The GCC Sovereignty Index scores enterprises on Sovereign Finance Intelligence maturity. This document describes the scoring framework, data sources, and pillar definitions used in the Index.
Framework
The Index uses the three-pillar SFI framework as its scoring structure:
- Pillar I — Compliance Infrastructure (40 points): Ownership and architecture of e-invoicing compliance systems. Measures private key custody, clearance API integration architecture, certificate management, and audit trail ownership.
- Pillar II — Financial Data Pipelines (35 points): Structured financial data custody. Measures whether invoice-level transaction data is captured in enterprise-controlled infrastructure, data retention practices, and pipeline architecture.
- Pillar III — AI Capability (25 points): Enterprise financial AI readiness. Measures training data availability, inference infrastructure ownership, and AI governance practices.
Total composite score: 0–100 points. Enterprises are placed in one of five maturity buckets based on their composite score.
Maturity buckets
| Score | Bucket | Description |
|---|---|---|
| 0–20 | Exposed | Compliance via third-party SaaS; no owned data pipeline; no AI capability |
| 21–40 | Dependent | Partial compliance ownership; data in vendor systems; no AI |
| 41–60 | Developing | Owned compliance infrastructure; partial data pipeline; AI not yet deployed |
| 61–80 | Capable | Owned infrastructure and data; AI in pilot or production |
| 81–100 | Sovereign | Full ownership across all three pillars; AI in production; governance in place |
Data collection
Index scores are derived from two sources:
- SFI Maturity Assessment: The online assessment tool collects 15 data points across the three pillars. Assessment responses are anonymised before inclusion in Index aggregates.
- Direct engagement data: Architecture assessments conducted as part of ClayDesk client engagements contribute pillar-level data points (composite score only; no identifying enterprise information is used).
Limitations
The Index reflects self-reported assessment data and ClayDesk's direct engagement experience. It is not a comprehensive census of GCC enterprise practices. Enterprises that have not participated in the SFI Maturity Assessment are not represented.
The Index is published for reference and benchmarking purposes. It does not constitute an audit opinion or certification.
Take the SFI Maturity Assessment.
Contribute to the 2026 Index and receive your enterprise's maturity score across the three pillars.