No US cloud. No vendor lock-in. No foreign jurisdiction. Britain builds its own defence AI โ and controls it completely.
CSOAI Ltd is UK-incorporated. No CLOUD Act. No foreign subpoena.
Companies House 16939677. British law. British data. British control.
Mac edge (M2/M3/M4) + GCP UK region + Air-gap capable
Every action cryptographically signed. Full audit trail. Quantum-safe path.
The Clarifying Lawful Overseas Use of Data Act allows US law enforcement to compel US companies to hand over data โ even if that data is stored in the UK. If the UK MOD uses Palantir, Anduril, Microsoft, or AWS, US authorities can access UK defence data through legal compulsion on the US company.
| Vendor | HQ | CLOUD Act? | Risk to UK Defence Data |
|---|---|---|---|
| Palantir Technologies | Denver, USA | YES | US DOJ can compel data access regardless of UK storage location |
| Anduril Industries | Costa Mesa, USA | YES | Lattice OS data subject to US legal process |
| Microsoft Azure (Gov) | Redmond, USA | YES | Even UK South region is accessible via CLOUD Act |
| AWS (UK Region) | Seattle, USA | YES | US company = CLOUD Act jurisdiction |
| Google Cloud | Mountain View, USA | YES | Same exposure as all US-incorporated providers |
| CSOAI Ltd (DEFONEOS) | UK | NO | UK company. UK law only. No US jurisdiction. |
DEFONEOS operates on a sovereign compute mesh โ no component touches US-jurisdiction infrastructure.
| Tier | Hardware | Role | Location | Jurisdiction |
|---|---|---|---|---|
| Edge | Jetson Orin / Raspberry Pi 5 | Forward-deployed inference. Air-gap capable. | Field / tactical | UK sovereign |
| Mac Mesh | M4 + M3 + M2 Apple Silicon | Primary orchestration + model inference | iOK Farm, UK | UK sovereign |
| Cloud | GCP VM (UK region) | Live autonomous stack, federation, web-facing | London/UK | UK region only |
DEFONEOS runs sovereign AI models locally. No data sent to OpenAI/Anthropic/Google APIs in the defence path.
14 local models via Ollama. Routes queries to best model without external API calls. Trained on sovereign corpus (49GB).
Open-weight models running on Apple Silicon. No telemetry. No data exfiltration. Full offline operation.
State-space model compresses 1Hz SIGIL stream into 16-dim state vector. 40-second lead time on emerging threats.
33 independent AI agents must reach consensus before any classified action. Byzantine fault tolerant. JSP 936 auditable.
| Capability | Palantir Gotham | DEFONEOS |
|---|---|---|
| Source code | Closed | Open (MIT/Apache) |
| Data residency | US jurisdiction | UK only |
| Audit trail | Proprietary logs | Ed25519 SIGIL chain |
| Governance | Corporate policy | BFT 33-node council |
| Air-gap operation | No | Yes (full) |
| Interoperability | Proprietary APIs | MCP / A2A / CoT / TAK |
| PQC roadmap | Undisclosed | ML-DSA-65 + ML-KEM-768 |
| Price (annual) | ยฃ10M-ยฃ100M+ | Free / ยฃ30K-ยฃ300K |
CSOAI Ltd is incorporated in England & Wales. All data processing is governed exclusively by UK law (UK GDPR, DPA 2018). No foreign government can compel access.
Every component runs fully offline. Edge nodes (Jetson, Pi) operate without any network. Sovereign SIGIL chain records locally, syncs when connectivity returns.
Every data access, every AI decision, every system action is logged to an Ed25519-signed hash chain. Tamper-evident. Auditor-verifiable. JSP 936 compatible.
In defence mode, zero data leaves the sovereign mesh. No OpenAI, Anthropic, Google, or AWS calls. All inference runs on local Apple Silicon / Jetson.
PQC migration roadmap: ML-DSA-65 (Dilithium) for signatures, ML-KEM-768 (Kyber) for key exchange. NIST PQC standard. 90-day key rotation cycle.
| Framework | Status | Evidence |
|---|---|---|
| UK GDPR / DPA 2018 | โ Compliant | UK company, UK data residency, data minimisation by design |
| Cyber Essentials | ๐ In Progress | Application started via IASME. Firewalls, access control, malware protection in place. |
| UK SC Clearance | ๐ Initiated | 4-6 week process started for key personnel. |
| JSP 440 (Security) | โ Aligned | Zero Trust architecture, PQC roadmap, air-gap capability |
| JSP 936 (AI Safety) | โ Generator v0.1 | BFT council governance, SIGIL audit chain, 3-layer compliance assertion |
| NATO STANAG 4778 | โ Compatible | Ed25519 labelling, CoT/TAK interop, STANAG 5516 tactical data link |
DEFONEOS is sovereign (UK-controlled) but designed for interoperability with NATO and AUKUS allies. Sovereignty means the UK controls its own capability โ not that it can't share.
| Partner | Relationship | Status |
|---|---|---|
| MOD | Primary customer. First contact target. | Outreach in progress |
| Home Office | Civil security, border, counter-terror use cases | Identified |
| NCA | Organised crime intelligence fusion | Identified |
| NCSC | Cyber security, CISP integration | Identified |
| GCHQ | SIGINT, classified deployments | Long-term target |
| NHS | Civil resilience, mass casualty, pandemic response | Identified |
| UKDI | Defence Innovation โ regional engagement | Email drafted |
| DASA | Defence and Security Accelerator โ grant funding | Application queued |
| NATO DIANA | Dual-use AI accelerator | Application queued |
Britain cannot be truly sovereign if its defence AI is built, hosted, and controlled by a foreign power. DEFONEOS gives the UK its OWN capability โ open, auditable, affordable, and interoperable with allies on British terms.