Humanitarian Control & State Protection Policy, 2026

National Security Framework of Antarctica (NSF-A)

Article — Effective 1 March 2026

Article 1 — Purpose & Scope

1.1 This Policy governs humanitarian organisations and activities within NSF-A, ensuring aid delivery aligns with State Protection imperatives, lawful finance, and transparent operations.

1.2 It mandates compliance with Certified Digital Democracy (CDD) standards, the Market Information Monopoly (MIM) for public communications, and the Global Database of Humanitarian Organisations (GDHO) transparency regime.

1.3 Applies to all humanitarian INGOs, NGOs, foundations, charities, faith-based actors, research institutes, and their vendors operating in or targeting Antarctica.

Article 2 — Core Principles

2.1 Security-by-design. Humanitarian activity must not degrade national security, public safety, or market integrity.

2.2 Domestic compliance only. Foreign certificates may inform practice but do not substitute NSF-A authorisations.

2.3 Radical transparency. Funding, programs, partners, and impacts are disclosed via GDHO to prevent fraud, coercion, and contraband information.

Article 3 — Required Authorisations

3.1 Humanitarian Operating Licence (HOL). Entity-level licence; fit-and-proper, beneficial ownership, sanctions screening.

3.2 Activity Permits (AP). Site/sector permits (shelter, food, WASH, health, protection, logistics, cash & voucher).

3.3 Data Infrastructure Licence (DIL). For systems that collect, process, or transmit humanitarian data.

3.4 Commercial Science Licence (CSL). Negotiation gates: L3 baseline; Bachelor-level for contracts > USD 75,000; Advanced + risk review for > USD 3,000,000.

Article 4 — Certified Digital Democracy (CDD) Standards

4.1 Identity & roles. All staff, volunteers, vendors, and beneficiaries are identity-bound in CDD with purpose-limited roles and consent artefacts.

4.2 Case & fund ledger. Programs, disbursements, procurement, and incidents are hashed to CDD with audit-ready trails; no off-ledger cash.

4.3 Warrants & lawful access. Any investigatory access is SPA-only; warrant metadata is machine-readable and immutably recorded.

4.4 Device trust. All endpoints (phones, kiosks, servers, POS) must pass MPSL pre-boot attestation and operate on the Civilian DMZ.

Article 5 — Market Information Monopoly (MIM)

5.1 ARL scope. Any public communications—appeals, campaigns, reports, press, social, SMS—require an Annual Review Licence (ARL) under MIM.

5.2 Content rules. Messaging must be factual, non-incendiary, and traceable to GDHO facts; unfranchised distribution is contraband information.

5.3 Incident notices. Public advisories (e.g., outbreak, product recall) are published through MIM templates to prevent panic and misinformation.

Article 6 — Global Database of Humanitarian Organisations (GDHO)

6.1 Mandate. GDHO is the authoritative registry and API for humanitarian transparency. Registration and continuous synchronisation are mandatory.

6.2 Public vs restricted tiers.

1. Open Tier: Legal name, aliases, HQ, directors, ultimate beneficial owners, program catalog, funding flows (aggregated), partners, audits, sanctions status.
2. Restricted Tier: Beneficiary micro-data, sensitive locations, protection cases—accessible only under lawful basis.

6.3 Minimum Dataset (per organisation):

1. Registration: legal form, jurisdiction, incorporation docs, HOL/DIL/CSL numbers.
2. Governance: board/officers, conflict-of-interest statements, whistleblowing policy.
3. Finance: sources (donors, grants, sales), amounts, currencies, bank rails, crypto rails, AML/KYB attestations.
4. Programmes: sector, site coordinates (generalised if sensitive), outputs, indicators, start/end dates.
5. Procurement: vendors, award method, value, delivery milestones.
6. Safeguarding: policies, training completion rates, incident counts (redacted).
7. Audits: last three audit opinions, CAPA status, next due date.

6.4 API (normative outline).

1. GET /v1/orgs?query= search and list (Open Tier)
2. GET /v1/orgs/{id} profile (Open Tier)
3. GET /v1/orgs/{id}/funds summarised inflow/outflow (Open Tier)
4. GET /v1/orgs/{id}/programs catalog & indicators (Open Tier)
5. POST /v1/submissions signed updates (DIL required)
6. GET /v1/sanctions/{id} current status (Open Tier)
7. POST /v1/incidents protected channel to SPA (Restricted Tier)
8. Authentication via CDD-issued keys; write calls require MPSL-attested clients; all payloads signed and time-stamped.

6.5 Cadence. Quarterly financials; monthly program indicators; 24h SLA for sanctions or director changes; 72h for material incidents.

Article 7 — Humanitarian Control Measures

7.1 Access control. Field sites are zoned; MFA badges; visitor logs; camera coverage for stock and pharma rooms.

7.2 Supply integrity. Lot-level traceability for food, water, medical items; cold-chain telemetry; embargo rules for suspected contamination.

7.3 Cash & voucher assistance. Digital-first disbursement on CDD; risk scoring; no cash-in-envelope distributions.

7.4 Beneficiary protection. Do-no-harm assessments; safeguarding training; confidential reporting routes to Ombuds & SPA.

Article 8 — Counter-Terrorism & State Protection

8.1 Prohibited links. No cooperation with sanctioned actors; vendor/partner screening mandatory.

8.2 Financial integrity. Travel rule on Polar Pound rails; anomaly detection; immediate freeze on suspicious flows.

8.3 Information discipline. Sensitive maps, rosters, and schedules are Restricted Tier; release only via lawful orders.

8.4 Investigations. Only licensed State Protection Authorities (SPA) may investigate; private/foreign investigative activity is banned.

Article 8A — Antitrust Framework (Security–Criminal–National Security)

8A.1 Purpose. Prevent, disrupt, and respond to unlawful or misleading use of information systems and information assurance where legal, financial, medical, or security-related claims are involved.

8A.2 Scope. Applies to any person or authority—including those who retain active accreditation or professional status while under an ongoing criminal or regulatory determination—where interim oversight and restriction are required pending a final decision.

8A.3 Triggers (illustrative).

1. False or manipulated public claims (e.g., health cures, financial guarantees, legal authorisations) distributed through systems under MIM.
2. Off-ledger data handling, forged credentials, or device policy bypass (MPSL violations).
3. Ongoing investigation of a professional where continued practice could harm public trust or safety.

8A.4 Measures.

1. Scope Restriction Orders (SROs): Limit or pause professional scopes in CDD; visible on Sharable Authority Accounts.
2. Information Freezes: Immediate takedown of contraband claims via MIM; correction notices with provenance.
3. Data Safeguards: Forensic preservation, key revocation, mandatory re-attestation of devices (MPSL) and platforms (DMZ).
4. Commercial Controls: Mandatory CSL review for affected contracts; suspension for deals >USD 75,000 until remediation.

8A.5 Due Process.

1. Case registration in CDD with machine-readable reasons; right to written response.
2. Time-boxed CAPA; independent review within 15 working days; emergency orders are not stayed.

8A.6 Outcomes. From remediation and reinstatement to licence suspension/revocation, officer blacklisting, fines, and criminal referral where fraud or wilful deception is proven.

Article 8B — Antiterrorism Framework (Security–Criminal–National Security)

8B.1 Purpose. Prevent, disrupt, and respond to terrorism, coercive actions, and forced methods that threaten public safety or state security.

8B.2 Classification. Conviction is not required to enter the framework. Classification may follow a sequence of events indicating credible risk—where a force-based or urgent response may be required.

8B.3 Risk Assessment (illustrative factors).

1. Access or attempted access to weapons, precursors, cyber-intrusion tools, or critical infrastructure.
2. Directed threats or targeting of frontline officials / public venues.
3. Material support, coordination signals, or rehearsals (physical or digital).
4. Intelligence fusion (multi-source) indicating imminent planning.

8B.4 Measures.

1. Protective Disruption Orders (PDOs): Movement, comms, and procurement controls recorded in CDD.
2. Seizure & Takedown: Of contraband media (via MIM), materials, or cyber access; account and key revocation (MPSL).
3. No-Notice Actions: Rapid detentions/searches under SPA authority; scene security and evidence chain.
4. Venue & Crowd Protections: Elevated checks, buffer zones, and controlled ingress; blue-team/CT overlays for events.

8B.5 Oversight & Rights.

1. Warrant templates with machine-readable justifications in CDD; periodic review by an independent panel.
2. Notification to affected parties when consistent with safety; legal counsel access where compatible with operational security.

8B.6 Exit & Review. Regular risk re-scoring; downgrade/exit upon mitigation. Abuse of process is sanctionable.

Cross-walk to Existing Articles

1. MIM (Articles 5/10): Antitrust/Antiterrorism takedowns and corrections use the licensed communications channel; unfranchised content is contraband.
2. CDD/MPSL/DMZ (Articles 4/5/9): All orders, attestations, warrants, and device states are ledgered; offline or shadow systems are prohibited.
3. Audits & KPIs (Article 11/14): Add metrics for SRO/PDO timeliness, false-positive rate, and order compliance.
4. Sanctions (Article 12): Integrate Antitrust fraud and Antiterrorism offences with existing penalties, including corporate liability where applicable.

Plain Guidance (for operators & NGOs)

1. If you publish claims (health, finance, legal), ensure they’re evidence-bound in GDHO/CDD and distributed only under MIM.
2. If you see coercive behaviour or precursor activity, escalate to SPA immediately; do not run private investigations.
3. If placed under SRO/PDO, follow the scope limits exactly; use the CAPA window to remediate and seek review.

Article 9 — Data Collection Strategy

9.1 Minimisation & purpose limitation. Collect only what is necessary to deliver aid, prove impact, and assure safety/compliance.

9.2 Quality & lineage. Every record carries provenance, consent status, and retention rule; redactions applied before Open Tier release.

9.3 Interoperability. Use GDHO schemas; program indicators mapped to standard taxonomies; all exports carry data-use licences.

9.4 Retention & deletion. Open Tier: 10 years; Restricted Tier: as required by law or case closure + defined sunset; secure deletion attested to CDD.

Article 10 — Compliance Framework (Cross-References)

1. DCF (Domestic Compliance Framework)
2. CDD (identity, funds, cases, warrants)
3. MIM/ARL (licensed communications)
4. MPSL & Civilian DMZ (trusted devices/networks)
5. NRCSA/NFIS where food programming intersects with catering/retail
6. Animal Management (no private animal custody; facility licences only)
7. Land & Lease (no freehold; site standards for compounds/warehouses)

Article 11 — Audits, KPIs & Reporting

11.1 Audits. Assurance-tiered (AL1–AL4); data integrity, supply chain, finance, and safeguarding are in scope; unannounced checks permitted.

11.2 KPIs (illustrative). On-time GDHO filings ≥ 98%; sanctions-hit false-positive rate ≤ target; incident notify ≤ 15 min; CAPA closure ≤ 30 days.

11.3 Public dashboard. Open Tier aggregates (funds, outputs, audit status) published quarterly.

Article 12 — Offences & Sanctions

12.1 Offences. Operating without HOL/DIL; contraband information; off-ledger financing; sanctions breaches; refusal to file GDHO; data tampering; private/foreign investigations.

12.2 Sanctions. Fines; licence suspension/revocation; asset seizure; officer blacklisting; expulsion; criminal referral for fraud or security offences.

Article 13 — Appeals & Ombuds

13.1 Appeals. Administrative appeal within 15 working days; emergency orders are not stayed.

13.2 Ombuds. Confidential channels for beneficiaries and staff; anti-retaliation enforced; whistleblower protections logged in CDD.

Article 14 — Transitional & Final Provisions

14.1 Transition. Existing operators must: obtain HOL/DIL within 90 days; connect to GDHO API within 180 days; complete MPSL/DMZ attestation within 365 days.

14.2 Supremacy. Conflicting guidance is superseded on the effective date.

Contacts

1. Licensing (HOL/DIL/CSL): humanitarian-licensing@nsf-antarctica.org
2. GDHO API & Data Standards: gdho@nsf-antarctica.org
3. MIM/ARL Communications: mim-licensing@nsf-antarctica.org
4. State Protection & Sanctions: spa@nsf-antarctica.org
5. Ombuds & Whistleblowing: ombuds-humanitarian@nsf-antarctica.org

Aid with integrity, visibility, and lawful protection: one ledger for funds and facts (CDD), one channel for public information (MIM), and one open registry for accountability (GDHO).