Technical & Operational Deployment

Government Implementation
Framework

A structured, phased deployment blueprint covering infrastructure, security, code generation, platform rollout, mobile app distribution, training, and post-launch operations - for national-scale tax stamp and traceability programs.

7
Implementation Phases
16–24
Weeks to Full Rollout
99.9%
Uptime SLA
100%
Government Data Ownership
Discuss Implementation Government Overview →
Implementation Phases

Seven phases from planning to live operations

Every national deployment follows a defined phase sequence. Each phase has clear deliverables, sign-off criteria, and dependencies - so both teams know exactly what is happening, when, and what comes next.

Phase 01 Weeks 1–3

Planning & Architecture

All technical, legal, and operational parameters are defined before a single server is provisioned. This phase prevents costly rework downstream.

  • 1

    Jurisdiction Requirements Assessment

    Map excise categories, product volumes, existing IT systems, and statutory obligations including WHO FCTC where applicable.

  • 2

    Sovereignty & Data Residency Decision

    Choose deployment model: on-premise government data centre, sovereign cloud, or managed service with contractual data protections.

  • 3

    System Architecture Sign-off

    Define registry topology, API integration points, cryptographic key hierarchy, and disaster recovery architecture.

  • 4

    Stakeholder Agency Mapping

    Identify all agencies requiring system access: revenue authority, customs, market surveillance, licensing bodies. Define role-based access structure.

Phase Deliverables

  • Signed architecture design document
  • Data sovereignty agreement executed
  • Agency access matrix approved
  • Integration scope defined per existing government systems
  • Cryptographic key ownership confirmed
  • Stamp format decision: physical, digital, or hybrid

Phase 01 Gate Criteria

No infrastructure provisioning begins until architecture is signed off and data sovereignty requirements are contractually confirmed.

Phase 02 Weeks 3–6

Infrastructure Setup

Core infrastructure is provisioned and hardened. The central registry database, object storage, and cryptographic key systems are brought online in the approved deployment environment.

  • 1

    Server & Network Provisioning

    Dedicated server nodes provisioned per architecture. Network segmentation, firewall rules, and VPN access for government staff configured.

  • 2

    Primary Database Deployment

    Industry-standard scalable databases deployed with automated failover. Schemas and retention policies configured for national registry volumes.

  • 3

    Secure Object Storage Configuration

    Label assets, audit exports, and scan event archives configured on sovereign-approved object storage systems. Geo-redundant configurations aligned to data residency requirements.

  • 4

    HSM & Key Management

    Hardware Security Module provisioned. Root signing keys generated under government supervision. Key ceremony documented and witnessed.

Infrastructure Stack

🗄️
Primary Database
Scalable, auto-failover, encrypted at rest
Primary DB
☁️
Hybrid Cloud
On-prem compute + sovereign cloud burst capacity
Compute
🪣
Object Storage
Label assets, archives, audit exports
Storage
🔐
HSM
Government-controlled key signing
Sovereign

Phase Deliverables

  • All servers provisioned and network-hardened
  • MongoDB replica set live with health monitoring
  • Object storage buckets created and permissioned
  • HSM online, root keys generated and documented
  • Penetration test completed on infrastructure layer
Phase 03 Weeks 5–9

Code Generation & Printing

The serialization engine is configured, test batches produced, and printing infrastructure - whether at a government print facility or licensed manufacturer sites - is validated end-to-end before live issuance begins.

  • 1

    Serialization Engine Configuration

    Secure, serialized code generation configured using proprietary methods designed for anti-counterfeit protection, tailored per product category in scope.

  • 2

    Print Facility Integration

    Codes are securely transferred to approved production environments for controlled printing and deployment. Allocation controls and audit trails configured.

  • 3

    Label & Stamp Specification

    Physical dimensions, substrate, adhesive, tamper-evident features, and visual design approved. Print quality standards tested and locked.

  • 4

    Test Batch Scan Validation

    Sample production batch scanned against live registry. Verification response times, error handling, and offline fallback tested.

Code Generation Flow

Authentific
Engine
Generates signed UIDs
🖨️Authorized
Printer
Receives print job
🏷️Labels /
Stamps
Physical output
TrueTax
Registry
Records issuance
🏪Market /
Product
Applied to goods
📲Scan &
Verify
Enforcement / consumer

Every stamp or label is registered in the Government-Controlled System before it reaches a production environment. Codes are securely transferred to approved facilities using proprietary methods designed for anti-counterfeit protection.

Phase 04 Weeks 7–12

Platform Deployment

The full Authentific + TrueTax platform is deployed, configured for the jurisdiction, and integrated with existing government systems via documented API. All agency portals are stood up with role-based access.

  • 1

    Core Platform Installation

    Authentific registry, verification API, and TrueTax government dashboard deployed to hardened infrastructure. SSL/TLS, WAF, and DDoS protection enabled.

  • 2

    Government Agency Portal Configuration

    Revenue authority, customs, and enforcement dashboards configured per agency mandate. Role-based access provisioned for each user group.

  • 3

    ERP & Government System Integrations

    API connectors activated for customs management, excise license system, and licensing authority databases. Integration testing completed.

  • 4

    Manufacturer Onboarding Portal

    Licensed manufacturers and importers onboarded to the operator portal. Production line serialization equipment installed and validated at each facility.

  • 5

    UAT & Load Testing

    User acceptance testing with government stakeholders. Load testing simulates national production volume across all registered operators simultaneously.

Agency Access Structure

🏛️
Revenue Authority
Full dashboard - duty reconciliation, operator compliance, analytics
🛃
Customs Authority
Import/export view - border verification, transit tracking
🔎
Market Surveillance
Enforcement scans, seizure records, anomaly alerts
🏭
Licensed Operators
Production portal - stamp allocation, serialization, compliance reports

Phase Deliverables

  • Platform live in production environment
  • All agency portals configured and permissioned
  • Government system integrations tested and signed off
  • All licensed operators onboarded to production system
  • UAT signed off by government stakeholders
  • Load test passed at 120% of projected peak volume
Phase 05 Weeks 10–14

Mobile App Deployment

Enforcement officer and consumer-facing mobile applications are published through appropriate distribution channels, including government-managed app stores where required for sovereign distribution control.

  • 1

    Enforcement Officer App - Android & iOS Build

    Government-branded enforcement application built and signed with government certificates. Offline verification mode configured with encrypted local cache.

  • 2

    Apple Developer Account Setup

    Government Apple Developer Enterprise account configured. App signed with government provisioning profile. TestFlight distribution to pilot officer cohort.

  • 3

    Google Play / Government App Store

    Android app published to Google Play under government developer account, or deployed via MDM/government-managed distribution where Play Store access is restricted.

  • 4

    Consumer Verification App

    Public-facing consumer verification app published on both stores. Branded per jurisdiction requirements. QR scan → verification result flow validated.

  • 5

    MDM Enrollment for Enforcement Devices

    Mobile Device Management enrollment for all government-issued enforcement devices. Remote wipe, policy enforcement, and update management configured.

Distribution Channels

Apple App Store / Enterprise
Government Apple Developer Enterprise Account. Direct MDM distribution for enforcement officers. Public App Store for consumer app.
Google Play / Managed Distribution
Government Google Play developer account. Android Enterprise / MDM for enforcement devices. Sideload APK option for offline / air-gapped environments.
🏛️
Government App Store (where applicable)
For jurisdictions operating a sovereign app distribution portal. App package and metadata provided for government-managed publication.

Offline Capability

  • Encrypted local code cache for enforcement devices
  • Offline verification against cached registry snapshot
  • Automatic sync on reconnection - no data loss
  • Configurable cache window: 24h to 7 days
  • Tamper-evident offline scan log, uploaded on sync
Phase 06 Weeks 12–18

Training & Rollout

Structured training programs for all user groups - administrators, enforcement officers, and licensed operators - delivered before the program operative date. Pilot rollout validates the full chain before national activation.

System Administrator Training
  • Platform administration and configuration management
  • User provisioning and access control management
  • Registry monitoring, alerting, and incident response
  • Backup, restore, and failover procedures
  • Reporting and data export for government workflows
  • HSM key management procedures and rotation

Duration: 3-day intensive + 2-week supervised operation period

Enforcement Inspector Training
  • Mobile app operation: scan, verify, record
  • Reading and interpreting verification results
  • Offline mode operation in low-connectivity environments
  • Seizure documentation using evidential scan output
  • Escalation procedures for suspect or flagged products
  • Field troubleshooting and device management

Duration: Half-day workshop per cohort. Train-the-trainer materials provided for ongoing onboarding.

Licensed Operator Training
  • Production portal: stamp allocation requests and management
  • Production line serialization equipment operation
  • Compliance reporting and duty reconciliation submission
  • Handling unreadable or damaged stamp events
  • Audit preparation and export generation

Duration: On-site, per facility. Remote training available for importers and distributors.

Pilot Rollout & National Activation
  • Pilot: single product category, defined region, 30-day window
  • Live enforcement verification by trained officers during pilot
  • Pilot data review and issue resolution before national activation
  • Phased national activation: category by category or simultaneous
  • Hypercare support during first 30 days of national operation

Training Materials Provided

📋
Admin Operations Manual
Full system administration reference
📱
Enforcement Officer Field Guide
Printed quick-reference card + in-app help
🏭
Operator Integration Guide
API docs, portal user guide, compliance procedures
🎓
Train-the-Trainer Package
For ongoing officer onboarding post-launch
Phase 07 Ongoing from Week 16+

Monitoring & Steady-State Operations

Post-launch, the platform enters a continuous monitoring regime. Uptime, performance, anomaly detection, and security posture are tracked around the clock. Regular reporting keeps government stakeholders informed.

  • 1

    24/7 Uptime & Performance Monitoring

    API latency, database health, storage utilisation, and verification response times monitored continuously. Automated alerts on SLA breach.

  • 2

    Anomaly Detection & Enforcement Alerts

    Continuous scan event pattern analysis. Geographic inconsistencies, duplicate events, and production volume anomalies trigger real-time enforcement alerts.

  • 3

    Scheduled Backup & DR Testing

    Daily incremental and weekly full backups to geographically separated storage. DR failover tested quarterly. RTO target: under 4 hours.

  • 4

    Monthly Government Operations Review

    Monthly report delivered to government stakeholders: uptime, scan volumes, compliance rates, anomalies detected, and enforcement action outcomes.

SLA & Operations Targets

Uptime SLA 99.9%
API Response < 100ms
RTO (failover) < 4 hours
RPO (data loss) < 1 hour
Backup Frequency Daily + Weekly full
Support SLA Priority 1: 1-hour response
Technical Infrastructure

Infrastructure designed for sovereign national-scale operations

The infrastructure stack is chosen for reliability, data sovereignty, and operational independence from any single vendor. Each layer can be deployed within the government's own network perimeter.

Compute

Hybrid Cloud Architecture

Core registry operations run on government-controlled on-premise hardware. Burst capacity scales to sovereign cloud nodes during peak production periods. No data transits outside the approved national jurisdiction.

  • On-premise primary - government data centre
  • Sovereign cloud burst - in-jurisdiction only
  • Private network interconnect (no public internet path for registry)
  • Containerised workloads - Kubernetes orchestration
  • Auto-scaling on verification API under load
Database

Primary Registry Database

The national registry runs on industry-standard scalable database infrastructure - proven, high-performance storage suited to the append-only, high-volume scan event and identity record pattern of a national Deployment Framework.

  • Automated failover with no single point of failure
  • Encryption at rest and in transit using current industry-standard protocols
  • Point-in-time recovery within defined government recovery windows
  • Optimised for national-scale registry lookup volumes
  • Government-controlled backup schedule and retention
Storage

Government-Aligned Object Storage

Label assets, audit exports, scan event archives, and enforcement records are stored using industry-standard scalable object storage systems aligned with government infrastructure policies. The storage provider is selected per jurisdiction based on data residency and sovereignty requirements.

  • Flexible provider selection aligned to national data sovereignty requirements
  • Supports hybrid and on-premise deployment configurations
  • No transfer lock-in - government retains full data portability
  • Server-side encryption and immutable audit-trail object records
  • Configurable retention policies per government record-keeping requirements

No Vendor Lock-in on Infrastructure

The platform is infrastructure-agnostic at the storage and compute layer. Governments can migrate between cloud providers or to on-premise alternatives without platform redeployment. The registry data format is documented and exportable.

Open APIs Exportable Data Documented Schemas No Lock-in Clauses
Security & Compliance

Security architecture built for national critical infrastructure

The platform is designed and operated to the security standards required of national identity infrastructure. Encryption, CA integration, and data sovereignty are first-class requirements - not add-ons.

Encryption - At Rest & In Transit

All registry data encrypted at rest and in transit using current industry-standard encryption protocols. Cryptographic keys never leave the secure hardware boundary.

Certificate Authority (CA) Integration

The national government CA signs the Authentific root certificate for the deployment. All cryptographic identities issued by the platform chain to the sovereign CA trust hierarchy.

Data Sovereignty

All registry data, scan events, and enforcement records remain within the defined national jurisdiction. No data is accessible to the technology provider without explicit government authorisation.

Hardware Security Module (HSM)

Government-grade Hardware Security Modules provision all cryptographic signing operations. Key ceremony is documented and witnessed by government representatives. Government holds the key administrator credentials.

Role-Based Access Control

Every user account is bound to a specific agency role. Permissions are granular - read-only access to analytics does not confer write access to registry records. Audit log captures all admin actions.

Penetration Testing & Audit

Third-party penetration test before launch and annually thereafter. OWASP Top 10 compliance verification. Government-appointed auditor access to audit logs and configuration documentation at any time.

Immutable Audit Trail

All registry events are append-only. Records cannot be modified or deleted post-write - by any user, including system administrators. A cryptographic hash chain provides tamper evidence across the entire log.

Network Isolation

Registry and HSM components run on a private network segment with no direct public internet exposure. All public API traffic routes through a WAF and rate-limiting proxy layer.

Incident Response Plan

Government-specific incident response runbook provided. Escalation paths, notification obligations, and recovery procedures defined per jurisdiction regulatory requirements.

Compliance Standards

  • ISO 27001 information security management
  • FIPS 140-2 Level 3 HSM requirements
  • WHO FCTC Protocol data reporting compatibility
  • GDPR-compatible data architecture (where applicable)
  • National data protection legislation - configurable per jurisdiction
  • WCO data standards for cross-border traceability

Government Audit Rights

  • Full access to all system logs on demand
  • Configuration documentation maintained and accessible
  • Annual third-party security audit - results shared with government
  • Source code escrow arrangement available on request
  • Right to appoint independent technical auditor at any time
  • Data export in documented format - government retains copies
Code Generation Flow

From platform to product: how tax stamps reach the market

Every stamp and label follows this controlled chain. No step can be bypassed. Each transition is logged in the central registry.

Authentific
Platform
Secure identifier generated and registered by the Platform
🖨️ Authorized
Printer
Codes securely transferred to approved production environment
🏷️ Labels /
Stamps
Physical stamp or label produced and serialized
TrueTax
Registry
Issuance event recorded; operator allocation debited
🏪 Market /
Product
Stamp applied to excise product at licensed facility
📲 Scan &
Verify
Enforcement officer or consumer scans & gets result
Control Point 1

Codes are securely transferred to approved production environments using proprietary methods designed for anti-counterfeit protection.

Control Point 2

Stamps not applied within the allocation window generate automatic compliance alerts to the revenue authority.

Control Point 3

Duplicate scan of the same UID flags the product as suspect immediately - counterfeit detection in real time.

Verification Flow

How every scan reaches a verified result

Enforcement officer or consumer scans a code. The result is unambiguous, tamper-evident, and returned in under 100 milliseconds.

📲 Officer /
Consumer
Scans QR or DataMatrix on product
📡 Verification
API
Secure request to the Verification Layer
National
Registry
Identity validated against the Government-Controlled System
🔍 Anomaly
Check
Compliance and anomaly rules applied
📋 Result
Returned
Structured result delivered to scanning device

Verification Result States

AUTHENTIC - Duty Paid
Registered, no anomalies, within expected distribution territory
⚠️
FLAGGED - Review Required
Registered but anomaly detected: geographic mismatch, duplicate scan, or status flag
🚫
NOT REGISTERED - Seize
UID not found in national registry - counterfeit or unregistered product
📴
OFFLINE - Cached Verification
Result returned from encrypted local cache; sync pending on reconnection

Enforcement Officer View

For a FLAGGED or NOT REGISTERED result, the officer's application surfaces the full enforcement package:

  • Product category, manufacturer, excise classification
  • Full chain-of-custody event log for the unit
  • Registered distribution territory vs. scan location
  • Previous scan history - date, location, operator
  • One-tap seizure record creation with GPS, time, and scan data
  • Escalation path to supervising authority

Every scan event is logged - including no-action scans by consumers. This builds the geographic distribution picture used by enforcement intelligence.

Mobile App Deployment

Government-controlled mobile distribution at scale

Enforcement officer applications are distributed through channels that give the government full control over who has the app, which version they're running, and what data the device can access.

iOS Apple Developer Enterprise

Apple Platform Deployment

  • Government Apple Developer Enterprise Account configured
  • App signed with government-issued provisioning profiles
  • TestFlight distribution for pilot officer cohort
  • App Store publication for consumer-facing app (public)
  • MDM-managed update delivery for enforcement devices
  • Remote wipe capability on lost or decommissioned devices

Apple Enterprise Program enrollment requires an active D-U-N-S number for the government agency. Authentific provides full onboarding support for the Apple Developer Enterprise Program where the government does not already have an account.

Android Google Play / MDM / APK

Android Platform Deployment

  • Government Google Play developer account setup and app publication
  • Android Enterprise enrollment for government-issued devices
  • Managed Google Play for private app distribution to enrolled devices
  • Direct APK sideload option for offline / restricted environments
  • EMM/MDM policy enforcement: screen lock, encryption, app allowlist
  • Over-the-air update management with staged rollout control

For jurisdictions where Google Play Store access is restricted or prohibited, the enforcement app is packaged as a signed APK for direct installation via MDM push or government IT portal distribution.

Data Ownership

Government Ownership & Control - Fully and Unconditionally

The national registry is a sovereign asset. All system data remains under the ownership and jurisdiction of the Government, with deployment aligned to national data protection and sovereignty requirements. No data is shared with, sold to, or accessible by any third party - including the platform provider - without explicit written authorisation from the deploying government.

Government Owns All Data

  • All registry records, scan events, and enforcement data are government property
  • Contractually confirmed - no ambiguity in the service agreement
  • Platform provider has no right to analyse, share, or monetise government data
  • Data can be exported at any time in documented, open format
  • Full data portability - government can migrate to any platform at any time

Local Hosting Option

  • Full on-premise deployment within government data centres
  • No data leaves the national jurisdiction for any processing
  • Air-gapped registry option available for high-security deployments
  • Government IT staff trained to operate and maintain the platform
  • Source code escrow - government retains access to platform code

Government Holds the Keys

  • HSM root keys generated in the presence of government representatives
  • Key administrator credentials held by government-appointed custodians
  • Platform provider cannot issue or revoke UIDs without government authorisation
  • Key rotation procedures defined and controlled by government

Exit & Continuity

  • Documented data export format - registry is not proprietary
  • Transition-out plan defined in service agreement
  • Government receives full data extract on contract termination
  • System can be operated by government IT staff or successor provider
System Integrations

Connects to existing government infrastructure via documented API

The platform integrates with what you already have. No requirement to replace existing customs, ERP, or licensing systems - the API layer connects them.

Customs Systems

Border & Import Control

  • Import clearance cross-referencing - verify UID against national registry at border
  • Bonded warehouse tracking - movements recorded against registry
  • Duty status lookup at customs inspection points
  • Integration with national customs management system via REST API
  • WCO standard data formats for cross-border messaging

ERP & Tax Systems

Revenue & Compliance

  • Excise declaration reconciliation - registered units vs. declared production
  • Licensed operator duty account cross-reference
  • Secure API-based integration with existing government and enterprise systems
  • Automated reconciliation reports pushed to tax authority systems
  • Configurable integration frequency: real-time, hourly, or daily batch

Licensing Systems

Operator & Permit Management

  • Licensed operator registry integration - auto-sync on new licence issuance
  • Licence suspension and revocation - immediately blocks stamp allocation
  • Trade permit and import licence verification at point of inspection
  • Professional and occupational licence verification (e.g., pharmacists, distributors)
  • Regulatory authority licensing database connectivity via API

Integration Scope is Defined Per Deployment

Not every integration is required for every deployment. The integration scope is agreed during the planning phase. Standard connectors exist for common government systems; custom connectors are built where required and documented as part of the integration deliverable.

REST API Webhook Events Batch Data Exchange Custom Connectors
Training & Support

Every user group trained. Every scenario covered.

Training is not an afterthought. It is a structured deliverable with defined content, delivery format, and sign-off criteria for each user group.

Admin Training
Platform & System Administration
  • Full platform configuration and management
  • User and agency access provisioning
  • Registry health monitoring and alerting
  • Backup, restore, and failover execution
  • Key management procedures and rotation schedules
Dashboard & Reporting (Revenue Authority)
  • Compliance dashboard interpretation and drill-down
  • Duty reconciliation report generation and export
  • Operator compliance status review
  • Anomaly alert review and investigation workflow
  • WHO FCTC Protocol data export procedure
Customs Authority Dashboard
  • Import and cross-border movement view
  • Border verification query and result interpretation
  • Bonded warehouse stock movement tracking
  • Cross-border enforcement alert handling
Inspector Training
Field Enforcement - Mobile App
  • App installation, login, and device enrollment
  • QR and DataMatrix scanning technique
  • Reading and acting on verification results
  • Offline mode - operation and limitations
  • Seizure record creation and submission
  • Escalation and reporting procedures
Market Surveillance Operations
  • Bulk scan operations at retail and wholesale premises
  • Geographic anomaly identification in the field
  • Evidence packaging for enforcement action
  • Data submission and chain-of-custody documentation
Ongoing Support & Helpdesk
  • Dedicated government support channel (email, phone, secure portal)
  • Priority 1 incidents: 1-hour initial response SLA
  • In-country support representative available on request
  • Regular platform update briefings for system administrators
  • Annual training refresh for enforcement officer cohorts
Proven Capability & Experience

Execution backed by a proven track record.

The platform is delivered by a team with demonstrated experience across security, verification, and regulated industry deployments - with the operational depth to support programs from initial design through to national scale and ongoing operation.

Over a Decade of Experience

More than ten years of experience designing and delivering security and verification solutions across regulated industries and high-value supply chains.

Regulated Industry Deployments

Deployed across pharmaceutical, FMCG, logistics, and government environments - each with distinct compliance, traceability, and enforcement requirements.

Aviation, Logistics & Government

Experience operating in high-security, high-consequence environments including aviation, critical logistics, and government-mandated verification programs.

End-to-End Delivery

System design, infrastructure deployment, operator onboarding, training, and post-launch operational support - delivered as a single integrated engagement.

Public Awareness

Citizens who scan protect the program

Consumer participation multiplies enforcement coverage. A population that knows to scan before they buy is a distributed verification network the government didn't have to pay for.

Public Awareness Campaigns

Campaign materials and messaging framework aligned with the government's communication standards. Deployable across print, broadcast, and digital channels.

  • Campaign messaging framework provided: "Scan before you buy"
  • Government-brandable print and digital assets
  • Point-of-sale retailer awareness materials
  • Border crossing and market entry awareness signage templates
  • Social media campaign assets and posting schedule template
  • Media briefing document for government communications team

QR Education for the Public

Consumer-facing materials explain what the QR code means, how to scan it, and what the result tells them - in plain language, in local languages.

  • Multilingual QR scanning guide - no app required for basic scan
  • In-app help text configured for local language and jurisdiction branding
  • Explanation of result states - what AUTHENTIC, FLAGGED, and NOT REGISTERED mean
  • Reporting mechanism for consumers who find suspect products
  • Product-type specific guidance - tobacco, alcohol, pharmaceuticals
  • SMS-based verification fallback for feature phones where required
Reliability & Business Continuity

National infrastructure. National uptime requirements.

A national tax stamp program cannot tolerate outages. The platform is engineered for continuous availability with automatic failover, geo-distributed backups, and tested recovery procedures.

Uptime & SLA

  • 99.9% uptime SLA - < 9 hours unplanned downtime per year
  • Verification API availability monitored independently every 60 seconds
  • Government-facing status page with real-time incident reporting
  • Planned maintenance windows agreed in advance with government
  • Zero-downtime deployment for platform updates

Automatic Failover

  • Automated database failover with no manual intervention required
  • Multi-zone deployment: no single zone failure takes down the system
  • Automated health checks reroute traffic within defined recovery windows
  • Cold standby DR site activatable within 4-hour RTO
  • Enforcement officer offline mode maintains operation during outages

Backups & Recovery

  • Daily incremental database backups to geographically separated object storage
  • Weekly full snapshot - immutable, cannot be overwritten or deleted
  • Point-in-time recovery within defined government recovery windows
  • Backup restore drills conducted quarterly - results documented
  • Government receives independent backup copy on monthly cadence
99.9%
Uptime SLA
<4h
RTO Target
<1h
RPO Target
30s
Failover Time
Daily
Backup Frequency
Deployment Timeline

From engagement to national operation: 16–24 weeks

The timeline is determined by jurisdiction complexity, number of product categories, and integration scope. The phases below represent a standard single-category national deployment.

Phase 01
Planning & Architecture
Weeks 1–3
Jurisdiction assessment, sovereignty decision, architecture sign-off, stakeholder agency mapping.
Architecture signed Data sovereignty confirmed Agency matrix approved
Phase 02
Infrastructure Setup
Weeks 3–6
Server provisioning, primary database deployment, secure storage configuration, security infrastructure online, penetration test.
Infra live HSM commissioned Pen test passed
Phases 03–04
Code Generation + Platform Deployment
Weeks 5–12
Serialization configuration completed, print facility integration validated, platform deployed, agency portals live, government system integrations activated, UAT completed.
Test batch validated Platform UAT signed All operators onboarded
Phase 05
Mobile App Deployment
Weeks 10–14
iOS and Android enforcement apps published, MDM enrollment completed, consumer app live on public stores.
Apps published MDM enrolled Consumer app live
Phase 06
Training & Pilot Rollout
Weeks 12–18
All user groups trained. Pilot launched in defined region or category. Data reviewed and issues resolved before national activation.
All users trained Pilot complete Government sign-off
Phase 07 - LIVE
National Activation
Week 16–24
National program operative date. All licensed operators required to apply stamps. Enforcement active across all covered product categories. Hypercare support period begins.
National program live Hypercare active Monitoring operational

Timeline Factors

Factors that compress the timeline
  • Existing government cloud or data centre infrastructure
  • Single product category in initial scope
  • Clear data sovereignty decision made before engagement
  • Government IT team available for integration work
  • Existing manufacturer registry available for operator onboarding
Factors that extend the timeline
  • Multiple product categories in simultaneous scope
  • Complex multi-agency integration requirements
  • New data centre procurement or civil works required
  • Regulatory change required before program is legally operative
  • Large number of licensed manufacturers requiring on-site installation

Multi-Category Deployment

For programs covering multiple excise categories simultaneously, add 4–8 weeks per additional category being onboarded in the same deployment window. Categories can also be staged: launch with tobacco in Week 16, add alcohol in Week 24, spirits in Week 32 - using the same platform and registry.

Licensing Model

Scalable licensing aligned to government procurement.

TrueTax is licensed on a platform basis - not per transaction. Governments retain predictable cost structures as issuance and verification volumes grow.

Standard

Annual License

Annual license covering full platform access, updates, and support. Scoped to deployment scale and program requirements.

  • Full platform access - all capabilities included
  • Software updates and security patches
  • Ongoing operational support
  • Annual renewal with defined scope
Government-grade

Multi-Year Enterprise

Multi-year license scalable based on deployment scope. Supports expansion to additional product categories without renegotiating the base agreement.

  • Scalable based on deployment scope
  • Multi-program support under one agreement
  • Enhanced SLA with defined RTO / RPO targets
  • Dedicated government support channel
Optional

Perpetual License

Perpetual licensing available subject to discussion - suited to on-premise deployments where subscription models are incompatible with government procurement frameworks.

  • Available subject to discussion
  • Suited to on-premise and sovereign deployments
  • Optional annual maintenance agreement
  • Source code escrow available

Licensing structure is defined during the initial technical briefing. A solutions engineer will confirm the appropriate model based on your program scope, deployment model, and procurement framework.

Discuss Licensing
Government Implementation

Ready to discuss implementation for your jurisdiction?

A government implementation briefing covers the full technical scope for your specific deployment: product categories, infrastructure options, security architecture, integration requirements, timeline, and data sovereignty model. This is a structured technical engagement - not a sales presentation.

Discuss Implementation Request a Demo First
← Government & Excise Overview Trailio TrueTax - Full Product Page → Platform Technology & Architecture →