DCS Labs is a research organisation. The 72-feature agenda spans government, defence, medical, space, financial, climate, disaster, education, and agriculture. Most are sensitive. This page documents — category by category — what we research, the legal frameworks we operate under, and the things we will not do without proper partnerships, certifications, or authorisations.
A handful of US labs publish all the foundational AI work. The rest of the world adopts it years later, often without the sovereignty, audit, or domain-fit that local institutions need. DCS Labs exists to close that gap. The 72-feature agenda is the set of capabilities we believe sovereign AI infrastructure should have — built openly, with proofs, in public.
If a customer's data leaves their jurisdiction, it loses legal protection. Most AI infrastructure assumes US-controlled cloud. We research the opposite: cryptographically-verifiable sovereignty as a built-in property, not an add-on.
Every action — every receipt, model decision, agent move — should be independently verifiable years later. The R-Series cryptography (R+1/+2/+3/+4) is research toward making that practical at production scale.
Cryptography, receipts, agent protocols → published, MIT-licensed, peer-reviewable. Weaponizable applications → not built without sovereign partnerships, IRB-style review, and explicit governmental authorisation.
Every paper, prototype, dataset, and benchmark we produce is published under permissive licenses (MIT / CC-BY-4.0). The 9-piece moat is in code; the standards are in specs; the agenda is on this page. Build with us, fork us, audit us.
Each of the 9 sensitive categories below has its own legal frame. Research mode = whitepapers, prototypes, public demos, datasets, benchmarks. Operational mode = deployment into the regulated environment, requiring partnership, certification, and authorisation we do not currently hold.
Sovereign-AI reference architectures for government use — air-gapped deployments, full audit chains, multi-ministry coordination patterns, citizen-data protection by cryptographic erasure. Published as whitepapers + reference code.
We do not operate government systems. We do not have classified-information clearances. We do not bid on tenders for systems handling national security data without a partnership-of-record and a defence-ministry-issued authorisation.
UAE Federal Decree-Law 45/2021 (PDPL) India DPDP Act 2023 GDPR (EU residents) Local government procurement law (where engaged)
Dual-use AI primitives that have a publishable, peer-reviewable, non-weaponized research surface — secure communication protocols, multi-agent coordination patterns, supply-chain optimisation models, threat-detection benchmarks. All published openly.
US ITAR 22 CFR §120-130 US EAR 15 CFR §730-774 Wassenaar Arrangement (dual-use list) India SCOMET list (DGFT) UAE export-control law (Federal Decree-Law 13/2007)
Privacy-preserving healthcare AI — disease-prediction models on anonymised data, medical-image analysis benchmarks, mental-health support agent architectures with sovereign data guarantees, drug-discovery acceleration prototypes. Output: papers, datasets, reference code.
HIPAA (US, with BAA) FDA 21 CFR §820 / SaMD guidance EU MDR 2017/745 India CDSCO Medical Devices Rules 2017 GDPR Art 9 (sensitive data) UAE Federal Law 2/2019 (health data)
Edge-AI architectures for space (low-power agents, intermittent connectivity), on-chain provenance for satellite imagery, mission-control assistant prototypes, multi-planet agent coordination protocols, lunar-resource-mapping AI, space-weather prediction networks. Open papers + reference implementations.
UN Outer Space Treaty 1967 US Remote Sensing Act / NOAA licensing India Remote Sensing Data Policy 2011 ITAR USML Cat XV (spacecraft + satellites) UAE Space Activities Law (Federal Law 12/2019)
Fraud-detection patterns for banking + UPI, alternative credit-scoring on non-traditional data (with consent), insurance-fraud detection benchmarks. Models published as research; not personalised financial advice.
RBI Master Directions (India) UPI Procedural Guidelines (NPCI) PCI-DSS EU PSD2 UAE CBUAE regulations SEC / SEBI / FCA depending on customer jurisdiction
Carbon-credit verification with satellite + on-chain proofs, air-quality prediction + health alerts, glacier + sea-level monitoring, climate-risk prediction for farmers. Open-source benchmarks against public datasets (NASA EOSDIS, ESA Copernicus, India ISRO Bhuvan).
UN Paris Agreement Art 6 Verra VCS / Gold Standard methodologies (as a reference, not certifying body) India BEE / MoEFCC notifications EU EU ETS
Disaster early-warning models, flood + cyclone prediction, wildfire detection from satellite/drone imagery, earthquake-pattern research, emergency-response coordination protocols. Aligned with India NDMA + UN Sendai Framework references.
India Disaster Management Act 2005 UN Sendai Framework 2015-2030 WMO Common Alerting Protocol (CAP) FEMA IPAWS (US, where applicable)
Crop-health monitoring from satellite/drone imagery, precision-farming agent recommendations, soil-health + fertiliser optimisation, supply-chain optimisation models for FCI-scale procurement. Open benchmarks; pilots with farmer-cooperatives where invited.
India Plant Quarantine Order 2003 PPV&FR Act 2001 (farmer rights) EU CAP regulations FAO Voluntary Guidelines on responsible tenure
Personalised-learning agent architectures, skill-gap analysis models, NEET/JEE coaching agent prototypes, vernacular-language learning agents. All COPPA-aware, parent-consent first for minors.
COPPA (US, under-13) India DPDP 2023 (children's data) GDPR Art 8 (consent age) UNESCO AI in Education recommendations
Some research areas are technically possible but ethically and legally off-limits. These will never enter our roadmap. If you ask for them, the answer is no.
Targeting, kill-chain, autonomous strike decisions, lethal-force-without-human-in-loop. Not researched, not prototyped, not consulted on.
Face-recognition + cross-referencing-without-warrant pipelines. Population-scale tracking. Social-credit scoring.
Gender / sexuality / political-affiliation / health-status inference from face or voice. No exceptions.
Generative voice/text representing a real person without consent. Synthetic media in elections. Romance-scam AI.
Any AI assistance to bio / chem / nuclear weapons design. Includes "academic" curiosity prompts on this topic.
CSAM generation, detection-bypass research, age-verification-bypass research. Reported to authorities if asked.
Offensive cyber-attack tooling for power-grid, water, hospital, transport, financial infrastructure. We may research defence; never offence.
Voter-targeting automation, disinformation generation, deep-fake political ads. Includes paid consultancy on this topic.
Every feature on the 72-item roadmap that touches one of the 9 sensitive categories above goes through this 5-step review before any code is written. Items in the "hard limits" list above are auto-rejected at step 1.
Each proposed feature is classified by domain (Government / Defence / Medical / Space / Financial / Climate / Disaster / Agriculture / Education / Core). The forbidden list is checked first — any match auto-rejects.
The relevant statutes are listed (e.g. HIPAA + FDA SaMD for medical, ITAR + EAR for defence). If we lack the relevant authorisation, the feature is downgraded to "research-mode only" — no operational deployment.
What's the worst-case misuse? Who's the affected population? What harm-mitigation primitives must be in the design (consent, opt-out, audit, kill-switch)?
How will we be honest about what's built vs. theoretical? What status pill (Shipped / Partial / Roadmap) is accurate? What flags ship default-OFF?
If after launch we discover unintended harm, can we roll back? Cryptographic erasure, kill-switches, model unloads, and consent revocation must work — proven before launch, not after.
Beyond category-specific law, DCS Labs operates under these umbrella frameworks for every product and every customer.
GDPR (EU + UK), India DPDP 2023, UAE Federal Decree-Law 45/2021, US state laws (CCPA / CPRA / VCDPA), Brazil LGPD. DPA template at dcsai.ai/dpa.
US ITAR + EAR, Wassenaar Arrangement, India SCOMET (DGFT), UAE export-control law. No dual-use technology export without licence verification.
Code under MIT/Apache-2. Standards under CC-BY-4.0. We respect third-party IP; takedown process at [email protected].
EU AI Act risk-tier compliance (high-risk = research-mode only). NIST AI RMF reference. India NITI Aayog principles. UAE AI Charter. Voluntary G7 Hiroshima principles.
Responsible-disclosure: /security. Bug-bounty for receipt-chain + R-Series vulnerabilities. PGP key at /security/pgp.txt.
US FCPA, UK Bribery Act 2010, India Prevention of Corruption Act, UAE Federal Decree-Law 31/2021. Zero tolerance, every customer.
If you think a feature on our roadmap should not exist, tell us. If you think we're being too cautious in a category that matters to you, also tell us. We update this policy quarterly + every time a partner asks a question we hadn't answered.