A Question no Data Standard can Answer
The Indo-Pacific is where autonomous military systems and coalition operations are converging most quickly. Unmanned surface vessels, autonomous undersea platforms, and autonomous airborne surveillance assets are entering service with the United States, Australia, Japan, India, the Republic of Korea, and others. Increasingly they are meant to operate not nationally but together: inside AUKUS Pillar 2, in Quad maritime-awareness initiatives, and in the ad hoc coalitions that the region’s contingencies keep producing.
Those partnerships share networks and messages. They do not share a doctrine on who may authorize an autonomous system to use force. The United States permits human-supervised autonomous engagement for defined defensive applications under Department of Defense Directive 3000.09. Japan, operating under postwar constitutional constraints, holds a more restrictive ceiling. India ties its participation to a strict reading of meaningful human control. Australia sits at a ceiling aligned to its AUKUS interoperability commitments.
These are not technical mismatches that a data standard can fix. They are sovereign positions on the lawful use of force, and they diverge.
The existing coalition interoperability stack does not address that divergence, and it was never built to. Standards such as NATO’s STANAG 4586, the Federated Mission Networking framework, and partner message-exchange arrangements coordinate the network, the control link, and the political side of information sharing. They let one contributor’s ground station task another’s platform and keep the data flowing. None of them governs the authority layer: Whose national constraint applies when a shared autonomous asset is about to act, and how does a coalition reconcile members who operate at different authority ceilings inside a single mission?
The omission is not an oversight. The stack was built for an era in which the consequential decision, the decision to fire, was always taken by a human operator whose national chain of command supplied the authority for it. Authority travelled with the human and was resolved through the ordinary command relationship, so the standards never had to represent it explicitly. Autonomous systems break that assumption. When the action is taken by the system itself, at speeds that may preclude a real-time human decision, authority can no longer be left implicit in a command relationship the system has outrun. It has to be represented, computed, and enforced as an explicit property of the coalition’s technical architecture.
Partners Who Do Not Agree
The region’s security architecture is not a single alliance. It is a lattice of overlapping arrangements, AUKUS, the Quad, Five Eyes, and coalitions assembled mission by mission, whose members hold materially different national doctrines on autonomous lethality. The Congressional Research Service, tracking the international debate over lethal autonomous weapons under the Convention on Certain Conventional Weapons, records the community stratifying into broad groupings, with Australia, India, the Republic of Korea, and the United States historically resisting a blanket prohibition while supporting human-control principles, and others pressing for stricter limits.
The regulatory picture compounds the doctrinal one. The United States governs autonomous lethality through a directive framework that allows human-supervised autonomous engagement under defined conditions while requiring appropriate human judgement over the use of force. Japan’s constraints are constitutional in origin and treat autonomous lethal engagement with caution. India couples a doctrinal preference for strategic autonomy with a strict interpretation of human control. The Republic of Korea, operating under acute peninsular threat conditions, has tended to resist categorical prohibitions that would foreclose defensive autonomy. Australia has aligned its operational ceiling to its AUKUS commitments, accepting a degree of convergence with United States and United Kingdom practice that the other regional partners have not. China, the actor against which much of this coordination is oriented, has meanwhile enacted its own vertical, technology-specific AI rules.
These positions are stable precisely because they are sovereign. A coordination mechanism that asked Japan to relax its constitutional posture, or India to subordinate its reading of human control to a coalition default, would not survive contact with the partners’ domestic politics. The realistic move is therefore to treat divergence not as a problem to be harmonized away but as a fixed boundary condition that any workable coalition mechanism has to accommodate.
Making Authority Computable
The proposal here is a Coalition Authority Interoperability Protocol: four mechanisms that turn coalition authority coordination into a computable process running above the existing arrangements rather than replacing them. It is additive by design. STANAG 4586, Federated Mission Networking, the Mission Partner Environment, AUKUS Pillar 2 working groups, and Five Eyes sharing continue to operate as the network, control, and political layers. The protocol adds the authority layer that sits on top of them.
Mapping Layer
The first mechanism is a mapping layer. Each participating nation formalizes its authority-tier structure in a machine-readable national authority profile: how many tiers it recognizes, what each one permits (defensive interception only; supervised autonomous engagement; system-initiated engagement within agreed rules of engagement), the thresholds that separate them, and the legal basis for each. Profiles are published before any specific deployment and registered with a shared coalition registry. The layer then builds a pairwise map that establishes where one nation’s tier is functionally equivalent to another’s, and computes a coalition floor: the most conservative tier that every participating nation can endorse. Engagements requiring anything above that floor are simply not coalition-authorized for that composition.
For illustration, a United States tier permitting human-supervised autonomy with a functional veto maps cleanly onto a partner’s on-the-loop tier with a mandatory override, while a more permissive United States tier for system-initiated defensive engagement may have no equivalent at all in a more restrictive partner’s structure, in which case it simply falls outside the coalition floor for any operation that partner joins.
Two properties matter for what follows. The mapping is reversible, so every coalition-authorized engagement decomposes unambiguously into the contributing national tiers and the audit trail can trace any action back to specific national authority sources. And it is parameterized by national profile rather than by alliance identity, so the same machinery that reconciles a United States tier with a NATO partner’s also reconciles it with Japan’s, with no re-engineering beyond swapping the profile in. Coalition geometries in the region are fluid, and a layer keyed to alliance identity would have to be rebuilt for every novel grouping; a layer keyed to national profile is reused without rebuilding.
Dependency Cap
The second mechanism is a dependency cap, the computable form of an accommodation NATO has practiced for two decades: national caveats, under which the rules of engagement for any given operation reflect the intersection rather than the union of member willingness. The cap maintains, at every moment of a deployment, the maximum autonomous-authority tier that every participant has endorsed for the operation, and recomputes it when membership changes, when a nation amends its profile, or when the mission transitions, for example from a peacetime patrol to active hostilities. It is conservative by construction, so the lowest participating tier sets the ceiling and no contributor is bound by another’s more permissive posture. It admits per-capability differentiation, so an interception cell and a logistics cell can carry different caps. And it is auditable end to end. Caveats have historically been enforced through pre-deployment political accommodation and human supervision; at the tempo of autonomous air and maritime operations, that human enforcement is mechanically infeasible, and the cap is what lets the same accommodation scale.
Cryptographic Substrate
The third mechanism is the cryptographic substrate through which coalition authority decisions are signed across sovereign boundaries. Each nation runs its own hardware security modules holding its national signing keys. A coalition strike order in a given category is valid only when an agreed number of the participating nations have signed it, with the threshold configured per category and per coalition. Defensive interception against a confirmed inbound threat can default to a single participant’s signature, because it cannot wait for cross-national consensus. Offensive engagement against pre-vetted target categories can require a majority. Engagement against categories that were not pre-vetted can require unanimity, which is equivalent to giving any participant a veto. None of these thresholds is fixed by the mechanism itself; each is negotiated per coalition and per category during the pre-deployment phase, recorded in the relevant national profiles, and then enforced by the hardware at the speed of the operation. The two guarantees the substrate provides are that no single nation can unilaterally authorize a coalition action above the agreed threshold, and that no outside party can forge one: forging a valid coalition signature would require either compromising the agreed number of national modules or breaking the underlying cryptography, both of which sit outside the threats the design is built to withstand. The separate problem of quantum threats to those signature primitives is handled by a post-quantum substrate developed elsewhere and is not the concern here.
Accountability Layer
The fourth mechanism is the accountability layer. Coalition operations span multiple sovereign jurisdictions, each of which keeps its own audit log as classified national property and will not expose the contents to its partners. The protocol resolves the tension between coalition accountability and national secrecy with a hash-bridge construction: each nation keeps its own cryptographically chained ledger, and at each cross-sovereign event, a sensor handover, an authorization relay, an engagement command, the originating nation publishes a cryptographic hash of the relevant entries rather than the entries themselves. The hash does not reveal the classified content. It proves that the content exists, that it was committed to the originating nation’s ledger before the transmission, and that any later tampering would be detectable. An agreed verification body can then confirm that every link in a cross-sovereign authority chain traces to a specific national source without reading any nation’s classified data.
AUKUS and a Quad-Composition Patrol
Two settings show why the Indo-Pacific region, rather than the transatlantic one, is where this design earns its keep. AUKUS, announced in September 2021, structures its advanced-capabilities work under Pillar 2, covering artificial intelligence and autonomy, undersea capabilities, quantum, hypersonics, cyber, and information sharing. Its working groups set trilateral interoperability expectations that are tighter than a large alliance’s floor and broader than an intelligence-sharing partnership’s focus, because the trilateral contemplates joint development, joint deployment, and joint operational employment of autonomous systems.
The three partners occupy three positions on the authority spectrum. The United States is at the permissive end under Directive 3000.09. The United Kingdom is more constraining, maintaining a human in or on the loop for lethal decisions. Australia is intermediate, committed to interoperability with United States standards while preserving its own domestic decision pathways. Under the protocol, the dependency cap for trilateral operations defaults to the more conservative lethal-autonomy ceiling while leaving permissive authority intact for defensive-only tasks such as autonomous interception of an inbound missile or torpedo. That is not a constraint on anyone’s sovereignty; it is the coalition floor that would apply whenever the more conservative partner takes part, exactly as it would in any other coalition that partner joins. Pillar 2’s emphasis on joint development adds a wrinkle the protocol handles directly: a system built jointly by two or more partners carries a shared profile recording the most constraining of their national doctrines for the relevant tiers, and operates under that shared profile in trilateral missions.
There is also a supply-chain dimension that the region cannot ignore. Recent analysis of the unmanned-systems supply chain finds that nearly every drone in the war in Ukraine depends on Chinese components at the level of airframes, magnets, batteries, and chips, a dependency that allied assessments have since mapped in detail for NATO planners. The protocol does not solve that problem, but it can register it: the national profile schema admits an optional attestation field in which a contributor records the component-provenance state of the systems it brings, so that the coalition’s cap computation can take supply-chain exposure into account where a nation chooses to expose it.
The harder and more representative case is a maritime patrol assembled at short notice from United States, Japanese, Indian, and Australian contributors, an operational composition that approximates the Quad’s potential security application. Each contributor operates autonomous maritime systems at a different ceiling, and there is no pre-established trust infrastructure across the four when tasking begins. In the days before deployment, each publishes its profile to the coalition registry, the pairwise maps are built, and the dependency cap resolves to the most conservative of the four lethal-engagement ceilings. Cross-certification provisions machine-level trust across the four national key hierarchies inside the deployment window, defaulting to two-of-four authorization for offensive engagement against pre-vetted maritime targets and single-signature authorization for defensive interception. The audit chain is initialized with the four ledgers and runs throughout.
The payoff is concrete. Without such a mechanism, a four-nation maritime coalition facing a short-notice tasking has two poor options. It can defer autonomous employment entirely and run its shared assets at the speed of manual authorization, surrendering the tempo advantage that autonomy was meant to provide. Or it can proceed on an ad hoc understanding of whose rules apply, and absorb legal and political risk that only surfaces after an engagement. Computing the binding ceiling in advance from published profiles, provisioning trust within the deployment window, and gating every autonomous action on a verifiable multi-party authorization offers a third path: the coalition operates at machine tempo while staying, at every moment, inside the authority all participating sovereigns have granted. NATO, by contrast, is the easy case, because much of the trust infrastructure the protocol provisions on the fly already exist there; the design degrades gracefully toward it.
Failing Safe
A coalition mechanism has to specify not only nominal operation but failure. The protocol is engineered to fail conservatively: any transition that narrows the coalition’s authority executes immediately on diagnosis, while any transition that restores authority requires positive evidence of recovery. The characteristic coalition failures are a partner’s profile proving ambiguous at mapping time, conflicting signatures on a single action that indicate communication failure, clock skew, or tampering, and a network partition that splits the coalition into separated signature pools whose independent decisions may contradict on reunification. In each case the recovery pathway is the same in spirit: the coalition’s aggregate authority contracts to the most conservative envelope its trusted members can jointly support, fresh authorization is required under the reduced roster, and every transition is preserved in the audit record.
The maritime character of the theatre sharpens each of these. A coalition patrolling contested waters lives in a communications environment that is intermittent by default and actively contested under tension, where satellite links degrade, line-of-sight relays drop with sea state and distance, and an adversary may jam or spoof at the moment of greatest consequence. The partition case is therefore not an edge case but the expected operating condition, and a protocol that authorized autonomous action optimistically during a communications gap would be unsafe by design. This one treats loss of consensus as loss of authority: when a contributor cannot be reached to confirm a shared action, the coalition’s authority for that action contracts rather than persists, and an asset beyond the reach of confirmation falls back to the most conservative ceiling its standing authorization permits. Recovery is evidence-gated, not time-gated. When connectivity returns, the prior envelope is not restored automatically; the protocol requires fresh authorization under the verified roster and reconciles any divergent decisions toward the more conservative outcome, keeping an auditable record of the whole sequence for the after-action legal review that combined autonomous operations will inevitably attract.
Sovereignty by Design
The organizing commitment is that interoperability must not come at the cost of sovereignty. In the Indo-Pacific, where the partners’ positions reflect deep constitutional, legal, and strategic differences, a mechanism that required convergence on a single doctrine would be dead on arrival. This one takes divergence as a fixed input and engineers around it. Each partner publishes its own profile, keeps its own constraints, and contributes to a coalition whose aggregate authority never exceeds what its most conservative participating member permits for a given action. No partner is asked to authorise what its national doctrine forbids, and none is bound by another’s more permissive ceiling.
The region’s partnerships are converging on combined autonomous operations faster than they are converging on a shared doctrine of autonomous authority, and they are unlikely ever to fully converge on the latter, because the divergences are sovereign rather than technical. The value of making the authority layer computable is that it lets partners operate across that divergence rather than waiting for it to resolve. Demonstrated across the AUKUS trilateral and a Quad-composition maritime coalition, the approach suggests that authority interoperability in the Indo-Pacific is an engineering problem with an engineering solution, and that solving it is a precondition for the combined autonomous operations the region’s security architecture increasingly assumes.