For Dual-Use Industry Operators

Your Supply Chain Just Got
Six New Regulations

If you manufacture, import, or procure steel, cement, chemicals, or critical raw materials in the EU — you already face ETS, CBAM, CSRD, NIS2, KRITIS, and the EU AI Act. Probably all at once. Here is how Aegis handles the overlap so your team does not have to.

Steel & Metals Cement & Lime Chemicals Construction Critical Raw Materials Defence Supply Chains

Book a Demo Aegis Platform Overview

The Problem You Already Have

One Disruption. Five Industries. Four Regulations.

On March 30, 2026, a fire broke out at a Nordkalk limestone facility in Finland. Nordkalk is Northern Europe's largest limestone producer — Sigmaroc group, EUR 400M revenue, operations across Finland, Sweden, Poland, and Spain. Local news covered the fire. Nobody covered the cascade.

Lime is a flux agent in steel production. Without lime, steel quality drops. When domestic lime supply is constrained, steelmakers import — and non-EU steel triggers CBAM carbon tariffs. Meanwhile, lime is also a cement feedstock (clinite production), a chemical precursor (calcium carbide for synthetic rubber and explosives), and a critical raw material under the EU CRM Act — which grants 95 strategic projects the same security priority as military bases.

Here is what actually happened across five industries:

The Nordkalk Cascade — Real Event, March 2026

Steel: Flux shortage. VulcanAgent recalculates ETS exposure. Steelmakers source non-EU — CBAM cost spike
Cement: Calcination feedstock constrained. GaiaAgent flags clinker substitution urgency
Chemicals: Calcium carbide shortage. Synthetic rubber and explosives supply chain under stress — defence industrial base alert
Construction: Embodied carbon increase across ongoing projects. MaterialOracle recalculates. CSRD E1 disclosure gap opens
Regulatory: KRITIS mandatory incident reporting triggered. Customer compliance scores degrade across the board

Five industries. Four EU regulations. One signal chain. This is the kind of cascade that procurement teams discover three months later in a compliance audit. Aegis traces it in seconds — deterministic scoring, no LLM hallucination, every data point verifiable from public EU sources.

How It Works

Agents That Do the Work. Not Dashboards You Stare At.

Each agent observes data, scores regulatory exposure, and produces audit-ready deliverables. No manual configuration. No dashboard interpretation. You get outcomes, not charts.

VulcanAgent

Steel and metals specialist. ETS Phase 4 exposure, CBAM carbon declarations, flux supply monitoring. If you import steel, Vulcan tells you the carbon cost before your procurement team does.

Steel & Metals

GaiaAgent

Cement, lime, earth materials. Critical raw material assessment under the EU CRM Act. Clinker substitution urgency, calcination feedstock tracking, dual-use material flagging.

Critical Raw Materials

ComplianceAgent

The regulation engine. Dual-use export control (Reg. 2021/821) plus CSRD, CBAM, ETS, NIS2, Fit for 55. Cross-regulation scoring — one agent, six regulatory frameworks.

Regulatory

CrossVerticalIntel

The cascade tracker. When a disruption hits one industry, this agent propagates the signal across all 20 — calculating which regulations trigger, which customers are exposed, and by how much.

Supply Chain Intelligence

SovereigntyMonitor

Checks where your data lives and who can legally access it. CLOUD Act exposure detection. Four sovereignty tiers: Sovereign, Compliant, Partial, Exposed. No guessing.

Data Sovereignty

SiteSense

Construction and field operations. Site safety scoring, EN 13001 crane monitoring, weather risk, worker capacity. If you are building anything — defence, civilian, or infrastructure — SiteSense scores it.

Field Operations

Plus 12 more agents covering logistics, scheduling, customer health, emissions analysis, quality gating, and Article 12 audit logging. Full agent list at dws10.com/aegis.

The Six Regulations You Need to Know

Plain Language. No Legal Jargon.

If you work in procurement, supply chain management, or compliance at a European manufacturer — this is what is landing on your desk. These are not future regulations. They are live now or go live in 2025-2027.

Regulation	What It Means for You	Who Handles It
ETS Phase 4	Your factory's CO2 has a price tag. Free allocations are shrinking. Every tonne you emit costs real money at auction.	VulcanAgent, ComplianceAgent
CBAM	Importing steel or aluminium from outside the EU? You now pay a carbon border tariff. The cheaper the supplier, the higher the carbon cost.	ComplianceAgent
CSRD	Your sustainability report is no longer optional greenwashing. It is audited, standardized (ESRS), and your board is personally liable for accuracy.	ComplianceAgent, CrossVerticalIntel
NIS2	Critical infrastructure must report cyber incidents within 24 hours. Supply chain security is now your problem, not just your IT department's.	SovereigntyMonitor
KRITIS	Germany's critical infrastructure law. Supply chain disruptions now trigger mandatory security reporting. A factory fire is no longer just insurance — it is regulatory.	CrossVerticalIntel
EU AI Act	Using AI in procurement, quality control, or compliance? Every AI decision must be logged with reasoning. Article 12 is not optional.	Article12Logger, KYA Engine

The problem: these regulations overlap. A single supply chain disruption can trigger ETS recalculation, CBAM cost spike, CSRD disclosure gap, and KRITIS reporting — simultaneously. Your existing tools see one regulation at a time. Aegis sees all six.

Dual-Use Export Control (Reg. 2021/821)

If your materials, components, or technology have military applications — you have export control obligations
The EU Critical Raw Materials Act grants 95 strategic projects the same security priority as military bases
Lime, rare earths, and strategic metals are dual-use by regulation — not by your choice
Aegis ComplianceAgent tracks dual-use classification alongside climate compliance — one platform, both obligations

Deployment

What Does Deployment Actually Look Like?

No 18-month integration project. No army of consultants. Aegis is software-only, deployed on a dedicated Kubernetes cluster in Helsinki. Your data stays in Finland. Your agents run in isolated containers. Your team gets outcomes within weeks, not quarters.

Week	What Happens
Week 1	Your dedicated Kubernetes cluster is provisioned on UpCloud Helsinki. Database, cache, load balancer, agent isolation — all configured.
Week 2	Data onboarding. Connect your ERP (SAP, IFS, Dynamics) or upload data. Agents start scoring your regulatory exposure.
Week 3	First compliance reports generated. Cross-vertical signals active. Your team reviews agent outputs with our team.
Week 4	Production. Agents run autonomously. Audit-ready deliverables flow. Your compliance team supervises, not operates.

What you get: Your own Kubernetes cluster. Your own PostgreSQL database. Your own agents. No shared tenancy with other customers. No US cloud. The data never leaves Finnish infrastructure.

EU Data Residency CLOUD Act Free Single-Tenant NIS2 Aligned PiTuKri Audited ISO 27001 Q3 2026

Ecosystem

Built Inside Finland's Defence Innovation Ecosystem

Finland's defence and dual-use industry is growing fast following NATO membership. Aegis is built inside the DEFINE Accelerator (Riihimaki) and Defence Tech Hub (Espoo) ecosystem — 60+ companies working on dual-use technology for European defence and civilian industry.

The NATO DIANA accelerator site in Espoo (VTT-operated, opened January 2026) and FiBAN DEFSEC investor events connect defence startups directly with procurement teams, VCs, and government agencies.

DEFINE Finland NATO DIANA FiBAN DEFSEC ICEYE IQM Kuva Space Varjo Patria Saab

Company names listed for industry context only. No endorsement or partnership implied unless explicitly stated.

Your Supply Chain Just GotSix New Regulations