Nexus Synergy Engagement Package — E05 · Finnish Border Guard (Rajavartiolaitos) — Gulf of Finland subsea maritime-surveillance centre — with the Swedish Coast Guard (Kustbevakningen) as cross-border CISE partner

STANDING BANNER — read before using this file.

1. Status honesty. Nexus Synergy Ltd is pre-incorporation, pre-revenue, pre-pilot. The Finnish Border Guard and the Swedish Coast Guard are TARGETS, not customers. There is no contact, no MOU, no pilot. The 178-surface gallery is a gallery, not traction. No deployment, customer, or signed LOI exists.
2. Anti-cookie-cutter. This package shows the screens this buyer would actually use — a CesiumJS subsea/maritime RMP globe and a surface-response 2D picture filled with Gulf-of-Finland entities (Estlink2, Balticconnector, the Fitburg cable-drag, CISE FI↔SE). The §8 ASCII is machine-generated by _build/archetypes/gen_nordic-gulf-of-finland-subsea.py, never hand-typed.
3. Every probability is [PRIOR] — a subjective pre-pilot estimate for prioritisation, not a forecast. Every external fact carries a source URL and a [verified]/[likely]/[unverified] tag; unknowns are [TBD].

---

§0 — Header + one-line thesis

Nordic Gulf of Finland Subsea-Infrastructure COP. A vendor-neutral, EU-sovereign common operating picture that fuses national maritime-surveillance feeds (AIS, EMSA Sat-AIS, seabed hydrophones, ENC/bathymetry, cable-route atlases) into one human-gated, fully-audited subsea-protection loop for the Finnish Border Guard-led Gulf of Finland surveillance centre, federating to the Swedish Coast Guard via CISE — detect → enrich → triage → gate → query → coordinate → assess → close, civil-security only, no warfighting, no biometrics.

One-line thesis: the centre's stated problem is fusing and sharing national pictures fast enough to act before harm — that is exactly an action-loop COP, not another sensor; we sit above the existing national systems, not in place of them.

---

§1 — Entity snapshot (cited)

• Lead buyer: Finnish Border Guard (Rajavartiolaitos) is setting up a maritime surveillance centre with other Baltic Sea states and the European Commission to protect critical undersea infrastructure in the Gulf of Finland; announced by Border Guard head of security Mikko Hirvi in January 2026. The centre focuses on prevention and early warning — pooling vessel-movement and unusual-activity information in real time and sharing analyses/risk assessments with neighbours and EU partners; measures under consideration include seabed sensors, AI to analyse maritime traffic, and faster data exchange. [verified] (Euronews, 26 Jan 2026, euronews.com ; Riviera Maritime Media, rivieramm.com )
• Cross-border partner: Swedish Coast Guard (Kustbevakningen) — civilian agency under the Ministry of Defence; maritime surveillance, SAR, environmental, law-enforcement. Finland's Border Guard and the Swedish Coast Guard have already taken first steps to co-develop CISE information exchange; the goal is CISE operational within the Finnish Border Guard and data exchanged by mid-2027. [verified] (Finnish Border Guard, raja.fi, raja.fi ; kustbevakningen.se)
• Regional surveillance baseline: SUCBAS (Sea Surveillance Cooperation Baltic Sea) already links Finland, Sweden, Denmark, Germany, Estonia, Latvia, Lithuania, Poland and the UK for maritime situational awareness. [verified] (coastguard.europa.eu)
• Forcing function (dated): A 9,800-dwt general-cargo vessel, Fitburg, reportedly damaged a telecommunications cable connecting Finland and Estonia on 31 December 2025; the most recent in a string of Baltic cable/pipeline incidents since 2022 (Balticconnector Oct 2023; Estlink 2 Dec 2024). [verified] (Riviera; KFGO/AP, 26 Jan 2026, kfgo.com )
• EU framing: EU Commission EVP Henna Virkkunen confirmed the EU will fund a hub to monitor submarine-cable threats in the Baltic Sea area, with cable-repair-capability funding in early 2026. [verified] (Riviera)

---

§2 — The pain (web-verified, dated, cited)

The Baltic Sea has had a string of power-cable, telecom-link and gas-pipeline outages since 2022 — Balticconnector (Oct 2023), Estlink 2 and four telecom cables (Dec 2024), and the Finland–Estonia telecom cable struck by Fitburg (31 Dec 2025). [verified] (Euronews; Atlantic Council, atlanticcouncil.org ). The operational pain the centre itself names:

1. Fragmented picture, slow sharing. Each Baltic state runs its own surveillance; the explicit goal is to pool vessel movements and share analyses/risk assessments in real time. Today that is human-to-human, system-to-system, and too slow to act before harm. [verified] (Riviera — "pool information... in real time").
2. Detect-to-act gap. Hirvi: "we need broader preventive measures, even before any harm has occurred." Surveillance exists; the decision-and-coordination layer that turns a loitering, AIS-dark contact over a cable into a lawful, cross-border, audited query does not. [verified] (Riviera).
3. Cross-border legal/coordination friction. A FI-flagged asset cannot simply act in/near SE waters; CISE is the lawful information-sharing rail, and it is still being built (target mid-2027). The pain is coordinating a response across two sovereignties without a shared, audited picture. [verified] (raja.fi).
4. Attribution under deniability. Shadow-fleet vessels manipulate AIS (gaps, spoofing, dark-sailing); a centre that cannot correlate AIS gaps with Sat-AIS, SAR and seabed acoustics cannot distinguish an anchor-drag accident from a deliberate drag. [verified] (RUSI shadow-fleet analysis; UK-led JEF Nordic Warden AIS-risk tracking, breakingdefense.com ).

---

§3 — Use-case & value (DECLINE-SAFE framing)

What we do: sit above the national surveillance systems as the decision/coordination/audit layer — fuse AIS + EMSA Sat-AIS + seabed hydrophones + ENC/bathymetry + cable-route atlas into one Recognised Maritime Picture, correlate an anomaly (AIS gap + loiter + acoustic event over a named cable segment) to a vessel, run a 5-persona human-gated Decision Room (with a civil-society reviewer seated inside the decision), and write a lawful, proportionate, audited civil action back — a VHF query, a CISE-shared risk assessment, a NIS2 cable-incident lodgement.

Value: compress detect-to-coordinated-civil-response from hours of phone calls to minutes of one shared, audited picture; make every cross-border share CISE-lawful and reproducible; give the centre a conformity-by-construction spine (FRIA, PROV-O provenance, transparency portal) for an EU-funded, EU-scrutinised hub.

Decline-safe — explicitly NOT (on our published Declined List):

• No predictive policing — we coordinate a civil query of a vessel over a cable, never forecast who will offend.
• No biometric identification / no emotion recognition — vessel telemetry only; no crew biometrics, ever.
• No social scoring, no psychometric profiling, no flag-state profiling as a proxy for guilt.
• No untargeted scraping — only AIS/Sat-AIS/ENC/hydrophone/cable-atlas feeds the agencies already hold or licence.
• Civil-security only: maritime-domain awareness, critical-/subsea-infrastructure protection, SAR coordination, coast-guard/CISE. Not warfighting, not targeting. Any escalation beyond a civil query is gated and handed to the lawful national authority.

---

§4 — Ontology (this buyer's domain entities + relationships)

Domain entities: Vessel (MMSI, flag-state, IMO, owner-chain), AIS-Contact (per-ping LatLon/heading/speed + AIS-gap flag + spoof-suspicion), SatAIS-Contact (Copernicus/EMSA pass-geometry cross-check), Hydrophone-Event (seabed array sensor; centroid-Hz, SPL, duration, classification), Cable-Asset (Estlink2 HVDC, Balticconnector, FI-EE telecom cable; segment-id, operator, landing-station, criticality), Protection-Zone (0.5nm cable-protection polygon), Cross-Border-Share (CISE envelope FI↔SE), NIS2-Lodgement (essential-entity cable-incident report), Asset (FBG OPV Turva, SE Coast Guard KBV-031).

Relationships: Vessel —ais_telemetry→ AIS-Contact; AIS-Contact —proximal_to→ Cable-Asset; AIS-Contact —contradicted_by→ SatAIS-Contact (AIS-gap/spoof test); Hydrophone-Event —attributed_to→ AIS-Contact (Fellegi-Sunter acoustic-AIS correlation, W≈17.9 > T_μ=6.0 → accept); Cable-Asset —within→ Protection-Zone; Cross-Border-Share —federates→ {FBG-picture, SE-picture} over CISE; Asset —tasked_to→ query(Vessel).

---

§5 — Data model (synergy.* + RLS + a load-bearing CHECK)

Org-scoped under the app.current_org_id RLS predicate. The load-bearing invariant enforces the human-gated, civil-only boundary: a cable_contact cannot record a cross-border or escalated disposition without a recorded dual-control gate decision — enforced as a DB CHECK, not application logic.

SQL
48 lines
Copy
-- Seabed hydrophone acoustic event, org-scoped + RLS.
CREATE TABLE synergy.hydrophone_event (
    id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id          uuid NOT NULL,                       -- RLS: app.current_org_id
    sensor_id       text NOT NULL,                       -- 'GOF-HYD-04'
    event_at        timestamptz NOT NULL,
    centroid_hz     numeric(7,1) NOT NULL,               -- 41.0
    spl_db          numeric(5,1) NOT NULL,
    duration_s      numeric(6,1) NOT NULL,               -- 38.0
    classification  text NOT NULL
        CHECK (classification IN ('anchor_drag','trawl_snag','mechanical_scrape','biologic','unknown')),
    obs_level       text NOT NULL DEFAULT 'inferred'
        CHECK (obs_level IN ('asserted','reported','inferred','direct','confirmed')),
    prov_o          jsonb NOT NULL                        -- AcousticIngest attribution
);
ALTER TABLE synergy.hydrophone_event ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.hydrophone_event
    USING (org_id = current_setting('app.current_org_id')::uuid);

-- Cable-proximity contact = the cross-border alert entity; the civil-gate boundary lives here.
CREATE TABLE synergy.cable_contact (
    id                  uuid PRIMARY KEY DEFAULT gen_random_uuid(),
    org_id              uuid NOT NULL,                    -- RLS: app.current_org_id
    cable_segment       text NOT NULL,                    -- 'FI-EE-TEL-S02'
    vessel_mmsi         text,                             -- anonymised in shared picture
    flag_state          text,
    hydrophone_event_id uuid REFERENCES synergy.hydrophone_event(id),
    ais_gap_minutes     numeric(6,1) NOT NULL DEFAULT 0,  -- 6.0
    loiter_hours        numeric(6,1) NOT NULL DEFAULT 0,  -- 11.0
    in_protection_zone  boolean NOT NULL DEFAULT false,   -- 0.5nm polygon test
    satais_mismatch_nm  numeric(6,1),                     -- EMSA Sat-AIS vs self-report
    proportionality     numeric(4,3) NOT NULL,            -- P = 0.88
    gate_decision_id    uuid,                             -- FK to dual-control gate; NULL until gated
    cise_shared_with    text,                             -- 'SE-KBV'; NULL until concurrence
    disposition         text NOT NULL DEFAULT 'monitor'
        CHECK (disposition IN ('monitor','vhf_query','cise_share','nis2_lodge')),
    prov_o              jsonb NOT NULL,
    -- LOAD-BEARING INVARIANT: no escalation beyond passive monitoring without a recorded
    -- dual-control gate; and no cross-border CISE share without that gate AND a named partner.
    CHECK (
        disposition = 'monitor'
        OR (gate_decision_id IS NOT NULL
            AND (disposition <> 'cise_share' OR cise_shared_with IS NOT NULL))
    )
);
ALTER TABLE synergy.cable_contact ENABLE ROW LEVEL SECURITY;
CREATE POLICY org_isolation ON synergy.cable_contact
    USING (org_id = current_setting('app.current_org_id')::uuid);

---

§6 — Action-loop pseudocode (detect → … → close)

Python
36 lines
Copy
def assess_cable_contact(event, mmsi, requesting_org):
    # 1. DETECT + ENRICH — acoustic event near a named cable segment + AIS gap/loiter.
    contact = correlate_acoustic_to_vessel(event, mmsi)        # FS W=17.9 > T_mu=6.0 -> accept
    contact.satais_mismatch_nm = emsa_satais_crosscheck(mmsi)  # Copernicus/EMSA, EU-sovereign
    if not (contact.in_protection_zone and contact.loiter_hours >= 8):
        return Disposition.MONITOR                              # show on globe, no escalation

    # 2. TRIAGE — is this an anomaly worth a human? (AIS gap + loiter + acoustic over a cable)
    if not (contact.ais_gap_minutes >= 5 and contact.hydrophone_event_id):
        return Disposition.MONITOR

    # 3. GATE — 5-persona, human-gated Decision Room; civil-society persona seated inside.
    P = proportionality(necessity=0.90, proport=0.90, lawful=0.95)   # P = 0.88 (vessel telemetry only)
    gate = decision_room(
        proposal  = CivilQuery(contact, event),
        personas  = [OP_TASKING, PROPORTIONALITY, CIVIL_SOCIETY('subsea-surveillance'),
                     DEVILS_ADVOCATE, MARITIME_ACOUSTIC_EXPERT],
        router    = AIProviderRouter(eu_only=True, tier='L3-EuroLLM'),  # no AWS/Azure/GCP/US LLM
        threshold = P_MIN_RESTRICTED)
    if not gate.passed:
        return Disposition.REFUSED(gate.rationale)             # logged, no write-back
    persist_gate(contact, gate)                                # sets gate_decision_id (CHECK gate)

    # 4. TASK + EXECUTE — civil VHF query; cross-border share ONLY on CISE concurrence.
    write_back("fbg_mrcc", requesting_org,
               VectorOrder(asset="VL Turva", task="vhf-ch16-query", rules="civil, non-kinetic"))
    if gate.cise_concurrence:                                  # SE liaison concurs over CISE
        contact.cise_shared_with = "SE-KBV"
        write_back("cise.fi_se.share", "SE-KBV", RiskAssessment(contact, P))
    write_back("nis2.cable_incident.lodge", contact.cable_operator,
               Nis2Lodgement(segment=contact.cable_segment, event=event, P=P))
    register_prospective(contact, trigger="ais_gap_loiter_near_cable")

    # 5. BDA + CLOSE — query outcome closes the loop; PROV-O + Merkle-anchored audit.
    audit.append(contact.id, boundary_state="civil-primary", merkle=True)
    return Disposition.EXECUTED

---

§7 — nexus-workflows YAML DAG (same loop, with a blocking human-gate node)

YAML
35 lines
Copy
workflow: gof_subsea_cable_protection
trigger:
  on: hydrophone_event.ingested
  where: "near_cable_segment AND ais_gap_minutes >= 5"
nodes:
  - id: enrich_correlate
    run: skill.acoustic_ais_correlate            # Fellegi-Sunter W>=6.0
    out: cable_contact
  - id: enrich_satais
    run: skill.emsa_satais_crosscheck            # Copernicus/EMSA, EU-sovereign
    needs: [enrich_correlate]
  - id: triage
    run: skill.subsea_anomaly_triage             # loiter + AIS-gap + acoustic over cable
    needs: [enrich_satais]
  - id: human_gate                               # ── BLOCKING human-gated node ──
    type: human_decision
    blocking: true
    quorum: 2                                     # dual-control: FBG MRCC duty + SE liaison
    personas: [op_tasking, proportionality, civil_society, devils_advocate, maritime_expert]
    router: { provider_policy: eu_only, tier: L3_eurollm }   # no AWS/Azure/GCP/US LLM
    on_refuse: { goto: close_logged }
    needs: [triage]
  - id: task_query
    run: skill.writeback_fbg_mrcc                # VL Turva VHF Ch16 civil query
    needs: [human_gate]
  - id: cise_share
    run: skill.writeback_cise_fi_se              # only if human_gate.cise_concurrence == true
    when: "human_gate.cise_concurrence == true"
    needs: [human_gate]
  - id: nis2_lodge
    run: skill.writeback_nis2_cable_incident
    needs: [human_gate]
  - id: close_logged
    run: skill.prov_o_merkle_close               # PROV-O chain + Sigstore Rekor anchor
    needs: [task_query, nis2_lodge]

---

§8 — UI/UX mockups (VERBATIM generated ASCII)

Figure e05.1 — globe_rmp (primary). ShellLayout + TopBar (with RendererChip: CesiumJS + PccPill) + LeftSidebar glyph-rail + MapConsole (RenderRef = CesiumJS-globe) over the Gulf of Finland + right-docked ChatTerminal showing the TRACKS rail and the 5-persona Decision Room + HistoryRail + BottomStatusBar + ClassificationBanner (top+bottom). Generated by gen_nordic-gulf-of-finland-subsea.py.

Figure — Recognised maritime picture (globe_rmp). Production-fidelity React surface (buildable); the faithful ASCII follows.

+--------------------------------------------------------------------------------------------------+
| Gulf of Finland Subsea COP (CesiumJS-globe)  EU-RESTRICTED  TLP:AMBER                            |
+-------------------------------------------------------------------+------------------------------+
|          . - '' - .                                               | TRACKS (sort: anomaly)       |
|       /  Gulf of      \   <- M/V FITBURG-ALT                      | M/V FITBURG-ALT  flag CMR    |
|      |   Finland       |     loiter 11h, 0.5nm                    |   AIS gap 6min, 0.5nm zone   |
|      |  [!] AIS gap 6m |     over BCS E-W link                    |   EMSA Sat-AIS mismatch 9nm  |
|       \  ___X cable ___/     anchor-drag? -38m                    | FI-EE tel cable  [BREACH?]   |
|        \ '. EE-FI tel .'/    EMODnet -64..-38m                    |   hydrophone EVT 41 Hz 38s   |
|          ' - x_____ - '      hydrophone 41 Hz                     | Estlink2 HVDC  nominal       |
|   Camera {lat 59.9 lon 24.9 alt 9km} CesiumJS                     | Balticconnector  nominal     |
|   ENC S-101 + Estlink2 + Balticconnector route                    | [#] CISE: shared FI<->SE     |
|                                                                   | gate: dual-control pending   |
+-------------------------------------------------------------------+------------------------------+
| EMODnet bathy + S-101 ENC + AIS mux + EMSA Sat-AIS :: CISE FI<->SE node :: V=0.10 today          |
+--------------------------------------------------------------------------------------------------+

Figure e05.2 — map_ops (secondary). The 2D surface-response picture once a civil VHF query is authorised: ShellLayout + a LAYERS panel (cables, 0.5nm zone, AIS, EMSA Sat-AIS, hydrophone, SE territorial) + MapConsole (CesiumJS over EMODnet/S-101) + an INCIDENTS ticker. Same components; a different page.

Figure — Operational picture (map_ops · live MapLibre). Production-fidelity React surface (buildable); the faithful ASCII follows.

+------------------------------------------------------------------------------------------------------+
| Gulf of Finland Surface-Response Picture (Finnish Border Guard MRCC + SE Coast Guard)                |
+--------------------+---------------------------------------------------------------------------------+
| LAYERS             | MAP  ========================================================================== |
| [x] FI-EE tel cable| Gulf of Finland 59.9N 24.9E  ::  FI-EE tel cable @ 0.5nm zone breach?           |
| [x] Estlink2 HVDC  |   M/V FITBURG-ALT [!] AIS gap 6min, loiter 11h inside zone                      |
| [x] Balticconnector|   EMSA Sat-AIS vs self-report: 9nm mismatch (advisory)                          |
| [x] 0.5nm zone     |   * hydrophone EVT 41 Hz 38s -> correlated to vessel (FS W=17.9)                |
| [x] AIS tracks     |   cable EE-FI ====X==== anchor-drag? @ -38m   0.5nm polygon                     |
| [x] EMSA Sat-AIS   |   > VL Turva (FBG OPV) VHF Ch16 query + AIS-confirm                             |
| [x] Hydrophone evt |   > KBV-031 (SE Coast Guard) standby cross-border (CISE)                        |
| [ ] SE territorial |   > cable operator Elisa/Telia NIS2 duty officer notified                       |
| Asset ETA panel:   |   ROE: civil query first, NO boarding pre-CISE concurrence                      |
| VL Turva 35m query |   AI Provider Router: EU-only (no AWS/Azure/GCP); EuroLLM L3                    |
| KBV-031(SE) standby|                                                                                 |
+--------------------+---------------------------------------------------------------------------------+
| INCIDENTS: FITBURG-ALT loiter+AIS-gap :: VL Turva tasked query :: SE via CISE :: NIS2 lodge          |
+------------------------------------------------------------------------------------------------------+

(Bespoke SVG of the primary screen: _build/figures/nordic-gulf-of-finland-subsea/uc-globe_rmp.svg.)

---

§8b — Field-unit (Pixel) surfaces

The same scenario on the Pixel 10 Pro Fold field unit (Nexus Field app), tightly coordinated with the dashboard COP above — command pushes the task, the unit accepts + ACKs, shares position and reports back to the COP. Built on the same synergy.field_unit / field_task / field_report contract; see §9 and the cluster coordination composite.

Figure §8b.1 — Folded cover · tasking glance (ground_glance): the incoming IMMEDIATE task, ACCEPT + ACK, alert chips, bearing-to-objective.

Figure §8b.2 — Unfolded inner display · field COP: two-pane mini-map + task list + teammate roster + air/command coordination + PTT, with the Material-3 NavigationBar + Report FAB.

§9 — UI/UX flow (literal click-path + screen-flow chain)

Click-path (globe_rmp): anomaly badge fires on TRACKS → operator clicks M/V FITBURG-ALT in the rail → Inspector opens (AIS-gap 6min, loiter 11h, Sat-AIS mismatch 9nm, hydrophone 41 Hz) → operator clicks Open Decision Room → 5 persona bubbles render inside ChatTerminal → operator reviews dissent → clicks /dual-control sign (FBG MRCC duty) → SE liaison clicks /dual-control sign (CISE concurrence) → /execute tasks VL Turva and shares the CISE risk assessment → HistoryRail appends the closed loop.

[globe_rmp: TRACKS anomaly] -> [Inspector: FITBURG-ALT] -> [Decision Room: 5 personas]
        -> [/dual-control x2 (FBG + SE-CISE)] -> [/execute: VL Turva query + CISE share + NIS2 lodge]
        -> [map_ops: surface-response picture] -> [HistoryRail: loop closed + PROV-O anchored]

---

§10 — Decision-Room transcript (the gated decision)

▣ EU-RESTRICTED · TLP:AMBER ▣  Gulf of Finland Subsea COP — cable_contact FI-EE-TEL-S02
⊟ Op-tasking persona [L3 EuroLLM]
   Reco: task VL Turva (FBG OPV, 35min) to VHF Ch16 civil query + AIS-confirm of M/V FITBURG-ALT;
   request SE Coast Guard KBV-031 cross-border standby via CISE; notify cable operator (NIS2).
⊟ Proportionality persona [L3]
   P=0.88 · N=0.90 P=0.90 L=0.95. Vessel telemetry only; NO crew biometrics, NO flag-state
   inference. A civil VHF query of a vessel loitering 11h inside a 0.5nm cable-protection zone with
   a 6-min AIS gap and a correlated 41 Hz acoustic event is necessary, proportionate, lawful.
⊟ Civil-society reviewer [subsea-surveillance flavour] [L3]
   DISSENT: an AIS gap is NOT proof of intent — gaps occur from equipment faults and congestion.
   Caution against escalation beyond a query; refuse any move to detain/board pre-concurrence, and
   refuse any retention of identity beyond the incident. Query-not-profile. Share the ANOMALY with
   SE, not an attribution of guilt.
⊟ Devil's advocate [L3]
   Counter: 41 Hz / 38s could be a TRAWL-NET snag on the cable protector, not an anchor-drag.
   Don't infer intent — inspect by query first. If FITBURG-ALT answers and explains, stand down.
⊟ Maritime + sub-sea acoustic expert [L3]
   The 41 Hz sustained signature over 38s, combined with the EMSA Sat-AIS 9nm mismatch, is more
   consistent with an anchor-drag than a trawl (trawl shows higher-freq intermittent thuds).
   ObservationLevel = Inferred, alpha=0.81. Recommend query + AIS-confirm before any conclusion.
─────────────────────────────────────────────────────────────────────────────────────────────────
GATE VERDICT: ACCEPT (narrowed). The civil-society + devil's-advocate dissent collapses the reco
from "intercept + cross-border response" to a CIVIL VHF QUERY ONLY, with cross-border action gated
on (a) FITBURG-ALT non-compliance AND (b) CISE concurrence from SE. Dual-control: FBG MRCC duty +
SE liaison (CISE). No biometrics, no detention, no retention beyond incident. [/execute]

The materially-decision-changing disagreement: the civil-society reviewer + devil's-advocate together narrow the op-tasking reco to a query, gate any cross-border response on non-compliance + CISE concurrence, and bar retention — exactly the restraint an EU-funded, EU-scrutinised hub must be able to show.

---

§11 — Write-back + BDA + PROV-O chain + deltas-only regulatory traceback

Write-back targets: (1) FBG MRCC tasking adapter — VL Turva VHF Ch16 civil query; lawful basis: Finnish Border Guard Act + SOLAS/UNCLOS innocent-passage query authority. (2) CISE FI↔SE share — risk-assessment envelope to the Swedish Coast Guard; lawful basis: CISE legal framework + Reg. (EU) 2019/1240-adjacent maritime-surveillance data-sharing. [verified regime; per-field mapping TBD] (3) NIS2 cable-incident lodgement — to the cable operator / national CSIRT; lawful basis: NIS2 (Directive (EU) 2022/2555) Art 23 significant-incident reporting.

BDA (loop close): VL Turva on-station ~35min; VHF Ch16 query issued; FITBURG-ALT responds and resumes voyage / or non-compliance triggers the gated cross-border path. CMA ObservationLevel of the BDA outcome = Confirmed (direct observation). ProspectiveItem registered: ais_gap_loiter_near_cable — watch for vessels exhibiting AIS-gap + loiter inside named cable-protection zones, ranked by loiter-duration, alpha=0.4 prior.

PROV-O chain: Entity:HydrophoneEvent-GOF-HYD-04 —wasGeneratedBy→ Activity:AcousticIngest —used→ Entity:HydrophoneStream. Entity:VesselAttribution —wasGeneratedBy→ Activity:AcousticAisCorrelator —used→ {HydrophoneEvent, AisTrack, SatAisCrosscheck}. Entity:DecisionRoomTranscript —wasGeneratedBy→ Activity:DecisionRoomCompose —used→ {OpTaskingReco, ProportionalityP=0.88, CivilSocietyDissent, DevilsAdvReco, AcousticExpertReco}. Entity:DualControlGate —wasInformedBy→ {FbgDutySign, SeLiaisonSign}. Entity:VlTurvaTasking —wasGeneratedBy→ Activity:MrccWriteBack —used→ DualControlGate. Entity:CiseShare —wasGeneratedBy→ Activity:CiseAdapter. Entity:Nis2Lodgement —wasGeneratedBy→ Activity:Nis2Adapter. Entity:BDA —wasGeneratedBy→ Activity:QueryOutcomeReport. Merkle-anchored to Sigstore Rekor; whole chain reproducible from a provenanceOf query.

Deltas-only regulatory traceback (only what differs from defaults): EU AI Act high-risk (Annex III public-authority MDA) → FRIA required (AI Act Articles 6 + 27; prohibited-practices Article 5 applicable since 2 February 2025). GDPR Art 6(1)(e) + Art 35 DPIA parallel — natural persons in scope only via a vessel master's identity; no special-category data, no biometrics. NIS2 Art 23 (cable-operator essential-entity incident reporting). CISE legal framework governs the FI↔SE share. No LED trace unless/until a national criminal authority takes the case.

---

§12 — Buyer & stakeholders

No warm intro exists. Spec warm_intro: "cold; Finland-Sweden MOU momentum". This is a cold, NEXT-EU target — relationship-building, not a near-term signature.

---

§13 — Competition / incumbency + comparator (cited)

• UK-led JEF Nordic Warden — AI assesses AIS + other sources to risk-score vessels entering 22 areas of interest; activated Jan 2025. [verified] (Breaking Defense). This is a military coalition tracking tool, not a civil COP — and Ireland/EU-civil framing is distinct. We are the civil, EU-sovereign, audited decision layer; we don't compete with JEF, we complement the national-civil side.
• SUCBAS / CISE — the data-sharing fabric, not a decision/COP product. We ride on it, not against it. [verified]
• National incumbents: the Finnish Border Guard and Swedish Coast Guard run their own surveillance stacks (radar, AIS, patrol). We sit above, not rip-and-replace — the strongest displacement posture (incumbency_displacement scores well).
• Palantir-class: Palantir markets MDA/maritime; no public dedicated Baltic subsea-cable civil-COP deployment is confirmed. Our structural win is the cross-tenant, EU-sovereign LLM, civil-society-persona-at-the-gate composition; our honest loss is operational maturity. [likely]

Comparator one-liner: Nordic Warden risk-scores vessels for a military coalition; CISE moves the data; we are the civil, EU-sovereign, human-gated decision-and-audit layer that turns a shared anomaly into a lawful, reproducible coast-guard query — the piece nobody has shipped for a civil Baltic hub.

---

§14 — Readiness (honest, pre-pilot)

• Reuse: globe_rmp + map_ops gallery surfaces; CesiumJS-globe + EMODnet/S-101/AIS map stack; AIS multiplexer + Sat-AIS cross-check (AS-IMPLEMENTED in the corpus); Decision Room + PROV-O + RLS data-model patterns are built in the gallery/architecture.
• Real gaps: no Finnish/Swedish data contract; no CISE adapter (CISE itself is mid-2027 target); seabed-hydrophone instrumentation is the centre's own roadmap, not ours; EuroLLM/Mistral L3 sovereign routing wired in architecture, not proven on Baltic data; no Finnish/Swedish-language UX; no security accreditation for either national environment.
• Honest maturity line: a faithful gallery + architecture + a fundable thesis. Everything against live national data is pilot work. Slower time-to-first-value in Q1 vs an incumbent; no decade of operational maritime experience.

---

§15 — ENGAGEMENT PLAYBOOK (first-contact → signed contract)

Cold target. The realistic near-term motion is EU-consortium-routed (the centre is EU-funded and multinational), with MAHI as the EU contracting vehicle to clear the founder's legal gate. We do not chase a Finnish national signature solo.

Stage 1 — First contact.

• Trigger: a credible EU-consortium or MAHI-brokered route to the centre programme office (NOT cold email to the Border Guard).
• Owner: Founder + MAHI BD (Pieter-Jan Note / Jules Werner).
• Activity: position the EU-sovereign civil decision-layer as the COP/audit piece of the EU-funded hub; lead with decline-safety and conformity-by-construction.
• Template (warm-intro email, adapted):

  Subject: The civil decision-and-audit layer for the Gulf of Finland subsea hub — EU-sovereign, human-gated [Name] — the Commission is funding a Baltic subsea-cable hub and the Finnish Border Guard is standing up a Gulf-of-Finland surveillance centre whose stated goal is pooling and sharing pictures before harm. We build the EU-sovereign decision + coordination + audit layer that sits above national surveillance — fuse AIS/Sat-AIS/seabed-acoustics/cable-atlas into one human-gated, CISE-shareable, fully-audited picture. We publicly refuse biometrics, predictive policing and profiling: civil-security only. With MAHI on the vessel edge, this is an all-EU team that fits the buy-European and Digital-Europe cable-hub funding. Could I show a 20-minute Gulf-of-Finland replay? — [Founder]

• Exit criterion: a named programme contact agrees to a discovery session. Deliverable: logged warm path + scheduled discovery.

Stage 2 — Free discovery (60 min). Trigger: contact agrees. Owner: Founder. Activity: the discovery-playbook agenda, mapped to subsea-cable protection:

• 0:00–0:05 frame ("EU-sovereign decision-intelligence; discovery, not a pitch; no commitment").
• 0:05–0:20 their current picture: "Walk me through the Fitburg night — who saw what, in what order, across how many systems?"; "Where does the FI↔SE share happen today, and how fast?"
• 0:20–0:35 governance: CISE status, NIS2 reporting, AI-Act high-risk posture, EU-sovereign model-call requirement, "can you show why — raw fact vs inference?"
• 0:35–0:45 stakeholders/budget/timing: programme office, CEF/Digital-Europe instrument, mid-2027 CISE milestone.
• 0:45–0:55 map their loop onto detect→…→close; find the gap (usually detect→share→coordinate).
• 0:55–1:00 reflect back top 3 pains; ask for a scoped demo date. Exit: named sponsor agrees there is a problem worth solving. Deliverable: same-day discovery write-up (sponsor, top-3 pains, CISE/NIS2 posture, funding vehicle, Declined-List PASS).

Stage 3 — Scoped demo. Trigger: "could we see this on our kind of data?". Owner: Founder + MAHI. Activity: replay a Gulf-of-Finland subsea anomaly (representative, non-classified) through detect→gate→query→CISE-share→close on the globe_rmp + map_ops surfaces; lead with the EU-only AI Provider Router, the civil-society persona at the gate, claim-level epistemic tagging, and the published Declined List. Exit: "could we try a narrow real slice?". Deliverable: one-page pilot proposal.

Stage 4 — Pilot (grant-funded). Trigger: demo yes. Owner: Founder + MAHI (consortium). Activity: time-boxed (8–12 wk) pilot proving one thing. 1-page pilot proposal (filled):

1. Title & sponsor: "Gulf of Finland Subsea-COP discovery pilot"; sponsor = FBG centre programme office (TBD); budget owner = CEF/Digital-Europe instrument.
2. Problem (their words): "We can't pool and share the picture fast enough to act before harm; the Fitburg incident showed the detect-to-coordinate gap."
3. The one thing we'll prove: "We can fuse AIS + EMSA Sat-AIS + a seabed-acoustic event over a named cable segment into one human-gated COP and produce a CISE-shareable, fully-audited risk assessment in minutes." (baseline X/Y TBD week 1.)
4. Scope in/out: IN — globe_rmp, map_ops, Decision Room, PROV-O audit, CISE-envelope export (representative data). OUT — live national feeds, boarding/enforcement, anything biometric/predictive (Declined-List excluded).
5. Data & lawful basis: representative AIS/Sat-AIS/cable-atlas; no personal/special-category; EU-hosted; classification × isolation tier = EU-RESTRICTED hardened containers.
6. Success criteria: detect-to-shareable-risk-assessment time; audit reproducibility (100% PROV-O); FRIA completeness; sovereignty (0 out-of-EU model calls). (baselines TBD week 1.)
7. Timeline: 8–12 wk, mid-point checkpoint.
8. Commercials: €0 to the institution if grant-funded (Digital-Europe/CEF); production band Tier-1 €120–240k → Tier-3 €2.4–4.8m/yr if asked.
9. Roles: Nexus Synergy = COP/decision/audit; MAHI = edge + EU contracting vehicle; centre = sponsor + data context.
10. After: LOI if criteria met.
11. Funding vehicle: Digital-Europe ECCC cable-hub call / CEF Digital / EUDIS-EDF maritime track. Exit: success criteria met or credibly trending. Deliverable: pilot report.

Stage 5 — LOI (Patrick-check trigger). Trigger: pilot success. Owner: MAHI (signs; founder cannot until Stamp 4). Activity: non-binding LOI per the LOI checklist — parties (centre + MAHI/NewCo), statement of intent conditional on funding/procurement, scope, success-criteria reference, named sponsor, indicative timeline, indicative commercials ("to be scoped under [Digital-Europe/national procurement]"), conditions (funding award, CISE accreditation, DPA), binding/non-binding (non-binding except confidentiality), Irish/EU governing law, Declined-List affirmation, signatures, solicitor review. Exit: signed LOI. Deliverable: LOI + Patrick-check.

Stage 6 — Signed contract. Trigger: LOI + funding award + procurement route open. Owner: MAHI (prime) + NewCo (post-Stamp-4). Activity: contract via EU joint-procurement / national framework / consortium. Exit: signature + invoice. Deliverable: executed contract.

---

§16 — PM / timeline

Stage \ Month      M1   M2   M3   M4   M5   M6   M7   M8   M9   M10  M11  M12  M13  M14
1 First contact    ####
2 Free discovery      ####
3 Scoped demo            #####
4 Pilot (grant)              ##########
5 LOI                                    #####
6 Contract (EU/nat)                            ###############################  [>=M14]
LEGAL GATE (V)     [V=0.10 -- MAHI prime confirmed -> V=0.75 ......... Stamp 4 -> V=1.0]
                              ^critical path: MAHI/partner-vehicle gate for any PAID pilot

• Milestones: M2 discovery write-up; M4 scoped demo; M8 pilot report; M11 LOI; ≥M14 contract (t_resolve_mo = 14).
• Critical path: the MAHI/partner-vehicle gate (V) — a paid pilot or contract cannot be signed by the solo founder on Stamp 1G. Confirming MAHI as contracting prime lifts V 0.10→0.75 and is the gating event, not Stage-1 demand.

RACI:

---

§17 — Funding / procurement vehicle

• EU Cable Security Action Plan (21 Feb 2025) — whole-resilience-cycle: prevention, detection, response and repair, and deterrence; backs regional cable hubs (delivered via the ECCC/Digital-Europe cable-hub calls), a strong fit for a Baltic hub. [verified] (EUR-Lex CELEX:52025JC0009, eur-lex.europa.eu ; Commission IP/25/580, 21 Feb 2025).
• Digital Europe Programme — cable-hub call (ECCC): ECCC calls totalling €50M, including new regional cable hubs (cable-hubs topic ~€10M, for government organisations); submission window 28 Oct 2025 → 31 Mar 2026 (17:00 CET). [verified] (cybersecurity-centre.europa.eu, cybersecurity-centre.europa.eu ).
• CEF Digital: an additional €540M (2025–2027) into digital infrastructure incl. submarine cables (~€1bn under the current MFF); €347M CEF amendment for strategic submarine-cable projects. [verified] (EU Blue Economy Observatory, blue-economy-observatory.ec.europa.eu ).
• EUDIS / EDF maritime track — all-EU (Belgian MAHI + Irish NewCo) fits buy-European; consortium-only; EDF 2026 calls close 29 Sep 2026. [verified, regime]
• Route: consortium-/MAHI-routed grant pilot first (non-customer-funded), then EU joint-procurement or national framework. No NATO DIANA (Ireland non-NATO; and this is an EU-civil hub).

---

§18 — TWO-STAGE FORMULA SCORECARD

Every factor [PRIOR], dated 2026-06-05. Model per formula-worked-examples.md.

Stage-1 {mandate_pull, access_warmth, demonstrability, decline_safety, white_space, cycle_speed, pillar_fit} = {5, 1, 5, 5, 3, 3, 5}:

• mandate_pull=5 — live dated mandate: EU Cable Security Action Plan (21 Feb 2025) + Finnish Border Guard centre announced Jan 2026 + named EU hub funding (Virkkunen). [PRIOR · 2026-06-05]
• access_warmth=1 — cold; no contact; only "Finland-Sweden MOU momentum"; even MAHI-routed, the buyer relationship is unbuilt. [PRIOR · 2026-06-05]
• demonstrability=5 — reuses the globe_rmp/map_ops storm-replay COP on the buyer's exact domain (subsea cable + AIS + acoustics). [PRIOR · 2026-06-05]
• decline_safety=5 — vessel telemetry only, no biometrics/predictive/profiling possible; civil query, not enforcement. [PRIOR · 2026-06-05]
• white_space=3 — JEF Nordic Warden and CISE exist but neither is a civil EU-sovereign decision/audit COP; genuine white space above them. [PRIOR · 2026-06-05]
• cycle_speed=3 — grant-funded sub-threshold pilot route exists (Digital-Europe cable-hub call open now). [PRIOR · 2026-06-05]
• pillar_fit=5 — squarely the action-loop COP core (detect→gate→coordinate→close). [PRIOR · 2026-06-05]

S1 = 3.76 → P_LOI = 0.55/(1+exp(-1.15·(3.76-2.6))) ≈ 43.5%.

Stage-2 {contractability, funding_to_pay, procurement_clarity, incumbency_displacement, time_to_value, reference_leverage} = {1, 4, 3, 4, 3, 2}:

• contractability=1 — founder solo on Stamp 1G, no vehicle yet (MAHI lifts this via the gate, not here). [PRIOR · 2026-06-05]
• funding_to_pay=4 — landed/landing non-dilutive EU instruments (Digital-Europe €50M cable-hub calls, CEF €347M/€540M). [PRIOR · 2026-06-05]
• procurement_clarity=3 — Digital-Europe ECCC cable-hub call is a concrete sub-OJEU route with open windows; national/EU joint-procurement beyond is less clear. [PRIOR · 2026-06-05]
• incumbency_displacement=4 — we sit above national systems + CISE + JEF, integrating not displacing. [PRIOR · 2026-06-05]
• time_to_value=3 — grant-pilot TTV (8–12 wk) fits within funding windows; CISE itself is mid-2027 (a dependency drag). [PRIOR · 2026-06-05]
• reference_leverage=2 — no delivered reference yet; a maritime/MAHI reference would de-risk. [PRIOR · 2026-06-05]

S2 = 2.82 → P_raw = 0.70/(1+exp(-1.1·(2.82-2.8))) ≈ 35.4%.

Legal gate G = V·T, t_resolve = 14mo, T = (30−14)/30 = 0.533:

Score100 = S1·20 = 75.2 → 75. Reconciles to board_anchor "med-high" (within band). Decisive lever (per the MAHI worked example, board #10): the MAHI prime confirmation lifts the gate, not Stage-1 demand — that is the single highest-value action for this row.

---

§19 — Commercial

• Tier 1 (single-centre COP, one tenant, representative + first live feeds): €120k–240k/yr ACV; annual SaaS + support; EU-hosted; requires a data contract + DPA.
• Tier 2 (FI↔SE CISE-federated, two tenants, live national feeds, accreditation): €480k–960k/yr ACV; multi-tenant, cross-border audit, NIS2 reporting.
• Tier 3 (Baltic regional hub, multi-nation federation, sovereign HPC, full conformity file): €2.4m–4.8m/yr ACV; framework/joint-procurement terms.
• Terms: grant-funded pilot first (€0 to institution); production via EU joint-procurement or national framework. Requirements: MAHI/NewCo contracting vehicle; EU-hosting + per-buyer DPA; security accreditation per national environment; CISE conformance.

---

§20 — Legal blockers

• X1 Stamp 1G (founder) — the critical blocker: the founder cannot be a director/shareholder/self-employed or sign a paid contract until Stamp 4. Mitigation: MAHI as contracting prime (lifts V to 0.75) or EEA-resident director (Patrick/Manuel) + incorporation post-Stamp-4. ⚖️ CONFIRM (immigration solicitor).
• X2 EU AI Act — public-authority MDA is Annex-III high-risk → FRIA required (Articles 6 + 27); Article 5 prohibitions applicable since 2 February 2025; Declined-List filter removes prohibited uses pre-ranking. [verified regime]; per-use-case ⚖️ CONFIRM.
• X3 GDPR / data residency — vessel-master identity is the only PII; EU-hosted; DPA per buyer; no biometrics/special-category. [verified]
• X4 Dual-use export Reg. (EU) 2021/821 — vessel/comms-monitoring config could classify as controlled cyber-surveillance; classify per integrated build. ⚖️ CONFIRM (export counsel).
• X5 Defence/security procurement — Dir. 2009/81/EC + Art-346 TFEU may exempt sensitive maritime contracts from open tender (helps or excludes). [verified]
• X6 NATO DIANA excluded (Ireland non-NATO) — irrelevant here; route is EU (Digital-Europe/CEF/EUDIS). [verified]
• Buyer-specific: two sovereignties (FI + SE) → two accreditations, two DPAs, and CISE legal conformance; CISE is itself only targeted operational by mid-2027, a real timeline dependency. ⚖️ CONFIRM (FI/SE counsel + CISE framework).

---

§21 — Warm-intro contact + the SPECIFIC ask

• Primary route — MAHI (Pieter-Jan Note, CEO). Ask: scope a joint EU-consortium play for the Gulf-of-Finland subsea hub (MAHI edge + Nexus Synergy COP), and have MAHI act as the EU contracting prime for any grant pilot — which also clears the founder's Stamp-1G gate. Bring the one-pager + the Gulf-of-Finland replay. [verified person; email not public]
• Secondary — EU instrument managers (cold, institutional): Digital-Europe ECCC cable-hub call + CEF Digital — engage as a consortium applicant, not a direct buyer approach to the Border Guard. Ask: eligibility + consortium-fit for the cable-hub call. [verified channels]
• Do NOT cold-email the Finnish Border Guard or Swedish Coast Guard directly; public-body individuals are reached via the consortium/warm route.

---

§22 — Open questions + consolidated Sources

Open questions (do not assert until resolved):

• Named programme-office contact + budget owner at the FBG centre. [TBD]
• Exact EU hub funding amount + instrument allocated to this centre (press confirms a hub will be funded; the per-centre figure is undisclosed). [TBD]
• Whether a consortium slot exists for a non-Finnish SME on the Digital-Europe cable-hub call. [TBD]
• CISE FI↔SE technical readiness vs the mid-2027 target — is there a pre-2027 pilot window? [TBD]
• MAHI's appetite + capacity to act as prime on a Finnish/EU consortium. [TBD]

Sources (dated, consolidated):

1. Euronews, "Finland steps up undersea monitoring..." 26 Jan 2026 — euronews.com [verified]
2. Riviera Maritime Media, "Finland, Baltic States and EU look to protect subsea infrastructure with maritime surveillance centre" — rivieramm.com [verified]
3. KFGO/AP, 26 Jan 2026 — kfgo.com [verified]
4. Finnish Border Guard (raja.fi), "Baltic Sea countries enhance information exchange..." (CISE FI↔SE, mid-2027) — raja.fi [verified]
5. EU Cable Security Action Plan, EUR-Lex CELEX:52025JC0009 (Joint Communication adopted 21 Feb 2025) — eur-lex.europa.eu [verified]
6. Commission/HR press, IP/25/580, "strong actions to enhance security of submarine cables" (21 Feb 2025) — ec.europa.eu [verified]
7. EU Blue Economy Observatory, "€347 million to protect Europe's submarine cables" (11 Feb 2026) — blue-economy-observatory.ec.europa.eu [verified]
8. ECCC, "ECCC publishes new call for proposals under Digital Europe Programme" (cable hubs, €50M) — cybersecurity-centre.europa.eu [verified]
9. Breaking Defense, "JEF launches Russian shadow-fleet undersea-cable AI tracking system" (Jan 2025, Nordic Warden) — breakingdefense.com [verified]
10. Atlantic Council issue brief, "How the Baltic Sea nations have tackled suspicious cable cuts" — atlanticcouncil.org [verified]
11. European Cooperation on Coast Guard Functions (SUCBAS) — coastguard.europa.eu [verified]
12. Swedish Coast Guard (Kustbevakningen) — kustbevakningen.se [verified]
13. Internal grounding: discovery-playbook.md, formula-worked-examples.md, legal-blockers-register.md, contact-register.md, outreach-drafts.md; AW corpus W-11 subsea pattern (nexus-synergy-ei-sovereign-v2-aw-t03.md).

---