Federated Mission Networking (FMN) is the NATO framework that lets coalition partners join a shared mission network without each nation ceding control of its own infrastructure. Most vendor conversations about FMN today are anchored on Spiral 4 — the current target capability set — but the roadmap does not stop there. Spirals 5 and 6 are already on the drawing board inside the FMN Coordination Working Group, and the architecture decisions vendors make in 2026 will determine whether their products survive the 2027-2030 contracting cycle.
This article is forward-looking. Where Spiral 4 documentation is a stable target you can build against today, the Spiral 5 and 6 picture is composed of working-group drafts, NCIA technical interchange notes, and CWIX experiment outcomes. Treat the timelines as planning assumptions, not commitments.
What FMN Is (Briefly)
FMN is a federation of mission networks. Each contributing nation operates its own enclave — its own infrastructure, its own accreditation, its own classification handling — and connects to the federation through agreed standards: routing, addressing, identity, information exchange, voice, video, chat, and a long tail of operational services. The governance body is the NATO Federated Mission Networking program office, working through the FMN Coordination Working Group and supported by NCIA on the technical side.
Capability rollouts arrive as "spirals" — versioned bundles of standards, profiles, and instructions that define what a compliant participant must implement. Spiral 3 stabilized basic coalition services. Spiral 4 is the live target. Spirals 5 and 6 are the forward agenda. For a deeper primer on the framework, see our complete guide to NATO interoperability.
Spiral 4 — The Current Target
Spiral 4 is the bar every serious coalition-facing product must clear in 2026 and 2027. The capability set consolidates earlier spirals and pushes into stronger identity, harder cryptography, and more disciplined information exchange. The headline elements vendors must demonstrate include FMN-compliant identity federation through the NATO PKI hierarchy, MIP4 Information Exchange Specification for ground situational awareness, hardened transport with IPv6 dual-stack support, and accredited cross-domain handling for any service that crosses classification boundaries.
Accreditation gates are unforgiving. The Spiral 4 instructions enumerate Mandatory, Conditional, and Optional standards — and "Mandatory" really means mandatory. Missing a mandatory standard is not negotiable away; it blocks federation entry. The good news is that the standards list is published and the test events are scheduled: Coalition Warrior Interoperability eXercise (CWIX) is the annual integration venue where vendors prove their implementations against real coalition partners. For vendors approaching CWIX 2026 for the first time, our CWIX accreditation walkthrough covers the registration, sponsor, and test-track mechanics. Detailed Spiral 4 requirements are in our FMN Spiral 4 requirements reference.
Spiral 5 — On the Horizon
Spiral 5 is the planning target for 2027-2028. The shape of the bundle is still being negotiated, but four themes consistently surface in working-group discussions and NCIA interchanges.
Zero-trust integration. The Spiral 4 model still relies heavily on perimeter assumptions inside each national enclave. Spiral 5 begins to formalize zero-trust principles across the federation: continuous identity verification on every service call, policy decisions made at the resource rather than the boundary, and explicit attribute-based access control that survives federation hops. Vendors should expect Spiral 5 to require that any service exposing data to coalition partners can enforce attribute-based policy on each request — not just at session establishment.
Federated cyber threat intelligence. Spiral 4 treats CTI sharing as bilateral and out-of-band. Spiral 5 is expected to elevate STIX/TAXII-based CTI federation to a first-class FMN service, with shared release-authority labelling and partner-scoped distribution. The implication for product architecture is that any cybersecurity component you build today should treat STIX 2.1 as a native data shape, not an export format.
Automated cross-domain transfer. Today, cross-domain transfer is heavy: hardware diodes, manual review queues, accredited transfer guards with narrow content rules. Spiral 5 is pushing toward higher-throughput, policy-driven transfer that can move structured operational data across domains with reduced human review while preserving accreditation evidence. The standards bodies are watching MILS-based and microkernel-isolated approaches closely.
Service-mesh aware federation. Spiral 5 is the spiral where the architecture finally acknowledges that nations are deploying container platforms and service meshes inside their enclaves. Expected outputs include profile guidance for mTLS, SPIFFE-style workload identity, and Kubernetes-native deployment patterns that align with federation-wide PKI. This matters because the current Spiral 4 deployment patterns implicitly assume VM-based, statically-addressed services — an assumption that fits very few modern coalition stacks. Vendors who have already containerized their FMN-facing components will have a meaningful head start when Spiral 5 lands.
Observability and audit federation. A quieter but important Spiral 5 thread is the federation of telemetry and audit logs. Today, each nation operates its own audit pipeline and bilateral incident-response sharing is largely manual. Spiral 5 working drafts increasingly reference structured, signed audit event sharing across the federation — the prerequisite for any meaningful zero-trust posture. Expect OpenTelemetry-compatible schemas with FMN-specific extensions for classification and release authority.
Spiral 6 — Strategic Direction
Spiral 6 is the long-horizon planning bundle, with current working assumptions pointing to a 2029-2030 capability window. The themes are deliberately more strategic than tactical, because the standards underneath them are still maturing in the wider industry.
AI/ML-enabled coalition services. Spiral 6 is where AI-assisted decision support, federated learning across coalition partners, and AI-enriched intelligence products are expected to become accredited federation services rather than national-only capabilities. The hard part is not the algorithms — it is the governance: how do you sign and attribute a recommendation produced by a model that was trained on partner-contributed data?
Sovereign-AI federation. No nation will export a frontier model to another sovereign without controls. Spiral 6 is the spiral that will likely define how nations contribute model capabilities to the coalition without surrendering the model weights or training data. Expect inference-as-a-service patterns with strong audit and revocation.
Quantum-resistant cryptography migration. By the Spiral 6 window the NATO crypto guidance is expected to require post-quantum algorithms across federation transport and identity. The migration is technical and operational at the same time — every certificate authority, every signed configuration, every PKI-rooted policy has to be re-issued. Hybrid schemes (classical plus post-quantum in parallel) will almost certainly be the Spiral 5 stepping stone, with full post-quantum mandated at Spiral 6.
Autonomous and unmanned system integration. Spiral 6 is also the spiral where unmanned ground, air, and maritime systems are expected to move from national-only assets to federation-accredited contributors of sensor data and effects. The implications cut across every other Spiral 6 theme: identity (how do you issue and revoke credentials for a swarm?), CDS (how do you handle sensor feeds that cross domains automatically?), and AI governance (how do you attribute an autonomous action across coalition partners?).
Cross-Domain Solutions in the FMN Roadmap
Cross-domain solutions (CDS) evolve substantively across the three spirals. In Spiral 4, the assumption is hardware diodes and accredited transfer guards with conservative content filtering. Most vendors hand off CDS to specialized national products and integrate at the queue boundary.
Spiral 5 begins to permit software-defined transfer guards built on MILS-class separation kernels, with the accreditation evidence shifting from "this is a hardware appliance" to "this is a formally verified component running on an accredited isolation platform." This is a meaningful architectural shift for vendors: it opens the door to in-product cross-domain handling rather than hand-off to an external box, but only if you can stand behind the formal verification.
Spiral 6 extends this to policy-driven CDS where transfer decisions are taken by composable policy engines whose rules are themselves coalition-governed artefacts. The risk surface migrates from "did this box ever miss a malicious payload?" to "is the policy itself correct, and can we prove it?"
Identity Federation Across Coalitions
Identity is the spine of FMN, and the spiral progression is most visible here. Spiral 4 federates through the NATO PKI hierarchy with X.509 certificates as the canonical identity artefact, with SAML used for web-tier single sign-on between national identity providers. It works, but it is operationally heavy: certificate lifecycle management at federation scale is a permanent cost centre.
Spiral 5 is expected to formally introduce FIDO2/WebAuthn as a coalition-accredited second-factor option for human users, addressing the long-standing problem that smartcards do not travel well across coalition workstations. For machine-to-machine identity, SPIFFE-style workload identity is on the table as a complement (not a replacement) to PKI.
The SAML-replacement question — whether OpenID Connect ultimately supersedes SAML inside FMN — is genuinely open. National identity providers have years of SAML investment, and the working groups are reluctant to mandate a forklift. Expect Spiral 5 to keep SAML mandatory and OIDC optional, with the balance shifting in Spiral 6.
Vendor Implications
Two architectural decisions made in 2026 determine whether a product survives the spiral progression without rewrites.
Abstract identity at the service boundary. Do not bake X.509 parsing into business logic. Build an identity abstraction layer that accepts an authenticated principal (with attributes) from whatever the federation says is canonical — today PKI, tomorrow FIDO/WebAuthn or SPIFFE. The same applies to authorization: attribute-based policy enforced via an external decision point is the only model that survives Spiral 5 and 6.
Treat coalition data exchange as the primary shape. If your product can speak MIP4 IES and STIX 2.1 natively — not as adapters — Spiral 5 will be a configuration change rather than a port. If your product invented its own coalition exchange format and bolted on a converter, every spiral forces another rewrite.
The third decision is cultural: build the regression and conformance test suites for FMN standards from day one. Spiral changes do not arrive as a single big release; they arrive as a steady stream of profile updates, mandatory test additions, and CWIX experiment outcomes. The vendors that survive run conformance tests on every commit.
Engagement Channels
The FMN roadmap is not a closed document. Vendors who want influence — and early visibility — have four practical channels.
CWIX. The annual Coalition Warrior Interoperability eXercise hosted by JFC Brunssum is the largest hands-on integration event in NATO. Beyond the obvious value of testing your product against real coalition implementations, CWIX is where Spiral N+1 candidate standards are stressed before being mandated. Vendors who consistently field capable implementations earn working-group invitations.
FMN Coordination Working Group. The body that owns the spiral roadmap. Membership is national, but vendors with strong national sponsorship can attend through their national CIS authority and contribute technical input.
NCIA technical interchanges. The NATO Communications and Information Agency runs technical workshops on individual standards (identity, transport, CDS, AI). These are the venues where the technical shape of upcoming spirals is debated. Vendors with relevant implementations can be invited as subject-matter contributors.
National CIS authorities. Every contributing nation has a CIS authority that channels national input into the FMN process. The fastest way to surface vendor concerns or capability proposals is through that national channel, not directly to NATO.