Domain 10 of 18

Portable sovereignty stack (personal and community digital autonomy: local AI, E2EE comms, personal data stores, co-op governance tooling, community economy, private collaboration)

Britain invented the messaging protocol France and Germany use for their sovereign government communications, then bought none of it. The pieces of digital self-reliance already exist here: encrypted messaging, personal data stores, co-op software, community hosting. Nobody has assembled them, and the law keeps tripping the people who try. Around 300 volunteer-run forums went offline when Online Safety Act duties arrived.

The gaps below are mostly small and specific: a maintenance fund here, a registration reform there, a pilot someone could run next year. Some need a minister's signature. Others need a few million pounds and a willing co-op. All of them move power (over messages, money, records and identity) back towards the people they belong to.

Full landscape notes (July 2026)

The UK has strong ingredients but no assembled stack. Intelligence: open-weight models (Llama, Mistral, Qwen families) run adequately on consumer hardware, and public compute has grown (Isambard-AI, the AI Research Resource, a £500m Sovereign AI Unit opened April 2026), but access routes exclude community groups and no UK open-weight model yet exists. Communications: Signal/WhatsApp dominate; Matrix (a UK-originated protocol powering France's and Germany's sovereign messengers) is production-grade but has negligible UK public-sector uptake and a chronically underfunded foundation; Waku is honest-to-goodness pre-production (public testnet targeted 2026, mainnet 2027). Storage: Mydex personal data stores work at pilot scale in Scotland; Solid has stalled; DUAA 2025 smart-data powers (in force August 2025) remain unused beyond open banking. Governance: Loomio/Decidim are usable today, but co-op registration is paper-era; the Law Commission's co-op law report lands 2026, and its 2024 DAO scoping paper's recommendations sit unactioned. Economy: self-custody wallets are lawful and usable; the FCA cryptoasset regime (regulations made February 2026, live October 2027, stablecoin gateway September 2026) is built for capitalised issuers; paper town pounds are dead (Lewes Pound last used 2025) and mutual credit sits in a regulatory grey zone. Coordination: CryptPad/Nextcloud work now, but UK ethical hosting (Webarchitects, Autonomic) is micro-scale. Overarching constraints: OSA duties drove ~300 small forums offline in March 2025, Ofcom's May 2026 technology-notice guidance keeps E2EE-scanning powers live, and secret IPA notices already stripped UK users of Apple's Advanced Data Protection.

The gaps (11)

108urgency 3institutionalShort (0–2y)Build now

No compliance mutual for small community-run online services under the Online Safety Act

Online safety rules drove 300 volunteer forums offline. Each admin still stands alone.

109urgency 3policyShort (0–2y)Build now

No statutory protection or transparency mechanism for end-to-end encryption

The power to break encrypted messaging sits on the statute book, held back by a promise.

110urgency 2coordinationMid (2–7y)Build together

No UK public-sector or civic deployment of sovereign messaging (a UK 'Tchap')

France runs its government on a British protocol. Whitehall runs on WhatsApp.

111urgency 0policyMid (2–7y)State-led

Smart-data powers with no scheme: personal data stores stuck at pilot scale

New data powers became law in 2025. Beyond banking, nobody has switched them on.

112urgency 1fundingMid (2–7y)Build together

No community access tier for public compute and open-weight AI

Public AI compute flows to labs and startups. Charities are left renting Silicon Valley.

115urgency 2institutionalShort (0–2y)Build now

No UK public-interest hosting backbone (Framasoft equivalent)

British charities run on discounted Google. The co-ops that could host them stay tiny.

116urgency 1coordinationMid (2–7y)Build together

Community mesh communications absent from UK civil resilience doctrine

When the phone network dies, hobbyists have a backup. Emergency planners don't.

117urgency 4toolingMid (2–7y)Build now

No open, privacy-preserving attribute-verification infrastructure independent of the state digital ID

Proving you're over 18 shouldn't mean handing over your passport.

118urgency 2knowledgeShort (0–2y)Build now

No independent field evaluation of the decentralised stack for real UK communities

Nearly every claim about community tech comes from the people selling it.

217urgency 2knowledgeShort (0–2y)Build now

Nobody measures exit friction: no audit of UK lock-ins

Leaving a bank, a pension or a platform keeps getting harder. Nobody is measuring it.

223urgency 2institutionalShort (0–2y)Build now

No jurisdictional resilience provision for UK infrastructure operators

Whoever runs the servers carries the legal risk. In Britain, they carry it alone.

Also surfaced by this domain’s research (3)

Who is already here: key actors (15)
  • Element (company): UK-founded Matrix vendor supplying sovereign messengers to 30+ governments (France, Germany, Belgium), yet with almost no UK public-sector deployment.
  • Matrix.org Foundation (nonprofit / open protocol steward): UK-originated steward of the Matrix E2EE protocol; chronically underfunded relative to the governments that depend on it (DINUM became first government member, Oct 2025).
  • Open Rights Group (charity): Leading UK digital-rights campaigner on the Online Safety Act, Investigatory Powers Act and digital ID; convenes the small-services OSA response.
  • Privacy International (charity): Litigating the secrecy of IPA technical capability notices before the Investigatory Powers Tribunal (heard 2026, alongside the Apple/ADP saga).
  • Mydex CIC (community interest company): Edinburgh-based personal data store operator; longest-running UK PDS with Scottish Government contracts, proof the storage layer works at pilot scale.
  • Open Data Institute (nonprofit): Research and stewardship on data institutions/data trusts; natural convener for smart-data and PDS interoperability standards.
  • Webarchitects Co-operative (co-operative): Sheffield multi-stakeholder co-op providing ethical, green, open-source hosting (Nextcloud etc.), one of very few UK public-interest hosts.
  • Autonomic Co-operative (co-operative): Worker co-op that founded Co-op Cloud, a deployment platform enabling small hosts to offer federated community services.
  • CoTech (Cooperative Technologists) (network): Network of ~40 UK tech co-ops; has discussed shared digital infrastructure but lacks the funding to build it.
  • Co-operatives UK (federation / trade body): Represents the UK co-op sector; driving the Law Commission review of co-operative and community benefit society law (report due 2026).
  • Mutual Credit Services (company): Stroud-based developer of mutual-credit 'trade clubs' and local clearing systems, the main serious UK attempt at the community-economy layer post-town-pounds.
  • Timebanking UK (charity): National support body for timebanks; the surviving mass-participation form of UK community exchange.
  • OpenUK (nonprofit / advocacy): Open-source industry advocacy; documented chronic OSS underfunding as a sovereignty risk and pushes for a UK Sovereign Tech Fund.
  • DSIT Sovereign AI Unit / AI Research Resource (government body / programme): £500m sovereign AI investment unit (opened April 2026) plus national compute (Isambard-AI, AIRR), allocated to research, startups and public sector, not communities.
  • Institute of Free Technology (Waku, Codex, Nomos) (project): Building Waku messaging, Codex storage and Nomos chain, explicitly civil-society-framed but pre-production: public testnet targeted 2026, mainnet 2027.
Funders active or plausible here (14)
  • DSIT (Sovereign AI Unit, AI Research Resource, smart data implementation)
  • UKRI / Innovate UK (natural administrator for a Sovereign Tech Fund)
  • Joseph Rowntree Charitable Trust (Power and Accountability programme; funds digital rights orgs)
  • Joseph Rowntree Reform Trust (democratic and civil liberties grants)
  • Luminate (funds UK digital rights and public-interest news/tech)
  • Open Society Foundations (digital rights litigation and advocacy)
  • Nesta (innovation methods; charity AI adoption)
  • National Lottery Community Fund (community infrastructure and resilience)
  • Power to Change (community business, community ownership)
  • Friends Provident Foundation (fair economy; plausible funder for mutual credit)
  • Omidyar Network (responsible tech)
  • NLnet / EU NGI programmes (have funded UK-linked open-source privacy projects; post-Brexit access partial)
  • Institute of Free Technology / Ethereum Foundation grants (decentralised stack R&D)
  • Ofcom/DSIT contestable funds and regulatory sandboxes (in-kind)
Policy notes

Three regimes dominate. The OSA applies full illegal-content and child-safety duties to volunteer-run services with no community-scale exemption; Ofcom finalised Technology Notices guidance (May 2026) preserving the power to mandate 'accredited technology' against E2EE once 'technically feasible', and the categorisation register lands July 2026. The IPA (amended 2024) enables secret technical capability notices: Apple withdrew ADP for UK users, the IPT dismissed its appeal after the order was narrowed, and Privacy International's secrecy challenge was heard in 2026; no transparency reporting exists. The FCA cryptoasset regime (regulations made February 2026; live October 2027; stablecoin gateway September 2026, £350k capital floor) has no proportionate route for community or mutual systems. DUAA 2025 smart-data powers sit unused. Digital ID consultation closed June 2026: voluntary for citizens, digital right-to-work checks planned from 2029. No policy anywhere funds or protects the open-source substrate all of this depends on.