EU Sovereign tier

Deploy Fuze Agent entirely inside the customer's EU perimeter. The operator runs the full stack; Fuze ships Terraform modules, signing wiring, and a verification command.

What gets deployed

  • Agent runtime pods (@fuze-ai/agent + @fuze-ai/agent-api-server)
  • Cerbos policy engine pods (@fuze-ai/agent-policy-cerbos)
  • Postgres (suspend store, evidence index, signed-root ledger)
  • Object storage (raw evidence stream, retention-tiered)
  • KMS integration (signing keys; never extracted)
  • Transparency log (private witness or public Sigstore-style)
  • EU model providers (Mistral, Aleph Alpha, OpenAI EU residency)

Terraform setup

bash
git clone https://github.com/fuze-ai/fuze
cd fuze/packages/agent-sovereign-terraform/examples/aws-eu-west-1
terraform init
terraform apply -var-file=./customer.tfvars

The module provisions: a VPC with no internet egress on the agent subnet, an EKS cluster, IAM roles bound to the KMS signing key with deny-on-export, an RDS Postgres with at-rest encryption, an S3 bucket with object lock for the evidence stream, and a private CloudHSM-backed transparency log witness.

The default region set is eu-west-1, eu-central-1, eu-north-1. The Terraform refuses to apply outside the EU, check validation.tf.

KMS bootstrap

bash
fuze-agent kms bootstrap \
  --provider aws \
  --key-arn arn:aws:kms:eu-west-1:123456789012:key/abcd-1234 \
  --output ./agent.pub

This creates the signer binding, registers the public key, and writes the public half to disk. The private key never leaves KMS. The LocalKeySigner is replaced by @fuze-ai/agent-signing-kms KmsSigner at this point.

EU model providers

Configure model residency to 'eu':

ts
import { mistralModel } from '@fuze-ai/agent-providers/mistral'

const model = mistralModel({
  apiKey: process.env.MISTRAL_API_KEY!,
  residency: 'eu',
  endpoint: 'https://api.mistral.ai',
})

The loop refuses to dispatch to a non-EU model when any tool's egressDomains is 'none' or when annexIIIDomain is non-'none'.

Breach-notification workflow

GDPR Art. 33 requires notification to the supervisory authority within 72 hours. The sovereign tier emits a fuze.incident span on:

  • fuze.policy.engine_error=true (potential systemic failure)
  • An export of full-content evidence outside the configured residency
  • A failed signature verification on a run-root from the ledger
  • An anomalous spike in evaluateApproval denials

Each fuze.incident triggers the configured notification handler:

yaml
# fuze.sovereign.yaml
incident:
  notification:
    handler: webhook
    url: https://internal.example.org/dpo/incident
    timeout_seconds: 10
    retry: { attempts: 3, backoff_seconds: 30 }
  ticket:
    system: jira
    project: DPO

The DPO confirms the incident, classifies severity, and the dashboard records the Art. 33 timer.

Verification

The sovereign module ships with fuze-agent verify-deployment, which checks: KMS deny-on-export is set, RDS encryption is on, S3 object lock is enabled, the transparency log witness is reachable, and the agent runtime pods cannot reach 0.0.0.0/0.

bash
fuze-agent verify-deployment --config ./fuze.sovereign.yaml

Exit code 0 means the deployment matches the documented invariants. This command is the basis of the Art. 26 deployer self-assessment.