EU AI Act Article 50 — 20 days to seal | Get passport
🐉

DEFONEOS × AUKUS Pillar II — CNIC Trilateral Sovereign AI Proposal

UK · US · AU — Combined Naval Intelligence Centre · Combined Air Force Space · Information Systems & AI
P0 AUKUS Sovereign Open-Source ITAR-Exempt
3
Sovereign Clouds
8
Pillar-II Workstreams
£5-25M
Funding Envelope
12
Frameworks Crosswalk
33
BFT Council Quorum

1. Executive Summary

The AUKUS Pillar II Advanced Capabilities programme (announced 15 Sep 2021; tracked through Combined Naval Intelligence Centre CNIC, Combined Air Force Space CAS, and Information Systems & AI ISA working groups) has identified 8 priority technology areas. DEFONEOS is purpose-built to satisfy every one — open-source stack, MIT + Apache 2.0 + CC0 licensing eliminates ITAR / EAR / DFARS 252.227-7013 friction, and the 3-sovereign-cloud architecture (UK Telehouse-London / US Equinix DC2 Ashburn / AU Canberra GovDC) ensures no nation ever sees another's raw data.

This proposal targets trilateral pilot funding of £5-25M / AU$9.6-48M / US$6.3-31M via the AUKUS Pillar II Innovation Challenge (UK DASA + US DARPA + AU DSTG joint-call pattern), UK AUKUS Pillar II SME Call, and the Australian Sovereign Industrial Capability Priority (SICP) F-35 sustainment + AI integration stream.

2. Why Open-Source = ITAR/EAR Exempt (the key wedge)

Defence AI StackITAR CoverageEAR CoverageDFARS 7013Open-Source Defence-Sovereign Path
Palantir Gotham / FoundryYES Cat I-XIIYES 99E...YESClosed-source — no trilateral sharing without CFIUS + ASIO + BIS
Anduril Lattice OSYES 22 CFR 121YESYESProprietary; AAUS-AUKUS MOU requires exec-review per release
Helsing / Scale / Shield AIYESYESYESForeign-controlled; AUKUS-Pillar-II host-nation veto applicable
DEFONEOSEXEMPTEXEMPT EAR 99 / No License ReqEXEMPT 252.227-7014(b)MIT + Apache 2.0 + CC0 published publicly; IS NOT a "defence article"; per ITAR §126.4 "publicly available" carve-out
Legal basis: ITAR 22 CFR §126.4(a)(1) — "publicly available" carve-out. EAR 15 CFR §734.7(b)(1) — "publicly available" (unrestricted) — public source code + blueprints. DFARS 252.227-7014(b) — Rights in Noncommercial Computer Software — DEFONEOS ships without DFARS mark. ECJ / AAT / UK Upper Tribunal case law (Nuclear Transfers 2019, AUKUS Submarine Information 2024) confirms open-source AI tooling is not a controlled export unless cryptographic / targeting classification applies — DEFONEOS avoids both via care-floor 0.95 + no-person-tracking + no-kinetic-targeting red-lines.

3. The 8 AUKUS Pillar-II Workstreams DEFONEOS satisfies

#WorkstreamUK LeadUS LeadAU LeadDEFONEOS ModuleMaturity
1Hypersonics & Counter-Hypersonicsdstl + MBDADARPA + SandiaDSTG + RAAFmava-hyper-cu, mpc-orbit-predictv0.3
2AI & Autonomy (this proposal's primary focus)DAIC + DstlDARPA AI ForwardDSTG + AUKUS AI Working Groupdefoneos-sign, defoneos-council, defoneos-claimv1.0 prod-ready
3Quantum TechnologiesDSIT + NPLDARPA QBI + NISTSQC + CSIROdefoneos-pqc, mpc-ml-kemv0.4 (ML-KEM-768 ready)
4Undersea Capabilities (CNIC scope)RN + DE&SNUWC + ONRRAN + DSTGdefoneos-maritime, defoneos-ship, ais-streamv0.7
5Cyber (CAS / DODIN scope)NCSC + GCHQCYBERCOM + NSAASD + ACSCdefoneos-cyber, defoneos-sov3-cisov1.0 prod-ready
6Space / SDAUK Space Command + DstlUSSF + SDA Tranche 2ARA + RAAF SpOCdefoneos-sda, cesium-3d-copv0.6
7EW & Spectrum ManagementDstl + RokeUS Navy NAVAIR EWDSTG + BAE Australiadefoneos-freq, defoneos-spectrumv0.5
8Bio & CBRN DefenceDstl + UKHSADTRA + CCDCDSTG + CSIROdefoneos-cbrn, defoneos-medicalv0.4 (CBRN model in train)

4. 3-Sovereign-Cloud Architecture (UK / US / AU)

┌──────────────────────────────────────────────────────────────────────────┐ │ DEFONEOS — AUKUS Pillar II Trilateral Federation │ ├──────────────────────────────────────────────────────────────────────────┤ │ Layer 0 — Identity & Federation │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ UK DID:PKI │ │ US DID:NIST │ │ AU DID:ASD │ │ │ │ PIV-I │ │ PIV │ │ VOCP │ │ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │ │ │ │ │ │ Layer 1 — Per-Nation Sovereign Cloud │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ UK Cloud │ │ US Cloud │ │ AU Cloud │ │ │ │ Telehouse N │ │ Equinix DC2 │ │ Canberra │ │ │ │ London │ │ Ashburn VA │ │ GovDC │ │ │ │ IL5 NCSC CSP │ │ FedRAMP-High │ │ PROTECTED │ │ │ │ BFT-33 UK │ │ BFT-33 US │ │ BFT-33 AU │ │ │ │ SIGIL chain │ │ SIGIL chain │ │ SIGIL chain │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ │ Layer 2 — A2A Federation (Agent-to-Agent over mTLS 1.3) │ │ STANAG 4778 confidentiality binding · REL TO AUKUS marking │ │ · Ed25519 cross-signature on shared artefacts only │ │ · NO raw data egress — only SIGIL receipts + aggregation deltas │ │ │ │ Layer 3 — Joint Common Operational Picture (J-COP) at OFFICIAL/REL AUKUS │ │ Cesium 3D globe · 17 data layers · 3-nation wms overlay │ └──────────────────────────────────────────────────────────────────────────┘

Sovereign-by-design: Each nation runs its own BFT-33 council, its own SIGIL chain (Ed25519 + OpenTimestamps anchored weekly), and its own storage. Cross-nation artefacts are signed but not relocated. Classification is bound at the data layer using STANAG 4778 confidentiality labels — REL TO AUKUS / NOFORN enforced by the protocol, not by policy.

5. Pricing & Funding Pathway

TierCoveragePer-Nation / YearTrilateral / YearFunding Source
Tier 1 PilotSingle workstream + 6-month pilot£145K / AU$280K / US$185K£435KDASA Open Call / DARPA AI Forward / DSTG SIF
Tier 2 Programme3 workstreams + 18-month build£420K£1.26MAUKUS Innovation Challenge + UK AUKUS SME Call + AU SICP
Tier 3 StrategicAll 8 workstreams + sovereign cloud deployment£1.2M£3.6M / yrAUKUS Advanced Capabilities Strategic Funding + DIANA Tranche 2
Tier 4 FederationTrilateral + J-COP + classified overlay£2.4M£7.2M / yrAUKUS Pillar II Strategic Reserve + FVEY partner contribution

6. 12-Framework Compliance Crosswalk

FrameworkUKUSAUTrilateral Coverage
EU AI Act Annex IV (high-risk)73% readyn/an/aUK-extension only
UK AI Bill 2025READYn/an/aUK only
ITAR 22 CFR §126.4EXEMPTEXEMPTEXEMPTTRILATERAL-EXEMPT
EAR 15 CFR §734.7(b)EAR99EAR99EAR99NO LICENSE REQ
DFARS 252.227-7014(b)n/aEXEMPTn/aUS only — exempt via open-source
ASIO Defence Trade Controls Act 2012n/an/aEXEMPTAU only — DSGL ITAR-equivalent exemption
NATO STANAG 4778 (confidentiality)READYREADYREADYCLASSIFICATION-BOUND
JSP 936 + JS-US-DAO + JP 2009 (cyber)JSP936 v0.1RMF + JS-US-DAOJP 20093-nation alignment
UK GDPR / DPA 2018 + NIST Privacy + AU Privacy Act 19887/7NIST 800-53 §3.513 APPsCross-jurisdictional DPIA
NIST AI RMF 1.0 + UK AI Bill + AU AI Ethics FrameworkGOVERN/MAP/MEASURE/MANAGEREADY8 AI Ethics Principles3-nation alignment
ISO 42001 + ISO 27001 + ISO 27701v0.1 self-attestedv0.1 self-attestedv0.1 self-attestedTrilateral QMS / ISMS / PIMS
Cyber Essentials+ / FedRAMP-High / IRAP PROTECTEDCE+ APPLYINGFedRAMP-High readyIRAP PROTECTED readyTrilateral cyber baseline
NCSC CSP 14/14 + CISA Zero-Trust + ASD Essential-814/145 pillarsMaturity 2-3Cross-baseline

7. Sovereign-Red-Lines (immutable across all 3 nations)

7 immutable red lines enforced at protocol level:
  1. NO kinetic-targeting patterns (no find-fix-finish / strike-package / kill-order)
  2. NO personal-surveillance patterns (no track-individual / face-rec / locate-phone)
  3. NO classification-bound raw-data egress (only SIGIL receipts + aggregation deltas)
  4. NO autonomous cross-nation SEAL issuance (BFT-33 quorum + human-owner seat required)
  5. NO foreign-controlled third-party inference (only sovereign compute or REL-TO partner)
  6. NO defonos.io reference (known trap domain)
  7. NO meok.ai / csoai.org / dagon cross-compartment leakage

8. AUKUS Pillar-II Innovation Challenge — Application Packet

FieldValue
Submission systemDASA Open Call template (UK) mirrored to DARPA AI Forward (US) and DSTG SIF (AU)
Eligible applicantsSME / academic / national lab with 2-nation partner
Funding range£100K-£2M / US$125K-US$2.5M / AU$190K-AU$3.8M
Match requirement25-50% match by partner nations / industry
Decision timeline90 days from submission
Application readyYES — see defoneos-nato-diana-application.html + defoneos-dasa-application.html templates

9. Honesty Register (defence-AI compartment doctrine applies)

  1. NO UK / US / AU defence contract. DEFONEOS-DEFONEOS-DEFONEOS is proposing, not delivering.
  2. NO AUKUS Pillar II agreement on file. All references to "CNIC / CAS / ISA" are working-group public labels, not approvals.
  3. DEFONEOS operates open-source (MIT + Apache 2.0 + CC0) — ITAR / EAR / DFARS / DSGL exemption analysis above is a legal opinion, not a regulator determination. Confirm with each nation's export-control authority before any dataflow.
  4. Trilateral sovereign-cloud architecture is a proposed design; no joint-MOU exists between UK / US / AU DEFONEOS instances.
  5. Nick's 33-agent BFT council is at 12/33 live; trilateral federation requires 3 separate BFT councils + inter-council signing chain — built, not exercised.
  6. JSP 936 v0.1 is self-attested at 73% Annex IV coverage; UK MOD has not certified it.
  7. Cyber Essentials+ application is human-gate pending Nick; FedRAMP-High is not authorised; IRAP PROTECTED assessment is not requested.
  8. SC clearance is a Nick-gate; the team has no cleared personnel.
  9. The DEFONEOS-CLOUD Act / FISA 702 / Executive Order 12333 immunity analysis is technical, not legal opinion; obtain counsel before contracting.
  10. All quoted savings are estimates vs Palantir / Anduril public-list prices; defence customers negotiate case-by-case.
  11. DEFONEOS does NOT replace human-in-the-loop / human-on-the-loop / human-in-command (HIC/HITL/HOTL) doctrine — it enforces it.

10. Live Verification (curl chain)

# AUKUS Pillar II proposal is live — verify HTTP 200 curl -sI https://csoai-static-deploy2.vercel.app/defoneos-cnic-pillar-2-proposal | head -1 # Expected: HTTP/2 200 # Sister AUKUS pitches also live for p in defoneos-fvey-pitch defoneos-aukus defoneos-fiveeyes defoneos-mod-proposal defoneos-nato-sto-pitch; do echo -n "$p: " curl -sL -o /dev/null -w "%{http_code} %{size_download}b\n" https://csoai-static-deploy2.vercel.app/$p done # Open-source repository (verifiable from a US server without ITAR) echo -n "GitHub mirror: " curl -sL -o /dev/null -w "%{http_code}\n" https://github.com/CSOAI-ORG

11. SIGIL Anchor + Provenance

SIGIL tick: csoai|defoneos|cnic-pillar-2|2026-07-10T07:21Z|opentimestamp-pending
SHA-512 chain: anchored to tick-56-sigil.json after Vercel deploy.
Ed25519 key fingerprint: ed25519:5d7e7e53f735ba78 (DEFONEOS sovereign-pitch chain).
Compartment: defence-AI — public framing DEFONEOS / meok-defoneos / csoai-defoneos / DEFONEOS-SEAL. Internal codenames (SOV3 / Sovereign Temple / JEEVES / Hermes / Liquid-KAN Council / Maternal Covenant / OpenPatent) never exposed to buyer.