The five available allied procurement vehicles, their certification requirements and cycle times, and the restructured onboarding sequence after the UK G-Cloud 15 January 2026 deadline was missed.
Nine to twelve months for full-and-open competition. Forty-five days on GSA Schedule. Same general product category. Same compliance level. Different acquisition structure.
The same principle applies to allied markets with amplified stakes. NATO NCIA Neo registration takes 4-6 weeks and opens a full procurement pipeline. The UK G-Cloud 15 framework offered an 8-month expedited path to the £16.8B government cloud market. NorthAI missed the January 30, 2026 application deadline. The restructured sequence must work with what is available: NATO NCIA Neo (fastest available today), then G-Cloud 16 (estimated late 2026 announcement), then Australia IRAP, then Canada PSPC.
| Vehicle | Framework name | Eligibility | Certifications required | Cycle time | Cost band (USD equiv.) | NorthAI fit (1-5) | Status |
|---|---|---|---|---|---|---|---|
| UK G-Cloud 15 | RM1557.15 (UK Government Commercial Agency) | Open to non-UK vendors | ISO 27001, ISO 20000-1, Cyber Essentials Plus (for cloud hosting lots) | 8 months to framework live; 2-4 weeks to first call-off post-award | $20K-40K (certs + advisory) | 5 (when available) | MISSED Jan 30 deadline; wait for G-Cloud 16 (est. late 2026) |
| NATO NCIA Neo | Neo eProcurement (mandatory from Jan 2024) | US vendors in NATO context | NCAGE code (10 BD via US State Dept) + NCIA supplier registration | 4-6 weeks entry; 8-16 weeks per-contract | $0-20K (advisory optional) | 4 | AVAILABLE NOW, fastest vehicle |
| Australia IRAP | AusTender + IRAP (Australian Cyber Security Centre) | US vendors; ABN required for contract execution | IRAP assessment (OFFICIAL or PROTECTED level); ISO 27001 helpful | 12-24 weeks for IRAP; 4-9 months to first contract | $50K-300K (IRAP AUD 40K-250K + advisory) | 4 | Months 3-6 onward |
| UK DSP (RM6263) | Digital Specialists and Programmes (GCA) | Likely open to non-UK (based on prior DOS framework precedent) | Cyber Essentials (mandatory for gov ICT contracts) | 3-6 months estimate | $15K-30K | 3 | Fallback if G-Cloud 16 delayed |
| Canada PSPC | Public Services and Procurement Canada | US vendors eligible under USMCA | No single mandatory cert; ISO 27001 + Contract Security Program (CSP) screening for classified | 3-5 months (expedited); +4-8 weeks CSP for classified | $15K-30K | 3 | Months 6-12 (after NATO / UK wins) |
G-Cloud 16 watch: Monitor the UK Government Commercial Agency (gca.gov.uk) for the G-Cloud 16 announcement (expected late 2026 / early 2027). When the next cycle opens, NorthAI should be prepared with ISO 27001, ISO 20000-1, and Cyber Essentials Plus certifications in hand. Certification lead time is 3-6 months. Starting the ISO 27001 certification process now (June 2026) positions NorthAI for G-Cloud 16 readiness.
UK DSP fallback: The Digital Specialists and Programmes framework (RM6263) is a dynamic purchasing system for specialist digital talent and programmes. It is lower-scale than G-Cloud (per-specialist rate-card pricing vs product SaaS) but accessible on a 3-6 month timeline. NorthAI's Tech Vector and Defense BD product teams could position under the "Data Science / Analytics / AI Specialist" specialist category without full SaaS product listing.
Engage a certified IRAP assessor (CyberPulse, Tesserent, or GCC Certification) for a pre-assessment audit. NorthAI's platform likely falls under OFFICIAL classification for unclassified intelligence-product licensing (lower cost, 6-12 week assessment cycle). PROTECTED classification applies if the platform handles any Australian classified data (higher cost, AUD $150K-250K assessment).
ABN requirement: Australian contracts require an Australian Business Number (ABN) for invoicing. CHN Analytics LLC (as a US entity) can register for an ABN as a foreign entity operating in Australia. This does not require establishing a separate Australian subsidiary. ABN registration takes approximately 4 weeks through the Australian Business Register.
Register with the PSPC Vendor of Record (VoR) system. Monitor Buys and Sells (canadabuys.canada.ca) for Defence / Innovation AI analytics RFPs. Use any NCIA Neo or G-Cloud contract award as reference in Canadian bids (reduces risk assessment and may accelerate security screening timeline).
CSP clearance reciprocity: The Contract Security Program (CSP) guidance requires foreign contractors to provide home-country security clearance confirmation. Whether a US government Secret clearance (if any NorthAI/CHN team members hold one) directly substitutes for Canadian Secret clearance is unconfirmed and requires direct CSP verification. Do not assume reciprocity; budget for a 4-8 week Canadian screening process on top of VoR registration.
The four certifications below serve multiple allied vehicles simultaneously. Investing in them in this order maximizes parallel value across the pathway map.
| Certification | Cost range | Timeline | Vehicles unlocked | Start by |
|---|---|---|---|---|
| ISO 27001 (information security) | $8K-40K | 3-6 months | UK G-Cloud 16, UK DSP, Australia IRAP (supplemental), Canada PSPC (informally strengthens bid) | June 2026 |
| ISO 20000-1 (IT service management) | $5K-20K | 3-5 months | UK G-Cloud 16 (required), UK DSP (expected) | June 2026 (concurrent with ISO 27001) |
| Cyber Essentials Plus (UK government baseline) | $2K-8K | 4-8 weeks | UK G-Cloud 16 (required for cloud lots), UK DSP (mandatory), UK Trusted Contractor (first step) | August 2026 (after ISO 27001 in progress) |
| IRAP OFFICIAL assessment (Australia) | $30K-60K (AUD $40K-80K) | 6-12 weeks for assessment + 4-6 weeks remediation | Australia AusTender (OFFICIAL-level contracts), DST Group commercial partnerships | September 2026 (start after NCAGE + NCIA Neo live) |