Knogin
[Developers]

Community of Interest (COI) Domain

Three law enforcement agencies from different EU member states are jointly investigating a transnational organised crime network. Each agency holds pieces of the picture. They need to share entity data, but classificatio

Back to All Modules
Category: Api DomainsLast Updated: Feb 24, 2026
api-domainsreal-time

Overview#

Three law enforcement agencies from different EU member states are jointly investigating a transnational organised crime network. Each agency holds pieces of the picture. They need to share entity data, but classification rules prevent bulk data exchange, one agency's intelligence is rated NATO CONFIDENTIAL, another's is TLP:AMBER. A bilateral data transfer agreement would take months to negotiate.

The Community of Interest domain solves this. It creates a governed, classification-aware sharing channel where each agency shares specific entities under the rules that apply to their data. The German BKA shares what it can share at the classification level it authorises. Europol sees only what it is cleared for. The joint investigation moves forward without waiting for legal frameworks to catch up.

Key Features#

  • COI lifecycle management with five operational types (intelligence sharing, operational coordination, logistics, situational awareness, joint investigation).
  • Three membership policies: OPEN, APPROVAL_REQUIRED, INVITATION_ONLY.
  • Classification-aware data sharing with rank validation across EU, NATO, and TLP frameworks.
  • Three-tier access levels: READ_ONLY, READ_WRITE, ADMIN.
  • Entity sharing with optional TTL expiration and deduplication.
  • Full membership lifecycle with invite, request, approve, and revoke workflows.
  • Share lifecycle management with revocation and audit trail.
  • Data sovereignty enforcement through classification controls and organisational boundaries.

Use Cases#

Multi-national intelligence sharing: Partner nations share threat intelligence under enforced classification controls, with each organisation maintaining data sovereignty over what it contributes and at what classification level.

Joint law enforcement investigations: Police agencies across jurisdictions coordinate investigations by sharing specific entity data without opening full database access to partner agencies, a model used extensively in cross-border serious crime operations.

Operational coordination between defence partners: Military units conducting joint operations share situational awareness data through tiered access levels, with field units accessing operational data and strategic leadership receiving the fuller intelligence picture.

Federated situational awareness: Crisis management teams from multiple government departments share location and entity data during major incidents, with controlled dissemination ensuring that sensitive source information reaches only cleared recipients.

Integration#

Integrates with the classification framework for rank-based access validation and organisational management for tenant isolation. Supports federated multi-national architecture patterns.

Open Standards#

  • Traffic Light Protocol (TLP): Classification levels TLP:WHITE, TLP:GREEN, TLP:AMBER, and TLP:RED are natively mapped in the secrecy-level hierarchy and enforced as rank constraints on every entity share and COP update delivered through a COI.
  • EU Council Decision 2013/488/EU: The EU classified information hierarchy (EU RESTRICTED, EU CONFIDENTIAL, EU SECRET, EU TOP SECRET) is implemented as ordinal ranks used by the COI clearance-validation logic to permit or deny cross-organisational data flows.
  • NATO Security Policy C-M(2002)49: NATO classification levels (NATO RESTRICTED, COSMIC CONFIDENTIAL, COSMIC SECRET, COSMIC TOP SECRET) are included in the rank map, enabling cross-framework clearance comparisons between EU and NATO partner organisations within a single COI.
  • Multi-Level Security (MLS): The COI service explicitly implements MLS principles: shared entities may not exceed the COI's classification ceiling, read-only members cannot inject data, and classification-downgrade reviews enforce a four-eyes approval before reclassification is permitted.
  • ISO 19005-3 (PDF/A-3B): Signed sharing agreements are rendered as PDF/A-3B archival documents with embedded XMP metadata and SHA-256 integrity proofs, then pre-flight validated before being stored and delivered by email as legally admissible records.
  • GraphQL (June 2018 Specification): The full COI lifecycle, queries, mutations, and real-time Common Operational Picture subscriptions, is exposed via a GraphQL schema, with field-level authentication and tenant-scoped subscription guards.
  • RFC 4122 (UUID): All COI, membership, data-share, exercise, agreement, and classification-review records are identified by UUID version 4 random identifiers, ensuring globally unique references across federated multi-national deployments.

Last Reviewed: 2026-02-24 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.