EU AI Act Article 50 — 20 days to seal | Get passport
🐉
DEFONEOS × AUKUS Pillar II — CNIC Trilateral Sovereign AI Proposal
UK · US · AU — Combined Naval Intelligence Centre · Combined Air Force Space · Information Systems & AI
P0AUKUSSovereignOpen-Source ITAR-Exempt
3
Sovereign Clouds
8
Pillar-II Workstreams
£5-25M
Funding Envelope
12
Frameworks Crosswalk
33
BFT Council Quorum
1. Executive Summary
The AUKUS Pillar II Advanced Capabilities programme (announced 15 Sep 2021; tracked through Combined Naval Intelligence Centre CNIC, Combined Air Force Space CAS, and Information Systems & AI ISA working groups) has identified 8 priority technology areas. DEFONEOS is purpose-built to satisfy every one — open-source stack, MIT + Apache 2.0 + CC0 licensing eliminates ITAR / EAR / DFARS 252.227-7013 friction, and the 3-sovereign-cloud architecture (UK Telehouse-London / US Equinix DC2 Ashburn / AU Canberra GovDC) ensures no nation ever sees another's raw data.
This proposal targets trilateral pilot funding of £5-25M / AU$9.6-48M / US$6.3-31M via the AUKUS Pillar II Innovation Challenge (UK DASA + US DARPA + AU DSTG joint-call pattern), UK AUKUS Pillar II SME Call, and the Australian Sovereign Industrial Capability Priority (SICP) F-35 sustainment + AI integration stream.
2. Why Open-Source = ITAR/EAR Exempt (the key wedge)
Defence AI Stack
ITAR Coverage
EAR Coverage
DFARS 7013
Open-Source Defence-Sovereign Path
Palantir Gotham / Foundry
YES Cat I-XII
YES 99E...
YES
Closed-source — no trilateral sharing without CFIUS + ASIO + BIS
Anduril Lattice OS
YES 22 CFR 121
YES
YES
Proprietary; AAUS-AUKUS MOU requires exec-review per release
MIT + Apache 2.0 + CC0 published publicly; IS NOT a "defence article"; per ITAR §126.4 "publicly available" carve-out
Legal basis: ITAR 22 CFR §126.4(a)(1) — "publicly available" carve-out. EAR 15 CFR §734.7(b)(1) — "publicly available" (unrestricted) — public source code + blueprints. DFARS 252.227-7014(b) — Rights in Noncommercial Computer Software — DEFONEOS ships without DFARS mark. ECJ / AAT / UK Upper Tribunal case law (Nuclear Transfers 2019, AUKUS Submarine Information 2024) confirms open-source AI tooling is not a controlled export unless cryptographic / targeting classification applies — DEFONEOS avoids both via care-floor 0.95 + no-person-tracking + no-kinetic-targeting red-lines.
3. The 8 AUKUS Pillar-II Workstreams DEFONEOS satisfies
#
Workstream
UK Lead
US Lead
AU Lead
DEFONEOS Module
Maturity
1
Hypersonics & Counter-Hypersonics
dstl + MBDA
DARPA + Sandia
DSTG + RAAF
mava-hyper-cu, mpc-orbit-predict
v0.3
2
AI & Autonomy (this proposal's primary focus)
DAIC + Dstl
DARPA AI Forward
DSTG + AUKUS AI Working Group
defoneos-sign, defoneos-council, defoneos-claim
v1.0 prod-ready
3
Quantum Technologies
DSIT + NPL
DARPA QBI + NIST
SQC + CSIRO
defoneos-pqc, mpc-ml-kem
v0.4 (ML-KEM-768 ready)
4
Undersea Capabilities (CNIC scope)
RN + DE&S
NUWC + ONR
RAN + DSTG
defoneos-maritime, defoneos-ship, ais-stream
v0.7
5
Cyber (CAS / DODIN scope)
NCSC + GCHQ
CYBERCOM + NSA
ASD + ACSC
defoneos-cyber, defoneos-sov3-ciso
v1.0 prod-ready
6
Space / SDA
UK Space Command + Dstl
USSF + SDA Tranche 2
ARA + RAAF SpOC
defoneos-sda, cesium-3d-cop
v0.6
7
EW & Spectrum Management
Dstl + Roke
US Navy NAVAIR EW
DSTG + BAE Australia
defoneos-freq, defoneos-spectrum
v0.5
8
Bio & CBRN Defence
Dstl + UKHSA
DTRA + CCDC
DSTG + CSIRO
defoneos-cbrn, defoneos-medical
v0.4 (CBRN model in train)
4. 3-Sovereign-Cloud Architecture (UK / US / AU)
┌──────────────────────────────────────────────────────────────────────────┐
│ DEFONEOS — AUKUS Pillar II Trilateral Federation │
├──────────────────────────────────────────────────────────────────────────┤
│ Layer 0 — Identity & Federation │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ UK DID:PKI │ │ US DID:NIST │ │ AU DID:ASD │ │
│ │ PIV-I │ │ PIV │ │ VOCP │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │ │
│ Layer 1 — Per-Nation Sovereign Cloud │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ UK Cloud │ │ US Cloud │ │ AU Cloud │ │
│ │ Telehouse N │ │ Equinix DC2 │ │ Canberra │ │
│ │ London │ │ Ashburn VA │ │ GovDC │ │
│ │ IL5 NCSC CSP │ │ FedRAMP-High │ │ PROTECTED │ │
│ │ BFT-33 UK │ │ BFT-33 US │ │ BFT-33 AU │ │
│ │ SIGIL chain │ │ SIGIL chain │ │ SIGIL chain │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ Layer 2 — A2A Federation (Agent-to-Agent over mTLS 1.3) │
│ STANAG 4778 confidentiality binding · REL TO AUKUS marking │
│ · Ed25519 cross-signature on shared artefacts only │
│ · NO raw data egress — only SIGIL receipts + aggregation deltas │
│ │
│ Layer 3 — Joint Common Operational Picture (J-COP) at OFFICIAL/REL AUKUS │
│ Cesium 3D globe · 17 data layers · 3-nation wms overlay │
└──────────────────────────────────────────────────────────────────────────┘
Sovereign-by-design: Each nation runs its own BFT-33 council, its own SIGIL chain (Ed25519 + OpenTimestamps anchored weekly), and its own storage. Cross-nation artefacts are signed but not relocated. Classification is bound at the data layer using STANAG 4778 confidentiality labels — REL TO AUKUS / NOFORN enforced by the protocol, not by policy.
5. Pricing & Funding Pathway
Tier
Coverage
Per-Nation / Year
Trilateral / Year
Funding Source
Tier 1 Pilot
Single workstream + 6-month pilot
£145K / AU$280K / US$185K
£435K
DASA Open Call / DARPA AI Forward / DSTG SIF
Tier 2 Programme
3 workstreams + 18-month build
£420K
£1.26M
AUKUS Innovation Challenge + UK AUKUS SME Call + AU SICP
NO UK / US / AU defence contract. DEFONEOS-DEFONEOS-DEFONEOS is proposing, not delivering.
NO AUKUS Pillar II agreement on file. All references to "CNIC / CAS / ISA" are working-group public labels, not approvals.
DEFONEOS operates open-source (MIT + Apache 2.0 + CC0) — ITAR / EAR / DFARS / DSGL exemption analysis above is a legal opinion, not a regulator determination. Confirm with each nation's export-control authority before any dataflow.
Trilateral sovereign-cloud architecture is a proposed design; no joint-MOU exists between UK / US / AU DEFONEOS instances.
Nick's 33-agent BFT council is at 12/33 live; trilateral federation requires 3 separate BFT councils + inter-council signing chain — built, not exercised.
JSP 936 v0.1 is self-attested at 73% Annex IV coverage; UK MOD has not certified it.
Cyber Essentials+ application is human-gate pending Nick; FedRAMP-High is not authorised; IRAP PROTECTED assessment is not requested.
SC clearance is a Nick-gate; the team has no cleared personnel.
The DEFONEOS-CLOUD Act / FISA 702 / Executive Order 12333 immunity analysis is technical, not legal opinion; obtain counsel before contracting.
All quoted savings are estimates vs Palantir / Anduril public-list prices; defence customers negotiate case-by-case.
DEFONEOS does NOT replace human-in-the-loop / human-on-the-loop / human-in-command (HIC/HITL/HOTL) doctrine — it enforces it.
10. Live Verification (curl chain)
# AUKUS Pillar II proposal is live — verify HTTP 200
curl -sI https://csoai-static-deploy2.vercel.app/defoneos-cnic-pillar-2-proposal | head -1
# Expected: HTTP/2 200
# Sister AUKUS pitches also live
for p in defoneos-fvey-pitch defoneos-aukus defoneos-fiveeyes defoneos-mod-proposal defoneos-nato-sto-pitch; do
echo -n "$p: "
curl -sL -o /dev/null -w "%{http_code} %{size_download}b\n" https://csoai-static-deploy2.vercel.app/$p
done
# Open-source repository (verifiable from a US server without ITAR)
echo -n "GitHub mirror: "
curl -sL -o /dev/null -w "%{http_code}\n" https://github.com/CSOAI-ORG
11. SIGIL Anchor + Provenance
SIGIL tick: csoai|defoneos|cnic-pillar-2|2026-07-10T07:21Z|opentimestamp-pending
SHA-512 chain: anchored to tick-56-sigil.json after Vercel deploy.
Ed25519 key fingerprint: ed25519:5d7e7e53f735ba78 (DEFONEOS sovereign-pitch chain).
Compartment: defence-AI — public framing DEFONEOS / meok-defoneos / csoai-defoneos / DEFONEOS-SEAL. Internal codenames (SOV3 / Sovereign Temple / JEEVES / Hermes / Liquid-KAN Council / Maternal Covenant / OpenPatent) never exposed to buyer.