Cognitive Sovereignty: When Brain Data Becomes Strategic Infrastructure
Cognitive Sovereignty: When Brain Data Becomes Strategic Infrastructure
In March 2026, Eon Systems demonstrated a working whole-brain emulation of a fruit fly. Within weeks, the Observer Research Foundation in India published a policy essay naming the security implications directly: if neural systems can be digitally reconstructed, then any sufficiently detailed recording of brain activity becomes an attack surface. Three months earlier, Hailee Carter at Georgetown’s Walsh School of Foreign Service had submitted a more formal version of the same argument to arXiv, using Singapore as the stress test case.
Both papers reach the same diagnosis. The human nervous system is transitioning from a private biological fact into what Carter calls a “networked and contestable substrate.” The governance apparatus protecting it, built from cybersecurity law, biomedical ethics, and data protection regulation, was assembled before this transition began. None of those frameworks classify the mind as infrastructure. That classification gap is where the problem lives.
The Core Shift
Carter’s paper, arXiv:2601.06040, introduces a specific concept: cognitive sovereignty, defined as “the strategic capacity to protect neural processes from external modulation.” The framing is deliberately infrastructural rather than personal. This is not primarily a privacy argument about individual rights, though it includes that. It is an argument that cognition has become strategic, in the same sense that electrical grids and financial systems are strategic, and that states which fail to treat it that way expose themselves to a new category of vulnerability.
The governance gap Carter identifies is structural. Singapore operates high-capacity regulation in both the cyber domain (through the Cybersecurity Act and CIRT-SG) and the biomedical domain (through the Health Sciences Authority). Each system is internally coherent. But at their intersection, where a brain-computer interface records neural signals that can be transmitted, stored, processed, and potentially reconstructed, neither system has jurisdiction. The mind falls between the two regulatory mandates because it has never been formally classified as either a medical device input or a cyber asset.
Shravishtha Ajaykumar’s ORF essay, published April 21, 2026, makes the same point from India’s perspective and maps it against the Eon Systems milestone. The question she asks is not whether full whole-brain emulation of a human is currently achievable. It is whether preparatory governance work is being done proportionate to the trajectory. Her answer is no.
The Ienca and Andorno neurorights framework, cited by both authors, identifies four rights that do not yet exist in statutory law in most jurisdictions: the right to cognitive liberty, the right to mental privacy, the right to mental integrity, and the right to psychological continuity. Each of these becomes materially relevant as BCI devices move from experimental medical contexts into consumer and military-adjacent applications.
The “Harvest Now, Decode Later” Threat Model
The most operationally concrete concern in Carter’s paper is not current capability. It is the trajectory of neural decoding research combined with the indefinite storage of neural signal data.
Current BCI devices, including the 1,024-electrode arrays approved for human trials by 2026, record local field potentials and action potential timing from cortical and subcortical regions. The raw signals encode intention, emotional state, and in some experimental paradigms, semantic content. The decoding algorithms required to extract high-fidelity cognitive information from those signals do not yet exist at scale. But the signals themselves are being archived.
Carter draws a structural parallel to quantum cryptography’s “harvest now, decrypt later” threat model: adversaries record encrypted data today, store it, and decrypt it once quantum computing makes current encryption vulnerable. The analogous neural threat is: record neural signal data today at the point of BCI transmission or cloud synchronization, store it, and run reconstruction algorithms against it once neural decoding models become sufficiently powerful.
This threat is not speculative in the same way full whole-brain emulation remains speculative. It requires no advancement in scanning resolution or brain preservation. It requires only that neural signal data from existing consumer BCI devices accumulates, that it is transmitted without end-to-end encryption, and that neural decoding research continues on its current trajectory.
The connection to whole-brain emulation research is asymmetric. A high-fidelity reconstruction of cognitive function from accumulated BCI signal data would not produce a structural connectome in the sense required for genuine whole-brain emulation. But it could produce a behavioral model, a predictive map of cognitive responses, reaction patterns, and decision-making tendencies precise enough to constitute a functional profile of an individual mind. That profile would be actionable for impersonation, manipulation, or coercive leverage in ways that traditional biometric data is not.
Comparative Regulatory Mapping
Both authors survey the existing legal landscape. The gaps are consistent across jurisdictions.
| Jurisdiction | Cyber Protection | Biomedical Protection | Neural Data Specific | Cognitive Rights Statutory |
|---|---|---|---|---|
| United States | CISA, CFAA | FDA BCI device regulation, HIPAA (clinical) | Colorado SB 24-169, Montana SB 163 (partial) | None |
| European Union | NIS2 Directive, GDPR | MDR, CE marking for BCIs | Pending AI Act provisions (incomplete) | None |
| Singapore | Cybersecurity Act, CIRT-SG | HSA medical device framework | None | None |
| India | IT Act, CERT-In | CDSCO medical device rules | None | None |
| Chile | General Data Protection Law | Pending | Constitutional amendment (neurodata, 2021) | Partial |
Chile’s 2021 constitutional amendment protecting neurodata is the most advanced legislative instrument in existence. It extends data protection law explicitly to data generated by the brain and nervous system. But it predates the current generation of high-density consumer BCIs and does not address the harvest-now-decode-later threat model or the governance of digital reconstructions derived from neural data.
The US state laws Carter highlights (Colorado SB 24-169, Montana SB 163) classify neural data as sensitive personal information under consumer privacy frameworks. These laws prohibit selling neural data and require consent for its collection. They do not address military or national security applications, they do not classify neural infrastructure as critical infrastructure, and they contain no provisions for data generated by devices that are not commercially classified as medical.
The Cognitive OT Framework
Carter’s proposed solution is to treat cognition as a category of operational technology. OT security, developed for industrial control systems and critical infrastructure, addresses threats to physical processes controlled by networked systems. A power grid, a water treatment plant, a railway switching system: each can be attacked through its digital control layer in ways that produce physical consequences. The OT security paradigm addresses the interface between digital signals and physical outcomes.
The parallel to neural interfaces is direct. BCIs are systems in which digital signals modulate physical neural processes, and in which neural processes generate digital signals. An adversary who can inject false signals into a BCI, as demonstrated in experimental settings where RF-injected signals have produced involuntary motor outputs in animal models, is not attacking a computer system. The attack surface is the nervous system itself.
Carter proposes a cognitive OT classification framework with three components. The first is classifying neural signal integrity as a critical infrastructure protection category alongside electrical, financial, and transportation systems. The second is establishing minimum security standards for BCI manufacturers analogous to ICS security standards for industrial control equipment: encryption requirements, adversarial signal detection, and audit logging. The third is creating a regulatory mandate that sits at the intersection of existing cyber and biomedical frameworks rather than inside either one.
Ajaykumar’s ORF essay translates this into four operational recommendations for India’s Department of Biotechnology: cognitive privacy standards embedded in existing privacy law that classify neural data as special-category data; neural data security protocols with encryption standards for signal traffic; algorithm transparency requirements for AI systems that interface with neural inputs; and regulatory sandboxes for controlled BCI experimentation within defined ethical boundaries.
Practical Impact for Whole Brain Emulation Research
The governance discussion is not separate from WBE research. It is a direct consequence of its progress.
The Eon Systems fruit fly emulation demonstrated that a biological neural connectome can be reconstructed in sufficient detail to replicate behavior in a virtual body. That reconstruction required destructive scanning, electron microscopy, and months of computational reconstruction. It produced a static connectome, not a live neural recording. But it established proof of concept for the general principle that enough neural data, combined with sufficient computational reconstruction, can produce a functional cognitive model.
As BCI devices record increasingly rich neural signal data from living human subjects, and as neural decoding algorithms improve, the gap between “sufficient data to reconstruct behavior” and “sufficient data to replicate cognition” narrows. The bandwidth limitations of current BCIs remain a genuine constraint. But the trajectory points in one direction: each generation of device records more, with higher spatial resolution and longer continuous recording windows.
The Paradromics Connexus approval for speech restoration BCIs illustrates how rapidly high-density neural recording is moving into clinical use. The Connexus system records from 1,600+ cortical electrodes simultaneously. Speech restoration requires decoding from motor cortex and premotor cortex. The same electrode array positioned slightly differently, or with software that processes a broader range of cortical signals, would record from regions associated with memory encoding, emotional processing, and cognitive deliberation. The device boundary and the intent boundary are not the same.
Neuralink’s 2026 human trial results demonstrated consistent decoding of motor intention across 21 participants. The published analyses focused on motor outputs. The raw neural signal data archived during these trials encodes far more than motor intention. Whether that data is protected under existing medical privacy frameworks, whether it can be used for research purposes beyond the clinical indication, and whether it could be accessed by third parties are questions that existing law does not answer clearly.
Limitations and Open Questions
The cognitive OT framework has a significant definitional challenge. Operational technology security works because the physical systems it protects, power grids, water systems, railways, are discrete, mappable, and bounded. The human nervous system is none of these things. Its boundaries change dynamically, its “normal operating parameters” vary between individuals and over time within the same individual, and “adversarial signal injection” into the nervous system is difficult to distinguish from ordinary sensory experience. A BCI that provides cochlear implant-style audio input is injecting signals into the auditory cortex. A therapeutic deep brain stimulation device is injecting electrical signals into the basal ganglia. The security framework would need to distinguish these from hostile injection without a clear physical boundary.
Carter’s Singapore case study is specifically selected for its high regulatory capacity. The argument that Singapore fails at the intersection of cyber and biomedical law because of a classification gap is more compelling in Singapore than it would be in jurisdictions with weaker baseline regulation. The governance gap Ajaykumar identifies in India has additional dimensions: domestic BCI deployment remains limited, so the immediate risk is from data flows to foreign AI reconstruction systems rather than from domestic device compromise.
The neurorights framework proposed by Ienca and Andorno is influential in academic and policy circles but has not been operationalized into enforceable standards. “Psychological continuity” as a legally protected right requires defining what continuity means across time, which runs directly into the same identity debates that whole-brain emulation research surfaces. A person whose neural data is harvested, reconstructed, and used to build a behavioral model has suffered what kind of harm, exactly? That question is currently unanswerable within existing legal frameworks. It is a gap that whole-brain emulation research will force into sharper focus as the decade progresses.
Both papers note the dual-use dimensions of WBE-adjacent research. The same advances in neural decoding that enable speech restoration for locked-in patients enable fine-grained cognitive profiling. The same connectome reconstruction methods that advance neuroscience research enable, in principle, unauthorized cognitive replication. The International AI Safety Report 2026 framework addresses dual-use AI capabilities but does not yet incorporate neural-data-specific risks as a distinct category.
Path Forward
The governance gap both Carter and Ajaykumar identify is structural, not accidental. Cybersecurity law was built to protect computational systems. Biomedical law was built to protect patients from device risks. Neither framework was built to protect the cognitive content that passes through devices that sit at the intersection of both categories.
The cognitive sovereignty framing reframes this from a privacy problem into an infrastructure problem. That reframing matters for regulatory priority. Privacy protections are often traded against convenience, commercial interest, and speed-to-market. Infrastructure protections, once established, are harder to waive. If neural signal integrity is classified alongside electrical grid integrity as a matter of national security, the regulatory calculus changes.
The flexible brain implant research advancing biocompatibility and long-term stable recording will produce devices capable of continuous, high-resolution neural monitoring across years, not weeks. By the time those devices reach consumer markets, the governance architecture governing what can be done with the data they produce should already exist. Both papers make the same point: preparatory governance work takes longer than preparatory technical work. The technical roadmap is advancing faster.
Official Sources
- Hailee Carter. “Cognitive Sovereignty and the Neurosecurity Governance Gap: Evidence from Singapore.” arXiv:2601.06040 [cs.CY], submitted December 15, 2025. DOI: 10.48550/arXiv.2601.06040. URL: https://arxiv.org/abs/2601.06040
- Shravishtha Ajaykumar. “Digitising Consciousness and Cognitive Sovereignty.” Observer Research Foundation Expert Speak, April 21, 2026. URL: https://www.orfonline.org/expert-speak/digitising-consciousness-and-cognitive-sovereignty
- Marcello Ienca and Roberto Andorno. “Towards New Human Rights in the Neurotechnology Era.” Life Sciences, Society and Policy, 13(5), 2017. DOI: 10.1186/s40504-017-0050-1. PubMed PMID: 28444626
- Eon Systems PBC. “We’ve Uploaded a Fruit Fly.” March 2026. URL: https://eon.systems/updates/weve-uploaded-a-fruit-fly
- Colorado Senate Bill 24-169 (Colorado Consumer Protections for Artificial Intelligence). Colorado General Assembly, 2024.
- Human Brain Project. The Virtual Brain platform. URL: https://www.thevirtualbrain.org