ProvenHSM is a Hardware Security Module (HSM) built on ProvenCore, a formally verified OS certified at Common Criteria EAL7. It is designed for cloud and telecom environments, targeting use cases that require certified cryptographic operations with flexible deployment options. Key security certifications include CC EAL5+ (AVA_VAN 5), FIPS 140-3 Level 3, and eIDAS QSCD-ready status, with tamper protection. Note: certifications are listed as in-progress at time of publication. ProvenHSM supports standard cryptographic interfaces including PKCS#11 and REST APIs, enabling integration into existing infrastructure. It offers a modular architecture that allows deployment of custom secure applications inside the HSM without requiring full re-certification. Performance specifications include: - 5,000 RSA-2048 signatures/second - 10,000 ECDSA P256 signatures/second - 1 Gbits/s AES-256 throughput - Post-Quantum Cryptography (PQC) support: ML-KEM and ML-DSA algorithms Development tooling includes an SDK and QEMU emulator, allowing developers to prototype and test against PKCS#11, REST, and crypto APIs before deploying on physical hardware. The product supports multi-tenant scaling, elastic cloud-native deployment, and remote setup. It offers sovereign supply chain options and is designed to be auditable by any trusted authority at any time.