Current April 21 evidence for the live ACK baseline, the control matrix, detector benchmark artifacts, and explicit boundaries for what is not yet claimed.
If a capability has not been exercised on the live pilot or cannot be reproduced from retained evidence, it stays outside the proof language.
Use the public trust report, control-matrix summary, and benchmark JSON for buyer-safe review. Qualified reviewers can request the signed bundle for control-level implementation, test, and evidence mappings.
Where the evidence is narrower, the wording stays narrower: broader availability, automatic failover, full-vault verification, and final immutable-retention controls remain explicit separate steps.
The current top-level proof boundary is the April 21, 2026 live ACK/API baseline plus sanitized public artifacts generated from the current control matrix. Older continuity drills remain retained evidence, but they are no longer the headline posture; the retained set includes April 6, 2026 planned maintenance continuity evidence.
Treat April 21 runtime evidence as dated proof of the checked surfaces, not as a broad HA, external audit, regulator approval, or HSM-custody claim.
The April 21 guarded rollout re-proved authenticated health, metrics, compliance-route checks, public readiness, 2/2 Ready pods, per-pod health, recovery freshness, deploy-host alert self-test, and in-workload alert delivery. The full same-origin browser/OIDC pack remains last refreshed on April 18, so broader browser/auth parity stays outside this page's current proof language.
The current public trust report summarizes 126 controls: 102 substantiated by code tests, 13 by dated live evidence, 10 by external facts, and 1 unspecified-pending control. The JSON totals are generated from docs/generated/control_matrix.json and intentionally exclude file:line references and reviewer-only mappings.
The authoritative SDAIA-published PDPL English text is the in-repo citation source of truth. The citation validator supports automated review of article references across code and docs; this is citation-integrity evidence, not an external legal opinion.
The public detector artifacts were refreshed in April with sanitized provenance. The latest public precision/recall artifact passes its curated benchmark snapshot, and the public PII benchmark reports a 31.48 ms p95 for the 1K-character English case. Treat those as dated curated-corpus benchmarks, not production-wide coverage or an external audit.
Billing events are written with SHA-256 hash-chain continuity and HMAC authentication for newer records. A 10-year retention gate refuses in-retention deletion and produces a companion compliance record.
English, Arabic, and Saudi-specific patterns (National ID, IBAN, phone). Measured detector results are published on the benchmark page and refreshed from the current public benchmark summary instead of being frozen here.
Green (anonymized external), Amber (pseudonymized in-Kingdom), Red (raw in-Kingdom). Lane enforcement is policy-driven and tenant-configurable.
AES-256-GCM at rest with per-tenant derived keys. TLS 1.2/1.3 in transit.
A forced public-smoke failure triggered automatic rollback, restoring the exact deploy hash and health. The rollback proof note is archived in the repository, and raw drill logs are retained separately.
Sequenced processing records can be exported with signed verification material for buyer or regulator review. Final immutable-retention posture remains a separate operational step.
Dated pilot evidence notes cover encrypted upload, download, and restore-drill verification on the pilot host. Treat freshness as an operator-verified date, not a standing guarantee from this page.
A March 28, 2026 drill restored an encrypted backup into an isolated environment and completed fresh logins successfully. This proves single-stack recoverability, not public cutover or zero-downtime DR.
The pilot has active health monitoring, metrics collection, log retention, and alert delivery. Freshness is treated as dated operator evidence, not a permanent guarantee from this page.
The live pilot has dated scaling evidence beyond a single-process setup, but the public claim remains narrower than hitless deploys or broader HA.
A March 29, 2026 drill showed that fresh login and authenticated processing survived an intentional auth-path outage on the public service. This is continuity evidence, not blanket HA.
A March 29, 2026 drill completed a public restored-state cutover from a dated encrypted backup. The latest rerun also verified that the oldest and newest restored vault rows decrypt successfully under the restored environment. This remains a narrow restored-vault read-back check, does not prove that every vault row decrypts, and does not imply full-vault verification, automatic failover, or blanket HA.
A separate March 29, 2026 drill showed that the public path could be served through an alternate host under operator control. This is continuity evidence, not replication, automatic failover, or blanket HA.
Each item below is the exact phrasing the issuing authority has put in writing. We deliberately distinguish "registered" from "licensed" and "application in progress" from "awarded" — because the Saudi regulators do.
Active. The owner is the registered Data Protection Officer for مؤسسة داتا ستر / Data Sitr Establishment under the Saudi Personal Data Protection Law (PDPL).
Registered as a data services and products provider on the National Data Governance Platform (NDGP); status "Complete" on the dashboard. NDMO has clarified in writing (2026-04-27) that this registration does NOT constitute a license — the licensing application window will open in an upcoming phase.
Application In Progress with the Saudi Data and AI Authority (filed 2026-04-03). The accreditation has not been awarded; we will update this row when SDAIA issues the decision.
Active under the Ministry of Commerce since 2022-08-31. Entity type: Establishment. Registered under the current name مؤسسة داتا ستر / Data Sitr Establishment.
Standing inquiries are open with NDMO, SDAIA, NCA, DGA, and the Etimad procurement center on AI Adoption Framework applicability and AI/ML tender evidence requirements; substantive answers will be reflected here as they arrive.
These are the assurance surfaces a buyer or security team can inspect immediately without widening the claims boundary.
The public trust report shows the aggregate proof counts, while the full Ed25519-signed reviewer bundle remains available to qualified reviewers on request.
Open the report at /trust-report or consume /resources/trust-report.json for automated review; the totals match the generated control-matrix JSON.
A per-citation validator at scripts/validate_pdpl_citations.py enables automated audit of article references across the codebase.
Keep that claim bounded to startup bootstrap on the serving ACK image. Tenant BYOK and HSM custody remain outside the current live boundary.
DataSitr is intentionally specific about what it has not yet proven. The current non-claims list now lives on the compliance page so procurement and diligence teams can review the same boundary in one place.
See current dated snapshot
See current dated snapshot
Passing
The current verified snapshot is kept as a dated internal evidence note rather than repeated here as a hard-coded count. The covered surfaces still include PII detection, tokenization, vault encryption, pipeline orchestration, admin authorization, webhook delivery, monitor health, deploy/backup/restore scripts, and dashboard UI.
Buyers evaluating DataSitr should: