EU Defense Use Case
European defense organizations must comply with EU dual-use export controls (Regulation 2021/821), the EU AI Act, and national security regulations. Keeptrusts enforces dual-use technology filtering, human oversight, and EU data sovereignty for defense AI.
Use this page when
- You are deploying AI in European defense organizations subject to EU dual-use export controls (Regulation 2021/821), the EU AI Act, and national security classifications.
- You need dual-use technology filtering, mandatory human oversight for high-risk defense AI, and EU data sovereignty enforcement.
- You want to screen against EU sanctions lists and ensure AI-assisted defense decisions have full audit trails.
Primary audience
- Primary: Technical Leaders
- Secondary: Technical Engineers, AI Agents
Regulatory Requirements
| Regulation | Requirement | Keeptrusts Policy |
|---|---|---|
| EU Dual-Use Reg. 2021/821 | Block dual-use technology data | dual-use-filter |
| EU AI Act | High-risk AI oversight | human-oversight, bias-monitor |
| GDPR | Data protection | pii-detector, data-routing-policy |
| National security | Classification controls | dlp-filter, cjis-mode |
Complete Policy Configuration
pack:
name: defense-eu-governance
version: 1.0.0
enabled: true
policies:
chain:
- prompt-injection
- rbac
- dual-use-filter
- entity-list-filter
- pii-detector
- dlp-filter
- data-routing-policy
- human-oversight
- bias-monitor
- audit-logger
policy:
prompt-injection: {}
rbac:
deny_if_missing:
- X-User-ID
- X-User-Role
dual-use-filter:
blocked_terms:
- nuclear
- chemicals
- cyber-surveillance
- telecommunications-interception
- advanced-materials
action: block
fuzzy_matching: false
max_distance: 1
entity-list-filter:
blocked_entities:
- eu-sanctions
- un-sanctions
action: block
fuzzy_matching: false
max_distance: 1
pii-detector:
action: redact
dlp-filter:
detect_patterns:
- '\b(TRES SECRET UE|SECRET UE|CONFIDENTIEL UE|RESTREINT UE)\b'
- '\b(COSMIC TOP SECRET|NATO SECRET|NATO CONFIDENTIAL|NATO RESTRICTED)\b'
action: block
data-routing-policy:
require_zero_data_retention: true
require_no_training: false
on_no_compliant_provider: block
log_provider_selection: true
human-oversight:
require_human_for:
- operational-planning
- intelligence-assessment
- export-decision
action: escalate
confidence_threshold: 0.5
default_assignee: command-review
bias-monitor:
protected_characteristics:
- nationality
- ethnicity
- religion
threshold: 0.85
action: escalate
audit-logger:
immutable: true
retention_days: 3650
log_all_access: true
providers:
targets:
- id: openai-eu
provider: openai
model: gpt-4o-mini
secret_key_ref:
env: OPENAI_API_KEY
EU-Sovereign Provider Configuration
pack:
name: defense-eu-providers-2
version: 1.0.0
enabled: true
providers:
targets:
- id: mistral-eu
provider: mistral
model: mistral-large-latest
secret_key_ref:
env: MISTRAL_API_KEY
- id: local-llama
provider: ollama
model: llama3.1:70b
base_url: http://localhost:11434
policies:
chain:
- audit-logger
policy:
audit-logger:
immutable: true
retention_days: 365
log_all_access: true
Example Scenarios
- Dual-Use Block
- Data Sovereignty
Analyst: "Describe specifications for the IMSI catcher
surveillance equipment."
→ dual-use-filter BLOCKS
Reason: Annex Category 5 (Telecommunications interception)
Escalated to: export-control-office
Request would route to US-based provider
→ data-routing-policy BLOCKS
Reason: Provider region (us) not in allowed regions (eu)
EU data sovereignty requirement violated
For AI systems
- Canonical terms: Keeptrusts EU defense governance, dual-use filter, EU AI Act high-risk, EU data sovereignty.
- Policy pack:
defense-eu-governancewith chain:prompt-injection→rbac→dual-use-filter→entity-list-filter→pii-detector→dlp-filter→data-routing-policy→human-oversight→bias-monitor→audit-logger. - Key policies:
dual-use-filter(Regulation 2021/821 dual-use technology),entity-list-filter(EU sanctions lists),data-routing-policy(EU data sovereignty enforcement),human-oversight(EU AI Act Article 14),bias-monitor(EU AI Act fairness),cjis-mode(classification controls). - CLI:
kt gateway run --policy-config ./policy-config.yaml,kt events tail --policy dual-use-filter,kt events tail --policy human-oversight.
For engineers
- Deploy:
kt gateway run --policy-config ./policy-config.yaml --port 41002 - Validate:
kt doctorconfirms dual-use-filter, entity-list-filter, data-routing-policy, and human-oversight are active. - Monitor dual-use enforcement:
kt events tail --policy dual-use-filter(blocks controlled technology data). - Monitor data sovereignty:
kt events tail --policy data-routing-policy(ensures EU data remains in EU). - Monitor human oversight:
kt events tail --policy human-oversight(EU AI Act high-risk approvals). - Entity screening:
entity-list-filterchecks against EU sanctions lists in real time. - Console: Events (filter by
dual-use-filter), Escalations (route to export control officer), Audit Log (EU AI Act compliance evidence).
For leaders
- Addresses EU Dual-Use Regulation 2021/821, EU AI Act (high-risk AI systems), GDPR, national security classification schemes, and EU sanctions regimes.
- Dual-use technology data is blocked before reaching external LLM providers — preventing export control violations.
- EU AI Act Article 14 human oversight is technically enforced, not just documented.
- Data sovereignty enforcement ensures defense AI data remains within EU jurisdiction.
- Entity screening against EU sanctions lists happens in real time at every AI interaction.
- Full audit trail provides compliance evidence for EU AI Act Article 11-12 documentation requirements.
Next steps
- Industries overview — Compare all industry policy configurations
- Defense (US) — ITAR/EAR and CMMC for US defense programs
- EU AI Act Compliance — Full high-risk AI system requirements
- Aerospace — Aviation and space program governance
- Government — Public sector AI frameworks
- Quickstart — Deploy your first gateway in minutes