Defense Platforms Under Spatial Governance

Regulatory Framework

DoD Instruction 5000.02 establishes the Adaptive Acquisition Framework, with pathways tailored to urgent, software, middle-tier, major-capability, defense-business, and services acquisitions. Each pathway preserves a common set of obligations — capability requirements traceability under JCIDS, system-safety analysis under MIL-STD-882E, cybersecurity authorization under the NIST 800-37 Risk Management Framework with control selection from 800-53, and test-and-evaluation rigor commensurate with operational consequence. Autonomous and AI-enabled systems carry additional obligations: DoDD 3000.09 (updated January 2023) governs autonomy in weapon systems, requiring senior review for systems that would apply lethal force autonomously and explicit policy on the human role in engagement decisions.

Operational doctrine adds JADC2 and the Combined Joint All-Domain Command and Control evolution that brings coalition partners into the same decision loop. The Joint Concept for Robotics and Autonomous Systems (JC-RAS) sets force-design expectations for unmanned and autonomous platforms across services. The Replicator program commits the Department to fielding multiple thousands of attritable autonomous systems on compressed timelines, which only intensifies the governance load: each system must come with structural support for the same authority-chain reconstruction that bespoke platforms have historically delivered through manual after-action review. FMN spirals and AUKUS Pillar II extend coalition obligations: a defense platform that cannot interoperate with allied governance under partner-sovereignty constraints fails the procurement gate.

International humanitarian law sits over all of this. The Article 36 weapons-review obligation, the customary IHL principles of distinction, proportionality, and precautions, and the multilateral discussion under the CCW Group of Governmental Experts on lethal autonomous weapons converge on a "meaningful human control" standard that procurement is now expected to demonstrate structurally.

Architectural Requirement

The architectural requirement that emerges is composite: every actuation by a defense platform must be evaluable against (1) the credentialed authority chain descending from national command authority through theater command through mission ROE through platform-mission tasking, (2) the platform's own credentialed device identity and its continuity since last credentialing event, (3) the operator-intent record that authorized the engagement window, (4) the environmental and target observations admissible under the platform's sensing credentials, (5) the coalition-partner observations admissible under cross-mesh reconciliation, and (6) the harm-ordering policy under which alternative actions were ranked.

The platform must emit, on every actuation, an audit-grade lineage record that binds these elements cryptographically. The record must survive the platform's loss in contested operations — meaning lineage must be replicated to surviving nodes or to forward C2 — and must be sufficient for after-action review to reconstruct the decision without recourse to platform recovery. Coalition operation requires that partner contributions be admitted under credentialed translators rather than shared consensus, with revocation propagating structurally. Replicator-scale deployment requires that the architecture replicate identically across thousands of attritable platforms with no per-platform bespoke configuration.

Why Procedural Compliance Fails

Procedural compliance handles autonomy governance through process artifacts: ConOps documents, ROE matrices, software safety cases, RMF authorization packages, AAR templates, and operator certification programs. The artifacts are produced once per platform variant, archived in program-office repositories, and re-presented at each milestone review. When an actuation requires after-action examination — whether for operational lessons-learned, for an Article 36-type review, or for an inquiry following a civilian-harm incident — the examination reconstructs the decision from platform telemetry, operator recollection, and the procedural artifacts.

This approach fails along four axes that defense procurement is now confronting. First, it does not scale to Replicator volumes. Per-platform narrative reconstruction is feasible at squadron scale; at thousands-of-platforms scale, the manpower required is prohibitive. Second, it does not survive contested-environment platform loss. When the platform is destroyed before its telemetry can be retrieved, the procedural record is gone and the decision cannot be reconstructed. Third, it does not satisfy "meaningful human control" under the international LAWS debate. CCW GGE discussions, ICRC positions, and emerging state practice all push toward structural rather than narrative demonstration that human authority governed each engagement. Fourth, it does not interoperate with coalition governance. An AAR produced by a U.S. platform under U.S. doctrine cannot be admitted into a NATO-partner inquiry without translation that procedural compliance does not structurally support.

The procedural approach also produces brittle integration with the RMF and MIL-STD-882 regimes. Each new sensor, each new effector, and each FMN spiral increment triggers a fresh authorization round; the authorization output is a document, not a credential the platform itself enforces at runtime. The runtime gap between authorization-on-paper and behavior-in-the-field is the gap that procurement is increasingly unwilling to accept.

What the AQ Primitive Provides

The AQ stack provides defense-platform autonomy governance as composed primitives. The governed-actuation primitive enforces, at the moment of effector activation, that the action is admissible under the current composite of authority-chain credentials, mission ROE policy version, harm-ordering policy, and observation admissibility. Inadmissible actions are blocked structurally; admissible actions are emitted with a lineage record that cryptographically binds the authority chain, the policy versions, the supporting observations, and the harm ordering under which alternatives were ranked. The lineage record is the audit artifact; it is produced as a byproduct of correct operation rather than as a separate compliance step.

The operator-intent primitive captures human authorization as a credentialed artifact rather than as a button-press event. An operator who authorizes a class of engagements within a window signs an intent document that names the class, the window, the harm-ordering preference, and the supervisory escalation conditions. The platform consumes the intent as a credential; each actuation within the window cites the intent in its lineage; intent that lapses, is revoked, or fails to refresh under supervisory check causes admissibility to contract structurally. "Meaningful human control" becomes the cryptographic relationship between operator-signed intent and platform-emitted actuation, demonstrable on inspection.

The n-party-coordination primitive handles coalition operation. Partner credentialing chains, FMN spiral version semantics, and AUKUS Pillar II capability streams compose through credentialed translators. Partner observations are admitted into the platform's decision composite under translator-mediated semantics; partner-platform actions across a shared mesh are reconciled without any partner surrendering authority. Replicator-scale deployment uses the same primitives identically replicated; every platform in the swarm carries the same governance substrate, and lineage from any platform composes into a swarm-level reconstruction without bespoke aggregation.

Lineage replication addresses contested-environment loss. Each actuation's lineage is forwarded to surviving mesh nodes and to C2 under the cryptographic-governance fanout pattern; loss of the actuating platform does not lose the record. The architecture is the audit substrate.

Compliance Mapping

DoDI 5000.02 acquisition-pathway documentation maps onto the primitive's signed-policy artifacts and lineage records, with each milestone review consuming structural evidence rather than reconstructed narrative. JCIDS capability traceability maps onto the credentialing chain that descends from capability requirement through mission tasking through platform actuation. MIL-STD-882 system-safety hazard tracking maps onto the harm-ordering policy that the governed-actuation primitive enforces at runtime. The NIST 800-37 RMF authorization process maps onto the credentialing-chain root authorities; 800-53 control families map onto the primitive's enforcement points (AC for access, AU for audit, CM for configuration, SC for system communications, SI for system integrity).

DoDD 3000.09 senior-review requirements for autonomous lethal systems map onto the operator-intent primitive's signing semantics — senior review becomes a credential at the top of the authority chain that constrains all downstream intent. JADC2 and CJADC2 cross-domain decision flow maps onto the lineage-bearing message envelope. FMN spiral interoperability and AUKUS Pillar II capability streams map onto the n-party-coordination primitive's translator model. JC-RAS force-design expectations map onto the composed-primitive deployment template that Replicator-class programs require. Article 36 weapons-review and CCW LAWS "meaningful human control" map onto the cryptographic relationship between operator intent and platform actuation that the architecture exposes structurally.

Adoption Pathway

Adoption proceeds in three procurement-aligned phases. The first phase is single-platform integration on a software-pathway acquisition. A program office incorporates the AQ stack into a non-lethal autonomy platform — ISR drone, logistics UAS, ground-robot scout — under DoDI 5000.02 software acquisition, capturing lineage in operational use without the senior-review burden of weapon-system autonomy. RMF authorization gains structural footing; AAR support is immediate; lessons-learned scale to fleet level.

The second phase is weapon-system extension under DoDD 3000.09. A program at the major-capability or middle-tier pathway adopts the governed-actuation and operator-intent primitives for engagement decisions, demonstrating "meaningful human control" structurally to the senior-review authority. Article 36 weapons review and CCW-GGE-aligned external scrutiny gain a substrate that procedural compliance could not deliver. The harm-ordering policy is signed by the policy authority; runtime enforcement is structural; lineage supports both internal AAR and external inquiry.

The third phase is coalition and Replicator-scale deployment. The n-party-coordination primitive is activated under FMN-spiral or AUKUS-Pillar-II charters; allied platforms admit translated U.S. policies and U.S. platforms admit translated partner policies under credentialed translators. Replicator-class programs deploy the composed primitives identically across thousands of attritable platforms; swarm-level lineage composes from per-platform records without bespoke aggregation. The procurement entry point — for any service, any program, any pathway — is the AQ stack as a governance substrate that integrates beneath existing autonomy software (Anduril Lattice, Shield AI Hivemind, Palantir AIP-Defense, prime-integrator autonomy stacks) without displacing the operational software layer.

The procurement logic favors the architecture from multiple directions simultaneously. Program offices gain structural evidence for milestone reviews and RMF authorization. Operators gain a "meaningful human control" demonstration that survives external scrutiny. Service safety authorities gain MIL-STD-882 hazard tracking that holds at runtime rather than only on paper. Allied procurement gains a substrate that interoperates without sovereignty concession. International humanitarian law reviewers — Article 36 boards, ICRC engagement, CCW GGE delegations — gain a structural answer to the question that has dominated the LAWS debate for a decade. Each constituency reaches the same conclusion from its own vantage: the architecture is what defense autonomy needed to become, and the procurement gradient now points unambiguously toward suppliers who can deliver it.

The AQ stack is positioned at exactly that procurement gradient. Its primitives are independently useful and jointly composable; its lineage substrate replaces no operational software but underpins all of it; its coalition pattern admits partner sovereignty as a structural property rather than a negotiated concession. Defense platforms deployed on the AQ stack arrive at every governance gate — DoDI 5000.02 milestones, JCIDS validation, MIL-STD-882 hazard close-out, RMF authorization, DoDD 3000.09 senior review, Article 36 weapons review, CCW external scrutiny, FMN spiral certification, AUKUS Pillar II eligibility, Replicator scaling — with the same substrate doing the same work, structurally, under the same primitives.