Please note that the ISC website will be available on July 3, 2025 at 10:30am EDT/EST.*
This Challenge Notice is issued under the Innovative Solutions Canada Program (ISC) Call for Proposals 004 (EN578-20ISC4). For general ISC information, Offerors can visit the ISC website at: http://www.ic.gc.ca/eic/site/101.nsf/eng/home
Please refer to the Solicitation Documents Innovative Solutions Canada Program Call for Proposals – 004 - Tender Notice | CanadaBuys https://canadabuys.canada.ca/en/tender-opportunities/tender-notice/cb-331-17030872 which contains the process for submitting a proposal.
Steps to apply:
Step 1: read this challenge
Step 2: read the Call for Proposals : https://canadabuys.canada.ca/en/tender-opportunities/tender-notice/cb-331-17030872
Step 3: propose your solution here : https://ised-isde.canada.ca/site/innovative-solutions-canada/en/supply-chain-verifiable-digital-credentials
Challenge title: Advanced Technologies for Open-Source Intelligence Due Diligence
Challenge sponsor: National Research Council of Canada (NRC)
Funding Mechanism: Contract
MAXIMUM CONTRACT VALUE:
Multiple contracts could result from this Challenge.
Phase 1:
• There are no Phase 1 contracts for this challenge.
Phase 2:
• The maximum funding available for any Phase 2 contract resulting from this Challenge is : $1,500,000.00 CAD excluding applicable taxes, shipping, travel and living expenses, as required.
• The maximum duration for any Phase 2 contract resulting from this Challenge is up to 12 months (excluding submission of the final report).
• Estimated number of Phase 2 contracts: 1
This disclosure is made in good faith and does not commit Canada to award any contract for the total approximate funding. Final decisions on the number of Phase 2 awards will be made by Canada on the basis of factors such as evaluation results, departmental priorities and availability of funds. Canada reserves the right to make partial awards and to negotiate project scope changes.
Note: Selected companies are eligible to receive one contract per phase per challenge.
Travel
Travel may be required for Phase 2. Location: M55, 1200 Montreal Road, Ottawa, Ontario
Problem statement:
Challenge Statement Summary
As Canada’s largest federal R&D organization, the NRC is committed to promoting openness and collaboration to advance innovation and discovery. While these partnerships present significant opportunities, they also pose risks such as foreign interference, intellectual property (IP) theft, and insider threats. To address these challenges, the NRC sees an opportunity to enhance its due diligence processes. By building on existing practices that rely heavily on manual searches and data processing, the NRC aims to adopt advanced solutions that align with today’s fast-paced and complex digital landscape.
The NRC is focused on boosting its capabilities in processing large volumes of diverse, unstructured, and multilingual data. By embracing new technologies, the NRC seeks to leverage powerful analytics to uncover hidden or complex connections. This proactive approach will equip decision-makers with timely, actionable insights crucial for safeguarding Canada’s research ecosystem.
To achieve this, the NRC is launching an ISC challenge with the specific purpose of developing an AI-driven, first-level due diligence platform. This innovative solution will streamline the analysis of diverse public data sources and enhance real-time detection of suspicious affiliations, thereby supporting comprehensive contextual risk assessments. The platform will be designed to adhere to Canadian legal, ethical, and privacy standards, ensuring security and accessibility through a browser-based interface across the Canadian research ecosystem.
Details:
Essential Outcomes
The proposed solution must:
1- Integrate and provide relationship mapping using public data from a wide range of sources. All data sources must be accessed via authorized Enterprise Application Programming Interfaces (APIs) or re-seller agreements. Scraping that contravenes platform Terms of Service (TOS) is prohibited. The proponent may be asked to submit licence agreements or re-seller attestations, and automated crawler logs may be inspected for TOS compliance. Sources to be considered should include at minimum:
i. Social platforms: LinkedIn, Twitter (X), Facebook, Reddit, Discord, and Telegram
ii. Financial disclosure and regulatory systems: SEDAR+ (Canada), EDGAR (U.S.)
iii. Corporate registries: Corporations Canada, Québec business registrar, and OpenCorporates
iv. Funding Institutional
v. Patent databases: European Patent Office (Espacenet)
vi. Legal databases: Canadian Legal Information Institute (CanLII), World Legal Information Institute (WorldLII)
vii. Sanctions and foreign affiliation trackers: Canada’s Consolidated Sanctions List, C4ADS Sanctions Explorer, China Defence Universities Tracker, Named Research Organizations.
viii. Corporate structure data: Statistics Canada's Inter-corporate Ownership database
ix. Media and corporate websites: Major news outlets and publicly available corporate websites
2- Provide real-time monitoring capabilities to detect emerging associations or indicators of risk for individuals or organizations of interest.
3- Generate a dynamic knowledge graph for each user prompt, automatically mapping connections between researchers, institutions, co-authors, funders, corporate affiliations, and foreign entities such as state-owned enterprises or military-industrial bodies (see Essential Outcome 1, vii.).
4- Assess potential security risks associated with the prompt of: and/or within the context of Canada's research and development sector. Risk assessment results must be represented in a “traffic light format” using Red-Yellow-Blue, and users must be able to define and adjust risk indicators and thresholds.
5- Have multilingual detection and translation capabilities to analyze information across different languages, including French, English and one (or more) non-Latin script (example: Chinese including Mandarin pinyin, and traditional and simplified characters) with the ability to add other languages in the future.
6- Include the following system design features:
i. Ethical AI governance and bias mitigation strategies in solution development that aligns with Government of Canada initiatives for responsible AI;
ii. Capability to operate in near-real time at scale (estimated volume of at least 25,000 organizations and 250,000 individuals of interest and up to 30 users querying the system at one time);
iii. System to resolve queries of search names of entities using different spellings, returning all instances of the entity; and
iv. Provide an API for export to other platforms, such as in-house NRC platforms.
7- User Account Creation and Management: The application must support secure user accounts with email verification, strong passwords, hashed storage, Multi-factor Authentication (MFA), login monitoring, and administrative tools for account creation and management.
8- Infrastructure and Hosting:
i. The application must be accessible through standard web browsers without requiring installation on local servers/devices;
ii. The application must reside on servers located in Canada; and
iii. There must be an ability to export search results (i.e., downloadable PDF document) without storing the search query results in the application (i.e. no digital footprint of the user session retained).
Additional Outcomes
The proposed solution should:
1. Provide international intelligence and relationship mapping (associations), across diverse domains, including but not limited to: academic publications, US Department of Commerce Bureau of Industry and Security Entity List (www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/entity-list), US National Institute of Health's PubMed (pubmed.ncbi.nlm.nih.gov), lobbyist registers, conference and event participant lists, and foreign direct investments.
Background & Context
Organizations and individuals are increasingly exploited by malicious actors aiming to disrupt research ecosystems, destabilize corporate operations, and compromise organizational integrity. These threats can result in extensive economic, social, and reputational damage.
Examples of Real-World Risks:
• Enterprise Risk: Organizations often interact with thousands of third parties, each of which could pose risks to operational stability and security; and
• Sensitive Technology Research: Some partnerships or affiliations can expose critical research to actors seeking to exploit intellectual property.
Indicators of Risk:
• Direct or indirect connections with foreign military, national defence and state security entities;
• Indications that an individual or organization could be subject to potential foreign government interference or control;
• Lack of transparency in organizational structures or unethical behaviour from an individual or organization that could cause reputational harm to Canada; and
• Connections to entities associated with intellectual property theft or conflicts of interest that could lead to unauthorized knowledge transfer.
Desired Impact:
This initiative aims to enhance Canada's research security and operational resilience by equipping stakeholders with advanced tools to detect, analyze, and mitigate risks effectively. It will position Canadian innovators at the forefront of OSINT-driven due diligence methodologies while safeguarding national interests. The National Research Council (NRC) is seeking innovative solutions that collect and analyze public information to support decision-making, enhancing national security through the reduction of risks to Canadian research partnerships and corporate operations.
References:
• Statement on Research Security – NRC Canada
• Artificial Intelligence and Data Act (AIDA) – Companion Document
• Canadian Centre for Cyber Security: Passphrases and Passwords (ITSAP.30.032)
• Government of Canada White Paper: Data Sovereignty and Public Cloud
• SEDAR+ (https://sedarplus.ca)
• EDGAR (https://sec.gov)
• Corporations Canada (https://ised-isde.canada.ca)
• OpenCorporates (https://opencorporates.com)
• Funding Institutional (https://www.fundinginstitutional.com)
• Espacenet (https://worldwide.espacenet.com)
• CanLII (https://www.canlii.org)
• WorldLII (http://www.worldlii.org)
• Canadian Autonomous Sanctions List (https://www.international.gc.ca)
• C4ADS Sanctions Explorer (https://sanctionsexplorer.org)
• China Defence Universities Tracker (https://unitracker.aspi.org.au)
• Inter-corporate Ownership (Statistics Canada)
• Named Research Organizations (https://science.gc.ca)
• le Registraire des entreprises (https://www.registreentreprises.gouv.qc.ca)
