EU AI Act Article 50 — 20 days to seal | Get passport
🐉

Deployer Obligations for Defence & Security AI

EU AI Act Art 26 · Deployer-as-customer obligations · HITL implementation · Log retention 6mo+ · FRIA support · Information to natural persons · DPA notification · EAT Directive aligned

EU AI ACT ART 26 DEPLOYER OBLIGATION ACTIVE
10
Deployer Obligations
7
Deployment Categories
6mo+
Log Retention (min)
30d
FRIA Cooperation SLA
14
Affected-Person Notices
100%
HITL Coverage

What Article 26 Imposes on Deployers

Article 26 of the EU AI Act is the deployer's primary compliance layer. While Article 14 governs human oversight at the provider level, Article 26 specifies what an organisation must do when putting a high-risk AI system to work in the real world. For defence, intelligence, and security deployments, Article 26 obligations are not "nice-to-have" — they are structural requirements for legal, ethical, and operational deployment.

The 10 core deployer obligations in Article 26 cover: (1) use per the provider's instructions, (2) human oversight assignment, (3) monitoring of operation, (4) log retention, (5) information to natural persons, (6) FRIA cooperation, (7) data protection authority notification, (8) cooperation with fundamental-rights impact assessment, (9) quality-management link, and (10) informing the provider of serious incidents.

DEFONEOS provides deployer-side tooling that satisfies these requirements by construction: every deployer obligation maps to a substrate feature that the deployer activates at deployment-time. The deployer does not need to build compliance from scratch — they activate the relevant deployer-side compliance profile and pass the operator-naming configuration to it.

10 Deployer Obligations — Mapped to DEFONEOS Substrate

1
Use per Provider's Instructions (Art 26(1))

The deployer must use the system in accordance with the provider's instructions. DEFONEOS provides per-deployment usage instructions at /<deployment>/instructions-for-use per Article 13: intended purpose, accuracy/robustness/cybersecurity metrics, known risks, human-oversight requirements, lifetime/maintenance expectations, logging/interpretability protocol, performance metrics, limitations, deployer-Art-26 obligations, and support. These instructions are machine-readable: a deployer-side linter reads them and rejects configuration that violates the constraints.

2
Assign Human Oversight to Named, Trained Persons (Art 26(2))

The deployer must assign human oversight to natural persons with the required competence, training, and authority. DEFONEOS deployment templates include an "operator registry" that requires: (a) named natural person per role (HITL approver, HIC, kill-switch bearer, council voter, external auditor liaison), (b) verification of training attestation (each operator must have passed the DEFONEOS-OPS-101 module), (c) succession rules so that no role is vacant for >1 hour without a hot backup, (d) attestation that the role is within the human's competence and authority. The registry is SIGIL-signed and rotation is recorded.

3
Monitor Operation for Risks (Art 26(5))

The deployer must monitor the AI system's operation for risks and take appropriate action. DEFONEOS provides a live monitoring dashboard at /<deployment>/oversight/dashboard that surfaces: action rate vs baseline, intervention rate by operator (privacy-preserving aggregate), BFT vote tally, kill-switch-ready status, red-line trigger history, drift metrics on input distributions, performance decay against the baseline, and audit-trail integrity hash. Monitoring rules are configurable per deployment.

4
Retain Logs for ≥6 Months (Art 26(6,7))

Deployers must keep the logs automatically generated by the high-risk AI system for at least 6 months. The logs must be sufficient to allow reconstruction of the system's operation and identification of risks. DEFONEOS provides three retention tiers: HOT (Redis-backed, 6 months, sub-second query), WARM (object storage, 5 years, query within minutes), COLD (WORM storage, indefinite, query requires SIGIL-signed request). Logs include: action ID, proposer, approver, BFT outcome, kill-switch status, red-line check, output, side-effects, external-actor interaction.

5
Inform Natural Persons of AI Use (Art 26(11))

Where a deployer uses a high-risk AI system to make decisions affecting natural persons, the natural persons must be informed. DEFONEOS provides a "notice template" generator that produces: (a) the AI-identity disclosure, (b) a plain-language explanation of the decision and its effects, (c) the redress pathway, (d) the data-rights summary. The notice is delivered per deployment policy: in-product banner, email, paper notice, or in-person briefing. The notice can be pre-written by the deployer and approved by legal before templated.

6
Cooperate with FRIA (Art 26(7)+(27))

Deployers of certain high-risk AI systems must support the provider's fundamental-rights impact assessment. DEFONEOS provides an "FRIA data pack" generator that packages the deployment-context data needed to complete an FRIA: scope (deployment region, affected persons, use case), human-oversight configuration, monitoring metrics, risk-treatment evidence, public-consultation summary. The pack is delivered to the provider within 30 days of FRIA initiation, and updated annually or on material change.

7
Inform Provider & Market Surveillance Authority of Serious Incidents (Art 26(8))

The deployer must inform the provider and, where applicable, the market surveillance authority of any serious incident. DEFONEOS detects and routes incidents through a "serious-incident pipeline": (a) detection at substrate level (red-line trigger, performance decay, anomalous output), (b) classification (per Article 3(49) definitions), (c) evidence packaging (full SIGIL chain + audit-trail snapshot + red-team-style reconstruction), (d) notification dispatch to provider + authority + regulator within 15 days (or 72h for critical incidents). The pipeline is auditable end-to-end.

8
Cooperate with Competent Authorities (Art 26(7))

Deployers must cooperate with competent authorities in any action they take in relation to the AI system. DEFONEOS provides a "regulator access protocol" at /<deployment>/regulator-access: regulators with proper authority can run a SIGIL-verified query against the deployment's audit trail, request evidence exports in 6 standard formats (SIGIL log, OSCAL, JSON-LD, CSV, PDF, XCCDF), and request suspension of action pending review. All access requests are SIGIL-logged at request-time.

9
Link Deployer QMS to Provider QMS (Art 17+26)

Where the deployer operates in a regulated domain (medical, financial, defence, infrastructure), its quality-management system must interface with the provider's QMS. DEFONEOS provides a "QMS bridge" — a SIGIL-signed exchange between provider QMS and deployer QMS, with change-control governed by both sides. The bridge ensures that version updates, configuration changes, and serious incidents in either QMS propagate to the other with appropriate escalation.

10
BIND to the Provider's Change-Notice Pipeline (Art 26(8))

When the provider releases a new version, fixes a red-line trigger, or issues a serious-incident note, the deployer must respond. DEFONEOS provides a "subscribe to provider notices" channel: signed notices flow to the deployer's compliance owner within 24h; deployment updates queue for review; and the deployer is reminded if it has not acted within the SLA. The pipeline is bidirectional — deployer-issued incident reports flow back up to the provider.

7 Deployment Categories — Defence / Security Specific

Category 1 — Intelligence Product Generation

Use case: AI-assisted drafting of all-source intelligence products. Deployer obligations include: HITL approval for any product released externally; SIGIL audit trail for every product version; 6-month log retention; PII redaction before release; collaboration with the Information Commissioner's Office (UK) / national DPA.

Category 2 — Target Detection & Identification (Non-Kinetic)

Use case: AI-assisted identification of objects, persons of interest, vehicles, infrastructure. Deployer obligations include: HITL approval for any identification used in operational decisions; "identification confidence" disclosure to decision-makers; cross-deconfliction with other identification sources; kill-switch readiness; red-line check on named-person targeting.

Category 3 — Predictive Threat Assessment

Use case: AI-assisted threat scoring, early-warning analysis, anomaly detection. Deployer obligations include: HITL approval for any threat assessment used in operational escalation; FRIA completion for civil-impact assessments; human-oversight on threshold-setting; rights-of-challenge for assessed individuals; QMS integration with intelligence cycle.

Category 4 — Cyber Defence & Takedown Authorisation

Use case: AI-assisted cyber defence, signature detection, takedown of adversary infrastructure. Deployer obligations include: HITL approval for any offensive cyber action (BFT-council-bound); NCSC coordination for UK-sector takedowns; red-line check on civilian infrastructure; SIGIL audit-trail for every action; after-action review triggered automatically.

Category 5 — Decision-Support for Operational Planning

Use case: AI-assisted option generation for operational planning (non-targeting). Deployer obligations include: HITL review of every plan variant; SIGIL audit-trail for plan provenance; "advisory-only" labelling of all AI-generated variants; DPO engagement on data sources; separation of training data from operational data.

Category 6 — Coalition / Partner Information Sharing

Use case: AI-assisted preparation of intelligence products for sharing with allied partners. Deployer obligations include: HITL approval with two-person (OIC + Legal) for every cross-border release; receiver-side attestation; SIGIL provenance for shared products; data-spillage detection; redaction protocol.

Category 7 — Civilian / Public-Facing Use

Use case: AI-assisted public information, queries, advisory support. Deployer obligations include: clear AI-identity disclosure; accessible explanation; equity review for service populations; FRIA completion (Art 27); DPO engagement for personal data; kill-switch readiness.

14 Affected-Person Notice Templates

#Notice TypeAudienceChannelFrequency
1AI identity disclosureAll natural personsBannerFirst interaction
2Decision rationaleSubject of decisionReceipt + redress linkPer decision
3Explanation request pathwaySubject of decisionWeb formOn request, ≤30 d
4Redress pathwaySubject of decisionWeb form + postOn request
5Data-rights summary (UK GDPR Art 13/14)Subject of processingWeb + paperOn collection
6Human-review pathwaySubject of automated decisionReceipt + formWith decision
7FRIA public summaryAffected communityWeb (anonymised)Per FRIA cycle
8Serious-incident noticeAffected personsDirect + webWithin 15 days
9Provider change noticeAffected persons + deployerWeb + emailPer change
10Opt-out pathwayPersons who object to AI assessmentWeb formAlways available
11Data-deletion requestData subjectsWeb formOn request, ≤30 d
12Compensation pathwayPersons harmed by AI decisionWeb form + legalOn harm
13Council-vote notificationAffected parties (where publishable)Web30 days post-vote
14Kill-switch notificationOperator + HIC + DPOConsole + SMS + paperWithin 2 seconds

Deployer Compliance Profile (DCP)

What is a DCP?

A Deployer Compliance Profile (DCP) is a JSON document that captures the configuration of DEFONEOS for a specific deployment. It maps each Article 26 obligation to the deployer-side configuration that satisfies it. The DCP is SIGIL-signed and versioned. Deployer-side linters can verify a DCP meets compliance profile requirements.

The DCP has the following structure:

{
  "deployment_id": "defoneos-mod-cybersec-2026-07",
  "provider": "CSOAI LTD, UK 16939677",
  "version": "4.7.2",
  "provider_compliance_profile": "CDef-A26-v3",
  "deployer": {
    "name": "Ministry of Defence (UK example)",
    "country": "GB",
    "regulator_authority": "ICO + NCSC + Defence-AI-Forum"
  },
  "obligations": {
    "o1_use_per_instructions": {"verified": true, "linter": "pass", "evidence_ref": "/logs/o1-2026-07-01.json"},
    "o2_human_oversight_assignment": {"verified": true, "registry_ref": "/registry/operators-2026-07.json"},
    "o3_monitor_operation": {"verified": true, "dashboard_url": "/dashboard"},
    "o4_log_retention_6mo": {"verified": true, "retention_tier": "HOT", "retention_period_days": 180},
    "o5_inform_natural_persons": {"verified": true, "notice_template_ref": "/templates/notice-v3.html"},
    "o6_cooperate_with_fria": {"verified": true, "fria_pack_ref": "/fria/2026-Q3.json"},
    "o7_serious_incident_notification": {"verified": true, "pipeline_url": "/serp/v2"},
    "o8_cooperate_with_authorities": {"verified": true, "regulator_access_url": "/regulator-access"},
    "o9_qms_bridge": {"verified": true, "bridge_ref": "/qms/bridge-2026.json"},
    "o10_change_notice_subscribe": {"verified": true, "subscribe_ref": "/provider-channel/2026"}
  },
  "deployment_categories_active": ["intel_prod", "cyber_def", "decision_support"],
  "categories_permitted": ["intel_prod", "cyber_def", "decision_support", "civil_public_use"],
  "categories_prohibited": ["target_kinetic", "named_person_targeting", "civil_harm_optimisation"],
  "signed_by": "Ed25519:defoneos-dcp-signer-v1",
  "issued_at": "2026-07-01T00:00:00Z",
  "valid_until": "2027-07-01T00:00:00Z"
}

12-Framework Crosswalk

FrameworkArticle / ClauseDEFONEOS Mapping
EU AI ActArticle 2610 obligations + 7 categories + 14 notices + DCP
EU AI ActArticle 13 (instructions for use)Per-deployment instructions + linter
EU AI ActArticle 14 (human oversight)Operator registry + council + kill-switch
EU AI ActArticle 27 (FRIA for deployers)FRIA data pack generator
GDPRArticle 13 + 14 (information to data subjects)Notice templates 5, 10
GDPRArticle 22 (automated decisions)Notice templates 6, 10
GDPRArticle 33 (data breach notification)Serious-incident pipeline
UK GDPR + DPA 2018Same as GDPRSame as EU
ISO/IEC 42001 (AI Management)Annex A.9 (AI system operation)DCP + monitoring + change-notice
ISO/IEC 27001 (InfoSec)A.8 (asset management) + A.16 (incident)Log retention + serious-incident pipeline
NIST AI RMFMANAGE 4 (AI system operation)10 obligations + DCP
NATO AI StrategyResponsible AI Use Principles10 obligations + council + kill-switch

Honesty Register

What DEFONEOS does NOT claim about deployer obligations

🛡️ Ready to put DEFONEOS to work?

7 personas · 5 tiers · 30-second signup · free 30-day sandbox for regulators and end-users.

Sign up · Ed25519-signed receipt → For Defence Primes For Regulators (Free) Series A — £45-90M Round
ED25519 SIGIL receipts · UK-sovereign · AUKUS-compatible · T-27 days to EU AI Act