What question did this study set out to answer?

The study aims to establish a comprehensive framework for planetary protection focusing on system-level controls and contamination management.

May 28, 2026Open Access

PLANETARY PROTECTION AS SYSTEM ARCHITECTURE: Flows, Stocks, Zoning, and Governance for Multi-Actor Human and Industrial Operations on the Moon and Mars

Key Points

The study aims to establish a comprehensive framework for planetary protection focusing on system-level controls and contamination management.
Formalizes habitat primitives and defines compartmental bioburden dynamics.
Introduces a system contamination index and acceptable threshold related to operational intensity.
Analyzes compartmental scenarios across various operational regimes to evaluate contamination control effectiveness.
Per-mission sterilization maintains contamination levels (C_sys ≤ C_accept) only at low activity (≤1 mission per 90 days).
At medium activity, contamination levels exceed acceptable thresholds within 60–180 days without full architectural controls.
Layered zoning, continuous sensing, and shared governance keep contamination rates within acceptable limits in >95% of scenarios.

Abstract

Background Planetary protection policy relies on mission-level sterilisation, cleanroom procedures, and case-by-case keep-out zones calibrated for episodic missions with isolated contamination events. This framework is silent on the system-level controls required when continuous human presence, ISRU, and multiple commercial actors produce persistent contamination sources, dynamic flow networks, and cumulative bioburden stocks that procedural compliance per mission cannot reliably control. Gap No formal framework exists that treats planetary protection as a system architecture problem: there are no models specifying bioburden flow and stock dynamics, no standards for contamination sensing sensitivity or remediation capacity as functions of operational intensity, no formal zoning taxonomy, and no governance primitives for shared monitoring and enforcement across multiple actors. The Named Binary distinguishing Per-Mission Procedural Compliance (PMPC) from System Architecture Contamination Control (SACC) does not appear in the literature. Approach We formalise habitat primitives and compartmental bioburden dynamics, define a system contamination index Cₛys and acceptable threshold Cₐccept, and derive architectural requirements — sensing sensitivity Mₛense, remediation capacity Rcap, zoning taxonomy, transfer and quarantine pipeline specifications, and governance primitives — as functions of operational intensity. We present the Strongest Formulation in the four-part programme template, a pre-registerable Collapse Counter-Scenario (CCS), illustrative compartmental scenario results across three operational regimes, structural invariance confirmation across three independent engineering domains, and a Weil Protocol practitioner review pack. Results Compartmental scenario analysis shows that per-mission sterilisation alone keeps Cₛys ≤ Cₐccept only at low activity (≤1 mission per 90 days, limited ISRU). At medium activity (continuous crew, ISRU operations, 2–5 commercial actors), Cₛys crosses Cₐccept within 60–180 days under baseline controls. Full architecture controls (layered zoning, continuous sensing at Mₛense ≤ 10² CFU-equiv per sample, Rcap ≥ 3× expected inflow rate, engineered quarantine pipelines, shared governance) keep Cₛys ≤ Cₐccept in >95% of stochastic scenario runs across credible operational ensembles. Implications Agencies and commercial actors planning sustained lunar or Mars operations must treat contamination architecture as a design-time engineering requirement, not a compliance checklist. Sensing sensitivity, remediation throughput, zoning, and governance must be co-specified at mission design stage. Practitioner validation is required to finalise numeric thresholds; a Weil Protocol review pack is provided.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper