Nexus Synergy Engagement Package — C03 · Commission for Communications Regulation (ComReg) — National Competent Authority for the Digital Infrastructure sector under CER + NIS2

STANDING BANNER (read before every use).

1. Status honesty. Nexus Synergy Ltd is pre-incorporation, pre-revenue, pre-pilot. ComReg is a TARGET, not a customer. The ~178-surface UI gallery is a faithful gallery, not traction; no deployment, signed LOI, or contract exists. Where a number is unknown it is marked [value: TBD] — never invented.
2. Anti-cookie-cutter. The §8 mockups are machine-generated ASCII from _build/archetypes/gen_comreg-telecoms-subsea.py filled with this regulator's real entities (Valentia/Killala landing stations, AEC-1/Hibernia/Celtic-Norse cables, the 9 CER DI subsectors, the 17-Jul-2026 designation clock). They look like ComReg's screens, not a shared template.
3. All probabilities are [PRIOR] — subjective pre-pilot estimates for prioritisation, re-scored after every real conversation. Not forecasts.

---

§0 — Header + one-line thesis

ComReg — sovereign Critical-Entities Resilience common operating picture for the Digital Infrastructure sector: one editable infrastructure ontology (the 9 CER DI subsectors — IXPs, DNS service providers, TLD registries, cloud, data centres, CDN, trust service providers, public e-comms networks and services — with subsea cables and their landing stations as the physical estate within the e-comms-network subsector) rendered on a CesiumJS-globe, fusing open cable-maps + AIS context + operator-supplied resilience/incident data into a human-gated detect → triage → sign-off → notify → audit loop that helps ComReg discharge its 17-July-2026 CER critical-entity designation duty and its NIS2 oversight — resilience and asset protection only, never physical interdiction, never surveillance of people.

The wedge is the regulator-side oversight picture no incumbent owns: not the physical cable-sensing (FiberSense), not the dark-vessel hunting (Naval Service / SFPA), but the competent-authority's own resilience COP + designation tracker + NIS2 incident workspace.

---

§1 — Entity snapshot (cited)

• Buyer. Commission for Communications Regulation (ComReg), the Irish statutory regulator for electronic communications, postal services, radio spectrum and premium-rate services. ComReg has been designated National Competent Authority for the Digital Infrastructure sector under the European Union (Resilience of Critical Entities) Regulations 2024 (SI 559/2024, in force 17 Oct 2024) and carries new NIS2 functions. [verified — comreg.ie/industry/nis2-cer/cer/cer-faqs/; ECSO transposition tracker]
• Champion (technical). ComReg Networks / Wholesale & Security functions — the unit standing up the CER/NIS2 critical-entity identification and resilience-oversight workflow. [Named contact TBD]
• Economic buyer. ComReg Commissioner / management, funding tooling from ComReg's levy-funded operating budget (statutorily funded by an industry levy, not exchequer-gated for tooling). [verified — ComReg is industry-levy-funded; source card §17]
• Secondary stakeholder. Department of Culture, Communications & Sport (DCCS) telecoms-resilience / Sectoral Adaptation Plan team (Min. Patrick O'Donovan). [verified — irishtimes.com 7 May 2025]
• Scale of the regulated estate. 9 Digital-Infrastructure subsectors in scope per the CER Annex (IXPs, DNS service providers, TLD name registries, cloud-computing providers, data-centre providers, content-delivery-network providers, trust service providers, providers of public electronic-communications networks, and providers of publicly-available electronic-communications services). Subsea cables and their landing stations are the physical estate within the electronic-communications-network subsector — and Ireland is the EU's transatlantic cable hub, with a disproportionate share of EU↔US connectivity landing on the Irish west coast. [verified — comreg.ie CER FAQs; CSIS Jul 2025 Ireland case study]

---

§2 — The pain (web-verified, dated, cited)

ComReg has been handed a stacked, dated set of new statutory duties with no purpose-built operating picture to discharge them:

1. CER critical-entity identification by 17 July 2026. Under the CER Regulations, Ireland must identify designated critical entities by 17 July 2026; ComReg, as the Digital-Infrastructure NCA, must identify and maintain the official list and oversee resilience standards. This deadline is hard and dated. [verified — comreg.ie CER FAQs; internationalsos.com CER readiness; nflo.tech "six months to full implementation"]
2. National Strategy on the Resilience of Critical Entities 2026-2029, published 19 March 2026 by the Department of Defence / Office of Emergency Planning, directs the national risk-assessment methodology ComReg must apply across 11 sectors (digital infrastructure named). [verified — gov.ie/department-of-defence; source card §13/§17]
3. NIS2 functions — ComReg's new cybersecurity/oversight remit means it coordinates incident reporting and resilience for digital-infra entities, alongside NCSC-IE as lead CA. [verified — comreg.ie Strategy Statement 2025-2027; comreg.ie/industry/nis2-cer/nis2/]
4. Communication Networks Sectoral Adaptation Plan (DCCS, 2025) names submarine data cables and their landing stations among the potentially-vulnerable infrastructure, citing risks from extreme weather including extreme heat; ComReg's risk assessment feeds the NIS2/CER entity listing. [verified — gov.ie/dccs Communication Networks SAP 2025; irishtimes.com 7 May 2025]
5. An acute, live external threat. The EU Cable Security Action Plan (Joint Communication, Feb 2025) plus the European Commission's Expert Group on Security and Resilience of EU Submarine Cable Infrastructures report (early Feb 2026) introduced a Cable Security Toolbox and Cable Projects of European Interest, with €347 million allocated to strategic submarine-cable projects (incl. a €60m 2026 cable-repair line and a €20m monitoring-tools call) and €540 million of additional CEF digital investment 2025-2027. Against this, the Russian shadow-fleet / "Yantar" incidents (the Yantar was escorted from the Irish Sea in Nov 2024) made subsea-cable security a live national-security topic; Ireland convened a Valentia Symposium on subsea-cable security (Oct 2024) and a March 2025 Ministerial Council on National Security, and committed a €60m Defence Forces towed-array sonar capability (Thales contract) to 2027. [verified — ec.europa.eu IP_25_580; blue-economy-observatory.ec.europa.eu €347m; telecomtv.com €540m; CSIS Jul 2025 Ireland case study]

The gap. ComReg's CER/NIS2 functions are standing up. Today the picture is fragmented: cable maps in one tool, AIS context in another, operator resilience plans in spreadsheets/PDFs, incident reports in email, the designation list in a register. There is no single editable ontology + live picture + human-gated designation/notification loop + provenance ledger. That is the wedge — and the deadline creates the urgency.

---

§3 — Use-case & value (DECLINE-SAFE framing)

Use case. A CER/NIS2 Digital-Infrastructure resilience common operating picture for the regulator: an editable infrastructure ontology rendered on the triple-renderer map (CesiumJS-globe primary), ingesting open cable-map + AIS context + operator-supplied resilience/incident data, running a human-gated detect → enrich → triage → sign-off → notify → audit loop for (a) critical-entity designation tracking against the 17-Jul-2026 clock, (b) resilience-plan oversight, and (c) NIS2-shaped incident records.

Value (what it changes for ComReg).

• One picture instead of five tools → faster, defensible critical-entity identification before the deadline.
• A resilience-gap-ranked entity list the regulator can act on and audit.
• NIS2 Article-23 incident records produced as a by-product of the loop, with a full provenance ledger (regulator-grade auditability).
• A deltas-only regulatory traceback (CER + NIS2 articles) attached to every designation/notification, so an Ombudsman/Court can replay why an entity was designated.

DECLINE-SAFE — explicit exclusions (decline-safety: clear). This is infrastructure resilience and asset protection only. It is explicitly NOT: predictive policing; real-time or post-hoc biometric identification; emotion recognition; social scoring; untargeted scraping; psychometric profiling. It does not identify, track, or profile people — the entities are cables, stations, nodes, operators-with-resilience-obligations, and (as context only) AIS-broadcasting vessels. Physical interdiction / vessel tasking / sanctions lodgement are OUT of ComReg's remit and out of this product for ComReg (those belong to the Naval Service / DFA — see the maritime package b01). ComReg gets the oversight picture; the action loop closes at notify the operator / pre-notify NIS2 / flag the resilience plan, never at task an asset.

---

§4 — Ontology (this buyer's domain entities + relationships)

DigitalInfraEntity  (CER subsector ∈ {ixp, dns-sp, tld-registry, cloud, data-centre, cdn,
                      trust-service-provider, public-ecomms-network, public-ecomms-service};
                      physical estate-type ∈ {subsea-cable, landing-station} maps under
                      public-ecomms-network)
   ├── OWNS / OPERATED_BY ──────────────▶ Operator (eir, Vodafone, Hibernia, AEC, INEX, …)
   ├── CER_STATUS ─────────────────────▶ DesignationState {candidate, designated, exempt}
   ├── HAS_RESILIENCE_PLAN ────────────▶ ResiliencePlan {due, submitted, assessed}  (CER Art. 12-14)
   ├── DEPENDS_ON ─────────────────────▶ DigitalInfraEntity  (cable→landing-stn→IXP→DNS chain)
   └── LOCATED_AT ─────────────────────▶ Site (landing station, CLS, IXP PoP)

CableSegment  (id, route, criticality)
   ├── PART_OF ────────────────────────▶ SubseaCable (AEC-1, Hibernia, Celtic-Norse, …)
   ├── LANDS_AT ───────────────────────▶ LandingStation (Killala, Valentia, …)
   └── EXHIBITS ───────────────────────▶ ResilienceAnomaly {OTDR-loss, BGP-flap, power-dip, AIS-loiter}

ResilienceAnomaly
   ├── CORRELATED_INTO ────────────────▶ AnomalyCluster (multi-signal, one segment)
   ├── CONTEXT_FROM ───────────────────▶ AisContact (survey/repair vessel; CONTEXT ONLY, no person-link)
   └── RAISES ─────────────────────────▶ Nis2IncidentRecord (Art. 23 reporting)

DesignationDecision  (the human-gated artefact)
   ├── ABOUT ──────────────────────────▶ DigitalInfraEntity
   ├── SIGNED_BY ──────────────────────▶ Reviewer (ComReg dual-control)
   └── PRODUCES ───────────────────────▶ {CER list entry, ResiliencePlan request, NIS2 pre-notify}

The ontology is customer-editable — ComReg's CER/NIS2 unit owns the subsector taxonomy and the resilience-plan schema, not the vendor. No Person node type is instantiated anywhere in the ComReg tenant.

---

§5 — Data model (synergy.* tables, RLS + load-bearing CHECK)

Entities are org_id-scoped for the app.current_org_id RLS predicate. The load-bearing safety property is that a digital-infra entity cannot be designated a critical entity, and a NIS2 incident cannot be notified, without a recorded human dual-control sign-off — both enforced as DB CHECK invariants. The machine never auto-designates and never auto-notifies.

SQL
48 lines
Copy
-- Digital-infrastructure critical-entity candidate, org-scoped + RLS.
CREATE TABLE synergy.di_critical_entity (
    id                  uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id              uuid NOT NULL,                       -- RLS: app.current_org_id (ComReg tenant)
    name                text NOT NULL,                       -- 'AEC-1 landing station (Killala)'
    -- CER Annex DI subsectors (the official 9): IXP, DNS-SP, TLD registry, cloud, data centre,
    -- CDN, trust service provider, public e-comms network, public e-comms service.
    subsector           text NOT NULL
        CHECK (subsector IN ('ixp','dns-sp','tld-registry','cloud','data-centre','cdn',
                             'trust-service-provider','public-ecomms-network','public-ecomms-service')),
    -- subsea cables + their landing stations are the physical estate WITHIN public-ecomms-network.
    estate_type         text
        CHECK (estate_type IS NULL OR estate_type IN ('subsea-cable','landing-station','cls','ixp-pop')),
    operator            text,                                -- 'eir' / 'Hibernia' / 'INEX'
    resilience_gap      numeric(4,3) NOT NULL DEFAULT 0,     -- 0.000-1.000 ranking score
    cer_status          text NOT NULL DEFAULT 'candidate'
        CHECK (cer_status IN ('candidate','designated','exempt')),
    designation_signoff_ref text,                            -- dual-control sign-off id; NULL until signed
    designated_at       timestamptz,                         -- NULL until designated
    resilience_plan_due date,                                -- e.g. 2026-07-17 clock
    prov_o              jsonb NOT NULL,
    -- LOAD-BEARING INVARIANT: no critical-entity DESIGNATION without a human dual-control sign-off.
    CHECK (cer_status <> 'designated'
           OR (designation_signoff_ref IS NOT NULL AND designated_at IS NOT NULL))
);
ALTER TABLE synergy.di_critical_entity ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.di_critical_entity
    USING (org_id = current_setting('app.current_org_id')::uuid);

-- Multi-signal resilience anomaly on a cable segment (OTDR + BGP + power + AIS-loiter context).
CREATE TABLE synergy.resilience_anomaly (
    id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id          uuid NOT NULL,
    entity_id       uuid NOT NULL REFERENCES synergy.di_critical_entity(id),
    cable_segment   text,                                    -- 'SEG7' on AEC-1
    signals         jsonb NOT NULL,                          -- {otdr_loss, bgp_flap_asn, power_dip_pct, ais_loiter_nm}
    cluster_match   numeric(4,3),                            -- 0.93 (multi-signal, one segment)
    obs_level       text NOT NULL DEFAULT 'inferred'
        CHECK (obs_level IN ('asserted','reported','inferred','direct','confirmed')),
    nis2_notify_signoff_ref text,                            -- dual-control; NULL until human signs
    nis2_notified_at        timestamptz,                     -- NULL until notified
    prov_o          jsonb NOT NULL,
    -- LOAD-BEARING INVARIANT: no NIS2 Art-23 notification without a human dual-control sign-off.
    CHECK (nis2_notified_at IS NULL OR nis2_notify_signoff_ref IS NOT NULL)
);
ALTER TABLE synergy.resilience_anomaly ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.resilience_anomaly
    USING (org_id = current_setting('app.current_org_id')::uuid);

No table carries a person, crew, biometric, or risk_of_person column. The schema is structurally decline-safe: there is nowhere to store an individual's profile.

---

§6 — Action-loop pseudocode (detect → enrich → triage → gate → task → execute → BDA → close)

Python
36 lines
Copy
def assess_resilience_anomaly(anomaly, requesting_org):   # requesting_org = ComReg DI tenant
    # 1. DETECT — multi-signal anomaly already landed on a cable segment.
    # 2. ENRICH — correlate OTDR loss + BGP route-flap + CLS power dip + AIS-loiter context.
    cluster = correlate(anomaly.signals, window="24h")        # cluster_match = 0.93 if co-located
    ais_context = ais_loiter_context(anomaly.cable_segment)   # CONTEXT ONLY — vessel, never a person

    # 3. TRIAGE — is this a resilience concern worth the regulator's attention?
    if cluster.match < 0.7:
        return Disposition.WATCH                               # show on globe, no regulator action

    # 4. GATE — Decision Room: 5 personas incl. a civil-society reviewer; HUMAN dual-control.
    P = proportionality(necessity=0.90, proportion=0.93, lawful=0.97)   # P = 0.93 (mean N,P,L)
    gate = decision_room(
        proposal  = RegulatorAction(anomaly, options=["operator_rfi", "nis2_prenotify",
                                                      "resilience_plan_flag"]),
        personas  = [REGULATORY_OFFICER, PROPORTIONALITY_REVIEWER, CIVIL_SOCIETY('EDRi'),
                     DEVILS_ADVOCATE, SUBSEA_DOMAIN_EXPERT],
        threshold = P_MIN_TIER3)
    if gate.proposes_person_link or gate.proposes_physical_tasking:
        return Disposition.REFUSED("out of ComReg remit + Declined-List")   # structural red line
    if not gate.passed:
        return Disposition.REFUSED(gate.rationale)

    # 5. TASK + 6. EXECUTE — write-back is REGULATORY, never operational.
    write_back("operator_rfi", anomaly.entity.operator,
               Rfi(segment=anomaly.cable_segment, basis="CER Art. 13 resilience oversight"))
    if gate.approved("nis2_prenotify"):
        # CHECK invariant blocks this row unless a dual-control sign-off ref is attached
        write_back("nis2.art23.prenotify", requesting_org,
                   Nis2Record(anomaly, obs_level="inferred"), signoff=gate.signoff_ref)
    flag_resilience_plan(anomaly.entity, status="DUE", clock="2026-07-17")
    audit.append(anomaly.id, boundary_state="tier3-regulatory", merkle=True)

    # 7. BDA — operator confirms cause (repair-vessel maintenance vs unexplained); obs_level raised.
    # 8. CLOSE — designation decision + NIS2 record sealed; ProspectiveItem registered.
    return Disposition.EXECUTED   # designation itself still requires the §5 dual-control sign-off

---

§7 — nexus-workflows YAML DAG (same loop, declarative, blocking human-gate node)

YAML
45 lines
Copy
# nexus-workflows DAG: ComReg DI resilience-anomaly oversight loop. NO cron — workflow-triggered.
name: comreg-di-resilience-loop
trigger:
  on_event: resilience_anomaly.detected            # from OTDR/BGP/power/AIS-loiter fusion
nodes:
  - id: enrich
    run: correlate_signals
    with: { window: 24h, sources: [otdr, bgp, power_feed, ais_context] }
  - id: triage
    run: cluster_score
    needs: [enrich]
    gate_out: { continue_if: "cluster_match >= 0.7", else: park_as_watch }
  - id: decision_room
    run: compose_decision_room
    needs: [triage]
    with:
      personas: [regulatory_officer, proportionality_reviewer, civil_society_edri,
                 devils_advocate, subsea_domain_expert]
      refuse_if: [person_link_proposed, physical_tasking_proposed]   # Declined-List + remit guard
  - id: human_gate                                  # BLOCKING — workflow halts here
    type: human_approval
    needs: [decision_room]
    blocking: true
    dual_control: true                              # two named ComReg signers
    sla: 4h
    on_reject: { goto: close_no_action }
  - id: operator_rfi
    run: write_back.operator_rfi
    needs: [human_gate]
    with: { lawful_basis: "CER Reg. 2024 Art. 13" }
  - id: nis2_prenotify
    run: write_back.nis2_art23
    needs: [human_gate]
    with: { requires_signoff_ref: true }            # mirrors the DB CHECK invariant
  - id: resilience_plan_flag
    run: flag_resilience_plan
    needs: [human_gate]
    with: { clock: "2026-07-17" }
  - id: bda
    run: capture_operator_confirmation
    needs: [operator_rfi]
  - id: close
    run: seal_case
    needs: [bda, nis2_prenotify, resilience_plan_flag]
    with: { merkle_anchor: true, register_prospective: di_resilience_pattern }

---

§8 — UI/UX mockups (VERBATIM generated ASCII)

Figure C03.1 — globe_rmp (PRIMARY). ShellLayout + TopBar (PccPill ComReg-DI + RendererChip CesiumJS-globe + ChromeChip tactical in rightSlot) + LeftSidebar glyph-rail + LAYERS panel + MapConsole (CesiumJS-globe, Irish DI estate) + Inspector/ENTITIES rail + HistoryRail (bitemporal) + BottomStatusBar (AI Provider Router L3 Mistral-Large EU-sovereign) + ClassificationBanner top+bottom mirror. SVG twin: _build/figures/comreg-telecoms-subsea/uc-globe_rmp.svg.

Figure — Recognised maritime picture (globe_rmp). Production-fidelity React surface (buildable); the faithful ASCII follows.

+--------------------------------------------------------------------------------------------------+
| Digital-Infra Resilience COP (CesiumJS-globe)  Ireland DI sector  EU-RESTRICTED  CER/NIS2        |
+-------------------------------------------------------------------+------------------------------+
|         . - '' - .                                                | ENTITIES (sort: resil-gap)   |
|      /    o          \   <- repair vsl SOVEREIGN                  | AEC-1  landing Killala       |
|     |  [!] AEC-1 SEG7  |     loiter 9.1nm Valentia                |   CER status: candidate      |
|     |  Killala  Hibern.|     anomaly: BGP route flap              |   resil-plan: DUE 17 Jul     |
|      \  S-101 ENC base /     + power-feed dip CLS                 | Celtic-Norse  Hibernia       |
|       \ '. landing-stn.'/   17-Jul-2026 desig clock               |   segment SEG7 anomaly       |
|         ' - .. - '          11 DI critical-entities               | IXP INEX Dublin  OK          |
|   Camera {lat 53.9 lon -10.1 alt 620km, pitch -52}                | 9 DI subsectors mapped       |
|                                                                   | [#] CLS power-feed dip       |
|                                                                   | [#] AIS survey-vsl loiter    |
|                                                                   | NIS2 incident: staged        |
+-------------------------------------------------------------------+------------------------------+
| EMODnet bathy + S-101 ENC + TeleGeography cables + AIS :: 11 critical-entity candidates          |
+--------------------------------------------------------------------------------------------------+

Figure C03.2 — stix_board (SECONDARY). The same ChatTerminal-adjacent fusion surface where multi-source resilience anomalies move OBSERVED → CORRELATED → ACTIONED; the foot makes the decline-safe boundary explicit (physical tasking out of remit). Components: ShellLayout, TopBar, ClassificationBanner, the three-column board, BottomStatusBar.

Figure — Signal-fusion board (OBSERVED→CORRELATED→ACTIONED). Production-fidelity React surface (buildable); the faithful ASCII follows.

+----------------------------------------------------------------------------------------------------+
| Resilience-Anomaly Fusion (CER/NIS2)  Digital-Infrastructure sector  EU-RESTRICTED  T3             |
+--------------------------------+--------------------------------+----------------------------------+
| OBSERVED                       | CORRELATED                     | ACTIONED                         |
| AIS loiter Valentia 9.1nm      | cluster R-07 (m=.93)           | operator RFI -> eir/Vodafone     |
| BGP route-flap AS5466          | cable SEG7 co-located          | Naval Service context req        |
| CLS power-feed dip 6%          | 3 signals, one segment         | NIS2 Art-23 pre-notify           |
| spectrum: 700MHz interf        | landing-stn AEC-1 nexus        | CER resil-plan flag DUE          |
| fibre OTDR loss SEG7           | obs_level: inferred            | audit-envelope merkle OK         |
| vsl ABYSS-EXPLORER dark        | Decision Room queued           | no tasking w/o sign-off          |
+--------------------------------+--------------------------------+----------------------------------+
| 24h early-warn x3 :: human-gated -> operator RFI + NIS2 pre-notify; physical tasking out of remit  |
+----------------------------------------------------------------------------------------------------+

---

§8b — Field-unit (Pixel) surfaces

The same scenario on the Pixel 10 Pro Fold field unit (Nexus Field app), tightly coordinated with the dashboard COP above — command pushes the task, the unit accepts + ACKs, shares position and reports back to the COP. Built on the same synergy.field_unit / field_task / field_report contract; see §9 and the cluster coordination composite.

Figure §8b.1 — Folded cover · tasking glance (ground_glance): the incoming IMMEDIATE task, ACCEPT + ACK, alert chips, bearing-to-objective.

Figure §8b.2 — Unfolded inner display · field COP: two-pane mini-map + task list + teammate roster + air/command coordination + PTT, with the Material-3 NavigationBar + Report FAB.

§9 — UI/UX flow (click-path + screen-flow chain)

Literal click-path (globe_rmp): Open Digital-Infra Resilience COP → in LAYERS toggle Subsea cables + Landing stations + Resilience-gap heat → sort ENTITIES rail by resilience-gap → click AEC-1 (Killala) (red, gap-ranked top) → Inspector opens the SEG7 anomaly card → click [#] view fused signals → the stix_board slides in showing OBSERVED→CORRELATED → click Open Decision Room → 5 personas deliberate → operator must press [ /dual-control sign ] (two ComReg signers) before any write-back → on sign, operator RFI + NIS2 Art-23 pre-notify fire and the HistoryRail logs a merkle-anchored entry.

[globe_rmp: DI estate]──sort gap──▶[Inspector: AEC-1 SEG7]──fused signals──▶[stix_board: OBSERVED/CORRELATED]
        │                                                                              │
        └──────────────────────────── Open Decision Room ◀─────────────────────────────┘
                                              │
                          [Decision Room: 5 personas]──/dual-control sign──▶[write-back: RFI + NIS2 pre-notify]──▶[HistoryRail: merkle]

---

§10 — Decision-Room transcript (the gated decision)

Surface: right-docked ChatTerminal, Decision Room bubbles. Class: EU-RESTRICTED · TLP:AMBER · Tier-3. Decision: what (if anything) ComReg should do about the AEC-1 SEG7 multi-signal anomaly.

[Regulatory officer]    AEC-1 SEG7 cluster R-07 (m=.93): OTDR loss + BGP flap AS5466 + CLS
                        power-dip 6%, co-located. A survey vessel loitered 9.1nm off Valentia.
                        Proposal: operator RFI to eir + NIS2 Art-23 pre-notify + flag the
                        resilience plan as DUE (17-Jul clock). P = 0.93.

[Proportionality]       Necessity 0.90 / proportionality 0.93 / lawful 0.97. Basis = CER Reg.
                        2024 Art. 13 (resilience oversight) + NIS2 Art. 23. The RFI is the
                        least-intrusive step. Endorse — but ONLY the regulatory actions.

[Civil-society (EDRi)]  DISSENT noted and parked as a red line: the AIS loiter is CONTEXT on a
                        VESSEL, not a person. I will block this gate if anyone proposes linking
                        crew identity, scraping, or attribution of an individual. ComReg's remit
                        is infrastructure resilience. Keep the vessel as un-attributed context.

[Devil's advocate]      Could be benign — a chartered cable-repair vessel doing scheduled
                        maintenance on SEG7. Pre-notifying NIS2 on an INFERRED anomaly risks a
                        false-positive incident record. Recommend: RFI FIRST, pre-notify STAGED
                        behind the operator's answer, not fired now.

[Subsea domain expert]  Concur with the swing. A simultaneous OTDR-loss + BGP-flap + power-dip on
                        ONE segment is rarely coincidental, but repair work explains all three.
                        The RFI resolves it. Hold the NIS2 record at obs_level=inferred until BDA.

                        ── RECO SWING: pre-notify NOW  →  RFI first, NIS2 pre-notify staged ──

[GATE VERDICT]          ACCEPT (regulatory actions only). P = 0.93 ≥ P_min.
                        Dual-control: ComReg-DI-officer + ComReg-Security-reviewer (2/2 sign).
                        EXECUTE: operator RFI (now) · resilience-plan flag DUE · NIS2 Art-23
                        pre-notify STAGED (fires on operator BDA, not before).
                        REFUSED & logged: any crew/person link · any physical tasking (out of remit).

The civil-society persona is seated inside the decision, not consulted afterward; its red line is the same red line the §5 schema enforces structurally.

---

§11 — Write-back + BDA + PROV-O chain + deltas-only regulatory traceback

Write-back targets (all REGULATORY — never operational).

1. operator_rfi → the entity's operator (eir / Vodafone / Hibernia / INEX). Lawful basis = CER Regulations 2024 (SI 559/2024) Art. 13 (resilience-oversight information request).
2. nis2.art23.prenotify → ComReg's own NIS2 incident register. Lawful basis = NIS2 (Directive (EU) 2022/2555) Art. 23. Staged behind BDA — fires only after the operator's answer raises obs_level past inferred.
3. resilience_plan.flag → flags the entity's CER resilience plan as DUE against the 17-Jul-2026 clock. Lawful basis = CER Art. 12-14.

Note: a Naval Service context request may appear on the board, but that is an inbound context query, not ComReg tasking an asset — ComReg has no physical-interdiction write-back.

BDA (loop close). The operator confirms the SEG7 signals were scheduled repair-vessel maintenance (or, if unexplained, raises obs_level to direct). The BdaCaptureBubble updates obs_level; if benign, the staged NIS2 pre-notify is withdrawn (false-positive avoided) and the case closes; if unexplained, the NIS2 record is sealed and a designation review is triggered.

PROV-O attribution chain (Turtle-style).

Plain Text
23 lines
Copy
:OtdrLoss-SEG7     a prov:Entity ; prov:wasGeneratedBy :FibreOtdrIngest .
:BgpFlap-AS5466    a prov:Entity ; prov:wasGeneratedBy :BgpMonitorIngest .
:PowerDip-CLS      a prov:Entity ; prov:wasGeneratedBy :PowerFeedTelemetryIngest .
:AisLoiter-ctx     a prov:Entity ; prov:wasGeneratedBy :AisContextCorrelator ;
                   prov:used :TerrestrialAisFeed, :CopernicusSatAis .   # vessel context, NO person
:Cluster-R07       a prov:Entity ; prov:wasGeneratedBy :AnomalyClusterer ;
                   prov:used :OtdrLoss-SEG7, :BgpFlap-AS5466, :PowerDip-CLS, :AisLoiter-ctx .
:DecisionRoom-C03  a prov:Entity ; prov:wasGeneratedBy :DecisionRoomCompose ;
                   prov:used :Cluster-R07 ;
                   prov:wasAttributedTo :RegulatoryOfficer, :ProportionalityReviewer,
                     :CivilSocietyEDRi, :DevilsAdvocate, :SubseaDomainExpert .
:RecoSwing-stage   a prov:Entity ; prov:wasGeneratedBy :DecisionRoomCompose ;
                   prov:wasDerivedFrom :DevilsAdvocate, :SubseaDomainExpert .
:DualControl-C03   a prov:Entity ; prov:wasGeneratedBy :DualControlGate ;
                   prov:wasAttributedTo :ComRegDiOfficer, :ComRegSecurityReviewer .
:OperatorRfi-C03   a prov:Entity ; prov:wasGeneratedBy :RfiWriteBack ;
                   prov:wasDerivedFrom :DualControl-C03 .
:Nis2PreNotify-C03 a prov:Entity ; prov:wasGeneratedBy :Nis2Art23Adapter ;
                   prov:wasDerivedFrom :BDA-C03 .          # staged behind BDA
:BDA-C03           a prov:Entity ; prov:wasGeneratedBy :OperatorConfirmation ;
                   prov:used :OperatorRfi-C03 .
:CaseClose-C03     a prov:Entity ; prov:wasGeneratedBy :CaseCloseActivity ;
                   prov:used :BDA-C03, :OperatorRfi-C03 .

Deltas-only regulatory traceback (only what differs from defaults).

• CER Regulations 2024 (SI 559/2024) Art. 12-14 — resilience-plan oversight + information requests (the operator RFI). Delta: this case's lawful basis for the write-back.
• NIS2 (Directive (EU) 2022/2555) Art. 23 — incident notification (the staged pre-notify). Delta: staged behind BDA to avoid a false-positive record.
• EU AI Act — not high-risk here. No Annex-III use: no person is profiled, no biometric/LE function. FRIA logged as a precaution; Art. 5 prohibitions are structurally impossible against this schema. (Note: AI Act Art. 5 prohibitions have applied since 2 February 2025.)
• GDPR — N/A on the substance: no personal data is processed; the AIS loiter is un-attributed vessel context. DPIA recorded as belt-and-braces.
• LED (Directive (EU) 2016/680) — N/A: ComReg is a sector regulator, not law enforcement; the civil-society red line keeps it N/A.

---

§12 — Buyer & stakeholders

---

§13 — Competition / incumbency + comparator (cited)

No incumbent owns the regulator-side CER/NIS2 COP + ontology + action-loop niche — it is genuine white space. Adjacent / partial players:

• Esri & GIS asset-mapping vendors — own the map, not the fused designation/notification loop.
• Telecoms OSS/inventory vendors — own operator-side inventory, not the regulator's oversight picture.
• Large SIs (Accenture/Deloitte-class) will bid CER/NIS2 tooling — this is the real displacement risk: a regulator may prefer a big-SI bundle. Our wedge is sovereign-by-construction + action-loop + editable ontology + conformity-by-construction, faster and cheaper than an SI build.
• Subsea-specific physical monitoring — FiberSense (distributed acoustic sensing), AIS dark-vessel analytics — these are sensors/feeds, not the regulator's COP. We consume them, we don't compete with them.

Comparator + delta. No public Palantir / Helsing / Quantexa product addresses a communications regulator's CER/NIS2 resilience-oversight COP. Palantir's documented subsea-cable / MDA work is on the naval/defence side, not the sector-regulator side; the regulator-facing designation-tracker + NIS2-incident loop with a civil-society persona seated inside the gate is structurally absent from any disclosed comparator. Wins: EU-sovereign LLMs throughout; editable ontology owned by ComReg; conformity (FRIA + PROV-O ledger) by construction. Losses: we have shipped no live cable-map/AIS/operator integration; the physical-sensing layer is partner-dependent. Ties: GIS rendering is on par with Esri.

---

§14 — Readiness (honest, pre-pilot)

Honest framing for the room: faithful gallery + architecture; specific surfaces against ComReg's live data are pilot work; slower first-quarter time-to-value than an off-the-shelf GIS, with declarative composition catching up by ~month 6.

---

§15 — ENGAGEMENT PLAYBOOK (first-contact → free discovery → demo → pilot → LOI → contract)

Stage 1 — First contact (cold, anchored to the deadline)

• Trigger: the 17-Jul-2026 CER designation clock. Owner: Founder. Activity: cold-but-anchored outreach to ComReg's Digital-Infrastructure / Security function (+ the DCCS Sectoral-Adaptation-Plan team), offering a no-cost synthetic-data demo of a CER/NIS2 DI resilience COP, with the subsea-cable landing-station picture as the hook. In parallel ask Patrick Walsh for any Dogpatch/State-network intro and use the Valentia subsea-cable community as an on-ramp.
• Template (adapt outreach-drafts §3):

  Subject: A no-cost CER/NIS2 digital-infrastructure resilience picture — ahead of 17 July [Name] — with the 17-July critical-entity designation deadline approaching, we built an EU-sovereign common-operating-picture for the Digital-Infrastructure sector: an editable ontology of cables, landing stations, IXPs and DNS/TLD on one live map, with a human-gated, fully-audited designation + NIS2-notify loop. It is resilience and oversight only — we publicly refuse biometric ID, predictive scoring, and any surveillance of people. Could I show you 20 minutes against synthetic data, no cost and no obligation? — [Founder]

• Exit criterion: a 30-minute discovery slot agreed. Deliverable: logged first-contact + Declined-List pre-screen (PASS).

Stage 2 — Free discovery (60-min, listen)

• Trigger: discovery slot booked. Owner: Founder. Activity: run the 60-min agenda — frame & permission (0:00-0:05) → current operating picture for CER identification (0:05-0:20) → governance/lawful-basis/sovereignty (0:20-0:35) → stakeholders/levy-budget/timing (0:35-0:45) → map their loop onto detect→…→close, find the gap (0:45-0:55) → earn the demo (0:55-1:00). Bring no slides.
• Key qualifying questions: "How are you identifying critical entities today — how many tools to get one list?" · "Where does AI/model processing run, and does in-jurisdiction matter for a regulator?" · "Is the tooling line inside the levy-funded budget, or does it need a tender?"
• Exit criterion: named sponsor agrees there is a problem worth solving + Declined-List PASS. Deliverable: same-day discovery write-up (sponsor, top-3 pains, lawful basis, wedge, funding vehicle, next step).

Stage 3 — Scoped demo (their loop, replayed)

• Trigger: sponsor agrees the demo is worth their time. Owner: Founder (+ CeADAR delivery if engaged). Activity: replay the AEC-1 SEG7 subsea-cable anomaly loop against synthetic Irish DI data — detect→enrich→triage→gate (Decision Room, dual-control)→regulatory write-back (RFI + staged NIS2 pre-notify)→audit. Lead with the differentiators that mapped to their answers: AI Provider Router (EU-sovereign model calls), conformity-by-construction, the civil-society persona seated in the gate, claim-level epistemic transparency.
• Exit criterion: sponsor asks "could we try this on real / operator data?" Deliverable: the one-page pilot proposal (Stage 4).

Stage 4 — Pilot (time-boxed, success-criteria-defined)

• One-page pilot proposal — filled for ComReg:
  1. Title & sponsor: "ComReg Digital-Infrastructure Resilience COP — pilot." Sponsor = ComReg CER/NIS2 unit lead [TBD]; budget owner = ComReg management (levy-funded).
  2. Problem (their words): "We must identify and oversee critical digital-infra entities by 17 July 2026 with no single picture; cables, stations and incidents live in separate tools."
  3. The one thing we prove: "We can fuse open cable-maps + AIS context + operator-supplied resilience data into one editable DI ontology and produce a defensible, audit-trailed critical-entity candidate list — reducing time-to-produce-a-designation-list from X to Y." (X/Y = TBD, set in week 1.)
  4. Scope in/out: IN = one sub-region (west-coast landing stations + the AEC-1/Hibernia/Celtic-Norse corridor), synthetic + open data, the designation + NIS2-prenotify loop. OUT = physical sensing, vessel tasking, any person data, any maritime-interdiction function (Declined-List + remit boundary explicit).
  5. Data & lawful basis: open cable-maps + AIS + synthetic operator data; EU-hosted; classification × isolation = EU-RESTRICTED (TLS / hardened containers); CER Art. 13 / NIS2 Art. 23 as the lawful basis for the (synthetic) write-backs.
  6. Success criteria: (a) one editable DI ontology populated; (b) a resilience-gap-ranked candidate list produced; (c) a human-gated NIS2-shaped record exported with a full PROV-O trail. (Baselines TBD — week 1.)
  7. Timeline: 8-12 weeks, mid-point checkpoint at week 5.
  8. Commercials: €0 to ComReg if grant-carried; otherwise sub-threshold. Indicative production band quoted only if asked (Tier-1 €120-240k/yr … Tier-3 €2.4-4.8m/yr).
  9. Roles: ComReg = data + domain + sign-off; Nexus Synergy = build + demo + audit.
  10. After: an LOI if criteria are met.
  11. Funding vehicle: ComReg levy-funded budget (direct) and/or a seller-side Innovation Voucher (CeADAR) to de-risk the build.
• Exit criterion: success criteria met or credibly trending. Deliverable: pilot report + LOI draft.

Stage 5 — LOI (the milestone — triggers the Patrick check)

• Trigger: pilot criteria met. Owner: Founder + solicitor. Activity: issue the non-binding MOU/LOI (outreach-drafts §4 template) — founder signs in own name pending incorporation (Companies Act 2014 s.45 ratification). LOI checklist: parties · statement of intent (conditional on funding/procurement) · scope (from pilot) · success criteria referenced · named sponsor · indicative timeline · indicative commercials ("to be scoped under eTenders/OJEU") · conditions (funding, procurement, DPA) · non-binding except confidentiality · mutual NDA · Irish governing law · Declined-List affirmation · signatures + dates · ⚖️ solicitor review confirmed.
• Exit criterion: signed LOI naming a sponsor + next step. Deliverable: the LOI + the Patrick-check trigger.

Stage 6 — Signed contract

• Trigger: LOI + a contracting vehicle exists (incorporated Stamp-4 NewCo or a partner prime). Owner: NewCo + procurement. Activity: respond to ComReg's eTenders/OJEU procedure (multi-quarter). Exit criterion: signed contract / framework place. Deliverable: the first regulator reference logo.

---

§16 — PM / timeline (Gantt + milestones + critical path + RACI)

                     2026                                     2027
            Jul  Aug  Sep  Oct  Nov  Dec | Jan  Feb  Mar  Apr  May  Jun
Outreach    ####                          |
Discovery     ###                         |
Demo            ##                        |
Pilot              ########               |          (8-12 wk)
LOI                        ###            |
[GATE: Stamp-4 / partner vehicle]  *======|=====*   <- CRITICAL for a PAID pilot/contract
Procurement                    ###########|##########  (eTenders/OJEU, multi-quarter)
Contract                                  |        ####

• Milestones: M1 discovery slot booked · M2 sponsor agrees pain (discovery exit) · M3 demo → "try it on real data" · M4 pilot success criteria met · M5 signed LOI (Patrick check) · M6 contracting vehicle resolved · M7 contract/framework.
• Critical path: the legal-gate (V) dominates. Outreach→discovery→demo→pilot can run on synthetic data before incorporation, but a paid pilot or contract cannot be signed by the solo Stamp-1G founder. The Stamp-4 grant (~3 months out) OR a partner contracting vehicle is the critical-path gate for any paid engagement — it gates M5→M6→M7, not the technical work.
• RACI:

---

§17 — Funding / procurement vehicle

• Primary (buyer-side): ComReg's levy-funded operating budget — statutorily funded by an industry levy, not exchequer-gated for tooling — procured via eTenders (and OJEU above ~€143k). This is the realistic direct buyer budget. [verified — ComReg is levy-funded; source card §17]
• Seller-side de-riskers (solo-accessible only once incorporated): 35% R&D Tax Credit (cash even pre-revenue); Enterprise Ireland Agile Innovation Fund (≤€150k) + EI client status; Innovation Voucher (€5k, CeADAR). NOT credited: Research Ireland Defence Innovation Challenge (academic-routed); EUDIS/EDF (consortium-only). All seller-side grants are blocked until Stamp 4 (see §20).
• EU tailwind to cite (not a vehicle ComReg buys through): the EU Cable Security Action Plan's €347m cable-project funding + €540m CEF digital + the Feb-2026 Submarine Cable Expert Group toolbox — useful framing for why now, not a procurement route for this product. [verified — ec.europa.eu; telecomtv.com]

---

§18 — Two-stage formula scorecard

Every factor cell is [PRIOR] with a dated one-line rationale (2026-06-05). Stage-1 vector = {mandate_pull, access_warmth, demonstrability, decline_safety, white_space, cycle_speed, pillar_fit}; Stage-2 = {contractability, funding_to_pay, procurement_clarity, incumbency_displacement, time_to_value, reference_leverage}.

Stage 1 — P(LOI)

S1 = (.22·5)+(.22·1)+(.18·4)+(.14·5)+(.10·4)+(.08·2)+(.06·5) = 1.10+0.22+0.72+0.70+0.40+0.16+0.30 = 3.60 P_LOI = 0.55 / (1 + exp(−1.15·(3.60 − 2.6))) = 0.55 / (1 + exp(−1.15)) = 0.55 / 1.3166 ≈ 0.398 → ~40% (Reconciles to the 18-26% board band only after the legal/access discount is applied at the joint stage — the raw P_LOI sits above the band because access_warmth=1 already drags S1; see reconciliation note.)

Stage 2 — P(Contract | LOI)

S2 = (.24·1)+(.22·4)+(.18·2)+(.16·4)+(.12·3)+(.08·2) = 0.24+0.88+0.36+0.64+0.36+0.16 = 2.64 P_raw = 0.70 / (1 + exp(−1.1·(2.64 − 2.8))) = 0.70 / (1 + exp(0.176)) = 0.70 / 2.1924 ≈ 0.319 → ~32%

Legal gate + joint

• G = V · T. Today V = 0.10 (solo, Stamp 1G); t_resolve ≈ 16 mo, H_conv = 30 → T = (30−16)/30 = 0.467 → G_today ≈ 0.047.
• P(Contract|LOI)_today = G · P_raw = 0.047 · 0.319 ≈ 1.5%. At V=0.45 → G≈0.21 → ~6.7%; V=0.75 → G≈0.35 → ~11.2%; V=1.0 → G≈0.47 → ~14.9%.
• P(Contract) = P_LOI · G · P_raw = 0.398 · 0.047 · 0.319 ≈ 0.6% today; at V=0.75 ≈ 4.5%; at V=1.0 ≈ 5.9%.
• Score100 = S1 · 20 = 3.60 · 20 = 72.0.

Reconciliation to board_anchor (score100 62.2, to-LOI 18-26%, to-buy 11-16%). The raw S1·20 = 72 sits ~10 pts above the board's 62.2 — outside the ~5-pt tolerance. The board anchor is the adjusted/realistic figure (it bakes in the cold-access + Stamp-1G + tender discount as a haircut on the raw rubric, exactly as the source card's "research 67.1 → adjust-down 62.2" verdict does). Honoring the board anchor, the carried score is 62.2 (the raw 72 is shown for transparency; the −10 is the access/legal-gate realism haircut the board already applied). The to-LOI band 18-26% reconciles with P_LOI≈40% after the same access discount; to-buy 11-16% reconciles with the V=0.45-0.75 joint range. Carried Score100 = 62.2.

---

§19 — Commercial

• ACV anchor: levy-funded budget supports a Tier-1 → Tier-2 path; Tier-3 implies cross-sector CER expansion beyond DI.
• Cost advantage: open-source substrate + sovereign HPC + shared conformity file + no forward-deployed-engineer dependency → materially under an SI build.
• Pilot: €0 to ComReg if grant-carried; otherwise sub-threshold (~<€50k direct-award headroom).

---

§20 — Legal blockers

• X1 — Stamp 1G (the binding blocker). Stamp 1G prohibits establishing or operating a business and being self-employed until Stamp 4 (it does not explicitly bar passive shareholding, but it does bar acting as a working director / running the business) ⇒ no paid contract is signable by the solo founder as an operating principal and no seller-side grant (EI/R&D credit) is accessible. Free discovery + synthetic-data demo + a non-binding MOU signed in the founder's own name (Companies Act 2014 s.45, ratifiable post-incorporation) are the only solo-near-term moves. Mitigation: Stamp-4 (~3 months) OR an EEA-resident director (Patrick/Manuel) / partner vehicle. ⚖️ CONFIRM (immigration solicitor).
• Buyer-specific — State-regulator procurement. Any meaningful-size engagement runs through eTenders/OJEU (multi-quarter-to-year); a regulator standing up CER/NIS2 functions may prefer a large incumbent SI. Mitigation: scope tightly to ComReg's DI resilience-oversight remit; enter via free discovery + a sub-threshold synthetic-data pilot. [verified posture]
• Role-confusion risk. Overlap with NCSC-IE (lead NIS2 CA) and the Naval Service (physical EEZ monitoring) — pitch must be the regulator's oversight COP, never maritime interdiction. (Mitigation also keeps it decline-safe.)
• X2 — EU AI Act. Not high-risk here (no Annex-III person-profiling/biometric/LE function); FRIA logged as precaution; Art. 5 prohibitions applicable since 2 February 2025 — structurally impossible against this schema. ⚖️ CONFIRM per-use-case.
• X3 — GDPR / data residency. No personal data on the substance (AIS = un-attributed vessel context); EU-hosted; DPA per buyer. [verified regime]
• X4 — Dual-use export (Reg. (EU) 2021/821). Cable/AIS monitoring can classify as controlled cyber-surveillance; export classification per integrated config. ⚖️ CONFIRM (export counsel).
• Pre-incorporation (X7). Founder personally liable on any agreement until NewCo formed; sign NDAs/MOUs in own name under s.45; ⚖️ solicitor-reviewed templates.

---

§21 — Warm-intro contact + the specific ask

• Primary (institutional credibility only): Patrick Walsh (Founder & CEO, Dogpatch Labs · patrick@dogpatchlabs.com [verified]). The specific ask: "Does your State/semi-state network reach anyone in ComReg's Networks/Wholesale & Security function — the unit standing up the CER/NIS2 critical-entity designation work — or the DCCS telecoms-resilience team? I want one warm name for a no-cost discovery on a Digital-Infrastructure resilience picture, timed to the 17-July designation deadline." (Honest: this is a cold-led row; Patrick is credibility, not a named line.)
• Ecosystem on-ramp: the Valentia subsea-cable-security community (post Oct-2024 Symposium) — ask for an introduction to a ComReg or DCCS attendee. [verified — Valentia Symposium Oct 2024]
• Direct (cold, anchored): ComReg's published Digital-Infrastructure / Security function + the DCCS Sectoral-Adaptation-Plan team, offering the synthetic-data demo (outreach-drafts §3 template, adapted in §15).

---

§22 — Open questions + consolidated Sources

Open questions (do not assert until resolved):

1. [Named contact TBD] — who is the ComReg CER/NIS2 unit lead and the DI-sector economic buyer?
2. Is there tooling headroom inside the levy-funded budget for a sub-threshold pilot, or does everything go to OJEU? [value: TBD]
3. Does ComReg intend to build/buy via a large SI, or is a sovereign-startup pilot viable? [value: TBD]
4. What is the division of labour with NCSC-IE on NIS2 for digital-infra entities (to avoid role-confusion)? [value: TBD]
5. Pilot success-criteria baselines (X/Y) — TBD, set with the sponsor in week 1.
6. Founder Stamp-4 grant date (~3 months) — gates every paid step. ⚖️ CONFIRM.

Sources (dated, cited):

• ComReg as Digital-Infrastructure NCA under CER + 9 subsectors + 17-Jul-2026 deadline — comreg.ie/industry/nis2-cer/cer/cer-faqs/ [verified, accessed 2026-06-05]
• ComReg new remits (CER, NIS2, Data Act, AI Act) + levy-funded — comreg.ie Strategy Statement 2025-2027 ("Securing the Digital Future", Croke Park, 18 Jun 2025) [verified]
• CER Regulations 2024 (SI 559/2024, in force 17 Oct 2024) — source card §17; ECSO NIS2 transposition tracker [verified]
• National Strategy on the Resilience of Critical Entities 2026-2029 (Dept of Defence / Office of Emergency Planning, 19 March 2026) — gov.ie/department-of-defence [verified]
• Communication Networks Sectoral Adaptation Plan + submarine data cables / landing stations among potentially-vulnerable infrastructure, extreme-weather/heat risk (Min. O'Donovan, DCCS 2025) — gov.ie/dccs Communication Networks SAP 2025; irishtimes.com 7 May 2025 [verified]
• EU Cable Security Action Plan + €347m cable projects + €540m CEF digital + Feb-2026 Submarine Cable Expert Group toolbox/CPEIs — ec.europa.eu/commission/presscorner IP_25_580; blue-economy-observatory.ec.europa.eu (€347m, 11 Feb 2026); telecomtv.com (€540m) [verified, accessed 2026-06-05]
• Ireland subsea-cable case study: Valentia Symposium Oct 2024, March-2025 Ministerial Council on National Security, €60m Defence Forces towed-array sonar (Thales) to 2027, Yantar Nov 2024 — CSIS "Strategic Future of Subsea Cables: Ireland" Jul 2025; irishtimes.com 15 Jun 2025 / gov.ie Defence sonar contract [verified]
• EU AI Act Art. 5 prohibitions applicable 2 February 2025 (NOT 2 Aug 2025) — honoured per project ground-truth [verified]
• Source card: 03-gtm/target-packages/_master-loi-detail-13-24.md rank 17 (score 62.2, research 67.1, adjust-down) [internal]
• Depth pattern mirrored from Appendix W03 W-11/W-12 (UC-55 subsea RMP) — nexus-synergy-ei-sovereign-v2-aw-t03.md [internal reference]

---