Autonomous Defense Engagement Under Governed Actuation

What This Application Specifies

Autonomous defense engagement under governed actuation decomposes the engagement decision into structurally distinct stages — target detection, target classification, track maintenance, weapon selection and arming, engagement commit, and post-action assessment — and governs each stage under a declared composite admissibility envelope. The composite envelope binds three orthogonal authorities: an operating authority that attests to the lawfulness of the platform's presence and posture in the operating area, a targeting authority that attests to the legality of the proposed target under the law of armed conflict, and an engagement-rules authority that attests to the rules of engagement (ROE) and any special instructions (SPINS) in force for the operation.

The stage decomposition aligns with how engagement procedure is actually written and trained in U.S. and allied doctrine. Classification proceeds under one admissibility envelope — sensor confidence, cross-modality corroboration, identification-friend-or-foe and Mode 5 results, positive identification (PID) under the joint targeting cycle. Arming proceeds under an elevated envelope — weapon selection consistent with collateral-damage estimation, fuzing and effects appropriate to the target set, master-arm permissions consistent with the platform's authorization. Commit proceeds under the highest envelope — the irrevocable release decision, gated by all preceding admissibility plus the time-of-release authority of the human operator where doctrine requires it. Post-action assessment proceeds as credentialed observation: battle-damage assessment, civilian-harm tracking, and the attestation stream that supports both subsequent targeting decisions and after-action accountability.

The architecture is designed against the substantive law that governs autonomous engagement. Department of Defense Directive 3000.09 (Autonomy in Weapon Systems), reissued 25 January 2023, requires that autonomous and semi-autonomous weapon systems "allow commanders and operators to exercise appropriate levels of human judgment over the use of force" and establishes a senior review process for systems falling within its scope. Additional Protocol I to the Geneva Conventions, customary in its core provisions, requires distinction (Article 48), prohibits indiscriminate attacks (Article 51), and obligates feasible precautions in the attack (Article 57). API Article 36 obliges States to determine, in the study, development, acquisition, or adoption of a new weapon, means, or method of warfare, whether its employment would in some or all circumstances be prohibited by international law. Governed actuation is the architectural construct that makes these obligations implementable in software rather than only in policy.

Why It Matters Operationally

Current autonomous-defense systems face a structurally binary governance posture. Full autonomy across the kill chain — detection through irreversible commit — remains governance-distant: DoDD 3000.09's senior review requirement, the absence of allied consensus on lethal autonomous weapons systems (LAWS) in the UN Group of Governmental Experts, and the operational reluctance of commanders to relinquish the commit decision combine to keep full autonomy out of fielded inventory for the kill-chain end-state. Teleoperated engagement — the human-on-the-stick model that has dominated armed remotely-piloted aircraft operations for two decades — is the current operational state, but it does not scale to the contested electromagnetic environments, the saturation-attack scenarios, and the latency-sensitive defensive engagements that emerging threat profiles demand.

The structurally-intermediate autonomy that doctrine, law, and operations all increasingly require is architecturally underspecified. What does it mean, concretely and verifiably, to maintain "appropriate levels of human judgment" when a Phalanx CIWS is engaging a sea-skimming missile in the terminal phase, when an Aegis Baseline 9 is processing a raid in auto-special doctrine, when an Iron Dome battery is selecting which incoming rockets to engage, or when a counter-UAS system is engaging a swarm? Each of these systems already operates with substantial autonomy under tightly bounded admissibility, governed by doctrine statements that are largely procedural rather than architectural. Governed actuation produces the structural intermediate by making the admissibility composition explicit, declared, attestable, and auditable.

Classification and assessment proceed autonomously under appropriate admissibility — the architecture does not require human cycles for tasks where autonomous performance is bounded and verified. Engagement commit retains operator authority where doctrine requires it, and the architecture makes that authority enforceable rather than merely procedural. The result is the gradual, defensible autonomy introduction that LAWS governance frameworks contemplate but rarely architecturally support: each stage's autonomy is set independently, each is gated by declared admissibility, each is auditable, and each can be tightened or loosened under explicit policy authority rather than through silent code change.

How It Composes With the Domain

Each engagement actuation admits through composite admissibility. The operating authority — typically the geographic combatant command or the relevant component commander — attests to the platform's authorization for the operating area, posture, and time window. The targeting authority — typically delegated through the joint targeting cycle to the appropriate target-engagement authority for the target category — attests to the legality of the target set under the law of armed conflict, including distinction, proportionality (collateral-damage estimation under the no-strike list and restricted-target list disciplines), and feasibility of precautions. The engagement-rules authority — typically the J3 / current operations chain holding ROE promulgation authority — attests to the ROE and SPINS in force, including any escalation-of-force gradients, weapons-control statuses (weapons-free, weapons-tight, weapons-hold), and identification criteria.

Reversibility classification structures the autonomy assignment. Post-action assessment is reversible in the sense that assessment errors can be corrected on subsequent observations; classification is reversible in the sense that a track can be reclassified before commit; arming is partially reversible — a weapon can be safed or its envelope can be allowed to expire; engagement commit is irreversible. The architecture assigns autonomy in inverse proportion to irreversibility, with the highest human-judgment requirements concentrated at the commit stage. Cross-modality observations — radar, electro-optical, infrared, electronic-support measures, IFF, link tracks — compose into classification confidence in a way that the admissibility envelope can express explicitly: a target classified on single-modality data may admit only under restrictive envelopes, while multi-modality corroboration admits under broader envelopes.

Post-engagement assessment gains structural reconstruction. The credentialed audit record traverses, in order, the classification basis (which sensors, which confidence, which cross-modality corroboration), the arming admissibility (which weapon, which fuzing, which collateral-damage estimate, which clearance authority), the commit decision authority (which operator, under which ROE, at which weapons-control status, with which time-of-release attestation), and the post-action observation (battle-damage assessment, civilian-harm indicators, secondary-effects observations). Accountability and oversight — internal command investigations under AR 15-6 and equivalents, IG reviews, civilian-harm assessments under DoD Instruction 3000.17, congressional oversight under the War Powers Resolution and the annual NDAA, and any subsequent law-of-armed-conflict review — proceed against architecturally-supported records rather than against reconstructed narratives.

The Article 36 weapons review obligation finds direct architectural support. A weapons review of an autonomous or semi-autonomous system can examine the declared admissibility envelopes for each stage, the authorities authorized to compose them, the reversibility assignments, the cross-modality corroboration disciplines, and the audit-trail properties — and can issue findings that bind the system's deployment as a credentialed constraint rather than as a policy memorandum filed away from the operational software. Subsequent doctrinal evolution updates the admissibility envelopes; the architecture absorbs the update through declared specification rather than through silent code change.

What This Enables

Defense engagement autonomy gains a structurally-coherent path that DoDD 3000.09's senior review process, allied LAWS frameworks, and the broader law-of-armed-conflict regime can support without abandoning their substantive commitments. Operating authorities gain audit that meets the standard of post-action reconstruction that civilian-harm reviews and command investigations require. Targeting authorities gain a substrate on which collateral-damage estimation, no-strike list compliance, and proportionality determinations are recorded as credentialed events rather than as inferences from disparate logs. Engagement-rules authorities gain promulgation that is enforceable at the actuation point rather than dependent on procedural compliance.

Coalition operations gain composite-admissibility support across coalition authorities. NATO Allied Joint Doctrine for Joint Targeting (AJP-3.9), the Combined Joint Task Force constructs that have governed coalition operations from Operation Inherent Resolve through current Indo-Pacific deployments, and the bilateral and multilateral SOFA frameworks that condition U.S. force employment in partner nations all impose multi-authority admissibility requirements that the architecture can compose declaratively. National caveats — the bane of coalition operations from ISAF onward — become declared constraints in the admissibility envelope rather than informal procedural overlays.

The architecture supports doctrine evolution. As LAWS frameworks mature in the GGE, in CCW state-party deliberations, and in domestic law-and-policy reviews; as meaningful-human-control doctrine refines through state practice and academic and ICRC contributions; as post-action accountability requirements evolve under civilian-harm-mitigation policy and under the DoD Civilian Harm Mitigation and Response Action Plan; and as adversary capabilities — autonomous swarms, electromagnetic-spectrum saturation, hypersonic time-compression — drive new operational concepts, the architecture admits the changes through declared admissibility evolution rather than through architectural rework. The platform that was deployed under one admissibility regime can be redeployed under a tightened regime without replacement of fielded software, which is a property that current procedural autonomy governance does not architecturally support.

Boundaries and Limitations

Governed actuation does not resolve the substantive disagreements that animate the LAWS debate: it does not by itself answer whether a given autonomy assignment is consistent with API Article 36, with customary international law, with DoDD 3000.09's senior review standard, or with the ethical commitments that individual states and commanders bring to the use of force. It provides the architectural construct on which those determinations can be made explicit, attestable, and reviewable, but the determinations themselves remain matters of law, policy, and command judgment.

The architecture also does not relieve the operator at the commit stage where doctrine retains the commit decision in human hands. It makes that retention enforceable rather than aspirational, and it makes the conditions under which the retention can be relaxed (a defensive engagement against a saturating threat, for example, where reversion to procedural human-on-the-stick fails operationally) into declared, attested, and auditable conditions rather than tacit operational accommodations.

Conclusion

Autonomous defense engagement under governed actuation provides the architectural substrate on which DoDD 3000.09's "appropriate levels of human judgment" standard, AP I Articles 48, 51, and 57's distinction, indiscrimination, and precautions obligations, AP I Article 36's weapons-review obligation, and the layered ROE chains of U.S. and allied doctrine can compose into fielded software with credentialed evidentiary properties. The result is neither full autonomy nor procedural teleoperation but a structurally-intermediate posture in which each stage of engagement is governed by a declared admissibility envelope, the human-judgment retention is concentrated where doctrine and law require it, and the post-action accountability that civilian-harm review and command investigation depend on is generated as a byproduct of the architecture rather than reconstructed from disparate logs after the fact.