Reading the Defence Industrial Strategy as a software procurement signal

10 min read Original article ↗

The Canadian Defence Industrial Strategy made headlines in February 2026 for what looked like a budget number: $81.8 billion in defence spending through 2030. But the $81.8 billion is the broader Budget 2025 commitment to defence, not the strategy itself. The strategy is a procurement-preference framework, and its force comes from the 70% Canadian-procurement target it commits to, the 10 named sovereign-capability domains it commits Canada to building in country, and the legal mechanisms that direct procurement evaluations toward Canadian firms.1

That distinction matters because a vendor competing for a procurement line item under this strategy is no longer competing on price, feature parity, or operational maturity alone. The procurement evaluation now includes a layer that didn’t exist a year ago: whether the vendor itself belongs to the industrial base the strategy is trying to build.

The misreading

The $81.8 billion got the headlines. Most coverage led with it. Almost no coverage led with the figure the Defence Industrial Strategy actually carves out for itself: $6.6 billion of new dedicated allocation.1 The smaller number is closer to the truth of what the strategy directly funds, but even it’s the wrong place to look for the strategy’s effect on procurement.

The figures that move procurement decisions are different. The first is the 70% target: the strategy commits the federal government to raising the share of defence acquisitions awarded to Canadian firms to 70%.1 That number is a procurement-preference instrument with the force of policy behind it, not a budget. A bid that can’t credibly satisfy the target weakens before it’s evaluated on the merits.

The second is the list of 10 sovereign-capability domains the strategy committed Canada to building domestically: Aerospace, Ammunition, Digital Systems, In-Service Support, Personnel Protection, Sensors, Space, Specialized Manufacturing, Training and Simulation, and Uncrewed and Autonomous Systems. Digital Systems is the domain that most concretely concerns infrastructure and platform vendors. Inside it sit Secure Cloud, Artificial Intelligence, Quantum Computing and Communications, Integrated Command and Control, and High-Assurance Communications.2

Secure Cloud is where the strategy did the least to specify the supply chain it commits Canada to building. This is why the Strategy works as a procurement instrument and not just a spending plan. The $81.8 billion sets the envelope, and the 70% target, the capability domains, and the legal mechanisms in between decide who reaches into it.

The procurement-preference mechanisms

The Defence Industrial Strategy operates through a small set of procurement-policy levers. Each lever shapes what vendors can credibly bid for.

The Strategy creates a Canadian Company Boost: increased procurement credits awarded to vendors with 70 to 100% Canadian Content Value.3 The credit is a weighting applied during the evaluation step, before price is compared. A vendor with a thin Canadian content profile competes against a vendor whose evaluation score is structurally lifted.

The Strategy also commits the federal government to require multinational suppliers to do a greater percentage of their work in Canada and with Canadian-controlled firms, and to reduce customer reliance on ongoing foreign software updates, intellectual property, and schematics.3 That second clause is the one that touches infrastructure and platform vendors most directly. The Strategy names software updates and intellectual property as evaluation components, not as commercial details to be negotiated in a contract addendum.

Then there is the legal mechanism. Borden Ladner Gervais’s published analysis notes that “[t]he Strategy specifically references an increased willingness to invoke the national security exception in defence procurement processes to achieve this objective.”3 The national security exception is the lever that lets a federal department procure outside the open-competition framework when a security justification supports it. The Strategy committing to use that lever more often is a procurement-policy posture shift with real consequence for who can credibly bid for what.

Underneath the procurement levers sits capital availability. The BDC Defence Platform expanded to up to $6 billion in March 2026, with $91.7 million already deployed to 16 Canadian defence-tech businesses.4 The Defence, Security and Resilience Bank, selected to be hosted in Canada in April, adds a multilateral underwriting framework for projects that traditional banks have historically declined to finance.5 Capital availability is downstream of procurement-policy posture, but it shapes who can credibly stand up to compete for the procurement.

None of these mechanisms is reachable by a vendor whose parent company sits under foreign legal authority.

The transatlantic dimension

The Defence Industrial Strategy isn’t the only procurement gate a Canadian-incorporated vendor now competes inside. The partnership the Strategy sits within has moved past communiqués and into procurement infrastructure, and the procurement infrastructure is where the structural shift compounds.

In December 2025, European Council member states endorsed Canada’s accession to the EU’s Security Action for Europe initiative.6 SAFE is a €150 billion procurement instrument that sits inside the broader €800 billion Readiness 2030 plan to rebuild European defence-industrial capacity.7 The agreement was authorized for signing two months later.8 At the Munich Security Conference that same month, Prime Minister Carney framed the move plainly: “Canada is now the first non-European country to be granted membership in SAFE.”9

The framework is structured for European member states. Canada enters as a “third country” with bespoke terms: a preferential 80% Canadian-content allowance against a standard 35% non-EU cap, an initial €10 million contribution, and a 15% participation fee when European content falls below 65%.10 What matters more than the specific terms is the architecture they describe. A Canadian-incorporated vendor in 2026 competes inside two procurement frames simultaneously: the Canadian one the Defence Industrial Strategy builds, and the European one the SAFE agreement opens. Both frames are designed around vendor-jurisdiction tests. A vendor whose parent company sits under foreign legal authority doesn’t pass either.

The political register has tracked the procurement substance. When the European Commission marked 50 years of EU diplomatic presence in Canada in May 2026, its President closed the message by pairing the Canadian rallying phrase “elbows up” with “arms open to partners.”11 The phrase confirmed in rhetoric what the architecture under it had already made real.

The “Canadian company” definitional leak

The 70% target is operationally porous because the Strategy does not define “Canadian company” with the kind of precision the procurement decision actually needs. A vendor whose parent company sits in Washington, Seattle, or Mountain View can hold a Canadian subsidiary, a Canadian office, or a Canadian reseller and still pass the loosest reading of “Canadian.” Without a structural test, the 70% target risks becoming a procurement-preference instrument that fails to exclude the vendors it was written to exclude.

The critique is being made publicly by Canadian defence-tech founders operating inside the procurement environment the Strategy created. Kath Intson, co-founder and CEO of Sentinel R&D, an Ontario manufacturer of fixed-wing unmanned aerial systems, told BetaKit in March 2026 that Canada is “starting to get real wishy-washy” about defining sovereignty in this space, and that “it’s not enough to just onshore some other company’s capability and call it Canadian.”12 The point lands harder coming from someone whose product depends on the procurement-evaluation criterion being interpreted strictly.

A serious procurement evaluation under the Strategy cannot resolve on the surface-level definition. It has to interrogate three structural questions about every vendor it considers: where the parent company is incorporated and which legal jurisdiction governs that incorporation, where the trust roots and signing infrastructure that produce the vendor’s output are domiciled, and what foreign-jurisdiction dependencies sit in the supply chain that feeds the product. None of those questions is answered by checking whether the vendor has a Canadian office.

What changes for infrastructure and platform vendors

The procurement framework the Strategy creates doesn’t ask vendors a single new question. The questions are the ones a CLOUD Act analysis raises from the legal-exposure side: incorporation, supply-chain jurisdiction, evidence trail. The Strategy applies them at the procurement-policy layer with formal evaluation weight behind them.

For an infrastructure or platform vendor, three things now have to be demonstrable on procurement-evaluation timelines, not on contract-negotiation timelines.

The vendor’s jurisdictional structure has to hold up to inspection. Where the parent company is incorporated and which legal jurisdiction governs that incorporation has to be answerable on a single line of a security disclosure. The evaluation cannot wait for a court case to clarify what the contract permits.

The supply chain has to be inspectable. Signing roots, image registries, operating-system distributions, and the operators that admit artifacts into a customer cluster all carry their own legal-jurisdiction surfaces. A vendor that can produce a supply-chain dependency graph with each node’s jurisdiction labelled passes first-pass scrutiny, and one that can’t fails it.

The evidence trail has to be emitted by the system as it runs rather than assembled by hand afterward. Accreditation-grade evidence collected by hand at the end of a deployment cycle is too slow for the kind of procurement gate the Strategy now describes. A vendor that emits cryptographically verifiable evidence at every signed-and-applied step can have that evidence evaluated without staffing a months-long evidence-gathering project.

The procurement evaluation is now a structural test on three axes that did not used to belong to procurement decisions. Vendors that can’t answer all three are not competing. The full evaluation, when it’s written as a checklist, will run longer; these three are the floor.

The gap

The Defence Industrial Strategy named Secure Cloud as a sovereign capability the federal government committed Canada to building. It didn’t specify the supply chain underneath that capability. That gap is less an oversight than the part of the procurement architecture the Strategy left for the industrial base to supply.

The industrial base has not yet supplied it. Every meaningful Kubernetes platform in production at Canadian defence primes still imports its trust roots, its image registries, and its operators from vendors under foreign legal authority. The procurement-policy framework now favours the vendor that closes that gap. The structural test is in place, but the vendor who satisfies it hasn’t arrived yet.

If you’re evaluating sovereign infrastructure for classified workloads, or building toward a procurement evaluation that will ask the three questions above, the conversation is open.

  1. Office of the Prime Minister, “Prime Minister Carney launches Canada’s first Defence Industrial Strategy,” February 17, 2026. https://www.pm.gc.ca/en/news/news-releases/2026/02/17/prime-minister-carney-launches-canadas-first-defence-industrial 2 3

  2. Department of National Defence, “Security, Sovereignty and Prosperity: Canada’s First Defence Industrial Strategy.” https://www.canada.ca/en/department-national-defence/corporate/reports-publications/industrial-strategy/security-sovereignty-prosperity.html

  3. Borden Ladner Gervais, “How Canada’s Defence Industrial Strategy reshapes defence acquisition and procurement law,” February 2026. https://www.blg.com/en/insights/2026/02/how-canadas-defence-industrial-strategy-reshapes-defence-acquisition-and-procurement-law 2 3

  4. Business Development Bank of Canada, “BDC boosts Defence Platform after providing financing, names StrongNorth Fund leader,” March 12, 2026. https://www.bdc.ca/en/about/mediaroom/news-releases/bdc-boosts-defence-platform-after-providing-financing-names-strong-northfund-leader

  5. Department of Finance Canada, “Canada welcomes progress towards the establishment of the Defence, Security and Resilience Bank and hosting its headquarters,” April 29, 2026. https://www.canada.ca/en/department-finance/news/2026/04/canada-welcomes-progress-towards-the-establishment-of-the-defence-security-and-resilience-bank-and-hosting-its-headquarters.html

  6. Council of the European Union, “SAFE: member states endorse agreement on the participation of Canada,” December 19, 2025. https://www.consilium.europa.eu/en/press/press-releases/2025/12/19/safe-member-states-endorse-agreement-on-the-participation-of-canada/

  7. Council of the European Union, “Security Action for Europe (SAFE).” https://www.consilium.europa.eu/en/policies/safe/

  8. Council of the European Union, “SAFE: Council clears path for financial assistance to eight member states and concluding the Canada agreement,” February 11, 2026. https://www.consilium.europa.eu/en/press/press-releases/2026/02/11/safe-council-clears-path-for-financial-assistance-to-eight-member-states-and-concluding-the-canada-agreement/

  9. Prime Minister Mark Carney, statement on Canada’s accession to the EU’s SAFE initiative, framed in connection with the Munich Security Conference, February 2026. Posted to Carney’s verified LinkedIn account: https://www.linkedin.com/posts/mark-carney-5b9744205_canada-is-the-first-non-european-country-activity-7432566191015206913-SEDJ/. See also coverage in CBC News: https://www.cbc.ca/news/politics/canada-eu-safe-agreement-defence-loans-weapons-9.7090635.

  10. Global Affairs Canada, “Canada–European Union agreement: Security Action for Europe (SAFE).” https://www.international.gc.ca/world-monde/international_relations-relations_internationales/eu-ue/agreement-accord.aspx?lang=eng

  11. European Commission, “Video message by President von der Leyen on 50 years of EU diplomatic presence in Canada,” SPEECH/26/1000, May 9, 2026. https://ec.europa.eu/commission/presscorner/detail/en/speech_26_1000

  12. Isabelle Kirkwood, “Defence tech founder warns Canada is getting ‘wishy-washy’ about defining sovereignty,” BetaKit, March 26, 2026. https://betakit.com/defence-tech-founder-warns-canada-is-getting-wishy-washy-about-defining-sovereignty/