European jurisdiction
The island and its data stay under European law, beyond the extraterritorial legislation of third countries.
PROVEN SOVEREIGN INFRASTRUCTURE.
Every island passes a real recovery test before delivery: it is rebuilt in full and data is confirmed to return without loss. Dedicated infrastructure per client, built by a reproducible method.
Authorized Filigran Partner. Premio SIC 2024. Premio INCIBE Emprende 2026.
SOVEREIGNTY
The data belongs to the client.
Almost all critical infrastructure today sits in the hands of a few large US cloud providers. Even when their servers stand on European soil, those companies are subject to United States law, which can compel them to hand over their clients' data, at times without even being able to notify the affected party. For sensitive information, that exposure is not acceptable.
The Sovereign Island exists to close that door. It is dedicated infrastructure, built on a European provider and operated from Europe by a European firm. There is no foreign provider in the chain that another country's law can compel to hand over the data. Technological sovereignty is the starting point of the product and the reason for everything else.
European provider
The infrastructure is built on European providers, with no dependence on the large US cloud providers.
European operation
Kverno is a European firm, based in Madrid. Whoever operates the island answers to European law.
NO FRICTION
You don't have to leave the cloud. Just not put everything in the same box.
Almost every European organization already operates inside Microsoft 365, Google Workspace or Azure. Asking them to leave is not realism. The Sovereign Island does not replace that corporate environment. It identifies the layers where total dependency becomes a risk (threat intelligence, critical identity, sensitive data, backups, crisis operations) and isolates them. The day-to-day stays where it is, without friction. The critical lives on the island, under the client's control.
THE PAIN
Three faces of one problem.
Critical infrastructure tends to fail on the same three fronts: who really controls it, whether it actually recovers, and whether you can leave without being trapped.
Control
Sensitive infrastructure depends on third parties and on hand-made configuration that nobody can rebuild or audit.
Proof
Nobody has confirmed that the backups restore. Recovery is assumed and has never been measured.
Exit
There is no clean way to take the infrastructure away. The knowledge lives in one person or one vendor.
THE PRODUCT
The Sovereign Island.
Dedicated critical infrastructure per client, built by a reproducible method and delivered with its recovery already proven. It comes in three sizes, according to the load and criticality of what it will host.
Compact
A single dedicated server, for small teams, internal portals and light tooling.
Working
Real capacity for full intelligence platforms in production.
Resilient
Several servers in high availability, for operations that cannot take an outage.
BUILT TO FIT
Each island is designed with the client.
Size sets capacity. What sets the work are the applications that live inside the island. Each island is designed with the client, starting from their profile and their actual work: what they need to run, what identity they use, what access control, what internal tools. The platform is the same on every island; the components that run on top are defined by each client. Here are some we already integrate.
MatrixForgejoOpenCTIMISPVaultwardenAuthentikTheHiveWazuhNextcloudMattermostKasmWiki.js
THE RECOVERY TEST
Proven before delivery.
Every island passes a real recovery test before delivery. It is rebuilt from its description, data is confirmed to return intact, and the time it takes is measured.
- 01
It is rebuilt
The island is brought up in full from its description, with no manual intervention.
- 02
It is verified
Data is confirmed to return without loss and the system is confirmed operational.
- 03
It is measured
The time the recovery takes is measured and documented for the client.
HOW IT WORKS
The method, in brief.
Declarative
The infrastructure is described in code. Nothing is configured by hand.
Reproducible
The same description always produces the same island, with no variation.
Immutable base
The base system is read-only. Its state is verifiable at any time.
Isolated
One infrastructure per client, isolated and with Zero Trust access: verified identity and no open ports.
HOW TO START
Three phases.
- 01
Assessment
An audit and a report that define the island to build.
- 02
Build
The construction of the island, with the recovery test before delivery.
- 03
Managed
Ongoing operation once the island is running.
WHO
A firm founded by a specialist.
Jorge Testa Founder and technical lead
Jorge Testa works from Madrid at the intersection of cyber intelligence, security architecture and European technological sovereignty. His trajectory combines technical research and operationally demanding environments, with public, verifiable recognition.
The team's recognitions Award · Premio SIC 2024 2024 Award · Premio INCIBE Emprende 2026 2026 Speaker · CCN-CERT Madrid · Panama Speaker · RootedCON Spain Speaker · GINSEG Spain Lecturer · Cyber Intelligence Master, KSchool Annual Publication · Killing The Bear Public research Institutional recognition · MCCE · Spanish Joint Cyberspace Command Spain
FOUNDING CLIENTS
Built today with founding clients.
The Island is offered through a founding-client program, ahead of general availability. You work directly with the team that designs and operates it, on founding terms and with real influence over the product. The construction discipline and the recovery test are already the same the final version will carry.
Built together
The island is designed and brought up with you, alongside the team that then operates it. No commercial intermediaries.
Influence over the product
Your real case enters the method. What gets solved with you shapes how the Island ends up for those who come after.
Founding terms
A limited number of islands, on founding terms. The reference is public only if you want it to be.
Tell us your case.
If your case fits, we say so. If it does not, we point you to someone who does.