diff --git a/phoenix-deploy-api/deploy-targets.json b/phoenix-deploy-api/deploy-targets.json
index f776fae5..182c1b19 100644
--- a/phoenix-deploy-api/deploy-targets.json
+++ b/phoenix-deploy-api/deploy-targets.json
@@ -102,6 +102,30 @@
         "timeout_ms": 15000
       }
     },
+    {
+      "repo": "Gov_Web_Portals/DBIS",
+      "branch": "main",
+      "target": "dbis-portal-live",
+      "description": "Redeploy the DBIS public portal on CT 7804 from the staged DBIS checkout overlaid into the Gov Portals workspace.",
+      "cwd": "${PHOENIX_REPO_ROOT}",
+      "command": [
+        "bash",
+        "scripts/deployment/phoenix-deploy-dbis-portal-live-from-workspace.sh"
+      ],
+      "required_env": [
+        "PHOENIX_REPO_ROOT",
+        "PHOENIX_DEPLOY_WORKSPACE"
+      ],
+      "timeout_sec": 2400,
+      "healthcheck": {
+        "url": "https://d-bis.org/.well-known/trust.json",
+        "expect_status": 200,
+        "expect_body_includes": "\"organization\"",
+        "attempts": 12,
+        "delay_ms": 5000,
+        "timeout_ms": 15000
+      }
+    },
     {
       "repo": "d-bis/CurrenciCombo",
       "branch": "main",
diff --git a/scripts/deployment/phoenix-deploy-dbis-portal-live-from-workspace.sh b/scripts/deployment/phoenix-deploy-dbis-portal-live-from-workspace.sh
new file mode 100755
index 00000000..f417bca5
--- /dev/null
+++ b/scripts/deployment/phoenix-deploy-dbis-portal-live-from-workspace.sh
@@ -0,0 +1,167 @@
+#!/usr/bin/env bash
+# Deploy the DBIS public portal from a Phoenix Deploy API staged DBIS checkout.
+#
+# The DBIS repo is normally a submodule of Gov_Web_Portals/gov-portals-monorepo
+# and depends on the parent workspace package @public-web-portals/shared. This
+# wrapper builds a temporary monorepo-shaped workspace, overlays the staged DBIS
+# source into it, syncs that tree to CT 7804, then rebuilds/restarts DBIS.
+
+set -euo pipefail
+
+die() {
+  echo "ERROR: $*" >&2
+  exit 1
+}
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
+[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u
+
+PHOENIX_REPO_ROOT="${PHOENIX_REPO_ROOT:-$PROJECT_ROOT}"
+PHOENIX_DEPLOY_WORKSPACE="${PHOENIX_DEPLOY_WORKSPACE:-}"
+GOV_PORTALS_REPO_URL="${GOV_PORTALS_REPO_URL:-https://gitea.d-bis.org/Gov_Web_Portals/gov-portals-monorepo.git}"
+GOV_PORTALS_REF="${GOV_PORTALS_REF:-main}"
+
+VMID_GOV_PORTALS="${VMID_GOV_PORTALS:-7804}"
+IP_GOV_PORTALS_DEV="${IP_GOV_PORTALS_DEV:-192.168.11.54}"
+PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.11}"
+CT_APP_DIR="${DBIS_PORTAL_CT_DIR:-/srv/gov-portals}"
+SERVICE_NAME="${DBIS_PORTAL_SERVICE:-gov-portal-DBIS}"
+DBIS_PORT="${DBIS_PORT:-3001}"
+
+[[ -d "$PHOENIX_REPO_ROOT" ]] || die "PHOENIX_REPO_ROOT does not exist: $PHOENIX_REPO_ROOT"
+[[ -n "$PHOENIX_DEPLOY_WORKSPACE" ]] || die "PHOENIX_DEPLOY_WORKSPACE is required"
+[[ -d "$PHOENIX_DEPLOY_WORKSPACE" ]] || die "staged DBIS workspace missing: $PHOENIX_DEPLOY_WORKSPACE"
+[[ "$CT_APP_DIR" != "/" ]] || die "refusing to deploy into /"
+
+TMP_DIR="$(mktemp -d)"
+BUILD_CONTEXT="$TMP_DIR/gov-portals"
+ARCHIVE="$TMP_DIR/gov-portals-dbis-live.tgz"
+REMOTE_ARCHIVE="/tmp/gov-portals-dbis-live-${PHOENIX_DEPLOY_SHA:-manual}-$$.tgz"
+
+cleanup() {
+  rm -rf "$TMP_DIR"
+}
+trap cleanup EXIT
+
+echo "Preparing DBIS live deploy context"
+echo "  DBIS source: $PHOENIX_DEPLOY_WORKSPACE"
+echo "  parent repo: $GOV_PORTALS_REPO_URL#$GOV_PORTALS_REF"
+echo "  target:      CT $VMID_GOV_PORTALS ($IP_GOV_PORTALS_DEV), service $SERVICE_NAME, port $DBIS_PORT"
+
+git_auth_args=()
+if [[ -n "${GITEA_TOKEN:-}" ]]; then
+  git_auth_args=(-c "http.extraHeader=Authorization: token ${GITEA_TOKEN}")
+fi
+
+git "${git_auth_args[@]}" clone --depth 1 --branch "$GOV_PORTALS_REF" "$GOV_PORTALS_REPO_URL" "$BUILD_CONTEXT"
+
+rm -rf "$BUILD_CONTEXT/DBIS"
+mkdir -p "$BUILD_CONTEXT/DBIS"
+tar \
+  --exclude=.git \
+  --exclude=node_modules \
+  --exclude=.next \
+  --exclude='*.tsbuildinfo' \
+  -C "$PHOENIX_DEPLOY_WORKSPACE" \
+  -cf - . | tar -C "$BUILD_CONTEXT/DBIS" -xf -
+
+tar \
+  --exclude=.git \
+  --exclude=node_modules \
+  --exclude=.next \
+  --exclude='*.tsbuildinfo' \
+  -C "$BUILD_CONTEXT" \
+  -czf "$ARCHIVE" .
+
+echo "Uploading deploy archive to Proxmox host $PROXMOX_HOST"
+scp -q -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new "$ARCHIVE" "root@$PROXMOX_HOST:$REMOTE_ARCHIVE"
+
+echo "Pushing archive into CT $VMID_GOV_PORTALS"
+ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new "root@$PROXMOX_HOST" \
+  "pct push $VMID_GOV_PORTALS '$REMOTE_ARCHIVE' '$REMOTE_ARCHIVE'"
+
+echo "Extracting, building, and restarting DBIS inside CT $VMID_GOV_PORTALS"
+ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new "root@$PROXMOX_HOST" \
+  "pct exec $VMID_GOV_PORTALS -- bash -s" <<CT_SCRIPT
+set -euo pipefail
+
+CT_APP_DIR="$CT_APP_DIR"
+REMOTE_ARCHIVE="$REMOTE_ARCHIVE"
+SERVICE_NAME="$SERVICE_NAME"
+DBIS_PORT="$DBIS_PORT"
+
+mkdir -p "\$CT_APP_DIR"
+ENV_BACKUP="\$(mktemp -d)"
+if [ -d "\$CT_APP_DIR/DBIS" ]; then
+  for env_file in .env .env.local .env.production; do
+    if [ -f "\$CT_APP_DIR/DBIS/\$env_file" ]; then
+      cp "\$CT_APP_DIR/DBIS/\$env_file" "\$ENV_BACKUP/\$env_file"
+    fi
+  done
+fi
+
+find "\$CT_APP_DIR" -mindepth 1 -maxdepth 1 \
+  ! -name ".env" \
+  ! -name ".env.local" \
+  ! -name ".env.production" \
+  -exec rm -rf {} +
+
+tar -xzf "\$REMOTE_ARCHIVE" -C "\$CT_APP_DIR"
+rm -f "\$REMOTE_ARCHIVE"
+
+mkdir -p "\$CT_APP_DIR/DBIS"
+for env_file in .env .env.local .env.production; do
+  if [ -f "\$ENV_BACKUP/\$env_file" ] && [ ! -f "\$CT_APP_DIR/DBIS/\$env_file" ]; then
+    cp "\$ENV_BACKUP/\$env_file" "\$CT_APP_DIR/DBIS/\$env_file"
+  fi
+done
+rm -rf "\$ENV_BACKUP"
+
+if ! command -v node >/dev/null 2>&1; then
+  curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+  apt-get install -y nodejs
+fi
+
+if ! command -v pnpm >/dev/null 2>&1; then
+  npm install -g pnpm@8.15.0
+fi
+
+cd "\$CT_APP_DIR"
+pnpm install --frozen-lockfile
+pnpm --filter portal-dbis build
+
+cat > "/etc/systemd/system/\$SERVICE_NAME.service" <<UNIT
+[Unit]
+Description=Gov Portal DBIS
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=\$CT_APP_DIR/DBIS
+Environment=NODE_ENV=production
+Environment=PORT=\$DBIS_PORT
+EnvironmentFile=-\$CT_APP_DIR/DBIS/.env.production
+EnvironmentFile=-\$CT_APP_DIR/DBIS/.env.local
+ExecStart=/usr/bin/node \$CT_APP_DIR/DBIS/node_modules/next/dist/bin/next start -p \$DBIS_PORT
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+UNIT
+
+systemctl daemon-reload
+systemctl enable "\$SERVICE_NAME"
+systemctl restart "\$SERVICE_NAME"
+sleep 3
+curl -fsS --max-time 15 "http://127.0.0.1:\$DBIS_PORT/" >/dev/null
+CT_SCRIPT
+
+ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new "root@$PROXMOX_HOST" "rm -f '$REMOTE_ARCHIVE'" >/dev/null 2>&1 || true
+
+echo "DBIS live deployment complete."
+echo "Local origin check: http://$IP_GOV_PORTALS_DEV:$DBIS_PORT/"