Why sovereign inference is an architecture problem, not a policy one

Most "data residency" offerings are contractual: a clause says your data stays in a region, and you trust the provider's controls. That works until it doesn't — a misrouted request, a cross-region replica, an egress path nobody audited.

Volt takes the opposite approach. Residency is a property of where the bytes physically are. There is no egress path to misconfigure: zero ingress, zero egress, zero inter-pod transfer, enforced by Cilium and SPIRE at the network layer. Your request is served in a metro and the response never crosses its boundary.

On top of that, the SDK validates every response against your configured tier and metro. If a sovereign request somehow came back from the wrong place, the SDK raises and withholds the payload from your code. Server-side enforcement, network-level isolation, and client-side validation — three independent layers.

The result: data residency you can prove, not just promise. That is the difference auditors care about.