations. Not an audit judgement — an operational index of what a procurement director should look at before an oversight body does.
The boundary is explicit and architectural. Deeplinq works against the procurement and vendor data your institution already holds — tender files, vendor submissions, due-diligence reports, contract-performance records, audit findings. It does not ask your vendors or other public institutions to integrate, federate, or exchange. It does not reach into vendor systems. Your procurement surveillance is built from the archive you control, inside the perimeter you defend.
The evidence layer
What a procurement auditor or an oversight body receives
An oversight review is not passed on claims. It is passed on evidence. Deeplinq treats the evidence layer as first-class, narrowing what a procurement auditor, internal-control function, data-protection officer, or citizen subject-access request receives from any model-assisted decision.
Every prompt, retrieval, model call, and agent action is archived with full context — source attribution, model version pin, parameters, timestamp, outcome, human approval status, access-control evaluation against the institution's classification scheme.
Model-version pinning is the structural backbone. The model that produced a briefing note six months ago is the model that reconstructs the reasoning today.
When an oversight body asks for an evidence bundle scoped to a specific tender, citizen interaction, or policy-drafting session, the institution exports a structured archive. No reconstruction project. No vendor-side retrieval.
Deeplinq does not certify procurement compliance or sovereignty qualification — no platform can. Qualification is a property of your sovereign-cloud posture, your procurement process, your data-protection officer, and your oversight relationships. What deeplinq produces is the evidence trail your oversight bodies, your procurement scrutiny, and your data-protection officer expect to see, with the integrity posture your compliance function expects to preserve.
Deployment
Four modes, chosen by data class.
Public-sector residency is not one question. The data itself asks several.
Citizen personal data carries residency obligations shaped by the national regime. Restricted-diffusion content carries classification-handling constraints. Procurement data carries public-tender transparency obligations. Inter-service information assets follow the institution's own sovereign posture.
Four deployment modes, narrowed to public-sector drivers.
Sovereign cloud
A sovereign region or qualified private-tenant environment for residency alignment with national data-protection regimes, consistent with SecNumCloud-level qualification and RGS-equivalent requirements.
Air-gapped
No external network path. Inference, retrieval, and orchestration entirely local. Model updates via controlled physical transfer for highest classification tiers.
Hybrid with a sovereignty boundary
Restricted-diffusion content and citizen personal data on-premise or on sovereign cloud; non-sensitive workloads extend where the institution chooses. Boundary enforced at the platform layer.
Model inference stays where the data requires. Evidence export stays inside the perimeter the institution defends. The data shapes where the platform runs.
Model agnosticism
Model choice as a sovereignty decision.
Locking a public-sector platform to a single model provider is a sovereignty decision, whether the institution frames it that way or not. The provider's roadmap becomes the institution's roadmap. The provider's jurisdiction becomes a variable in residency posture. Silent model updates become silent shifts in how a briefing note or a benefit-eligibility decision is supported a year later.
Deeplinq holds model choice behind an interface the institution controls. Cloud APIs where data class and residency regime permit the call to leave the perimeter. Open-weights on local inference where they do not.
Models are selected by task, data class, and oversight expectation. Versions are pinned so an output produced during tender evaluation reconstructs exactly during a post-award audit. Models replace without rewriting the platform.
Currently supported
Cloud APIs (with data residency)
- OpenAI
- Anthropic
- Mistral
Open-weights (self-hosted)
- Llama
- Qwen
- Mistral open
- Gemma
- Falcon
Start with the workflow that earns the evidence
Start a conversation. Not a sales process.
A working session with our team on your sovereign envelope, your deployment constraints, and the citizen-service, inter-service knowledge, or procurement-surveillance workflow where the evidence posture matters most. Pragmatic, technical, short.