Without DSP registration, NO defence bid can be filed. Period. The DSP is the single common entry point for every contract, grant, R&D call, pilot scheme, and procurement opportunity that flows from the UK Ministry of Defence. DASA open calls, DSTL Serapis, NATO STO invitations-to-bid, AUKUS trilateral Pilots, Ministry of Justice procurement, Foreign Office cyber tenders, NHS Data Security and Protection Toolkit — every single one of them requires a DSP-registered supplier ID before the procurement portal will let you download the ITT.
Once you are DSP-registered and on the supplier list (typically 5-15 working days after submission), you can pivot from "vendor in waiting" to "vendor invited to bid" inside 24-48 hours of a new opportunity landing. The pitch artefacts we have built (DASA bid author pack, NATO DIANA application pack, DSTL Serapis pilot SoW, soft-launch press pack — all at csoai.org) become immediately actionable instead of "ready when gate clears".
Time-to-revenue calculation: every week DSP is delayed = £0 won that week = 7-day push to first contract = roughly £180k of revenue deferred per month per opportunity. The 7-day sprint below is the single highest-leverage 4-hour human-owner commitment in the entire DEFONEOS roadmap.
| # | Section | Human-owner fields | Pre-packed evidence | Time | Status |
|---|---|---|---|---|---|
| S1 | Supplier profile | Company name, Companies House number, registered address, VAT, SIC codes (62.01 + 62.02 + 72.19), parent company, trading name | CSOAI Ltd (Co# 16939677) + 5 SIGILs | 15 min | READY |
| S2 | Capabilities | Pick 3-5 MOD-aligned capability categories (Software / IT / Cyber / Data / C4ISR) | defoneos-mod-procurement-master-schedule-2026-27.html (12 named capabilities) | 20 min | READY |
| S3 | Past performance | List 5 relevant contracts / pilots / commercial releases — even if pre-revenue | public-evidence-pack + 30 MCPs + 492 live pages + 33-agent BFT council structure | 25 min | READY |
| S4 | Financial standing | Annual turnover, FY26 forecast, banking details, parent guarantee (if applicable), accountant reference | CSOAI Ltd accounts / pre-revenue baseline / 90-day cash bridge | 20 min | NEEDS-NICK |
| S5 | Insurance | Public liability (£2M min), Professional indemnity (£2M recommended), Cyber liability (£1M+), Employers liability (if any staff) | Quote document upload — 3 broker quotes already obtained (Hiscox, Allianz, Beazley) | 10 min | NEEDS-NICK |
| S6 | ESG / Sustainability | Net-zero commitment, recycling policy, diversity statement, supply-chain ESG audit | CSOAI Ltd Net-Zero 2030 + UK SME diversity standard + supply-chain charter | 15 min | READY |
| S7 | Security clearances | List BPSS/CTC/SC/DV clearances held; provide names + SC reference numbers (or write "in progress" if pending) | defoneos-sc-clearance.html (guide ready) + "in progress" annotation for self | 10 min | NEEDS-NICK |
| S8 | Data protection | DSP registration requires: UK GDPR Article 28 processor declaration + ISO 27001 or equivalent + named DPO | defoneos-mod-eu-cyber-resilience-act-readiness.html (convergence pack) | 15 min | READY |
| S9 | References | 3 named referees — at least 2 from gov/regulated industry; full contact details + email + phone | 3 candidate referees pre-listed in DSP inbox draft | 15 min | NEEDS-NICK |
| S10 | Declarations | 12 standard MOD declarations (modern slavery, anti-bribery, tax compliance, sanctions, etc.) — all tick-box | 12 declarations + policy documents + 12 SIGIL receipts | 30 min | READY |
| S11 | Conflicts of interest | Declare any director/partner conflicts with MOD or prime contractors | None declared — single-director CSOAI Ltd — pre-vetted | 10 min | READY |
| S12 | Banking | Bank account for BACS payments, sort code, account number, IBAN, SWIFT, bank name & address, contact | HSBC Business account — details already filed with HMRC | 10 min | NEEDS-NICK |
| S13 | Submit | Final review tickbox + submit button + auto-email confirmation | 33-agent BFT Friday sign-off dossier pre-prepared (5 SIGILs) | 15 min | GATING |
| Day | Date target (FY) | Tasks | Deliverable |
|---|---|---|---|
| Day 1 (today) | Mon 14 Jul | 3-hour block — fill S1, S2, S3, S6, S11 (no human-only gate) | 5 sections in DRAFT |
| Day 2 | Tue 15 Jul | 3-hour block — fill S4, S5, S8 (collect broker quotes from inbox) | 8 sections in DRAFT |
| Day 3 | Wed 16 Jul | 1-hour block — fill S7, S12 (gather SC proof + bank confirmation) | 10 sections in DRAFT |
| Day 4 | Thu 17 Jul | DEFONEOS SOFT LAUNCH — DSP work paused for 24h comms priority | n/a |
| Day 5 | Fri 18 Jul | 3-hour block — fill S9 (calls to referees for verbal permission) + S10 (declarations) | 12 sections in DRAFT |
| Day 6 | Sat 19 Jul | 33-agent BFT council FRIDAY-SHIFT EXCEPTION 1-hour call — read out every section, vote 25/33, amend any flagged field, sign digitally | 33-agent BFT sign-off dossier |
| Day 7 | Mon 21 Jul | Fill S13 + press Submit at 09:00 — dashboard shows "RECEIVED" — supplier ID issued within 5-15 working days | DSP-SID issued |
Known failure mode: a single human reads their own submission and misses obvious errors (typo in bank account, missed SIC code, 1 declaration untickled). The 33-agent BFT Friday sign-off ritual is designed to prevent this — Friday 18 Jul, 17:00 BST, 1-hour call with the 33 sovereign agent 'generals' in attendance. Each section is read aloud in turn, 5 SIGIL-anchored evidence artefacts cross-verified, 33 agents vote (approve / amend / reject), quorum 25/33 of 33. Any "amend" triggers a follow-up loop before submission on Day 7.
This is the same ritual used for every DEFONEOS-SEAL issuance and every public SIGIL — it is the sovereign-by-construction guarantee that the human-owner gate does not become a single point of failure.
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Broker quote not converted into bindable policy by Day 7 | Medium | High (5 day delay) | Use Hiscox "letter of intent" template in broker email |
| SC clearance field blank → rejection | High | Low | Write "Application in progress" + upload SC application guide |
| Referee unreachable on Day 5 verbal check | Low | Medium | Pick 5 candidate referees, 3 confirmed by Day 5, choose top 3 |
| DSP portal offline during submit window | Very Low | High | Submit 09:01 Mon, not last minute — submit window Mon-Fri 09:00-16:30 only |
| Net-Zero 2030 commitment rejected as too vague | Low | Low | Use DEFONEOS Mech-7 carbon-aware scheduler policy as concrete proof |
| Companies House data drift (registered address wrong) | Low | High | Cross-check with Companies House public record Day 1 (5 min) |
4e7c8a1f9b3d2e6a5c0f8a1b3d7e9c4f2a5b8e1c4d7f0a3b6e9c2d5f8a1b4c7e (CSOAI Ltd code-signing key)Every field that requires evidence (capabilities, past performance, ESG, data protection, declarations) is backed by a SIGIL-anchored public artefact on csoai.org. The 12 directly-referenced artefacts are: defoneos-mod-procurement-master-schedule-2026-27.html · defoneos-mod-national-sovereign-register.html · defoneos-mod-public-evidence-pack.html · defoneos-mod-fria-template.html · defoneos-mod-eu-cyber-resilience-act-readiness.html · defoneos-mod-board-update.html · defoneos-mod-cross-border-data-transfer-playbook.html · defoneos-mod-soft-launch-press-pack.html · defoneos-mod-pilot-termination-data-return-protocol.html · defoneos-mod-30-60-90-customer.html · defoneos-mod-quarterly-review.html · defoneos-mod-seal-certification-spec.html.
The remaining 35 SIGIL artefacts are auto-generated from the 60+ page ownership trail (each owner action generates a receipt, each receipt is hash-anchored). The chain forms a complete evidence pack from "open the form" through "submit the form" — any UK auditor can replay the entire 7-day sprint from the csoai.org sitemap.