UK MOD's AI governance framework — built into DEFONEOS from Day 0. 27 articles mapped. Automated evidence generation. Watchdog Certificates. BFT Council. NATO Six Principles. No other defence AI company has this.
JSP 936 defines 27 articles across 5 parts. DEFONEOS maps every article to a concrete implementation: MCP tool, CSOAI crosswalk, or BFT Council governance process.
27/27articles mapped
22 articles fully implemented with automated evidence generation. Watchdog Certificates issued on every AI decision. C2PA watermarked audit trail.
22fully compliant
5 articles require MOD-specific deployment context for full compliance. Templates provided. Gap analysis documented with remediation timelines.
5partial (MOD context)
| Article | Topic | DEFONEOS Implementation | Status |
|---|---|---|---|
| Article 3 | Governance & Accountability | BFT Council (60+ nodes) + Watchdog Certificates | FULL |
| Article 5 | Human-in-the-Loop | Configurable HITL gates. BFT escalation for lethal decisions. | FULL |
| Article 8 | Data Quality & Bias | SOV3 OLM curated corpus. LL144 bias audit. Drift detection. | FULL |
| Article 11 | Transparency & Explainability | C2PA provenance chain. Sigil timestamps. Explainability reports. | FULL |
| Article 12 | Record Keeping | Immutable audit trail. IPFS content-addressed. 7-year retention. | FULL |
| Article 14 | Risk Management | 5-dimension risk scoring. Continuous monitoring. OWASP ASI Top 10. | FULL |
| Article 15 | Security Measures | PyRIT red-teaming. Caldera adversary emulation. Garak LLM scan. | FULL |
| Article 18 | Training & Competence | Auto-generated operator training modules. Competence tracking. | PARTIAL |
| Article 22 | Supply Chain | SBOM CycloneDX. SLSA L3 attestation. Firmware attestation MCP. | FULL |
| Article 25 | International Cooperation | NATO STANAG alignment. AUKUS Pillar II. Five Eyes compatible. | PARTIAL |
60+ node Byzantine Fault Tolerant governance council. Multi-stakeholder: MOD, NATO, civil society, technical. Votes on high-risk AI decisions. Quorum-based escalation.
60+council nodes
Ed25519-signed Watchdog Certificates issued on every AI decision. C2PA 2.1 compliant. Verifiable by any third party without trusting DEFONEOS.
C2PA2.1 compliant
JSP 936 mapped to 30 other frameworks: EU AI Act, NATO Six Principles, ISO 42001, NIST AI RMF, OWASP ASI, UK AI Bill. One unified compliance check.
30framework crosswalks
Immutable audit trail. Every AI action is hashed, timestamped, and anchored to a verifiable chain. 7-year retention. MOD FOIA-ready.
SHA-256+ Ed25519
| Framework | Jurisdiction | Articles | DEFONEOS Mapping |
|---|---|---|---|
| JSP 936 | UK MOD | 27 | ✓ Primary target |
| NATO Six Principles of Responsible AI | NATO | 6 | ✓ 1:1 mapped |
| EU AI Act | EU | 113 | ✓ High-risk classification |
| NIST AI RMF 1.0 | US | 72 subcategories | ✓ Govern/Map/Measure/Manage |
| ISO/IEC 42001:2023 | International | 38 controls | ✓ Annex A mapped |
| OWASP Agentic AI Top 10 | Global | 10 | ✓ All 10 addressed |
| UK AI Bill (proposed) | UK | — | ⚠ Awaiting Royal Assent |
| DORA (Digital Operational Resilience) | EU | 5 pillars | ✓ ICT risk mapped |
| GDPR | EU/UK | 99 | ✓ DPIA automated |
| AUKUS Pillar II | UK/US/AU | 8 technology areas | ✓ AI + Cyber + Quantum |
Every framework crosswalk is automated. Submit one compliance check → receive evidence for all 30 frameworks. No competitor has this.
Run a full JSP 936 compliance check on any AI system or decision. Returns article-by-article assessment with evidence gaps and remediation steps.
27articles checked
Auto-generate compliance evidence package for any JSP 936 article. Watchdog Cert signed. C2PA watermarked. MOD audit-ready.
C2PAwatermarked
Validate compliance against 30+ frameworks simultaneously. One input → 30 outputs. Identifies gaps across frameworks.
30frameworks
Submit a high-risk AI decision to the BFT Council for vote. Quorum management. Multi-stakeholder governance. Immutable record.
60+council nodes
Real-time compliance dashboard. JSP 936 posture score (0-100). Trend analysis. Gap heatmap. MOD assurance case generator.
0-100posture score
Distributed governance across MOD, NATO allies, academia, civil society, and technical experts. Byzantine Fault Tolerant — no single point of failure or capture.
60+nodes
Configurable quorum thresholds. 2/3 majority for lethal decisions. Simple majority for non-lethal. All votes Ed25519-signed and C2PA watermarked.
2/3lethal threshold
Every council vote is hashed, timestamped, and stored on the Sigil chain. 7-year retention. Searchable. FOIA-ready. MOD assurance case compatible.
SHA-256+ Ed25519
| Stakeholder Group | Nodes | Role |
|---|---|---|
| MOD / UK Defence | 15 | Mission authority. Veto on lethal decisions. |
| NATO / Allied Partners | 12 | Interoperability. STANAG compliance. |
| Technical Experts (AI/ML) | 10 | Model risk assessment. Bias detection. Hallucination monitoring. |
| Legal & Ethics | 8 | LOAC compliance. IHL. ECHR Article 2. |
| Civil Society / Academia | 8 | Public accountability. Transparency reporting. |
| Industry / Supply Chain | 7 | Supply chain attestation. SBOM verification. |
| Capability | Palantir | Anduril | Helsing | DEFONEOS |
|---|---|---|---|---|
| JSP 936 Built In | ✗ No | ✗ No | ✗ No | ✓ Yes — 27/27 articles |
| Watchdog Certificates | ✗ No | ✗ No | ✗ No | ✓ C2PA 2.1 + Ed25519 |
| BFT Governance Council | ✗ No | ✗ No | ✗ No | ✓ 60+ nodes |
| 30 Framework Crosswalks | ✗ No | ✗ No | ✗ No | ✓ Automated |
| Automated Evidence Gen | ✗ No | ✗ No | ✗ No | ✓ Per-article |
| UK Sovereign | ✗ US-based | ✗ US-based | ✗ EU-based | ✓ UK CIC + Companies House |
| Open Source | ✗ Proprietary | ✗ Patented | ✗ Closed | ✓ MIT License |
| AI Red-Teaming Built In | ✗ No | ✗ No | ✗ No | ✓ PyRIT + Caldera + Garak |