The promise of the cloud was flexibility. The cost, which many organizations are only now calculating in full, is dependency. Dependency on a vendor’s management plane to operate your own infrastructure. Dependency on a SaaS platform to store your architectural knowledge. Dependency on an external service to run your compliance checks. Under modern regulatory frameworks — DORA, FINMA, NIS2, and others — this kind of dependency is not merely inconvenient. It is a governance liability.
rescile was designed from the ground up to eliminate this dependency. It is a self-hosted, single-binary controller that runs entirely within your own boundary — your on-premise data center, your own private cloud, or an air-gapped network that never touches the public internet. Your dependency graph, your compliance rules, and your architectural logic remain under your control at all times.
What Sovereignty Actually Means
Digital sovereignty is frequently reduced to a question of data residency: where are the servers located? This is a necessary starting point, but it is not sufficient. The deeper question is not where your data is stored. It is who controls the system that governs it.
If your compliance rules live in a SaaS platform, your vendor can access them. If your dependency graph is hosted externally, its availability depends on a third party. If your management plane is operated by a cloud provider, an outage on their side leaves your operational intelligence unavailable precisely when you need it most.
rescile answers this challenge by making the control plane itself a sovereign asset. The controller is yours to deploy, operate, and audit. No data leaves your boundary unless you explicitly direct it to. No telemetry is transmitted. No external connection is required for the core graph, compliance, and output engine to function.
Regulatory Readiness by Architecture
Regulations like DORA, FINMA, and NIS2 are explicit about the boundaries of acceptable dependency. Financial institutions cannot outsource governance to a third party and retain accountability. Critical infrastructure operators must be able to demonstrate that they control their own operational processes.
rescile is designed to satisfy these requirements structurally, not through contractual assurances. Because the controller runs on your own infrastructure, auditors and regulators can inspect it, operators can monitor it, and your team can update it — all without involving a vendor. Compliance evidence generated by rescile, including OSCAL-formatted System Security Plans, is produced within your boundary and remains under your custody.
This is the distinction between compliance that is claimed and compliance that is demonstrable. When your control plane is self-hosted and your architectural model is version-controlled in Git, every aspect of your governance posture is auditable by design.
Air-Gap Ready Operation
For environments where connectivity to the public internet is restricted by policy or by physical security requirements — classified networks, critical infrastructure, high-security financial systems — rescile operates without compromise. The controller requires no external calls to function. It processes your model, builds the dependency graph, evaluates compliance rules, and generates output artifacts entirely from local resources.
Module registries can be mirrored internally. Updates are distributed through your own change management process. The operational capability of rescile in an air-gapped environment is identical to its capability in a connected one. Sovereignty does not come at the cost of functionality.
No Vendor Access, No Telemetry
rescile transmits no usage data, no architectural information, and no telemetry of any kind. There is no phone-home mechanism, no licensing server that must be reached to validate operation, and no dependency on an external service for the core functionality of the controller.
This is not a policy commitment that can change with a terms-of-service update. It is an architectural property of how rescile is built. Your graph is local. Your rules are local. Your outputs are local. The vendor never has access to your architectural intelligence because the architecture never leaves your network.
Your Graph, Your Keys, Your Rules
When your dependency graph is the source of truth for your compliance posture, your automation artifacts, and your architectural decisions, it carries significant organizational value. That intelligence should be an asset you own — not a dataset housed in a vendor’s database, subject to their pricing, their availability, and their access controls.
rescile stores your model in human-readable, open formats. Your architectural definitions live in version-controlled files that you own, can migrate, can audit, and can modify without vendor involvement. If you choose to change tools at any point, your model remains yours in its entirety. There is no lock-in at the data layer, because the data layer is yours by design.
Sovereignty as a Competitive Advantage
For organizations operating in regulated industries, the ability to demonstrate genuine operational sovereignty is increasingly a competitive differentiator. Institutional clients, government contracts, and regulated service agreements often require evidence that sensitive architectural data is not exposed to third-party platforms.
rescile provides that evidence structurally. A self-hosted controller, a locally stored dependency graph, version-controlled compliance rules, and audit-ready output generation combine to create a governance posture that can be demonstrated to regulators, clients, and auditors without requiring trust in a vendor’s privacy practices or contractual representations.
Your control plane is yours. That is not a feature. It is the foundation.