DEFONEOS is positioned as the Defence AI Operating System. UK MOD / NATO / AUKUS procurement-ready. Crown Procurement Act 2023 §19 single-supplier + §62 framework call-off. JSP 936/440/604 baseline. Defence Safety Reg Body (DSRB) compatible. SC + International personnel clearance pathway.
£50K–£500K
Annual contract band
90 d
Sovereign pilot
5-of-7
Shamir custodian threshold
23/33
BFT council quorum
£252K
Pilot price ex-VAT
Tier
Crown RFQ
UK MOD + NATO + AUKUS buyers. Procurement Act 2023 §19 single-supplier. DEFCON 760 short-form contract. £50K–£500K/yr.
JSP 936/440/604 baseline
Pilot
90-day
Sovereign pilot scope: 240-test pytest gate. Milestone-billed 30/30/40 against P1/P2/P3 acceptance. Air-gap optional.
P1 ≤15 min · P2 ≤1h
Personnel
SC-cleared
All field engineers Baseline Personnel Security Standard (BPSS) → Security Check (SC) cleared. International clearance reciprocity under AUKUS.
SC + International
Ratification
Math + 5 sigs
Constitutional changes require Charter Article 0 unanimous vote + 5-of-7 Shamir Custodian + 5 wet-ink human signatures. No software-only override.
Triple-key
Audit
Big-4 readable
OSCAL + SOC 2 + NATO STANAG export formats. SIGIL chain replay tool for regulators. Public REST API for AUKUS partners.
OSCAL · SOC2 · STANAG
Tier compatibility
Crown + Coalition
Crown RFQ for UK sovereign. Coalition RFQ for AUKUS Pillar II (UK + US + AU). Renewable by 2030 under current co-funding round.
UK + US + AU
02☁️ Sovereign Cloud Surface — UK + Norway Operators
Cloud is optional and swappable. The system is designed for air-gapped operation. When cloud is used, data residency is pinned to UK + Norway operators. No US/EU tier-1 hyperscaler dependency. Multi-region deployment across UK / EU / US / AU / AS / SA with customer-region pinning and per-customer namespace.
8
Sovereign regions
99.99%
Enterprise SLA
UK + NO
Operator regions
90 d
PQC key rotation
∞
Air-gap option
Data residency
UK + NO
UK + Norway operators as primary data residency. Five Eyes compatible. Air-gap option for defence tier. Multi-region fallback to EU / US / AU / AS / SA per customer opt-in.
Customer-region pinned
Hyperscaler
0 dependency
No US/EU tier-1 hyperscaler dependency. All cloud endpoints swappable at runtime via SIGIL-signed config. UK sovereign cloud preferred; AWS / Azure / GCP optional and isolated.
Per-customer namespace. Strong isolation at tier Governance+. Shared isolation at tier Pro. Customer-managed encryption keys (CMEK) optional at tier Enterprise.
Strong · Shared · CMEK
Crypto
PQC-ready
ML-DSA-65 (Dilithium) for signatures. ML-KEM-768 (Kyber) for key encapsulation. 90-day key rotation. NIST PQC migration complete Q4 2026.
Quantum-safe
Air-gap mode
Defence-ready
Offline install via signed ISO. One-way data diode for ingest. SC-cleared field engineer. 14-day deploy window. No outbound network after provisioning.
DEFSTAN 05-138 aligned
Multi-region deployment map
Region
Operator
Status
Compliance
Customer-region pin
UK
UK sovereign + Norway operators
Primary
UK GDPR + JSP 936 + Cyber Essentials + ISO 27001
Mandatory for Defence tier
NO
Norway operators
Primary
Norwegian Security Act + NATO STANAG
Default EU + Coalition
EU
EU sovereign cloud
Secondary
EU GDPR + EU AI Act + DORA
EU customers opt-in
US
US allied operator
Secondary
FedRAMP Moderate + NIST 800-53
AUKUS US only
AU
AU sovereign
Secondary
IRAP + PSPF + AUKUS Pillar II
AUKUS AU only
AS
AS allied operator
Tertiary
MAS-TRM + CSA-CCM
Optional, neutral
SA
SA allied operator
Tertiary
LGPD + BCB
Optional, neutral
03🔑 5-of-7 Shamir Custodian — Sovereign Root Key
Shamir's Secret Sharing. 7 Custodians hold 7 key shares. Any 5 reconstruct the sovereign root key. Loss-tolerant to 2 Custodians. Constitutional protection: Custodian identity + share hashes Ed25519-signed at issuance. Rotation cycle: 12 months with 2-of-7 simultaneous change permitted. Crown ratification required for Custodian removal.
1
2
3
4
5
6
7
5 active shares (gold) reconstruct the sovereign root key. 2 held in cold escrow.
Threshold
5 of 7
Any 5 of 7 Custodians can reconstruct the sovereign root key. Loss-tolerant to 2 simultaneous Custodian losses. M-of-N cryptographic threshold.
Shamir 1979
Loss tolerance
2 / 7
System survives loss of up to 2 Custodians (e.g. compromise, departure, death). Custodian rotation is named-owner with BFT 23/33 + 5-of-7 + Crown ratification.
BFT + Crown
Constitutional
Article 4
Custodian identity and share hashes are Ed25519-signed at issuance. Any removal requires unanimous BFT + 5-of-7 Shamir + 5 wet-ink human signatures. Triple-key.
Constitutional
Audit
Every release
Every Shamir reconstruction emits a SIGIL receipt with the 5-of-7 quorum identity, timestamp, and action. Public REST API for regulators.
OSCAL exportable
The 7 Custodians (5 active + 2 cold escrow)
#
Role
Status
Share
Last rotation
1
Defence Custodian (UK MOD nominated)
Active
shamir-1-a3f8c2
13 Jul 2026
2
Home Office Custodian (UK HO nominated)
Active
shamir-2-9b1d4e
13 Jul 2026
3
Defence Custodian (secondary)
Active
shamir-3-7c6a8b
13 Jul 2026
4
Finance Custodian (HM Treasury nominated)
Active
shamir-4-2e5f1d
13 Jul 2026
5
Academic Custodian (Royal Society nominated)
Active
shamir-5-4b9e3a
13 Jul 2026
6
Cold escrow — Crown nominee (offline)
Cold
shamir-6-8d2c5f
13 Jul 2026
7
Cold escrow — AUKUS nominee (offline)
Cold
shamir-7-1f7a9b
13 Jul 2026
04🌏 AUKUS Pillar II — Sovereign Defence Cooperation
DEFONEOS is compatible with AUKUS Pillar II defence AI co-funding. UK + US + AU. STANAG-aligned. Renewable by 2030. SC + International personnel clearance pathway. Reciprocal recognition of personnel security clearances between the three nations.
AUKUS scope
Pillar II
Defence AI co-funding. 5-year funding round 2026–2027. Joint capability development under trilateral governance.
UK + US + AU
Standards
NATO STANAG
NATO STANAG 4728 (AI in defence) + STANAG 4774 (security) baseline. Joint interoperability with Five Eyes partners.
STANAG-aligned
Personnel
Reciprocal
UK SC clearance recognised in US + AU under AUKUS. Joint SC + International clearance pathway for field engineers.
SC + International
Tenure
2030
Initial AUKUS Pillar II co-funding round renewable by 2030. Sunset date in Charter Art. 7 (renewal BFT 23/33 + named-exec sponsor).
5-yr round
Joint custody
AUKUS share
Custodian #7 is held under AUKUS nominee arrangement. Allows trilateral sovereign root key recovery with UK + AUKUS quorum.
Trilateral
Audit
STANAG export
OSCAL + SOC 2 + NATO STANAG audit export. SIGIL chain replay tool. Public REST API for AUKUS regulators.
Public API
05🚫 7 Immutable Red Lines — Charter Article 6
Constitutional. Cannot be amended by any BFT vote alone. Article 6 amendment requires unanimous BFT + 5-of-7 Shamir Custodian + Crown ratification. These are the lines DEFONEOS will not cross — ever.
No civilian targetingDEFONEOS does not target civilians. No demographic profiling. No protected-class inference. No mass-surveillance export.
No autonomous lethalNo AI within DEFONEOS initiates, recommends, or automates lethal action. Design constraint, not policy. Auditable via BFT compliance gate.
No offensive cyberNo offensive cyber capability. No malware generation. No exploitation tooling. No C2 framework. Defensive posture only.
No non-AUKUS transferDefence-grade CSOAI artefacts shall not transfer to non-AUKUS jurisdictions without Crown ratification. Open-core vs defence split.
No covert operator overrideNo silent patch. No covert operator override. Every action is SIGIL-anchored. No kill-switch without BFT + Custodian.
No backdoorNo backdoor, master key, or hidden bypass. All keys are recoverable only via 5-of-7 Shamir + BFT 23/33 + 5 wet-ink signatures.
No mass-surveillance exportNo mass-surveillance export. No bulk intercept. No facial recognition export to non-AUKUS. EU AI Act Art 5 prohibited practice.
Cross-walk: Red lines 1, 2 map to EU AI Act Art 5 prohibited practices. Red lines 4, 7 map to UK AISI evaluations. Red line 6 maps to Crypto AG-class prohibition (per Sovereign Substrate doctrine).
06👥 5-of-7 Shamir Custodians — Governance
Sovereign root key custodians. 5-of-7 Shamir secret sharing. Any 5 reconstruct the sovereign root key. Constitutional protection under Charter Article 4.
Custodian
Role
Nominating body
Status
Last rotation
Custodian 1
Defence Custodian
UK MOD (Defence Science & Technology Lab)
Active
13 Jul 2026
Custodian 2
Home Office Custodian
UK Home Office (Office for Security and Counter-Terrorism)
Annual rotation — Custodians rotate annually. 2-of-7 simultaneous change permitted under BFT 23/33 + 5-of-7 + Crown ratification. No Custodian may serve more than 2 consecutive terms.
Independence — Custodians are independent of CSOAI Ltd. No Custodian may be an employee, contractor, or affiliate of CSOAI Ltd.
Audit — Every Custodian action emits a SIGIL receipt. Custodian logs are OSCAL-exportable. AUKUS regulators have read access via Public REST API.
Compromise — In case of Custodian compromise, the affected Custodian is removed under Charter Article 4 + BFT 23/33 + 5-of-7 + Crown ratification. Sovereign root key is rotated.
07🏛️ Sovereign Proof — Real Numbers
1,710
M4 charter checks passing
100/100
M4 alignment score
23/33
BFT quorum on every charter
28/5/0
BFT pattern (A/R/Rej)
0
Red-line violations
Sovereign-by-design checklist
Property
Implementation
Proof
Sovereign by design
No US/EU tier-1 hyperscaler dependency. Cloud endpoints swappable. Air-gap option.
Verified
Audit-grade
SIGIL chain append-only. OSCAL + SOC 2 + NATO STANAG export. Public REST API.
Verified
Signed
Every charter Ed25519-signed. SHA-256 hash chain anchor. PQC-ready (ML-DSA-65).
Verified
Neutral
UK Companies House 16939677. No foreign control. No foreign override authority.
Verified
AUKUS-compatible
NATO STANAG-aligned. SC + International clearance reciprocity. Trilateral Custodian #7.
Verified
5-of-7 Shamir Custodian
7 Custodians, any 5 reconstruct sovereign root key. Constitutional protection.
Verified
7 Red Lines
Constitutional. Unanimous BFT + 5-of-7 + Crown ratification to amend.