SYDNEY, 11 June 2026. 6clicks today launched Sovereign GRC Infrastructure, the first GRC solution built for critical infrastructure operators, defence contractors, government agencies, and highly regulated enterprises that operate where cloud-first platforms cannot.
Sovereign GRC Infrastructure is built on a three-layer architecture designed for the environments where GRC activities matter most.
Layer 1: Sovereign Infrastructure. Deploy 6clicks where customer data has to live. Hyperscaler cloud, local cloud, self-hosted, or the 6clicks GRC Appliance, certified hardware with built-in AI inference that operates fully inside the customer's own environment, including air-gapped networks.
Layer 2: GRC Core. Hailey AI drives integrated risk, audit, compliance, and third-party risk workflows with a content library of turn-key standards, frameworks, and assessment templates. The 6clicks Knowledge Graph maps relationships between evidence, controls, frameworks, and risk, and gets smarter with every control test and audit.
Layer 3: Agentic Connectivity. Connect Sovereign GRC Infrastructure to the systems other GRC platforms can't reach, including operational technology (OT) environments, legacy systems, and restricted networks. Evidence can be uploaded manually, pulled via APIs, or collected using on-prem agents deployed inside the customer's environment, with read-only modes available for sensitive and operational technology (OT) use cases. Over time, this connectivity layer will support more automated response and remediation workflows where appropriate.
The GRC market has been built around the assumption that everyone runs in the cloud. They don't. Governments, defence, and critical infrastructure operators run where their data has to live. That's a different problem, and it needs different infrastructure. That's what we built.
Louis Strauss, Co-Founder and Chief Partner Officer, 6clicks
Sovereign GRC Infrastructure was built in response to a specific set of failures heard repeatedly across the 6clicks Ready for Sovereignty World Tour earlier this year. GRC platforms built for the cloud era fail in sovereign, air-gapped, and on-premises environments.
In closed-door roundtables across Australia, Singapore, Malaysia, the UAE, London, and New York in early 2026, Chief Information Security Officers (CISOs), critical infrastructure operators, and government cybersecurity leaders identified the same three failure modes in cloud-first GRC platforms: lag, where evidence is collected too late to be useful; drift, where production systems no longer match the controls on paper; and false confidence, where assurance exists in documents but cannot be proven in practice.
Organisations in energy, defence, government, telecoms, and aviation have been filling the gap with manual workarounds that cannot keep pace with their compliance obligations. And the pressure is building. New standards across Australia, Asia-Pacific, the Gulf, the UK, and the EU now impose data residency and operational sovereignty requirements that cloud-native platforms structurally cannot meet.
Every city on the roadshow surfaced the same question: can you prove the control is working right now, not in the next audit cycle? That question is what Sovereign GRC Infrastructure is designed to answer.
Andrew Robinson, Co-Founder and Chief Customer Officer, 6clicks
6clicks serves organisations including Celestica, Thales, GKN Automotive, NTT Data, and departments and agencies within the Australian Government. The 6clicks Hub and Spoke architecture supports programme-level GRC across multiple entities and jurisdictions from a single control point, proven across defence, advisory, public sector and portfolio deployments.
Sovereign GRC Infrastructure launches globally on 11 June 2026. Organisations can join the live global launch series, "GRC That Works Where Others Can't," which extends the Ready for Sovereignty conversations to practitioners across the UK and Ireland, Germany and Switzerland, Canada, Australia and New Zealand (AU/NZ), and the Gulf Cooperation Council (GCC).
About 6clicks
6clicks is sovereign GRC infrastructure for governments, defence, critical infrastructure operators, and highly regulated enterprises.
Founded in Melbourne, 6clicks is built on a three-layer architecture that deploys where customer data has to live: hyperscaler cloud, local cloud, self-hosted, or the 6clicks GRC Appliance. 6clicks connects to IT, OT, and restricted systems through its agentic connectivity layer and serves customers across defence, government, telecommunications, energy, aviation, and advisory globally.