Nexus Synergy Engagement Package — B04 · Dublin Port Company (DPC)

STATUS HONESTY. Nexus Synergy Ltd is pre-incorporation, pre-revenue, pre-pilot. Dublin Port Company is a TARGET, not a customer — there is no engagement, pilot, LOI, contract, or named contact in hand today, and the relationship is cold. The ~178-surface UI gallery is a gallery, not traction. ANTI-COOKIE-CUTTER. The §8 mockups are programmatically generated for this buyer's port picture (Alexandra Basin / North Wall Quay / Ro-Ro T1–T5 / fuel berth O7 / Tom Clarke Bridge, VTS bearings, T3-gate PLC alarm, CCTV-44, the Dublin–Holyhead cable run) — not a reused shell. PROBABILITIES. Every probability and factor score below is [PRIOR] — a subjective pre-pilot estimate for prioritisation, re-scored after each real conversation. Not a forecast.

---

§0 — Header + one-line thesis

Thesis. Give Dublin Port Company — a State-owned critical entity facing a dated 2026 legal mandate (CER designation by 17 July 2026) and a live subsea/shadow-fleet threat — the single thing its fragmented toolchain does not have: one sovereign, human-gated, fully-audited port-resilience & maritime-security common operating picture that fuses what DPC already owns (AIS/VTS, CCTV/access-control, OT/network telemetry, weather/tide) into a decision-grade picture, sitting above its existing VTS / port-community / physical-security systems rather than ripping any of them out — and turning the CER risk-assessment and NIS2 incident-reporting burden into an exportable by-product of the action loop.

This package extends source card 03-gtm/target-packages/dublin-port.md (last_updated 2026-06-04, raw weighted score 67, verdict NOW/NEXT) and reuses its web-verified facts; the two-stage formula below re-scores it down to 60.0 to reconcile with the board band, principally because the buyer is genuinely cold and the procurement route is full commercial-semi-state OJEU.

§1 — Entity snapshot (cited)

• Buyer of record: Dublin Port Company (DPC) — a commercial semi-state company (a "port company" under the Harbours Acts 1996–2015), wholly State-owned, self-funding and profit-making, reporting ultimately to the Minister for Transport. It is not a government department and is not dependent on annual exchequer votes. [verified — dublinport.ie/governance; Harbours Acts]
• Scale (FY2024): throughput 35.2 million tonnes (−1.2% YoY); imports 21.9m t, exports 13.3m t; revenue €106.26m (up 5% from €101.4m); pre-tax profit €35.9m (+2.6%); operating costs €67.5m (+7.6%); a €1.7m Dublin City Council vacant-site levy hit. [verified — RTÉ 2025-09-22; Irish Times 2025-09-22; travelextra.ie] A record monthly Lo-Lo container volume (>800,000 t in a single month) was set in May 2025. [verified — DPC throughput stats]
• Capital posture: €162.6m Capital Investment Programme for 2025, self-funded from operations and borrowing (incl. ~€50m Masterplan Phase 2, ~€32m Alexandra Basin Redevelopment, €15.6m Port Centre, €10.3m Terminal 4 North Ph2). [verified — DPC 2025 capital reporting] A pilot does not need a grant to exist — a genuine advantage over grant-dependent public bodies.
• Masterplan 2040: long-horizon plan to 77m gross tonnes annual capacity by 2040 via three Strategic Infrastructure Development projects — ABR (near complete), MP2 (under construction), and 3FM on the Poolbeg Peninsula (€1.1bn application lodged July 2024, construction targeted from 2026). [verified — dublinport.ie Masterplan 2040; RTÉ 2024-07-22]
• Why it matters to us: DPC is simultaneously (a) a maritime node — vessels, AIS, pilotage, towage, VTS, port-approach traffic — and (b) a fixed critical-infrastructure site — quays, Ro-Ro/Lo-Lo terminals, the Tom Clarke (East-Link) Bridge, energy/fuel berths, and ITS/CCTV/access-control networks. That dual maritime + critical-infra nature is exactly the bridge Nexus Synergy is built to span, and the clean critical-infra extension of the MAHI maritime beachhead (this volume's b01/b02/b03).

§2 — The pain (web-verified, dated, cited)

1. Critical-infrastructure resilience is now a legal duty, not an aspiration. Ireland transposed the CER Directive via SI 559/2024 — European Union (Resilience of Critical Entities) Regulations 2024 (in force 17 October 2024). Ireland's National Strategy on the Resilience of Critical Entities 2026–2029 was published 19 March 2026 (by the Department of Defence / Office of Emergency Planning), and Member States must formally identify and designate critical entities by 17 July 2026. Transport is one of eleven in-scope CER sectors; a major port is the archetypal designated critical entity. [verified — gov.ie Dept of Defence (National Strategy, 19 Mar 2026); critical-entities-resilience-directive.com/Ireland (SI 559/2024); ComReg About-CER; Bird & Bird 2024] (Honesty correction vs. source card: the National Strategy date is 19 Mar 2026, not "by 17 Jan 2026" or "12 Feb 2026"; the 17 July 2026 designation deadline is unchanged.)
2. NIS2 stacks cyber/operational-resilience duties on top. An entity identified as critical under CER is treated as an essential entity under NIS2, carrying enforceable risk-management, incident-reporting and resilience obligations. Under Ireland's NIS2 arrangements the NCSC is the lead National Competent Authority and the single point of contact (with ComReg and other bodies as sectoral NCAs); the Minister for Defence / Office of Emergency Planning is the competent authority and single point of contact for the separate CER Directive, not NIS2. [verified — ComReg NIS2/CER; NCSC NIS2 FAQ; DLA Piper 2025-07] (Honesty note: Ireland's NIS2 transposition Bill was still progressing through the Oireachtas as of mid-2026 — confirm the precise commencement date before relying on enforcement timing.) [likely — pre-legislative trajectory]
3. The threat environment is no longer theoretical. Through 2025–2026 Irish officials publicly escalated concern about Russian "shadow-fleet" and survey vessels (e.g. the Yantar) loitering near subsea cables and offshore infrastructure in and around Irish waters — ~75% of transatlantic cables pass near Ireland, a recognised choke point. A Government research programme (from early 2026) is mapping and risk-assessing subsea cables, offshore wind, pipelines and interconnectors against sabotage/espionage. [verified — Irish Times 2025-12-05 & 2026-04-04; CSIS Ireland subsea case study]
4. Ports themselves are named soft targets, and the gap is the picture, not the paperwork. Modern ports run on networked OT — VTS/navigation alerts, cargo/terminal-operating systems, CCTV, access control — each a potential intrusion point. ISPS already mandates Port Facility Security Assessments, a Port Facility Security Plan, a Port Facility Security Officer (PFSO), and the ability to step up posture across MARSEC levels 1–3. What is missing is a single, live, decision-grade operating picture that fuses physical, maritime and cyber/OT signals so the PFSO can actually act and prove the posture step. [verified — ISPS/MARSEC guides; TXOne maritime port cyber brief]

Net pain: DPC is pushed by law (CER designation in 2026), by a regulator (NIS2 via the NCSC as lead NCA/SPOC, plus the transport-sector authorities), and by a live geopolitical threat (subsea + shadow-fleet activity) to demonstrate resilience and a common operating picture — yet the typical port toolchain is fragmented (separate VTS, CCTV, access control, spreadsheet incident logs) with no fused, auditable, action-loop picture and no exportable CER/NIS2 evidence trail.

§3 — Use-case & value (DECLINE-SAFE framing)

In scope (resilience / safety / coordination only): a sovereign Port-Resilience & Maritime-Security COP + closed, human-gated action loop. Ingest feeds DPC already owns — AIS / vessel approaches, VTS, weather/tide (Met Éireann), CCTV/access-control events, OT/network alerts, port-community-system events — onto one customer-editable ontology (berth, vessel, asset, sensor, incident, contractor-role) and a triple-renderer map (2D / 3D / globe). The loop: detect (anomalous dark approach / loitering survey vessel near a fuel berth or cable run / OT alarm) → enrich (vessel history, flag, prior port calls, pilot-booking status) → triage → human sign-off (PFSO dual-control gate) → task (raise MARSEC posture, issue a VHF query, notify An Garda Síochána / Defence Forces / Naval Service / IRCG / NCSC) → execute / assess → close. Every step writes to a provenance ledger — directly useful as CER resilience evidence and NIS2 significant-incident reporting. Conformity-by-construction: FRIA + provenance ledger + transparency export map cleanly onto the CER risk-assessment and NIS2 Art-23 reporting duties — a compliance burden becomes an auditable, exportable record. Sovereignty as the differentiator: an Irish-built, EU-data-resident, classification-aware AI Provider Router that refuses out-of-jurisdiction model calls — for a State-owned critical entity threatened by a hostile foreign state, "your security picture never leaves EU jurisdiction" is a procurement-grade argument.

Explicitly NOT (Declined-List, refused on the record): no facial recognition or biometric identification of any individual (port worker, crew, contractor, passenger or bystander); no emotion recognition; no social scoring; no predictive policing; no untargeted scraping; no psychometric profiling. People appear in this system only as access-controlled roles/credentials (a contractor badge, a duty officer, a pilot booking) — never as a biometric or behavioural profile. The decision-support layer reasons over vessels, berths, assets, sensors and incidents, not over individuals' identities. If any sub-requirement drifts toward the Declined List, we decline that scope and say so — and the gallery's published Declined List proves that restraint is structural, not marketing.

Value to DPC: one auditable operating picture for the PFSO and duty officers; faster, evidenced incident response; CER/NIS2 evidence generated as a by-product; and a credible, defensible "we can raise and prove our MARSEC posture" story for the regulator and for State stakeholders ahead of the July 2026 designation.

§4 — Ontology (this buyer's domain entities + relationships)

PortFacility {Dublin Port — ISPS facility}
   ├──hasBerth──────> Berth {ABR | NorthWallQuay | RoRo-T1..T5 | LoLo-yard | FuelBerth-O7}
   ├──hasFixedAsset─> Asset {TomClarkeBridge | T3-Gate-PLC | CCTV-44 | AccessReader | CableLanding}
   ├──hasSensor─────> Sensor {AIS-rx | VTS-radar | CCTV | AccessControl | OT-network-tap | tide-gauge}
   └──atMARSEC──────> MarsecPosture {level 1 | level 2 | level 3}        (one current, audited transitions)

Vessel {MMSI, flag, type} ──approaches──> PortFacility
   ├──hasBooking?──> PilotBooking | AgentDeclaration        (absence is a signal, not a person)
   ├──emits────────> AisTrack ──gapOf──> AisGap            (dark-approach candidate)
   └──correlatesTo─> SatAisTrack | Sentinel1-SAR-hit | VTS-bearing

Incident ──fusedFrom──> {AisGap, OtAlarm, CctvEvent, LoiterRing, CableProximity}
   ├──scoredBy──────> AnomalyScore (NOT a person score — vessel/asset/event only)
   ├──reviewedIn────> DecisionRoom {OP | Proportionality | Civil-Society | Devil's-Advocate | Domain-Expert}
   ├──gatedBy───────> HumanGate (PFSO dual-control; 2/2 QES)
   ├──tasks─────────> Action {MARSEC-step | VHF-query | notify-AGS/DF/Naval/IRCG/NCSC}
   └──recordedIn────> ProvenanceLedger ──exportsTo──> {CER-risk-assessment, NIS2-Art23-lodgement}

ContractorRole {badge_id, company, access_scope}   ← people appear ONLY here, as a credential, never as biometrics

§5 — Data model (synergy.* tables; RLS by app.current_org_id + a load-bearing CHECK)

SQL
56 lines
Copy
-- The fused port-incident entity. Vessel-and-asset signals only; the human-gate boundary lives here.
CREATE TABLE synergy.port_incident (
    id                  uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id              uuid NOT NULL,                         -- DPC tenant
    facility            text NOT NULL DEFAULT 'IE-DUB',        -- ISPS port-facility code
    berth_ref           text,                                  -- 'FUEL-O7' | 'ABR' | 'NWQ'
    asset_refs          text[]      NOT NULL DEFAULT '{}',     -- {'T3-GATE-PLC','CCTV-44'}
    vessel_mmsi         text,                                  -- pseudonymised in the picture
    flag_state          text,                                  -- 'TGO'
    ais_gap_minutes     numeric(6,1) NOT NULL DEFAULT 0,       -- 22.0 dark-approach
    in_protection_zone  boolean NOT NULL DEFAULT false,        -- 1nm port-approach / cable-zone test
    pilot_booked        boolean NOT NULL DEFAULT false,        -- absence is a signal
    ot_alarm            boolean NOT NULL DEFAULT false,         -- T3-gate PLC access-control alarm
    cctv_corroborated   boolean NOT NULL DEFAULT false,        -- CCTV-44 motion, no badge scanned
    anomaly_score       numeric(4,3) NOT NULL,                 -- 0.880 (vessel/asset/event derived ONLY)
    disposition         text NOT NULL DEFAULT 'monitor'
                        CHECK (disposition IN ('monitor','vhf_query','marsec_step','notify_authority','elint_request')),
    marsec_from         smallint    NOT NULL DEFAULT 1 CHECK (marsec_from BETWEEN 1 AND 3),
    marsec_to           smallint    CHECK (marsec_to BETWEEN 1 AND 3),
    gate_quorum         smallint    NOT NULL DEFAULT 0,        -- count of QES dual-control signatures
    warrant_ref         text,                                  -- NULL until a lawful ELINT/ID authority issues
    prov_o              jsonb       NOT NULL,                   -- DecisionRoomCompose-DP04 attribution
    biometric_flag      boolean     NOT NULL DEFAULT false,    -- MUST stay false (Declined-List tripwire)
    -- LOAD-BEARING INVARIANT 1: no MARSEC step or authority notification without a 2/2 human-gate quorum.
    CONSTRAINT human_gated_escalation CHECK (
        disposition IN ('monitor','vhf_query')
        OR (gate_quorum >= 2 AND marsec_to IS NOT NULL)
    ),
    -- LOAD-BEARING INVARIANT 2: no ELINT/identity collection without a lawful warrant; biometrics never enabled.
    CONSTRAINT no_ungated_collection CHECK (
        (disposition <> 'elint_request' OR warrant_ref IS NOT NULL)
        AND biometric_flag = false
    )
);
ALTER TABLE synergy.port_incident ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.port_incident
    USING (org_id = current_setting('app.current_org_id')::uuid);

-- Access-control / contractor credentials: people exist ONLY as a role+badge, never as biometrics.
CREATE TABLE synergy.access_credential (
    id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id          uuid NOT NULL,
    badge_id        text NOT NULL,                              -- credential, not an identity profile
    company         text NOT NULL,                              -- the contractor firm
    access_scope    text[] NOT NULL,                            -- {'ABR-perimeter','T3-gate'}
    valid_until     date NOT NULL,
    last_scan_at    timestamptz,                                -- NULL on the O7 event = "no badge scanned"
    prov_o          jsonb NOT NULL,
    -- LOAD-BEARING INVARIANT 3: a credential is a badge+scope, never a biometric template.
    CONSTRAINT credential_not_biometric CHECK (
        access_scope IS NOT NULL AND char_length(badge_id) <= 64
    )
);
ALTER TABLE synergy.access_credential ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.access_credential
    USING (org_id = current_setting('app.current_org_id')::uuid);

The human_gated_escalation CHECK is the load-bearing decline-safe + human-gate invariant: a row can sit at monitor or vhf_query freely, but the database physically refuses to record a MARSEC posture step or an authority notification unless two QES signatures and an explicit target posture are present. no_ungated_collection makes the biometric prohibition a schema constraint, not a policy promise.

§6 — Action-loop pseudocode (detect → enrich → triage → gate → task → execute → BDA → close)

Python
44 lines
Copy
def assess_port_incident(signal_bundle, requesting_org):
    # 1. DETECT — fuse the three weak signals the PFSO desk holds separately today.
    inc = fuse(signal_bundle)            # AIS-gap(22m) + T3-PLC OT-alarm + CCTV-44 + O7 loiter, no pilot
    if not (inc.in_protection_zone and (inc.ot_alarm or inc.ais_gap_minutes >= 15)):
        return Disposition.MONITOR        # show on the port picture; no escalation

    # 2. ENRICH — vessel history / flag / prior port calls / pilot-booking absence. NO crew identity.
    inc.flag_state, inc.prior_calls = vessel_dossier(inc.vessel_mmsi)   # TGO flag, 0 prior DUB calls
    sar = sentinel1_corroborate(inc)      # Fellegi-Sunter W=8.41 > T_mu -> SAR hit accepts the dark approach

    # 3. TRIAGE — vessel/asset/event anomaly ONLY (never a person score).
    inc.anomaly_score = anomaly(ais_gap=inc.ais_gap_minutes, ot=inc.ot_alarm,
                                cctv=inc.cctv_corroborated, loiter=inc.loiter_min, sar=sar)   # 0.88

    # 4. GATE — PFSO dual-control Decision Room incl. a civil-society reviewer.
    gate = decision_room(
        proposal  = PortResponse(inc, propose=["vhf_query", "marsec_1_to_2_at_O7"]),
        personas  = [OP_PFSO, PROPORTIONALITY, CIVIL_SOCIETY('ICCL-flavour'),
                     DEVILS_ADVOCATE, MARITIME_DOMAIN_EXPERT],
        threshold = P_MIN_RESTRICTED)
    if gate.requests_crew_id or gate.requests_elint:
        return Disposition.REFUSED("no warrant; biometric/ELINT on the Declined List")  # CHECK forbids the write
    if not gate.passed:
        return Disposition.REFUSED(gate.rationale)

    # 5. TASK + EXECUTE + WRITE-BACK — human-gated; CER/NIS2 evidence as a by-product.
    write_back("vts_naval_advisory", requesting_org,
               VhfQuery(channel=16, vessel=inc.vessel_mmsi, ask="identify + intentions; pilot status"))
    write_back("dpc_marsec", requesting_org, MarsecStep(berth="FUEL-O7", level_from=1, level_to=2))
    write_back("nis2.art23.lodge", requesting_org,                     # NIS2 significant-incident report
               Nis2Lodgement(facility="IE-DUB", asset="T3-GATE-PLC", anomaly=inc.anomaly_score))
    write_back("cer.risk_assessment.append", requesting_org,           # CER resilience evidence by-product
               CerEvidence(scenario="dark-approach+OT-alarm fusion", outcome="pending-BDA"))
    register_prospective(inc, trigger="flag_state_TGO_dark_approach_near_fuel_or_cable")
    audit.append(inc.id, gate_quorum=gate.quorum, merkle=True)
    return Disposition.EXECUTED

# 6. BDA + CLOSE — measured after the VHF query / boarding resolves; loop closes on the ledger.
def close_port_incident(inc, bda):
    inc.bda = bda                          # vessel complied? anchor dragging? maintenance work-order?
    ledger.finalise(inc.id, outcome=bda.outcome, provenance=inc.prov_o)
    if bda.outcome == "benign_maintenance":
        marsec_revert(inc, to=1)           # human-gated stand-down, also audited
    return inc

§7 — nexus-workflows YAML DAG (same loop; a blocking human-gate node)

YAML
45 lines
Copy
# nexus-workflows: dpc-port-resilience-loop  (NO cron — event-triggered; the law of the platform)
name: dpc-port-resilience-loop
on:
  event: synergy.port.signal_bundle        # AIS-gap | OT-alarm | CCTV-event | loiter-ring
  tenant: dublin-port-company
nodes:
  - id: detect
    run: synergy.fuse_signals
    out: incident
  - id: enrich
    needs: [detect]
    run: synergy.vessel_dossier            # flag, prior calls, pilot-booking; NO crew identity
    with: { mmsi: "${incident.vessel_mmsi}", crew_identity: false }
  - id: corroborate
    needs: [enrich]
    run: synergy.sentinel1_corroborate     # SAR hit, Fellegi-Sunter accept
  - id: triage
    needs: [corroborate]
    run: synergy.anomaly_score             # vessel/asset/event only
  - id: decision_room
    needs: [triage]
    run: synergy.compose_decision_room
    with:
      personas: [op_pfso, proportionality, civil_society, devils_advocate, maritime_expert]
  - id: human_gate                         # BLOCKING — the DAG halts here until 2/2 QES signatures
    needs: [decision_room]
    type: manual_approval
    blocking: true
    approvers: { role: PFSO, quorum: 2, signature: QES }
    refuse_if: [requests_crew_id, requests_elint_without_warrant]   # Declined-List tripwire
  - id: task_execute
    needs: [human_gate]
    when: "${human_gate.approved}"
    run: synergy.write_back
    with:
      targets:
        - { adapter: vts_naval_advisory, payload: vhf_query }
        - { adapter: dpc_marsec,         payload: marsec_step }
        - { adapter: nis2.art23.lodge,   payload: nis2_lodgement }       # NIS2 evidence
        - { adapter: cer.risk_assessment.append, payload: cer_evidence } # CER evidence
  - id: bda_close
    needs: [task_execute]
    run: synergy.capture_bda_and_close
    out: { ledger_entry, prospective_item }
audit: { merkle: true, prov_o: true, retention_years: 7 }

§8 — UI/UX mockups (verbatim generated ASCII)

Figure b04.1 — map_ops (PRIMARY). ShellLayout + ClassificationBanner (EU-RESTRICTED / TLP:AMBER) + TopBar with PccPill (MARSEC 1 · PFSO desk) + RendererChip (CesiumJS-2D) + LeftSidebar glyph rail + the LAYERS panel + MapConsole rendering the Dublin Port estate + an INCIDENTS ticker. This is the PFSO duty-desk operating picture where the three weak signals fuse. (SVG: _build/figures/dublin-port-cer/uc-map_ops.svg.)

Figure — Operational picture (map_ops · live MapLibre). Production-fidelity React surface (buildable); the faithful ASCII follows.

+------------------------------------------------------------------------------------------------------+
| Dublin Port Resilience & Maritime-Security COP - PFSO operating picture (MapConsole 2D)              |
+--------------------+---------------------------------------------------------------------------------+
| LAYERS             | MAP  ========================================================================== |
| [x] AIS approaches | DUBLIN PORT estate  ::  PFSO duty desk  ::  MARSEC level 1 (normal)             |
| [x] VTS tracks     |   Liffey channel ->  .--Alexandra Basin (ABR)--.  Ro-Ro T1-T5                   |
| [x] Berth occupancy|  /  [!] M/V POLAR-KESTREL (TGO flag) AIS gap 22m, dark approach   \             |
| [x] CCTV events    | |   re-acquires 0.8nm off North Wall Quay  ::  VTS bearing 071     |            |
| [x] Access control | |   [x] Lo-Lo yard  [x] Tom Clarke Bridge  [OT] T3 gate PLC alarm  |            |
| [x] OT/net alerts  | |   loiter ring 600m N of fuel berth O7  ::  no pilot booked       |            |
| [x] Tide/wind MetE |  \  CCTV-44 motion @ ABR perimeter 03:11  ::  badge: none scanned /             |
| [x] MARSEC posture |   '-- 1nm port-approach -- correlate: AIS-gap + OT-alarm + CCTV --'             |
| [x] Cable corridors| Camera {lat 53.347 lon -6.205 alt 3.1km pitch -28} CesiumJS-globe 2D            |
| [ ] Sentinel-1 SAR | -> ANOMALY 0.88 :: HUMAN GATE before MARSEC step or any notification            |
| --- evidence ---   |                                                                                 |
| [x] Prov. ledger   |                                                                                 |
| --- decline-safe - |                                                                                 |
| [ ] Biometric ID   |                                                                                 |
|   (REFUSED, logged)|                                                                                 |
+--------------------+---------------------------------------------------------------------------------+
| INCIDENTS: POLAR-KESTREL AIS-gap 22m + O7 loiter | T3 PLC alarm | CCTV-44 ABR | gate -> PFSO sign-off|
+------------------------------------------------------------------------------------------------------+

Figure b04.2 — globe_rmp (SECONDARY). MapConsole rendering the CesiumJS-globe for the Dublin Bay → Irish Sea approaches (CER scope) + a right-rail Inspector-style TRACKS list. This is the analyst surface where the dark-approach vessel is correlated against Sat-AIS and Sentinel-1 before it enters the PFSO port picture above.

Figure — Recognised maritime picture (globe_rmp). Production-fidelity React surface (buildable); the faithful ASCII follows.

+--------------------------------------------------------------------------------------------------+
| Dublin Port Approaches - Recognised Maritime Picture (CesiumJS-globe)                            |
+-------------------------------------------------------------------+------------------------------+
|       . - '' - .       Dublin Bay -> Irish Sea (CER scope)        | TRACKS (sorted: anomaly)     |
|    /   o ----._ \     self-report 53.61N 5.92W (broadcast AIS)    | POLAR-KESTREL  TGO flag      |
|   | [!] AIS gap   |    EMODnet bathy -64m :: IHO S-101 ENC        |   Sat-AIS vs self: 18nm      |
|   | Sat-AIS 53.4N |    M/V POLAR-KESTREL (TGO flag, AIS gaps 22m) |   SAR-confirm W=8.41>Tmu     |
|   | 18nm E delta  |    -> dark-approach candidate (anomaly 0.88)  |   loiter 4nm S cable run     |
|    \ S-1 SAR hit  /    Sentinel-1 IW @02:54Z confirms 53.45N 5.71W|   inbound DUB, no pilot      |
|     \ '. cable .' /     loiters 4nm S of Dublin-Holyhead cable run| 3 more dark-cands  T3        |
|       ' - x__ - '       inbound DUB Port, no pilot/agent booked   | 1,180 AIS contacts live      |
|   Camera {53.40N -5.60W alt 420km pitch -88} CesiumJS-globe       | [#] Sentinel-1 IW @02:54     |
|   Concurrence: 18nm AIS-vs-SatAIS + SAR W=8.41 + cable-loiter     | [#] VTS handover -> PFSO     |
|   -> feeds the PFSO port picture; HUMAN GATE before any escalation| [#] LE-WB-SHAW 40nm SE       |
|                                                                   | gate: VHF query + advise     |
|                                                                   |   NO crew-ID (civil COP)     |
|                                                                   |   warrant-gated ELINT off    |
+-------------------------------------------------------------------+------------------------------+
| EMODnet bathy + IHO S-101 + AIS(terr+SatAIS) + VTS + cable atlas :: CER/NIS2 evidence to ledger  |
+--------------------------------------------------------------------------------------------------+

§8b — Field-unit (Pixel) surfaces

The same scenario on the Pixel 10 Pro Fold field unit (Nexus Field app), tightly coordinated with the dashboard COP above — command pushes the task, the unit accepts + ACKs, shares position and reports back to the COP. Built on the same synergy.field_unit / field_task / field_report contract; see §9 and the cluster coordination composite.

Figure §8b.1 — Folded cover · tasking glance (ground_glance): the incoming IMMEDIATE task, ACCEPT + ACK, alert chips, bearing-to-objective.

Figure §8b.2 — Unfolded inner display · field COP: two-pane mini-map + task list + teammate roster + air/command coordination + PTT, with the Material-3 NavigationBar + Report FAB.

§9 — UI/UX flow (literal click-path + screen-flow chain)

Click-path (PFSO duty desk): an AIS-gap alert fires on globe_rmp → analyst clicks the POLAR-KESTREL track in the TRACKS rail → [Correlate] runs Sat-AIS + Sentinel-1 (W=8.41) → [Hand to port picture] pushes the contact to map_ops → PFSO toggles the [x] OT/net alerts + [x] CCTV events layers → the MapConsole paints the O7 loiter ring + T3-gate PLC alarm + CCTV-44 → PFSO clicks the correlate callout → [Open Decision Room] in ChatTerminal → after deliberation [ /dual-control sign ] (2/2 QES) → [Raise MARSEC 1→2 at O7] + [VHF query Ch16] write-back → the Inspector shows the new port_incident row with elint_authorised_at: NULL and the ledger entry; [Refuse + log] is the always-available decline path.

globe_rmp (correlate dark approach)
        │  [Correlate]  Sat-AIS + Sentinel-1  W=8.41
        ▼
map_ops (PFSO port picture: fuse AIS-gap + OT-alarm + CCTV + O7 loiter)
        │  [Open Decision Room]
        ▼
ChatTerminal / Decision Room  ──[Refuse + log]──► ledger (decline recorded)
        │  [ /dual-control sign ]  2/2 QES
        ▼
write-back: MARSEC 1→2 (O7) · VHF query · NIS2 Art-23 · CER evidence
        ▼
Inspector + ProvenanceLedger  →  BDA  →  close

§10 — Decision-Room transcript (the gated decision)

Context: 03:14. map_ops shows three-signal concurrence on fuel berth O7 — POLAR-KESTREL (TGO flag) dark approach with a 22-minute AIS gap, a T3-gate PLC access-control alarm, and CCTV-44 motion at the ABR perimeter with no badge scanned. Anomaly 0.88. The PFSO opens the Decision Room in ChatTerminal. The decision is whether to raise MARSEC 1→2 at O7 and issue a VHF query — and explicitly whether any identification of the vessel's crew is on the table.

• 🟦 Operational reviewer (PFSO seat): "Three independent signals on O7 inside the protection zone, no pilot booked. I propose a VHF Ch16 query for identity and intentions, and a MARSEC 1→2 step at the fuel berth only. I am not asking for anything about the people aboard."
• 🟩 Proportionality reviewer: "A VHF query is a routine port-authority act — lawful and proportionate under the PFSP and SOLAS. A localised MARSEC step at one berth is proportionate to a fuel-berth threat. Both pass. Any ELINT collection or crew identification would not pass without a lawful warrant we do not have."
• 🟪 Civil-society reviewer (ICCL-flavour): "I want it on the record that nothing here touches a person's identity or biometrics. The TGO-flag vessel and the unscanned-badge event are asset and credential facts, not a profile of a human. The moment anyone proposes crew identification, this becomes a different — and refused — request. Log the refusal of crew-ID explicitly."
• 🟥 Devil's advocate: "The T3-gate PLC alarm could be a benign maintenance work-order, not an intrusion — and the AIS gap could be a faulty transponder. Don't over-read coincidence into correlation. Condition the MARSEC step on confirming there is no open maintenance ticket for T3."
• ⬛ Maritime domain expert: "A 22-minute AIS gap re-acquiring 0.8nm off North Wall Quay with a 4nm-south loiter near the Dublin–Holyhead cable run is a recognised dark-approach pattern. The Sentinel-1 hit (W=8.41) corroborates a real hull. The VHF query is the correct first non-escalatory move; brief the Naval Service liaison (LÉ-WB-SHAW, 40nm SE) as advisory only."

↪ Devil's-advocate condition applied: maintenance-ticket check on T3-gate returns no open work-order → the benign-explanation is not supported → MARSEC step proceeds.

GATE VERDICT — PASS (2/2 QES). Authorise: VHF Ch16 query (Naval Service advised, not tasked) + MARSEC 1→2 at fuel berth O7. Refused and logged: any crew identification, any biometric processing, any pre-warrant ELINT collection — disposition='elint_request' is blocked at the no_ungated_collection CHECK. The civil-society reviewer's refusal-of-crew-ID is recorded as a first-class ledger entry.

§11 — Write-back + BDA + PROV-O chain + deltas-only regulatory traceback

Write-back targets. (1) vts_naval_advisory — VHF Ch16 query to the vessel + an advisory (non-tasking) brief to the Naval Service liaison; lawful basis = port-authority / SOLAS common-law authority + Harbours Acts. (2) dpc_marsec — MARSEC 1→2 posture step at fuel berth O7; lawful basis = ISPS Code / Maritime Security (SI transposing SOLAS Ch XI-2) under the PFSP. (3) nis2.art23.lodge — NIS2 significant-incident notification to the NCSC; lawful basis = the Irish NIS2 transposition (NCSC as lead National Competent Authority and single point of contact). (4) cer.risk_assessment.append — appends the scenario + outcome to DPC's CER risk-assessment evidence file; lawful basis = SI 559/2024.

BDA (loop close). VHF query issued 03:21; POLAR-KESTREL responds 03:29, master cooperative, declares engine-cooling fault and unscheduled drift; a port-services launch confirms no contact with the fuel-berth structure or cable. T3-gate PLC alarm traced to a reader power-cycle (no intrusion). Outcome = benign-mechanical; MARSEC reverts 2→1 at O7 under a second human-gated stand-down. CMA ObservationLevel of the BDA = Confirmed (direct port-services observation). ProspectiveItem registered: flag-state-TGO-dark-approach-near-fuel-or-cable — a watch for TGO-flagged vessels showing a dark-approach + loiter pattern inside DPC's protection zone, α=0.4 prior-belief weight.

PROV-O attribution chain. Entity:AisGap-POLAR-KESTREL-03:08Z —wasGeneratedBy→ Activity:AisIngest-v1.4 —used→ Entity:AisStream-DUB. Entity:Sentinel1Corroboration —wasGeneratedBy→ Activity:SarCorrelator-v2.1 —used→ {Entity:AisGap, Entity:S1-IW-02:54Z}. Entity:OtAlarm-T3GATE —wasGeneratedBy→ Activity:OtTap-Ingest —used→ Entity:T3-Gate-PLC-Stream. Entity:DecisionRoomTranscript-DP04 —wasGeneratedBy→ Activity:DecisionRoomCompose —used→ {Entity:PfsoReco, Entity:ProportionalityFinding, Entity:CivilSocietyRefusalCrewID, Entity:DevilsAdvCondition, Entity:MaritimeExpertReco}. Entity:DualControlGate —wasInformedBy→ {Entity:PfsoSign-1, Entity:PfsoSign-2}. Entity:MarsecStep-O7 —wasGeneratedBy→ Activity:MarsecWriteBack —used→ Entity:DualControlGate. Entity:NIS2Lodgement —wasGeneratedBy→ Activity:Nis2LodgeAdapter. Entity:CerEvidence —wasGeneratedBy→ Activity:CerAppendAdapter. Entity:BDA-DP04 —wasGeneratedBy→ Activity:PortServicesReport. Entity:ProspectiveItem-TGOdark —wasGeneratedBy→ Activity:ProspectiveRegister. Whole chain Merkle-anchored; reproducible from a PROV-O provenanceOf query.

Regulatory traceback (deltas only — what differs from the §4.0 defaults). CER SI 559/2024 (resilience evidence by-product); NIS2 Articles 21 + 23 (essential-entity risk-management + significant-incident reporting, transposition Bill — confirm commencement); ISPS Code / SOLAS Ch XI-2 + the Irish maritime-security SI (MARSEC posture authority); EU AI Act Article 27 FRIA for high-risk public-interest critical-infra use (applicable from 2 February 2025 for the Article 5 prohibitions; the high-risk obligations phase in later — confirm the exact obligation date per the Act's staggered timeline); GDPR Art-6(1)(e) only insofar as a vessel master's identity becomes associable — and the Decision Room refused that path here, so no Art-9 special-category processing occurs. ECHR Article 8 counter-factual: had the civil-society reviewer not surfaced the crew-ID refusal, a pre-warrant identity request would have risked a disproportionate interference — the refusal is the load-bearing safeguard.

§12 — Buyer & stakeholders

Action: identify the named PFSO / Harbour Master and the CER/NIS2 compliance owner (Open Question 1). The champion is almost certainly operations/security, not IT.

§13 — Competition / incumbency + comparator (cited)

• Not Palantir-entrenched at Irish-port scale — no evidence of an installed Foundry/Gotham COP at DPC. [likely — no public record found]
• Component incumbents own feeds, not the fused action loop: VTS vendors (Kongsberg / Saab-class systems), port-community / terminal-operating-system vendors, and physical-security integrators (CCTV / access control). Our wedge is integration + ontology + human-gated write-back, not ripping out VTS. [verified — generic port-systems landscape; specific DPC vendor stack TBD]
• System-integrator risk: a large SI could bundle "a dashboard" into a broader IT programme. Comparator: counter with sovereignty (EU-resident, jurisdiction-refusing AI router), conformity-by-construction (CER/NIS2 evidence as a by-product), and a closed action loop rather than analytics-only — an SI dashboard does not gate, task, write-back, or produce a PROV-O-anchored NIS2 lodgement. [verified — our architecture; SI comparators inferred]
• Incumbency verdict: moderate / additive. We fuse, not displace, which lowers the political cost of a pilot.

§14 — Readiness (honest, pre-pilot)

• Pre-incorporation, pre-revenue, pre-pilot. ~178 UI surfaces exist as a gallery; the COP, triple-renderer map, ontology and action-loop are demonstrable as designed surfaces with live backends still being built out.
• Maritime adjacency is real but unproven externally: COP entities are live in-platform (incl. maritime tracks), but there is no port deployment, no AIS/VTS/OT integration with DPC's actual systems, and no CER/NIS2 evidence pack shipped to a regulator.
• What we can credibly do now: a compelling scenario-driven demo (dark-approach + OT-alarm + CCTV fusion → human-gated MARSEC step → provenance-ledger entry mapped to a NIS2 report) on synthetic/representative data, plus the sovereignty + conformity architecture story.
• Reuse: the map_ops + globe_rmp surfaces, the Decision Room, the provenance ledger and the AI Provider Router are shared with vol-B b01/b02/b03 (MAHI maritime / IRCG SAR / SFPA) — a port-resilience module is a configuration of the same substrate, not a new build.
• Honest gaps to close before a paid pilot: (1) at least one real maritime-feed integration (AIS/VTS); (2) a demonstrable provenance-ledger → NIS2-incident-report export; (3) an OT/access-control read-only connector. Treat all three as discovery deliverables, not done work.

§15 — ENGAGEMENT PLAYBOOK (first-contact → free discovery → demo → pilot → LOI → contract)

Stage 1 — First contact. Trigger: the 17 Jul 2026 CER designation deadline gives a dated, non-salesy reason to reach DPC's compliance owner now. Owner: Founder. Activity: warm-intro request to Patrick Walsh (Dogpatch) to reach the DPC CEO/board or Harbour Master; in parallel, the maritime-beachhead halo route (if MAHI / Research-Ireland Defence Innovation maritime work yields an early proof point, DPC becomes a warm "you've seen this for Irish waters — here it is for the port"); tertiary, the CER/NIS2 regulatory channel (Dept of Transport / NCSC critical-infra events). Template (warm-intro email, adapted):

Subject: A no-cost port-resilience operating-picture discovery — ahead of the July 2026 CER designation [Name] — [warm-intro context, Patrick]. We build an EU-sovereign common-operating-picture and decision platform, Irish-built and EU-data-resident. With Dublin Port a near-certain CER critical entity by 17 July 2026 and the live subsea/shadow-fleet picture in Irish waters, we run a free discovery session: we map your current port operating picture and where decisions stall today — AIS/VTS, CCTV/access-control, OT alerts — with no cost and no obligation. If useful, we show a faithful demo on representative data: a dark-approach-plus-OT-alarm scenario closing as a single human-gated, fully-audited decision that also produces your CER/NIS2 evidence. We publicly refuse biometric ID, predictive policing and individual scoring — asset/vessel/incident resilience only. Could I show the PFSO and your CER-compliance lead 30 minutes? — [Founder] Exit criterion: a 30-minute discovery is scheduled with the PFSO/Harbour Master + CER-compliance lead. Deliverable: a calendar hold + named attendees.

Stage 2 — Free discovery (no cost). Trigger: meeting booked. Owner: Founder. Activity: run the 60-minute discovery agenda adapted for DPC — 0:00–0:05 frame ("discovery, not a pitch; no commitment"); 0:05–0:20 current port operating picture ("walk me through a recent security/OT incident from detect to close — how many systems did you touch?"); 0:20–0:35 governance/lawful-basis/sovereignty ("where does your security data and any AI processing run today? are you in scope for CER designation / NIS2 reporting? can you currently prove a MARSEC posture step?"); 0:35–0:45 stakeholders/budget/timing ("who owns CER compliance? is there a subsea-infra programme or a resilience budget line this sits under?"); 0:45–0:55 map DPC's loop onto detect → enrich → triage → gate → task → execute → assess → close and find where they jump straight from detect to act with no shared enrich/gate; 0:55–1:00 reflect the top 3 pains back and earn the demo. No slides. Exit criterion: a named sponsor agrees there is a problem worth solving and asks for a demo. Deliverable: same-day discovery write-up (sponsor, top-3 pains in their words, lawful basis, CER status, the action-loop wedge, Declined-List PASS, funding hint).

Stage 3 — Scoped demo. Trigger: "could you show us this on our kind of data?" Owner: Founder (+ MAHI for the edge feed if in play). Activity: the map_ops + globe_rmp surfaces above, replaying their loop on representative data — the dark-approach + OT-alarm + CCTV fusion → Decision Room (with the civil-society reviewer seated inside) → human-gated MARSEC step → provenance-ledger entry mapped to a NIS2 Art-23 report and a CER risk-assessment append. Lead with sovereignty (jurisdiction-refusing AI Provider Router) + conformity-by-construction + the published Declined List. Be honest about maturity (no live OT/VTS integration yet). Exit criterion: "could we try this on a narrow, real slice as a short pilot?" Deliverable: the one-page pilot proposal (Stage 4).

Stage 4 — Pilot (scoped, paid or grant-funded). Trigger: demo "yes". Owner: Founder + the contracting vehicle (MAHI or a Dogpatch-brokered entity — see §16/§20). Activity / one-page pilot proposal filled for DPC:

Title & sponsor: "Dublin Port Resilience COP — single-berth dark-approach + OT-alarm fusion pilot." Sponsor: PFSO/Harbour Master (operational) + CER-compliance lead (budget). Problem (their words): "We hold AIS/VTS, CCTV and OT alerts in separate systems; when something happens at a fuel berth we can't fuse them fast or prove what we decided — and CER/NIS2 want exactly that proof by July 2026." The one thing we'll prove: a single human-gated, fully-audited fusion of an AIS-gap + OT alarm + CCTV event into a MARSEC-posture decision that also emits a NIS2-shaped incident record — reducing time-to-fused-picture from [baseline X — measured week 1] to [target Y]. Scope in/out: ONE berth (fuel berth O7) + AIS/VTS + a read-only OT/access-control feed + the provenance-ledger→NIS2 export; everything else OUT; biometric ID / predictive scoring / crew-ID explicitly excluded. Data & lawful basis: non-personal operational telemetry, EU-hosted, classification × isolation tier = TLS / hardened EU-RESTRICTED containers; DPA per buyer. Success criteria: time-to-fused-picture; a verifiable provenance-ledger→NIS2 export; PFSO usability sign-off; zero Declined-List drift. Timeline: 8–12 weeks with a mid-point checkpoint. Commercials: Tier-1 band (€120–240k/yr production) — pilot priced low/part-funded via Defence-Innovation / EUDIS maritime where eligible, or self-funded by DPC under-threshold. After: an LOI if criteria are met. Exit criterion: a signed pilot MOU. Deliverable: the pilot MOU + agreed success metrics.

Stage 5 — LOI. Trigger: pilot success criteria met or credibly trending. Owner: Founder + solicitor. Activity: run the LOI checklist — parties (DPC + Nexus Synergy Ltd, or the founder in own name pre-incorporation, ratifiable under Companies Act 2014 s.45); statement of intent conditional on success criteria + funding + procurement; scope carried from the pilot; named sponsor; indicative timeline + commercials ("to be scoped under [DPC commercial-semi-state procurement]"); conditions (data-sharing agreement, security accreditation); binding vs non-binding stated (default non-binding except confidentiality); Declined-List affirmation; Irish governing law; solicitor review confirmed before sending. Exit criterion: a signed LOI naming a sponsor + next step. Deliverable: the executed LOI (the milestone that triggers Patrick's "check on an LOI").

Stage 6 — Signed contract. Trigger: LOI + a resolved legal gate (Stamp-4 or a partner-vehicle prime). Owner: the contracting vehicle + solicitor. Activity: convert via DPC commercial-semi-state procurement (OJEU/eTenders, structured under-threshold where lawful) to a port-wide framework; expandable to other Irish port companies (Cork, Shannon Foynes, Rosslare). Exit criterion: an executed contract. Deliverable: the signed framework agreement.

§16 — PM / timeline (Gantt, milestones, critical path, RACI)

                         2026                                   2027
 Stage           Jul Aug Sep Oct Nov Dec | Jan Feb Mar Apr May Jun Jul Aug
 ----------------|---|---|---|---|---|---|--|---|---|---|---|---|---|---|---|
 1 First contact [###]
 2 Free discovery    [####]
 3 Scoped demo            [####]
 4 Pilot (8-12wk)              [#########]
   * legal-gate resolve [======= CRITICAL PATH for a PAID pilot =======]
 5 LOI                                  [#####]
 6 Contract (OJEU)                            [##############......]
 Milestones:  ^CER designation 17-Jul-2026    ^pilot-MOU     ^LOI     ^framework

• Milestones: CER critical-entity designation (17 Jul 2026, external forcing function); demo delivered (~Q4 2026); pilot MOU (~Q1 2027); signed LOI (~Q2 2027); port-wide framework (H2 2027+).
• Critical path: the Stamp-1G / partner-vehicle gate is critical for a PAID pilot. Free discovery + demo + an unpaid/grant-funded pilot can all proceed solo; a paid pilot or contract cannot be signed until either MAHI (or a Dogpatch-brokered entity) acts as contracting prime, or the founder reaches Stamp-4 and incorporates. Resolve the gate in parallel from Stage 1.

§17 — Funding / procurement vehicle

• DPC self-funds capex (€162.6m programme in 2025) — a pilot does not need a grant to exist, a genuine advantage over grant-dependent public bodies. But anything material goes through commercial-semi-state procurement (OJEU / eTenders thresholds) — slow and formal.
• De-risking wedges: (a) Research-Ireland Defence Innovation Challenge ("Maritime Situational Awareness") + EUDIS / EDF 2026 maritime (the existing beachhead funding — a port-resilience MDA module is in scope and could co-fund the build; EDF 2026 calls close 29 Sep 2026); (b) CER/NIS2 resilience spend — the 2026 designation creates a defensible "resilience tooling / operating picture" budget line that did not exist 18 months ago; (c) the national subsea-infrastructure-protection programme (Govt research programme from early 2026) — a co-funded route where DPC is a stakeholder, not the sole buyer.
• Recommended structure: a paid, scoped pilot (single berth / single scenario) priced at the low/med band, ideally part-funded by the Defence-Innovation / EUDIS line, converting to a port-wide framework. Pilot-first keeps DPC out of full OJEU on day one.

§18 — Two-stage formula scorecard (every cell [PRIOR], dated rationale)

Stage 1 — P(LOI). Vector {mandate_pull, access_warmth, demonstrability, decline_safety, white_space, cycle_speed, pillar_fit} = {5, 1, 2, 5, 3, 1, 4}.

S1 = 0.22·5 + 0.22·1 + 0.18·2 + 0.14·5 + 0.10·3 + 0.08·1 + 0.06·4 = 3.00. P_LOI = 0.55 / (1 + exp(−1.15·(3.00 − 2.6))) = 33.7% (top of the board's 22–32% band). Score100 = S1·20 = 60.0.

Stage 2 — P(Contract | LOI). Vector {contractability, funding_to_pay, procurement_clarity, incumbency_displacement, time_to_value, reference_leverage} = {1, 4, 2, 4, 3, 2}.

S2 = 0.24·1 + 0.22·4 + 0.18·2 + 0.16·4 + 0.12·3 + 0.08·2 = 2.64. P_raw = 0.70 / (1 + exp(−1.1·(2.64 − 2.8))) = 31.9%.

Legal gate G = V·T, with t_resolve = 14 mo → T = (30−14)/30 = 0.533:

Reconciliation. Score100 = 60.0 vs board_anchor 60.6 (within 0.6 pts ✓). P_LOI 33.7% sits at the top of the board's to-LOI 22–32% (consistent with the source-card adjust-down verdict). The board's headline to-buy 20–28% is the gate-resolved ceiling; the legal-gate-discounted P(Contract) above is correctly far lower until a vehicle exists — which is the honest read. Score retained (not nulled): 60.0.

§19 — Commercial

• Production pricing (indicative): Tier-1 €120–240k/yr (single-facility port-resilience COP, the natural pilot landing) → Tier-2 ~€0.6–1.2m/yr (port-wide, all berths + OT/access-control fusion + CER/NIS2 evidence automation) → Tier-3 €2.4–4.8m/yr (multi-port Irish framework: DPC + Cork + Shannon Foynes + Rosslare, shared conformity file).
• ACV (this buyer): pilot Tier-1 (€120–240k, possibly part-grant-funded); port-wide framework Tier-2; multi-port replication pushes toward Tier-3 / very-high over 24–36 months.
• Terms: pilot 8–12 weeks, success-criteria-gated, EU-hosted, DPA per buyer; framework under DPC commercial-semi-state procurement. Cost advantage: open-source substrate + sovereign HPC + shared conformity file + no forward-deployed-engineer dependency.
• Requirements before a paid engagement: a contracting vehicle (MAHI prime or Stamp-4 incorporation); data-residency + security assurance (ISO 27001 / NCSC baseline — confirm the bar); one real maritime-feed integration; a working provenance-ledger → NIS2 export.

§20 — Legal blockers

• X1 — Stamp-1G (the gate). The founder cannot be a director/shareholder, be self-employed, or operate a business until Stamp-4 ⇒ no paid contract is signable by the solo founder. Mitigation: a MAHI / Dogpatch-brokered contracting vehicle now (s.137 EEA-resident director — Patrick or Manuel — or a €25k bond for incorporation); pursue Stamp-4. ⚖️ CONFIRM (immigration solicitor). This is the critical-path blocker for a paid pilot (free discovery + demo proceed regardless).
• X7 — Pre-incorporation contracting. Until Nexus Synergy Ltd exists, the founder signs NDAs/MOUs in their own name under Companies Act 2014 s.45 (ratifiable post-formation); personally liable until then. ⚖️ CONFIRM (solicitor).
• Buyer-specific — commercial-semi-state procurement. DPC self-funds but procures material spend via OJEU / eTenders; confirm thresholds so a pilot can be structured under-threshold where lawful. ⚖️ CONFIRM.
• EU AI Act (X2). A critical-infra security COP is likely high-risk → FRIA required (Art-27). Article 5 prohibitions applicable from 2 February 2025; high-risk obligations phase in later — confirm the exact obligation date. The Declined-List filter keeps us clear of all prohibited practices. ⚖️ CONFIRM per use-case.
• GDPR / data residency (X3). Operational telemetry is non-personal; a vessel master's identity could become associable — the Decision Room refused that path here. EU-hosted; DPA per buyer; aggregate/consented data only. [verified regime; per-pilot ⚖️ CONFIRM.]
• NIS2 transposition timing. Confirm Ireland's NIS2 commencement date before relying on enforcement timing in any pilot success criterion. [likely — Bill in progress; ⚖️ CONFIRM.]
• Dual-use export (X4). Vessel/comms-monitoring configurations can classify as controlled cyber-surveillance under Reg. (EU) 2021/821 — export classification per integrated config. ⚖️ CONFIRM (counsel).

§21 — Warm-intro contact + the specific ask

• Primary bridge: Patrick Walsh (Founder & CEO, Dogpatch Labs) — patrick@dogpatchlabs.com [verified — contacts.md]. Specific ask: "Patrick — can you (or a Dogpatch board/advisor contact) reach the Dublin Port Company CEO, a board member, or the Harbour Master / PFSO for a free 30-minute discovery ahead of the 17 July 2026 CER designation? It's the clean critical-infra extension of the maritime work — same demo, no cost to them." A semi-state port board sits well inside the Dublin establishment network. (Note: the spec marks DPC as cold/OJEU; this is a plausible but unconfirmed path — Patrick's "conditional cheque on a first LOI" is a genuine but conditional signal, not a commitment.)
• Secondary bridge: the maritime-beachhead halo (MAHI / Pieter-Jan Note + the Defence-Forces RTI / Naval Service / IRCG relationships from b01/b02). Specific ask: "If the MAHI / Research-Ireland maritime work lands an early Irish-waters proof point, warm-introduce DPC as a 'you've seen this for the EEZ — here it is for the port' follow-on." MAHI is also the gate-resolver (V 0.10 → 0.75) if it acts as contracting prime.
• Tertiary: the CER/NIS2 regulatory channel — Dept of Transport (transport-sector regulator) / NCSC (NIS2 lead NCA/SPOC) / Dept of Defence Office of Emergency Planning (CER SPOC) critical-infra events as a non-cold way to meet DPC's compliance owner.

§22 — Open questions + consolidated dated Sources

Open questions (verify before scoping):

1. Who is the named PFSO / Harbour Master and the CER/NIS2 compliance owner at DPC? (Champion vs compliance buyer.) — verify.
2. Has DPC been provisionally identified as a CER critical entity, and where is it in the 17 Jul 2026 designation process? — verify with Dept of Transport / DPC.
3. What is DPC's current operating picture — which VTS / port-community-system / CCTV / OT vendors are installed, under what contracts/renewal dates? (Incumbency + integration surface.) — verify.
4. Can Patrick reach DPC leadership/board, or is a Naval Service / Coast Guard / Dept-of-Transport route warmer via the maritime beachhead? — confirm intro path.
5. Is there an existing/planned subsea-infrastructure-protection programme DPC participates in that a co-funded pilot could attach to? — verify (Govt 2026 research programme; EUDIS).
6. Data-residency / security-assurance bar: which certifications (NCSC baseline, ISO 27001) would a pilot need to clear? — verify before scoping.
7. Confirm DPC's commercial-semi-state procurement thresholds so a pilot can be structured under-threshold where lawful. — verify.
8. Confirm the NIS2 transposition commencement date and the AI Act high-risk obligation date applicable to this use-case. — verify with solicitor.

Sources (web-verified 2026-06-04/05):

• DPC FY2024 results & 2025 capex: RTÉ 2025-09-22; Irish Times 2025-09-22; travelextra.ie [verified]
• Masterplan 2040 / 3FM: dublinport.ie Masterplan 2040; RTÉ 2024-07-22 (€1.1bn 3FM) [verified]
• CER transposition (SI 559/2024, in force 17 Oct 2024) + National Strategy on the Resilience of Critical Entities 2026–2029 published 19 Mar 2026 + 17 Jul 2026 designation: gov.ie Dept of Defence National Strategy; CER Ireland tracker; ComReg About-CER; Bird & Bird 2024 [verified]
• NIS2 NCSC lead NCA/SPOC + CER SPOC (Dept of Defence / OEP): ComReg NIS2; NCSC NIS2 FAQ; DLA Piper 2025-07 [verified — Bill commencement: likely]
• Subsea-cable / shadow-fleet threat: Irish Times 2025-12-05; Irish Times 2026-04-04; CSIS Ireland subsea case study [verified]
• ISPS / MARSEC framework: ISPS guide (incodocs); TXOne port cyber threat brief [verified]
• EDF 2026 / EUDIS maritime calls close 29 Sep 2026; Research-Ireland Defence Innovation Challenge (Maritime Situational Awareness): internal funding map + discovery-playbook §8 [verified — programme dates]

---