POLICY MEMO: Mitigating Sovereign Risk in Defense-Integrated Mega-Constellations

TO: Senate Armed Services Committee; House Committee on Financial Services; National Security Council Staff FROM: Strategic Infrastructure Analysis Group DATE: February 23, 2026 SUBJECT: Foreign Sovereign Investment in Sole-Sourced Defense Constellations — CFIUS Gaps, Vendor Lock-In, and the Pre-IPO Window

I. EXECUTIVE SUMMARY

The events of February 16–22, 2026, have exposed a structural vulnerability in the frameworks governing foreign investment in defense-critical infrastructure operators. While legacy legal mechanisms have engaged successfully with individual actors (e.g., the U.K. arrest of Andrew Mountbatten-Windsor for misconduct in public office), no equivalent mechanism has visibly engaged with the conversion of $3 billion in Saudi sovereign capital into equity in the entity that sole-sources the Pentagon’s primary military satellite communications constellation (MILNET) and hosts AI models on classified networks (GenAI.mil at Impact Level 5).

With a SpaceX IPO reportedly planned for mid-June 2026 at a valuation of up to $1.5 trillion, and a hard congressional deadline of March 2, 2026 for Secretary Hegseth to explain Grok’s integration into Pentagon networks (Ossoff-Van Hollen letter, Feb. 10, 2026), the window for structural intervention is narrowing on two timescales simultaneously — days for the cognitive layer, months for the capital layer. Once ownership is distributed to millions of retail shareholders, the political cost of regulatory action will rise substantially. This memo identifies four specific governance gaps and proposes corresponding legislative interventions that can be pursued through existing institutional channels within the pre-IPO timeline.

II. KEY FINDINGS

A. The CFIUS Visibility Gap

On February 18, 2026, Saudi Arabia’s Humain — a subsidiary of the Public Investment Fund — disclosed a $3 billion investment in xAI’s Series E funding round. Following SpaceX’s February 2 acquisition of xAI, Humain’s holdings converted into SpaceX equity, representing approximately 0.24% of the $1.25 trillion combined entity (Bloomberg, Feb. 18, 2026; CNBC, Feb. 19, 2026; Humain press release, Feb. 18, 2026).

What the public record shows: SpaceX and xAI executives did not respond to press inquiries about whether the transaction triggered CFIUS review (CNBC, Feb. 2, 2026). No public filing or confirmation of review has been disclosed by any party. Senator Warren and Representative Kim wrote to Secretary Hegseth on February 5 raising concerns about the opacity of SpaceX’s foreign ownership, noting “no publicly available information” on the extent of foreign-state-linked investment in the company. ProPublica reported in March 2025 that Chinese investors had been routing capital into SpaceX through Cayman Islands vehicles.

What the public record does not show: Whether CFIUS review was triggered and is classified; whether the investment was structured to avoid mandatory filing triggers; or whether a voluntary filing is pending. The public record is genuinely ambiguous, and responsible analysis must acknowledge this.

Why all three scenarios constitute a gap: If the review occurred and is classified, congressional appropriators funding MILNET may lack visibility into conditions imposed on the operator’s cap table. If the investment was structured as passive and non-controlling — conferring no board seats, observer rights, or access to material non-public technical information — it may fall outside FIRRMA’s mandatory filing triggers (31 CFR § 800.401) despite the target entity’s operation of classified defense infrastructure. If a voluntary filing is pending, the pre-IPO timeline creates urgency for resolution before the shareholder base diffuses.

B. Vendor Lock-In as an Accountability Constraint

The MILNET program — over 480 military communications satellites — is sole-sourced to SpaceX through a National Reconnaissance Office contract (Breaking Defense, June 18, 2025; Via Satellite, June 26, 2025). The Space Force requested $277 million in FY2026 for MILNET RDT&E. The constellation uses SpaceX’s proprietary Starshield terminals, proprietary encryption, and proprietary inter-satellite laser links integrated with commercial Starlink. Senator Coons asked directly whether this “makes us dependent on their proprietary technology and avoids the very positive benefits of competition and open architecture.” The Air Force Secretary’s response — “how we field that going forward is something that’s still under consideration” — was not a plan (Via Satellite, June 26, 2025).

The operational dependency creates a structural constraint on accountability: regulatory action, contract cancellation, or prosecution of the corporate parent would risk disrupting the military’s communications architecture. This is not an assertion that prosecution is impossible; it is an observation that the political and operational calculus of accountability is materially altered when the target entity is the sole provider of a military-critical function that cannot be migrated to an alternative provider on any relevant timeline.

Asymmetric velocity. The contrast extends to institutional clock speed. Removing Andrew Mountbatten-Windsor from the line of succession — a symbolic act against a figure with no operational significance — requires legislation through both houses of Parliament, royal assent, and the consent of all fourteen Commonwealth realms under the Statute of Westminster 1931 convention (House of Commons Library, Feb. 2026; CNN, Feb. 20, 2026). The last comparable exercise, the 2013 Succession to the Crown Act (adjusting gender-preference rules), required coordinating legislation across seven Australian parliaments alone and took years to complete. The SpaceX-xAI merger closed in weeks; the Humain equity conversion in days; the FCC accepted the million-satellite application within five days of filing. The legacy system processes accountability at the speed of multilateral treaty compliance. The infrastructure system assembles structural immunity at the speed of private capital.

C. Jurisdictional Arbitrage and the “Sentient Sun” Strategy

The FCC application filed January 30, 2026, for up to one million orbital data center satellites operating between 500 and 2,000 kilometers altitude represents a stated intent to move AI compute infrastructure beyond the reach of terrestrial regulatory, environmental, and law-enforcement jurisdictions (FCC Space Bureau filing, Jan. 30, 2026; The Register, Feb. 5, 2026). Musk’s February 2 blog post described this as part of the mission to build a “sentient sun,” and an internal all-hands meeting on February 11 reorganized xAI around this strategy, with orbital data centers as the primary focus for 2026 (SatNews, Feb. 16, 2026). The SpaceX filing invoked the concept of a “Kardashev Type II civilization” capable of harnessing the total energy output of its star.

This remains aspirational — no orbital compute has been deployed, and Starship has completed only test flights. But the stated corporate intent raises an immediate governance question: if AI compute processing military or intelligence data is relocated to orbital infrastructure operated by a private entity with a transnational capital structure, existing frameworks for search and seizure, data governance, and regulatory oversight have no clear jurisdictional basis. The Outer Space Treaty (1967) assigns state responsibility for national space objects but does not address data sovereignty, law-enforcement access, or regulatory jurisdiction over private-sector compute operations in orbit. The gap between stated corporate ambition and available legal frameworks is already wide; it will become structurally permanent if not addressed before the operational capability materializes.

D. The IPO as Structural Lock-In

Once SpaceX is publicly traded, three conditions change simultaneously. The shareholder base diffuses across millions of retail investors and institutional funds, creating a broad constituency with a financial interest in the entity’s operational continuity. The political cost of regulatory action rises because it becomes a cost imposed on ordinary Americans’ retirement savings. And the informational opacity of the pre-IPO cap table becomes embedded in a public-market structure not designed to surface the beneficial-ownership chain of pre-offering sovereign and foreign-routed investors.

A. CFIUS Transparency — Immediate (Pre-IPO)

Action: The Senate Armed Services Committee and/or the Senate Appropriations defense subcommittee should request a classified briefing from Treasury (CFIUS chair) on the status of any review of the Humain-to-xAI-to-SpaceX equity conversion. The briefing should address three questions: (1) Was mandatory or voluntary filing triggered? (2) If review occurred, were conditions imposed? (3) If no review occurred, what specific FIRRMA provision excluded the transaction?

Legislative vehicle: Expand the scope of the Warren-Kim letter (Feb. 5, 2026) to encompass the Humain investment specifically. Alternatively, attach a reporting requirement to the FY2027 NDAA requiring CFIUS to notify the Armed Services committees within 30 days of any foreign sovereign investment exceeding $500 million in a Tier-1 National Security Provider (defined below).

Recommended statutory definition — “Tier-1 National Security Provider”: Any entity that (a) operates a government-owned, contractor-operated satellite constellation exceeding 100 nodes for military communications or intelligence; (b) hosts AI models on classified DoD networks at Impact Level 4 or above; or (c) holds active sole-source launch contracts with the NRO or Space Force exceeding $1 billion in cumulative value. This definition is deliberately narrow to avoid chilling routine foreign investment in the broader technology sector.

B. Open-Standards Interoperability — Near-Term (FY2027 NDAA)

Action: Amend the FY2027 Defense Authorization Act to require that any satellite constellation exceeding 200 nodes utilized for military communications achieve open-standard interoperability certification within 36 months of enactment. The certification should require that the constellation’s ground terminals, inter-satellite link protocols, and ground-station architecture support at least one alternative provider’s hardware and software interfaces.

Implementation specifics: The Space Development Agency’s earlier Proliferated Warfighter Space Architecture (PWSA) Transport Layer, which was competitively awarded before being supplanted by sole-sourced MILNET, provides the technical baseline and institutional memory for interoperability requirements. Certification should be administered by the DoD Chief Information Officer in coordination with the Space Force and the Defense Information Systems Agency (DISA). An 18-month interim milestone (interface specification publication) and a 36-month final milestone (demonstrated interoperability with at least one alternative terminal) would provide a phased compliance path.

Waiver mechanism: The Secretary of Defense may waive the interoperability requirement for periods not exceeding 12 months upon certification to the Armed Services committees that compliance would create an unacceptable operational risk. The waiver must be renewed annually and accompanied by a classified migration plan.

C. Defense-Critical IPO Beneficial-Ownership Transparency — Near-Term (FY2027 NDAA or Securities Legislation)

Action: Require that any entity meeting the Tier-1 National Security Provider definition and seeking a public offering at a valuation exceeding $500 billion must disclose the full chain of beneficial ownership for all investors holding equity acquired through pre-IPO private funding rounds, including sovereign wealth funds, special-purpose vehicles, and offshore intermediaries. Disclosure must be co-certified by the SEC and the Under Secretary of Defense for Intelligence and Security.

Legislative vehicle: Attach as an amendment to the FY2027 NDAA (Armed Services jurisdiction) or as a standalone provision in securities legislation (Financial Services jurisdiction). The $500 billion threshold and Tier-1 definition ensure narrow applicability — currently, only one entity would meet both criteria — while establishing the principle for future defense-critical IPOs.

Penalty for material nondisclosure: Automatic suspension of the public offering until disclosure is completed, plus referral to CFIUS for mandatory review of any undisclosed foreign sovereign or adversary-linked investment identified post-IPO.

D. Orbital Data Governance Framework — Medium-Term (FY2027 NDAA or Standalone Legislation)

Action: Direct the Department of Commerce (via NOAA’s Office of Space Commerce) and the Department of Defense to jointly develop a regulatory framework for data governance, law-enforcement access, and national-security oversight of compute operations conducted on orbital infrastructure operated by U.S.-licensed entities. The framework should address: jurisdiction over data processed in orbit by entities holding U.S. government contracts; applicability of search-and-seizure authorities to orbital compute serving defense or intelligence functions; and disclosure requirements for AI models trained or deployed on orbital infrastructure that also serve classified government clients.

Legislative vehicle: Attach as a reporting requirement to the FY2027 NDAA, directing a joint Commerce-Defense report to Congress within 180 days of enactment. This does not require resolving the full jurisdictional question immediately — it requires establishing the institutional mandate to address it before the operational capability is deployed.

Rationale: The SpaceX FCC filing (Jan. 30, 2026) for one million orbital data center satellites, and the stated corporate reorganization around the “Sentient Sun” strategy (SatNews, Feb. 16, 2026), signal a near-term intent to relocate AI compute beyond terrestrial regulatory reach. The Outer Space Treaty (1967) assigns state responsibility for national space objects but does not address data sovereignty, law-enforcement access, or regulatory jurisdiction over private-sector compute operations in orbit. If the framework is not established before operational deployment begins, the jurisdictional gap will become a structural feature rather than a transitional problem.

IV. STAKEHOLDER ANALYSIS

Likely supporters: Senate Armed Services Committee (bipartisan concern over sole-source dependency; Coons on record); the Ossoff-Van Hollen coalition (Ossoff, Van Hollen, Schiff, Durbin, Hickenlooper, Warnock — already on record with a March 2 deadline for Hegseth on Grok integration); Senate Appropriations defense subcommittee (controls MILNET funding); House Financial Services Committee (jurisdiction over SEC and CFIUS-adjacent legislation); the Warren-Kim axis (already on record regarding foreign ownership opacity); national security–focused members of both parties who have expressed concern over Epstein-era accountability gaps; former DoD acquisition officials who have publicly questioned sole-source procurement patterns.

Likely opponents: Industry groups representing defense contractors and space-launch providers (concern about precedent-setting regulation of private-sector cap tables); index fund managers and institutional investors anticipating SpaceX IPO allocation (concern about disclosure requirements chilling IPO participation); some members of the executive branch who may view the interventions as interference with an IPO that serves broader capital-markets objectives.

Mitigation strategies: Frame the interventions as protecting — not obstructing — the IPO by ensuring that the entity’s public-market debut occurs on a foundation of verified transparency. Emphasize that the interoperability requirement strengthens rather than weakens the military’s resilience posture. Use classified briefings to build bipartisan urgency around the CFIUS gap without requiring public disclosure of sensitive details. Engage former NRO and Space Force acquisition officials as expert validators for the open-mesh requirement’s technical feasibility.

V. RISKS, TRADE-OFFS, AND MITIGATION

Risk: Operational disruption. Overly aggressive interoperability mandates or procurement conditions could slow MILNET deployment or create integration vulnerabilities during the transition period. Mitigation: Phase compliance over 36 months with an 18-month interim milestone. Include a waiver mechanism for urgent operational needs. Fund transition support for alternative providers through a dedicated line item in the Space Force’s RDT&E budget.

Risk: Industry litigation. SpaceX or its investors may challenge disclosure requirements as an unconstitutional taking or an undue burden on securities registration. Mitigation: Ground the disclosure requirement in the national security nexus established by FIRRMA and existing ITAR/EAR export-control frameworks. The narrow definition of Tier-1 National Security Provider limits the precedential reach and reduces overbreadth arguments.

Risk: Chilling foreign investment. Expanding CFIUS triggers for sovereign investment in defense-critical operators could discourage beneficial foreign capital in the broader U.S. technology sector. Mitigation: The Tier-1 definition is deliberately narrow — it captures operators of military constellations and classified AI platforms, not technology companies generally. Routine sovereign-wealth investment in non-defense-critical AI, space, or technology firms would be unaffected.

Risk: Classification barriers. If CFIUS review did occur and is classified, demanding public transparency may conflict with intelligence-community equities. Mitigation: The request is for classified congressional briefing, not public disclosure. Armed Services and Appropriations committees already hold appropriate clearances for oversight of MILNET-related matters. The recommendation is for committee visibility, not public release.

  1. Coordinate with the Ossoff-Van Hollen inquiry before March 2 (this week). The Ossoff-Van Hollen letter has set a March 2 deadline for Hegseth to respond on Grok’s Pentagon integration. Armed Services and Appropriations staff should ensure that the questions posed in that letter are coordinated with a parallel CFIUS inquiry — so that the response (or non-response) on March 2 addresses not only the cognitive layer (what Grok can access inside DoD networks) but also the capital layer (who owns the entity whose AI is processing that data). Simultaneously, request the MILNET contract summary (or a classified briefing on its governance, termination, and interoperability clauses) from the NRO and Space Force.

  2. Identify NDAA amendment sponsors (within 14 days). Approach members of both parties on the Armed Services Committee who have expressed concern about sole-source space procurement (Coons on record; bipartisan interest likely given Epstein-file scrutiny). Draft amendment language for Interventions A and B above; circulate for preliminary feedback.

  3. Engage expert validators (within 21 days). Brief former NRO and Space Force acquisition officials, CFIUS/FIRRMA practitioners, and satellite-systems engineers on the proposed interventions. Obtain technical and legal feasibility assessments to support committee testimony.

  4. Coordinate with Securities and Financial Services staff (within 30 days). Socialize the IPO beneficial-ownership transparency provision (Intervention C) with House Financial Services and Senate Banking staff. Identify whether NDAA attachment or standalone securities legislation is the more feasible vehicle.

  5. Publication timing. Coordinate the public release of the analytical trilogy with the filing of the first oversight request, ensuring that the policy recommendations have an institutional audience before they reach a public one.

VII. CONCLUSION

The events of February 2026 have demonstrated that democratic institutions retain the capacity to hold non-essential elites accountable. The arrest of Andrew Mountbatten-Windsor is proof that the law can still reach individuals whose institutional shielding has eroded. What has not been demonstrated is whether the same institutions can exercise comparable oversight over entities whose operations have become indistinguishable from the state’s own infrastructure.

The four interventions proposed here do not require extraordinary authority. They require the recognition that the frameworks designed for a world of discrete companies, terrestrial assets, and bilateral treaties must be updated for a world in which a single private entity operates the military’s communications, processes the military’s intelligence, launches the military’s satellites, and is preparing to distribute its ownership to millions of citizens — all before the existing oversight mechanisms have determined who else already owns it, and before a stated corporate strategy to relocate compute beyond terrestrial jurisdiction moves from aspiration to deployment.

The first deadline is March 2. The final deadline is the IPO. The tools exist. The question is whether the political will to use them can be assembled before the architecture moves beyond their reach.

End of Memo