The problem

What the customer was up against.

  • Citizen services across 11 ministries averaged 11 days for routine requests (license renewals, certificate issuance, benefit applications).
  • Strict data-residency law required all processing within national borders, ruling out every major SaaS AI vendor.
  • Existing systems were a mix of mainframe, SAP, in-house Java apps and bespoke portals — with no consistent identity or audit layer.
  • Public trust in AI decisioning was low; the cabinet mandated full explainability and override audit for every automated decision.
The solution

What xyner built.

  • Deployed xyner in fully air-gapped mode on the government's sovereign cloud, with HSM-backed customer-managed keys.
  • Built unified citizen-service agents that authenticate via the national digital ID, fetch supporting documents from the government data exchange, and apply each ministry's rules transparently.
  • Every decision cites the exact regulation clause and supporting document; citizens get a plain-language explanation in Arabic and English plus the right to human review.
  • Rolled out in 14 weeks across 11 ministries, with central observability dashboards for the prime minister's office.
The outcomes

Measured impact.

14 weeks
contract to first ministry live
production deployment
11 days → 38 min
median citizen turnaround
for routine requests
11
ministries
on unified agent platform
100%
data sovereign
air-gapped deployment
AA+
national audit rating
on explainability
Executive summary

At a glance.

Situation

A MENA government entity coordinating services across six agencies was averaging 11 business days per cross-agency citizen case — visa, benefit, licensing and document workflows that touched multiple ministries with conflicting data systems and statutory deadlines.

Intervention

Deployed xyner inside the country's national sovereign cloud with control plane and data plane both region-pinned; agents per agency with cross-agency orchestration; full statutory grounding and citizen-facing transparency.

Outcome

Cross-agency cases now resolved in under 3 days on average; citizen-effort score improved by 38 points; full statutory traceability per decision; zero data-residency exceptions.

Industry

Public Sector

A MENA government entity responsible for cross-agency citizen services

Scope

MENA (UAE / KSA region)

Cross-agency citizen case handling within a sovereign-cloud boundary

Duration

14 weeks pilot, 12 months phased rollout

From contract signature to full rollout.

Architecture

What the deployment actually looks like.

The deployment is fully sovereign-pinned — execution, storage and model inference all live within the country's national cloud. No data, no model calls and no metadata cross national boundaries. This was a hard requirement of the engagement.

Per-agency specialist agents

Each agency has its own specialist agents bound to that agency's RBAC scopes, data systems and statutory remit. Agents from different agencies never read each other's restricted data.

Cross-agency supervisor agent

When a citizen case spans agencies, a supervisor agent coordinates the per-agency specialists through scoped hand-offs — never aggregating data outside its permitted use.

Statute-aware RAG

Every determination is grounded in the relevant statute, regulation or precedent. The retrieval layer indexes the national legal corpus and applies access policy per agency.

Citizen-facing transparency

Each citizen receives a clear written explanation of the outcome, citing the statute, the agency, and the responsible human approver. FOIA-style requests are answered from the audit trail.

Sovereign-cloud infrastructure

Compute, storage, vector indexes and model inference all run inside the national sovereign cloud. Models are licensed for in-country deployment; no external API calls.

Accountability log

Every agent decision is captured to a tamper-evident, parliamentary-grade audit log accessible to oversight bodies and the supreme audit institution.

Implementation timeline

How the rollout sequenced.

The engagement followed the country's standard government-deployment cadence: rigorous procurement, security review, formal sovereignty audit, phased rollout per ministry.

Weeks 1-4

Procurement & sovereignty audit

Complete the country's formal procurement process; pass national-cloud sovereignty audit; deploy initial environment with national-cloud provider.

Weeks 5-7

Foundations

Deploy data plane and control plane in sovereign cloud; integrate with national identity provider; deploy in-country model endpoints.

Weeks 8-10

First-agency configuration

Configure agents for the first agency (visa services); load statutory RAG; complete first-agency security and audit review.

Weeks 11-14

First-agency pilot live

Live in visa services with human approval on all citizen-facing determinations; metrics reviewed weekly with agency leadership.

Months 4-9

Agency-by-agency rollout

Roll out to five additional agencies with per-agency configuration, integration and audit; introduce the cross-agency supervisor agent.

Months 10-12

Cross-agency orchestration + autonomy calibration

Full cross-agency orchestration live; autonomy thresholds calibrated by case class; oversight reviews established.

Governance & controls

How the deployment is governed.

Sovereign government deployment carries a unique governance burden — sovereignty, accountability, equity testing, FOIA-readiness, parliamentary oversight.

Sovereign-pinned execution

All execution, storage and model inference pinned to the national cloud. No cross-border data movement. Audited by the national-cloud provider and the country's cybersecurity authority.

Statute-grounded decisions

Every determination cites the relevant statute, regulation or precedent. Decisions cannot be made on grounds not traceable to a statutory authority.

Equity testing

Decisions continuously tested for disparate impact across protected attributes; results reviewed quarterly by the government's AI oversight committee.

Accountability & FOIA-readiness

Every decision produces a citizen-accessible explanation and a tamper-evident audit record. FOIA-style information requests are answered directly from the audit trail.

Human approval on adverse outcomes

Any adverse determination (visa denial, benefit reduction, license revocation) requires human approval per administrative-law requirements.

What other enterprises can learn

Three transferable lessons.

Three lessons from this engagement for other public-sector entities deploying agentic AI.

1

Sovereignty must be architectural, not contractual

Cross-border data prohibitions are easy to write into a contract and hard to enforce in a cloud architecture. The deployment enforces sovereignty at the platform level — there are no code paths that could violate it.

2

Statutes are first-class data sources

The statute-aware RAG layer transformed the conversation with oversight bodies. Every determination is defensible because every determination cites the underlying statutory authority.

3

Design for the FOIA conversation

Citizens and oversight bodies need to understand decisions in plain language. The platform's accountability layer was designed around the FOIA-style request from day one.

The sovereignty constraint stopped being a blocker the moment we treated it as an architectural property of the platform. Now it's just how the system works.
Director of Digital Government, MENA government entity

Reference engagement available through your xyner account team, subject to the government's reference protocols and any necessary diplomatic coordination.

Talk to a partner

Could the same outcome work in your environment?

Tell us your sector. A senior xyner partner will walk you through a tailored plan.