The sovereign network — air-gapped fibre, EU-only data path

Why a sovereign network matters for a 100-qubit machine

A superconducting transmon machine is, in network terms, an oddly quiet thing. The qubits themselves don't talk to the outside world — they sit in the mixing chamber of a dilution refrigerator at sub-15 mK, addressed by microwave pulses delivered through attenuated coaxial lines. Everything that matters to a remote user happens at the control plane: the room-temperature electronics that compile OpenQASM 3 circuits down to AWG waveforms, the classical co-processor that handles mid-circuit measurement and feed-forward, and the job queue that admits, schedules and returns results.

That control plane is where data sovereignty is either real or theatrical. The qubit array can be in Tipperary, but if circuits are compiled in a US-region cloud, queued through a third-country API gateway, and results staged through an object store that replicates outside the EU, the machine is not sovereign in any way that matters under GDPR, NIS2 or the EU Data Act. Ireland Quantum 100 is being built so that no part of a workload — source circuit, transpiled circuit, calibration data, raw shot counts, post-processed result — leaves EU jurisdiction at any point.

Air-gapped fibre: the physical layer

The control room sits adjacent to the cryostat hall. Between them runs a dedicated dark-fibre pair carrying the classical control traffic — pulse schedules outbound, digitised readout inbound. This pair is physically separate from the site's general-purpose network and terminates on hardware that has no route to the public internet. The compile-and-queue cluster, the calibration database, and the result store all live on this isolated segment.

External access — the path a researcher in Galway or Delft uses to submit a Qiskit or PennyLane job — lands on a separate ingress tier. Jobs cross from ingress to the air-gapped control segment via a one-way data diode for the circuit payload and a tightly scoped, audited reverse channel for results. The diode is a physical optical device, not a software firewall rule. It is the simplest defensible answer to the question "could a compromised SDK push a malicious calibration update into the cryostat stack?" — no, because there is no electrical path for it to do so.

This is the same separation principle used in classified compute environments and in some grid SCADA deployments. Applied to a quantum facility it has a second benefit: it shortens and stabilises the latency budget for the feed-forward loop that surface-code error correction will eventually require, where syndrome extraction and decoder response need to complete inside the coherence window of the data qubits.

EU-only data path: the logical layer

Above the physical air gap sits a logical guarantee: every byte of user code and user data is processed, stored and backed up inside the EU, on infrastructure operated by entities under EU jurisdiction. Concretely:

• Ingress and identity terminate on EU-resident infrastructure. No CDN edge, no auth provider, no telemetry sink touches a non-EU region.
• Transpilation — the heavy classical step where a user's logical circuit is mapped onto the heavy-hex topology, routed, and decomposed into the native gate set — happens on the air-gapped control cluster in Clonmel.
• Calibration data, including T1, T2, single- and two-qubit gate fidelities, and readout assignment matrices, is treated as facility data and never exported with user results unless the user explicitly requests it.
• Result storage uses encrypted object storage in Irish and continental EU regions, with keys held by IMPT and rotated on a schedule the user can inspect.
• Backups and DR stay inside the EU. No cross-Atlantic replication, no "global" tier.

For a researcher modelling an amine sorbent for direct air capture, or a battery group running a VQE on a lithium-sulfur cathode candidate, this matters because the circuit ansatz and the parameter trajectory are the IP. A converged variational state on a 40-qubit active space is a research output; you do not want it sitting in a log file in a jurisdiction you did not choose.

What "sovereign" actually constrains in the stack

Sovereign compute is an architectural constraint, not a marketing label, and it removes options. A few of the choices it forces:

• The SDK surface is the open one — Qiskit, Cirq, PennyLane, OpenQASM 3 — accessed through an EU-hosted API. We do not proxy to a non-EU provider's backend.
• The classical co-processor for mid-circuit measurement and feed-forward is on-site silicon, not a remote accelerator. This is also the right answer for latency.
• Software supply chain has to be auditable. Container images, FPGA bitstreams for the control electronics, and firmware on the readout chain are built from sources mirrored inside the EU and signed against a manifest the operations team controls.
• Observability and telemetry stay local. The temptation to ship metrics to a SaaS observability platform is real and we are not doing it.

Timeline and what is testable when

The network build tracks the cryostat build. Site fit-out in Q3 2026 includes the dark-fibre run, the diode hardware and the segmented switching fabric. Cryostat install in Q4 2026 brings the control electronics onto the air-gapped segment. First-light single-qubit operation in Q1 2027 will be the first end-to-end test of the submission path: a circuit submitted from an external EU institution, compiled on-site, executed against one qubit, results returned — with full audit trail showing no byte left the jurisdiction. Multi-qubit access for the climate cohort follows in Q2 2027, at which point the network design is being exercised by real workloads: carbon-capture chemistry, photovoltaic absorber screening, grid optimisation problems and climate-relevant protein folding studies.

Where this connects to IMPT

The same chemistry workloads that the sovereign network protects are the ones that feed IMPT's offset-stack supplier evaluation. If a research group on the machine produces a credible improvement to a sorbent's binding energy or a mineralisation pathway's kinetics, that result needs to be defensible — which means its provenance needs to be defensible, which means the data path it travelled needs to be defensible. Sovereignty here is not a compliance checkbox; it is what makes the scientific output usable downstream.

Next steps

Through 2026 we are publishing the network design in stages — physical topology, diode specification, ingress and identity model, audit-log schema — so that EU institutions evaluating the machine for sens