Part of the Canadian AI sovereignty series
My recent analysis of Canadian data exposure via NORAD and the weakness of procurement systems in a data saturated world data established the idea of data adjacency, and how unintentional sovereignty exposure can occur now by proxy, and two structural positions a state can occupy relative to a foreign AI system.
It can be a customer, holding the contract and everything that attaches to it: disclosure obligations, audit rights, impact assessments, a paper trail its own institutions can pull. Or it can be adjacent, operating inside a system another state procured, carrying the full risk profile while every domestic accountability instrument sleeps, waiting for a purchase that happened in another capital.
NATO’s acquisition of the Maven Smart System reveals a third position. Canada is party to this procurement. Canadian contributions flow into the agency that signed it, Canadian consensus was required to authorize it, and Canadian forces now operate inside the system it delivered. A contract exists, and Canada is on the right side of it. What Canada holds, as one of thirty-two co-signatories to a sole-source acquisition of undisclosed value, is a procurement it can neither read, audit, nor exit. Call this collective procurement: a contractual position that preserves national exposure at full strength while diluting national accountability toward zero.
Adjacency showed what happens when procurement is absent but sovereignty is subject to technology, nonetheless. NATO shows procurement present but inaccessible. These are distinct failure modes of the same governance architecture. And at alliance scale, a third dynamic emerges that the bilateral case only hinted at: the entire Western alliance is drifting toward a reality in which a small number of technology firms hold a functional veto over collective defence, while leadership is occupied with trying to figure out how to deal with Donald Trump’s rhetoric and designs on Greenland. is his rhetoric intentional probably not is it advantageous to the firms and question, undoubtedly because the distraction is real at a time when attention is most needed.
What the Alliance Bought, and How Fast
On March 25, 2025, the NATO Communications and Information Agency finalized the acquisition of Maven Smart System NATO for employment within Allied Command Operations. The procurement was sole-source. It took six months from requirement to acquisition, which NATO itself described as one of the most expeditious in its history. The contract value was not disclosed, and remains undisclosed sixteen months later.
Speed of this kind is usually read as institutional agility. But it really exposes how little process was in the way. These are perfect and perfectly chilling examples of the impossibility of managing government size technology in 2026: the benefits are real, but the risks are unscoped. The tech moves too quickly for government systems to keep up, but without governance, exposure runs rampant. A sole-source award, completed in six months, for the cognitive layer of alliance command and control, with no public price: each element individually has precedent, and the combination describes a procurement in which the standard friction points, competition, evaluation, disclosure, were not overcome but absent.
A SHAPE representative told Janes at the time that Maven was already active and proven across nine NATO nations contributing to real-world operations. The nine were not named. The alliance-level acquisition therefore formalized a footprint that already existed at the national layer, invisibly, one bilateral relationship at a time. The pattern will be familiar to readers of this series: the Palantir map fills in first, and the procurement record catches up later, if at all.
The deployment timeline confirms how quickly formal acquisition converts to operational dependence. MSS NATO was incorporated into Exercise STEADFAST DETERRENCE in May 2025. By August, NATO’s Joint Warfare Centre was training staff on it and integrating it into the exercises it directs, the largest and most complex the alliance runs. In November 2025, Task Force Maven hosted an Industry Day positioning MSS as the open, extensible platform into which third-party tools integrate. And on June 22, 2026, the system achieved full operational capability, with full security accreditation for use on NATO classified networks. The Task Force Maven director described the milestone as authorization to operate the system for everything: exercises, missions, and activities.
Fifteen months from contract signature to full authorization on classified networks, across a thirty-two nation alliance. Over fifty applications were built and deployed across the operational force during 2025 alone. Fifteen third-party systems from French, German, Finnish, and British firms were integrated within the first year. The cloud infrastructure enabling the Industry Day integrations was donated by AWS. The platform supports AI models from Mistral and from Meta. This is the convergence pattern this series has traced in CoreWeave and elsewhere, reproduced at the alliance layer: a single vendor at the integration seam, hyperscale infrastructure underneath, a growing constellation of dependent applications above, and the entire stack accredited for the most sensitive networks the alliance operates.
The STANAG Paradox
NATO has solved fragmentation before. Its historical instrument is the STANAG, the Standardization Agreement, and for most of the alliance’s life it worked because the things being standardized were artifacts. A 7.62mm round is a 7.62mm round regardless of which member manufactured it. A fuel grade, a radio protocol, a pallet dimension: these are specifications. Any member can produce to the spec, verify compliance independently, and switch suppliers without asking anyone’s permission. Standardization created interoperability while leaving sovereignty exactly where it was.
AI cannot be standardized like a bullet. An analytic layer is not a specification any member can manufacture. It is a living system: model weights that update, detection thresholds that shift, fusion logic that evolves with each vendor release, all governed by whichever jurisdiction and corporate compliance regime the vendor answers to. There is no spec sheet against which Latvia can independently verify Maven, and no second supplier producing an interchangeable round.
So the alliance faces a temptation the STANAG era never did. To achieve instantaneous data fusion across thirty-two nations, the easiest path is concentration: everyone defaults to a single, unified, battle-tested infrastructure layer, which realistically means a dominant American stack. That is precisely what the MSS NATO acquisition executed, in six months, sole-source. The interoperability problem is real and the solution demonstrably works. The catch is what the solution costs. Standardizing on a vendor is not standardizing an interface. It asks thirty-one sovereign nations to place the operational tail of their defence apparatus, the data flows, the analytic priorities, the upgrade cadence, under Washington’s jurisdiction and one company’s compliance policies. The old STANAGs distributed capability across the alliance. The new default concentrates it, and calls the concentration a standard.
The Multi-Directional Leak
In the bilateral case, the adjacency pipeline is a straight line. Canadian sensor data flows into a US-procured stack; the exposure runs one direction, toward one jurisdiction, and can at least be diagrammed on a napkin. At alliance scale the line becomes a network, and the sovereignty leak becomes multi-directional.
One thread: a junior member on the Eastern Flank, Latvia or Denmark, integrates its local reconnaissance data into the shared alliance layer, because that is what protecting the flank now requires. That data is immediately processed by models the contributing nation did not build, running on compute infrastructure it does not own, under retention and secondary-use terms it cannot read, inside a contract held by an agency it funds but does not control. Every member in the network occupies this position simultaneously, each feeding the shared picture, each consuming an interpretation governed elsewhere.
The network has a second property the straight line lacked. Because the system is interconnected, a sovereign policy decision or legal constraint implemented by one nation can be silently overridden, or simply made visible to foreign entities, by the underlying architecture. And the architecture itself answers to a single jurisdiction. The alliance received a live demonstration in 2025, when the International Criminal Court’s lead prosecutor was locked out of his Microsoft account following US sanctions. An officer of an international institution, headquartered in a NATO capital, lost access to his own communications because of a policy decision made in Washington and executed by a vendor’s compliance department. This occurred again recently when Mythos and related releases were rug-pulled from use by “foreign actors” by the US administration in June. Allied governments drew the obvious inference: the digital floor beneath them can be switched off by a single foreign jurisdiction, without a shot fired or a treaty invoked. The MSS NATO stack, accredited for everything, sits on the same kind of floor.
The Contract Everyone Holds
The phantom customer position and the adjacent position differ in whether a contract exists. The collective position scrambles that variable. The contract exists. The question is what any individual member can do with it.
What power does Canada, as an alliance member, actually hold? The contracting party is NCIA, an alliance agency, funded through common contributions to which Canada is one line among thirty-two. The award was sole-source, so there is no competitive evaluation record for a Canadian parliamentary committee to request. The value is undisclosed, so there is no spending figure for a Canadian access-to-information request to attach to; the contract record sits in Brussels and Mons, outside the reach of Canadian disclosure law entirely. The audit rights, such as they exist, belong to alliance bodies, not to national legislatures. The upgrade path, the data handling terms, and the model behavior are governed by the vendor relationship NCIA holds, which no single member state can inspect, condition, or terminate.
Canadian Armed Forces personnel serving in Allied Command Operations work inside a shared operational picture generated, fused, and prioritized by the same Palantir-integrated analytic layer this series examined at NORAD. Canadian participation in the STEADFAST exercise series and in NATO’s exercise cycle means Canadian data feeds the environment and Canadian decisions consume its outputs. The stated ambition, in Task Force Maven’s own language, is a multinational sensor-shooter kill chain pulling data from all participating nations into full visualization.
The exposure profile is identical to adjacency. The accountability profile is arguably worse. An adjacent state can at least say, accurately, that it never bought the system, and build its governance demands from that clean position. A collective co-procurer consented, formally, through alliance consensus, to an acquisition whose terms it cannot see. Consent without visibility forecloses the objection while withholding the information the objection would need.
The dependency triggers this series established in The Cost of Dependency all apply here, and each one arrives at alliance scale. Change of ownership: Palantir sits at the integration seam and AWS donated the floor beneath the Industry Day integrations, and if either changes hands, merges, or restructures, thirty-two nations inherit the consequences without a consultation clause among them. Change in pricing: the contract value is undisclosed now, which means the repricing leverage at renewal is exercised against an alliance that is fifty applications and multiple exercise cycles deep, with no visible baseline to negotiate from. Change in temperature: the alliance has already lived through several. Change in capability: a model update that adjusts detection thresholds inside the shared operational picture is a silent capability change for every member acting on that picture, made by none of them, disclosed to none of them.
The four triggers describe what can happen. But they are no longer adequate to the task. They assumed back in April 3 months ago that we lived in the world where government still held the balance of power. it is no longer clear that is true. New conditions are demanding a second set of measures that describe the position we are standing in and how we know when it changes, and the collective procurement arrangement scores at maximum on all four. Opacity: a sole-source contract of undisclosed value, governing model behavior no member state can inspect. Foreign jurisdictional reach: a US vendor, US-controlled infrastructure, CLOUD Act exposure for every data flow, and the ICC precedent showing reach exercised in practice. Irreversibility: full operational capability on classified networks, fifty applications deep, with third-party integrations compounding quarterly; the cost of extraction now grows with every exercise cycle. Institutional capture: an alliance task force whose director publicly characterizes European sovereignty concerns as a misinformation campaign, while the platform he manages becomes the substrate those concerns are about. In the NORAD case, three triggers fired cleanly and capture was arguable. Here, all four fire.
The Alliance Is Splitting Into Tiers
The strongest argument for the concentrated stack is that it works, and the strongest evidence that the argument is insufficient comes from inside the alliance itself, where members are already sorting into two tiers defined by their answer to it.
One tier is building sovereign foundations. France tested Arcadia, an AI-enabled command system, during a NATO exercise this year, and the deputy chief of the French Army staff described it explicitly as a response to Maven, framing the question as whether to adopt Maven blindly or look for other solutions. The Netherlands, a Palantir customer at small scale since 2010, is evaluating MSS for broader adoption while its State Secretary for Defence describes the position as a two-track policy: participate in the alliance system, insist that management and control of military data stay in national hands, and acknowledge that a European alternative to Palantir does not exist. These are states pursuing infrastructure sovereignty: expensive, duplicative, operationally awkward, and undertaken anyway, because the alternative is permanent residence inside a cognitive layer governed elsewhere.
The other tier has outsourced entirely, purchasing operational capability and accepting the stack that delivers it. For smaller members this is less a choice than a budget line. The two tiers must now interoperate inside the same shared picture, which produces a structural friction the alliance has not named: every sovereign guardrail the first tier builds is only as strong as the shared layer both tiers feed. France can route its national workloads through Arcadia; the moment its data enters the alliance picture, it lives under the same vendor governance as everyone else’s. Infrastructure sovereignty at the national layer, purchased at great cost, dissolves at the seam where the alliance actually operates.
The Article 5 Surge Test
Clarity about the counterargument requires pressing it to its strongest form, which is not peacetime interoperability but wartime load. If a conflict triggers Article 5, data workloads explode overnight: sensor volumes, targeting cycles, logistics optimization, all scaling simultaneously across every domain. A hyperscale American stack absorbs that surge because absorbing surges is what hyperscale means.
The question for the sovereign tier: If a smaller member runs its defence workloads on a domestic sovereign cloud, does it possess the compute surge capacity to fight a modern algorithmic war? If the answer is no, then sovereign AI for smaller nations is an expensive peacetime illusion that disintegrates the moment the first missile flies, and every procurement built on it is theatre.
The answer is that the surge problem is real and the conclusion does not follow. Surge capacity can be pooled, pre-negotiated, and distributed across allied jurisdictions the way fuel, ammunition, and airlift already are. What cannot be reconstructed after dependence compounds is governance: audit rights, data terms, exit provisions, portability. A member that solves the surge problem by surrendering the governance problem has not solved anything; it has traded a capacity gap it could share its way out of for a sovereignty gap it cannot. The alliance knows how to pool physical capability. It has simply never applied the same logic to compute.
The Corporate Sovereign at the Table
Concentration has a final consequence that alliance doctrine has no vocabulary for. When the shared picture runs on a private platform, the vendor stops being a supplier and becomes a geopolitical actor in its own right, present in every operational decision without holding a seat, a flag, or a treaty obligation.
The alliance’s collective defence now depends on platforms managed by corporations that answer to boards of directors, shareholders, and commercial interests, not to military high commands or democratic treaties. A vendor’s compliance decision is a strategic decision for thirty-two nations, as the ICC lockout demonstrated. A vendor’s pricing decision shapes which members can afford which capabilities. A vendor’s ideology is not incidental either: Palantir’s leadership has been explicit about its views on American exceptionalism and the acceptability of force, and the AWS infrastructure underneath the Industry Day integrations was a donation, which is to say a strategic investment in becoming load-bearing. In any prior era, an actor with this degree of influence over allied command and control would have been a state, and the alliance would have negotiated its role in a treaty. Instead the role is defined in commercial terms of service that no parliament has read.
Toward an Algorithmic STANAG
The typology is now complete. A state can be a customer, holding a contract its institutions can govern. It can be adjacent, exposed through shared operational environments with no contract anywhere in its jurisdiction. Or it can be a collective co-procurer, party to a contract that alliance structure renders unreadable. Canada currently occupies all three positions with respect to a single vendor: customer through the OPP contract and the Carahsoft SLSA vehicle, adjacent through NORAD and the Maven Smart System in 22 Wing’s shared picture, and collective co-procurer through NCIA and MSS NATO.
If the NORAD analysis proved that Canada is exposed to AI systems it never bought, the alliance case proves something larger: that collective defence itself is acquiring a dependency structure in which a handful of firms hold a functional veto over the operations of thirty-two democracies. The task is not to refuse the shared picture. It is to move past the warning and specify the alternative, an Algorithmic STANAG: standardization rebuilt for systems instead of artifacts.
The old STANAGs standardized the thing. The new ones must standardize the terms around the thing, because the thing itself cannot be made interchangeable. That means alliance-level minimum disclosure floors for common-funded AI acquisitions, so that sole-source and undisclosed stop being compatible with consensus. National audit access for any system that processes national data, negotiated as a condition of contribution rather than requested after accreditation. Data governance clauses that follow member sensor data through the shared environment, addressing retention, secondary use, model training, and foreign jurisdictional reach explicitly rather than by silence. Change notification obligations, because a detection threshold adjusted in a vendor update is an operational policy change for thirty-two nations, made by none of them. Portability and exit provisions priced before dependence compounds. And pooled surge arrangements across allied jurisdictions, so that the sovereign tier’s honest weakness stops being the concentrated tier’s winning argument.
France and the Netherlands have demonstrated that raising these questions inside the alliance is possible. Canada has no Arcadia, no two-track policy, and no position paper on the system that now mediates its NATO operations; its national Maven conversation remains confined to a single DND contract whose suggested exit this series has already identified as a pressure release. The shared picture is on screens in Mons and Brunssum and Stavanger now, as well as North Bay. The complexity is dramatically greater. Canada helped pay for this one, but it may not know what it has bought, and getting to the questions needed is hard enough. The answers may be very hard to look at.
Jen Evans is the principal of PatternPulse AI and a co-founder of Tech Reset Canada.

