Sovereign-first infrastructure.
Global only when permitted.
Forge’s Sovereign Grid is not a single global cloud. It is a federation of independent, region-locked sovereign cells, each operating as a complete cloud in its own legal and physical jurisdiction.
Loading globe...
Sovereign by Default
Forge regions are sovereign first. Global behaviour is opt-in. A workload deployed into a sovereign zone is physically incapable of running, storing data, or emitting metadata outside that jurisdiction unless explicitly configured to do so.
“This model reflects the reality of healthcare: patient data is local, regulation is local, accountability is local.”
Architecture, not Policy
Sovereignty is enforced by physics. Compute, storage, and networking exist entirely within the boundary. No implicit replication. No shared global metadata layer.
No Hidden Backbone
There is no opaque global control plane. Cross-border activity only occurs when explicitly declared, authorised, and auditable.
The Sovereign Grid Model
Each Forge region operates as an independent sovereign cell.
Dedicated Infrastructure
Bare-metal infrastructure within a defined jurisdiction.
Isolated Execution
Hardware-isolated execution using Firecracker microVMs.
Region-Locked
Networking and storage with zero default egress.
Immutable Audits
Independent control plane with immutable audit trails.
Sovereign Compute
VM-grade isolation, sub-second starts.
- Firecracker microVMs with physical CPU pinning
- Sub-second cold starts with VM-grade isolation
- No noisy neighbours, no overcommit
- No shared tenancy ambiguity
ForgeVault Storage
A study written in Sydney stays in Sydney. Always.
- S3-compatible APIs for immediate compatibility
- Data placement enforced at write time
- Local NVMe hot tiers with sovereign archival
- Explicit, compliance-aware replication only
Designed for Developers, Not Compliance Theatre
From the developer’s perspective, the Sovereign Grid is simple. Forge enforces everything else automatically. Compliance is not surfaced as friction or configuration burden. It is embedded into the platform.
Why Sovereign Grid Exists
Healthcare does not need another global cloud. It needs infrastructure that respects borders, regulators, clinicians, and patients without sacrificing modern developer experience. The Sovereign Grid is Forge’s foundation: sovereign by default, globally capable only when appropriate.
Sovereign Compliance Specifications
Every Forge region maps to a specific legal jurisdiction and compliance attestations. 21 regions across 12 countries, each with dedicated infrastructure and local control plane.
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| Sydney | SYD-SOV-1 | Australia | Privacy ActHIPAASOC2+1 | Physical (NSW) | Local |
| Melbourne | MEL-SOV-1 | Australia | Privacy ActHIPAASOC2 | Physical (VIC) | Local |
| Brisbane | BNE-SOV-1 | Australia | Privacy ActHIPAASOC2 | Physical (QLD) | Local |
| Perth | PER-SOV-1 | Australia | Privacy ActHIPAASOC2 | Physical (WA) | Local |
| Auckland | AKL-SOV-1 | New Zealand | Privacy Act NZHIPAA | Physical (NZ) | Local |
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| Singapore | SIN-SOV-1 | Singapore | PDPAMTCS L3HIPAA+1 | Physical (SG) | Local |
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| Los Angeles | LAX-SOV-1 | USA (California) | HIPAASOC2HITRUST | Physical (CA) | Local |
| Chicago | ORD-SOV-1 | USA (Illinois) | HIPAASOC2HITRUST | Physical (IL) | Local |
| Atlanta | ATL-SOV-1 | USA (Georgia) | HIPAASOC2HITRUST | Physical (GA) | Local |
| New Jersey | EWR-SOV-1 | USA (New Jersey) | HIPAASOC2HITRUST | Physical (NJ) | Local |
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| Montreal | YUL-SOV-1 | Canada (Quebec) | PIPEDAHIPAASOC2 | Physical (QC) | Local |
| Toronto | YYZ-SOV-1 | Canada (Ontario) | PIPEDAHIPAASOC2 | Physical (ON) | Local |
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| London | LON-SOV-1 | United Kingdom | UK GDPRNHS DSPSOC2 | Physical (UK) | Local |
| Manchester | MAN-SOV-1 | United Kingdom | UK GDPRNHS DSPSOC2 | Physical (UK) | Local |
| Dublin | DUB-SOV-1 | Ireland | GDPRHIPAASOC2 | Physical (IE) | Local |
| Berlin | BER-SOV-1 | Germany | GDPRBSI C5SOC2 | Physical (DE) | Local |
| Frankfurt | FRA-SOV-1 | Germany | GDPRBSI C5ISO 27001 | Physical (Hesse) | Local |
| Paris | PAR-SOV-1 | France | GDPRHDSSOC2 | Physical (FR) | Local |
| Brussels | BRU-SOV-1 | Belgium | GDPRHIPAASOC2 | Physical (BE) | Local |
| Amsterdam | AMS-SOV-1 | Netherlands | GDPRNEN 7510SOC2 | Physical (NL) | Local |
| Region | Code | Jurisdiction | Standards | Residency | Control |
|---|---|---|---|---|---|
| Dubai | DXB-SOV-1 | UAE | NESAHIPAASOC2 | Physical (UAE) | Local |
All regions feature hardware-isolated Firecracker microVMs, AES-256 encryption, and zero default egress.
VIEW SOC2 ATTESTATION