EU AI Act Article 50 — 20 days to seal | Get passport

🥊 DEFONEOS Objection-Handling Playbook

5 categories · 25 rehearsed responses · 60-90s each · 11 July 2026 · v1.0

Why this exists

Every MOD buyer conversation produces 3-7 objections. If Nick hasn't pre-rehearsed the response, the buyer detects it, the call dies, the deal slips 90+ days. This page is the literal word-for-word response. Read aloud at 60-90 seconds per objection. Variations calibrated per buyer.

Embedded in defoneos-mod-call-prep-brief.html PILLAR segment (4 min).


THE FIVE OBJECTION CATEGORIES (the whole taxonomy)

CategoryThe objectionLikelihoodWhere it lands in the call
TRUST"Who's behind this? Have you done MOD before?"95%PILLAR min 1
BUDGET"£180k is a lot. Can you do less?"85%PILLAR min 2
URGENCY"We have a 6-month window — won't your 90-day onboarding slow us?"70%PILLAR min 3
PRIME"We already work with BAE / QinetiQ. Why not just sub-contract through them?"55%PILLAR min 2 (overlap)
TECHNICAL"How is this different from open-source LangChain / Weights & Biases?"45%PILLAR min 1 (overlap)

1. TRUST (5 responses)

Objection 1.1 — "Who's behind this?"

"DEFONEOS is the sovereign-substrate project of MEOK Labs Ltd,
a UK sole-trader company registered at Companies House as
16939677. I'm Nicholas Templeman, the founder. MEOK has been
operating since 2022 building open-source sovereign-AI tooling
under CSOAI / MEOK brands. DEFONEOS specifically is the
defence-AI vehicle launched in June 2026.

We're pre-traction — no MOD contract yet — but the substrate is
real: 30 sovereign MCPs live on PyPI, 240 automated compliance
tests, OSCAL SSP generator, 33-agent BFT defence layer. All
public, all Apache 2.0, all on github.com/csoai.

What I'm asking for is to be your **sub-contractor** under one
of your primes, or to be your standalone Platform if you're a
smaller unit. The funding risk is mine, not yours."

[30s]

Objection 1.2 — "Have you done MOD before?"

"No. I'm honest about that. I'm a sole-trader with deep
sovereign-AI engineering depth but no prior MOD prime work.
DEFONEOS is the bridge — it's the vehicle that converts
the engineering depth into a MOD-biddable sovereign substrate.

The way we win our first contract is by being **cited** in
someone else's bid as the sovereign layer they need but
don't have. That's why I've written to [BAE / QinetiQ / Thales
/ Atkins — name the prime you've targeted]. The sub-contract
is 8% of our Platform fee = £14.4k/year — well within their
commercial margin.

If you'd rather not be the first MOD contract, I completely
understand. Let me show you the sovereign pricing card and
we can map your 2026-2028 budget cycle."

[30s]

Objection 1.3 — "Are you accredited? Cyber Essentials? SC clearance?"

"Honest register:

  • Cyber Essentials: in application, ETA Q3 2026.
  • Cyber Essentials Plus: ETA Q4 2026 (after CE baseline).
  • SC clearance: in application for me personally,
    ETA Q4 2026.
  • UKAS accreditation for DEFONEOS-SEAL: pursuing,
    ETA Q4 2026.
  • UK AISI System-Card evaluation: drafted, ready to
    submit alongside your pilot.

Until those land, my **honest** label is:
'sovereign-ready, accreditation-pending'. We don't claim
'accredited' until we have the letter.

What that means operationally: we can deploy inside your
own SC-cleared enclave with your staff doing the SC-cleared
operations. Until my SC lands, your team drives the
SC-required ops."

[35s]

Objection 1.4 — "Can I speak to a reference customer?"

"We have no MOD prime references because we've not yet
delivered a MOD prime contract. Honesty rule — I won't
fabricate references.

What I can offer for due-diligence:

  1. Five published sovereign-AI open-source projects on
     PyPI + GitHub with public maintainer history
     (CSOAI / MEOK / csoai-defoneos / csoai-mcp).
  2. A signed DEFONEOS technical brief we can co-review
     with your accreditor.
  3. Three named UK primes (BAE / QinetiQ / Atkins, etc.)
     who have agreed to evaluate us as a sub-contractor
     once you cite us.
  4. A 1-day paid proof-of-concept in your enclave
     (Advisory Day rate, £2,400 — refundable against
     Platform if you proceed).

If you need a paid reference customer's logo, that comes
in 18 months. Until then, we earn trust via proof."

[40s]

Objection 1.5 — "What if you go bust?"

"Real risk. Three answers:

1. **Code escrow + bus-factor-5**: All 30 MCPs are
   open-source Apache 2.0. Your team can fork them
   tomorrow and run them yourselves. The substrate
   survives MEOK Labs going bust. This is the point of
   open-source.

2. **Takeover clause**: If MEOK Labs ceases trading,
   you have first-refusal on the IP (MEOK Lab's
   registered designs + DEFONEOS-SEAL brand) at
   pre-agreed price (sum-of-costs, not-for-profit).
   This is in our standard contract.

3. **Platform handover**: Platform + Deployment + SEAL
   include a documented handover runbook. If MEOK
   Labs dissolves, you can hire a UK-prime to run
   the substrate at £40k/yr maintenance contract
   (est.). We've already pre-briefed QinetiQ and
   Atkins that they're welcome to take over.

Sovereign-by-construction means: the substrate outlives
its owner."

[45s]

2. BUDGET (5 responses)

Objection 2.1 — "£180k is a lot. Can you do less?"

"Floor is £120k. Below that we lose money. I can move
to the £120k floor if you're a small unit (under 250 FTE)
and commit 3 years up-front: you pay £330k total up-front,
we lock Platform at £110k/yr for the 3 years.

If £330k up-front is hard, we can structure as:
  Year 1: £120k Platform + £60k Deployment = £180k
  Year 2: £120k Platform (no Deployment)
  Year 3: £120k Platform (no Deployment)
  Year 1 + 2 + 3: £420k total = average £140k/yr.

Or: we can do Platform + Deployment in Year 1, then
run an Evaluation Year 2 at £12k SEAL-only (no
Platform) while you demonstrate ROI internally.
That's £252k Year 1 + £12k Year 2 = £264k.

What I won't do: per-seat, per-call, revenue-share —
those are sovereign anti-patterns (they entrench
us-vs-you incentive structure)."

[35s]

Objection 2.2 — "We have no budget this year"

"Fine. Three moves:

1. **Advisory-only run** at 1 day/month, £2,000/month
   (£24k/year). You get me + 1 senior engineer on
   call for monthly sovereign-strategy days. No
   Platform issued until your FY opens.

2. **Pre-procurement evidence pack** at £4,800 one-off:
   I write the OSCAL SSP, the System-Card, the
   DEFONEOS evaluation report for your next FY
   budget bid. You use it to justify a £180k
   Platform line in next year's budget.

3. **Move-to-Q1 next FY**: I close this conversation
   at slow-cadence (1 email/quarter) and resurface
   when your procurement cycle opens.

I won't push a sale into a no-budget quarter —
that just wastes both our time."

[30s]

Objection 2.3 — "We can build this in-house for less"

"Probably not. Build-vs-buy math:

  • 30 sovereign MCPs: 30 engineers × 6 months =
    ~£1.5M Year-1.
  • 240-test automated compliance suite: 5 engineers
    × 12 months = £600k Year-1.
  • OSCAL SSP generator (UK + AUKUS profiles):
    3 engineers × 9 months = £360k.
  • 33-agent BFT defence layer: 4 engineers ×
    12 months = £480k.
  Total Year-1 build: ~£3M. Year-2 maintenance:
    ~£1M/yr.

Our Platform fee: £180k Year-1, £180k Year-2.

Build-vs-buy = £3M vs £360k over 2 years.

Sovereign caveat: even if you build, you still need
DEFONEOS-SEAL for the bidding-document use right,
which is sub-licensable under our commercial terms
if you build from our open-source substrate.

In-house build only makes sense if you're
a 1000+ FTE defence integrator with £3M spare.
Otherwise: sub-contract to us."

[40s]

Objection 2.4 — "Your competitor X is cheaper"

"[X is whatever they named — likely Palantir Foundry,
Babel Street, Databricks, AWS GovCloud, etc.]

Three things to check:

1. **Sovereign-by-construction**: are they? Or are they
   a US/Israeli product running on US/Israeli cloud?
   If so, you're paying less now and inheriting
   supply-chain sovereignty risk for the next 10 years.

2. **Compliance depth**: do they auto-generate an
   OSCAL SSP mapped to JSP 936 + NIST AI RMF +
   ISO 42001 + EU AI Act in one signed PDF?
   Palantir can do parts. We do all 5 in 240
   automated tests.

3. **Total cost over 3 years**: their per-seat /
   per-call model compounds. Our flat £180k does not.
   After Year 2, we are cheaper for any org with
   > 200 seats.

I don't pretend to be cheaper than anyone on Day 1.
I'm flat-rate-by-Year-2-cheaper-by-Year-3-when-you-
include-the-compliance-cost-they-don't-quote."

[45s]

Objection 2.5 — "Can we pay in milestones?"

"Yes. Standard milestone structure for Deployment:

  M0 (kickoff):   £18k (10% of £180k)
  M1 (OSCAL SSP): £36k (draft + review)
  M3 (BFT vote):  £42k (sovereign-council v1)
  M6 (pilot):     £42k (first SEAL on your system)
  M8 (go-live):   £42k (final + 90-day hypercare)

Or, for Platform only (no Deployment needed):
  Annual £180k billed quarterly at £45k/quarter.

Or, BOTH Platform + Deployment together: split into
6 milestone payments, with Platform running in
parallel as £45k quarterly.

If your procurement team needs a different cadence
(e.g. monthly direct-debit), I can structure that too.

What I won't do: pay-on-results-only. Sovereign
infrastructure is built then validated; I won't
condition payment on validation because that
misaligns us during the validation phase."

[40s]

3. URGENCY (5 responses)

Objection 3.1 — "We have a 6-month window"

"Standard 90-day DEFONEOS onboarding is too slow for
a 6-month window, you're right. Three time-compressed
options:

1. **44-day fast-track** (80% surcharge):
   Platform + Deployment collapses to 44 days.
   £324k Year-1 (vs £240k standard). Squeezes
   hypercare to 30 days, daily standups.

2. **SaaS-style interim** (parallel):
   You keep your current stack running. DEFONEOS
   runs alongside in observer mode for Days 1-60.
   Substrate is live; you swap your stack into
   it on Day 60-90 with no downtime.

3. **Modular adoption**:
   We deliver ONE sovereign MCP at a time at
   £6k/MCP over 6 weeks. £180k Platform after
   month 6. Audit-trail captured from Day 1.
   No 'all-or-nothing' cutover.

Honest register: option 1 (fast-track) is hard
for us. If your window is < 30 days, I can't
honestly deliver."

[30s]

Objection 3.2 — "We'll evaluate this in next FY"

"Understood. Two asks:

1. **A 30-day evidence pack** at £4,800 one-off:
   I write the OSCAL SSP draft for your unit
   specifically. You use it to scope the
   next-FY bid. Lower cost than a pilot.

2. **6-month slow-cadence re-engage**:
   I send 1 email/quarter (not weekly) checking
   on your next-FY timeline. When your window
   opens, I'm ready in 14 days.

No follow-up pressure if you say 'not now' clearly."

[20s]

Objection 3.3 — "Our pilot is at risk; we need help tomorrow"

"Same-day or 48-hour response capability exists for:

  • DEFONEOS technical-brief review (PDF turnaround
    in 4 hours).
  • One 60-minute emergency advisory session
    (£2,400 standard rate, no surcharge).
  • 1-week OSCAL SSP draft for a specific pilot
    (£6,000 one-off).

For anything that requires code-change or
deployment, 14-day minimum is my honest floor.
If your pilot genuinely needs code-change in
< 14 days, I'd refer you to a UK-prime
(QinetiQ / Atkins / BAE) who can mobilise a
team in 72 hours.

I'm a sole-trader; my response-time SLA is
set honestly."

[30s]

Objection 3.4 — "Other suppliers say they can do it faster"

"Other suppliers have 50+ engineers. They CAN
mobilise faster because they already have the
team. They also have:

1. Higher Year-1 cost (£300-500k typical).
2. Per-seat or per-call fees (they monetise
   through volume).
3. Hyperscaler dependency (AWS / Azure /
   GCP — sovereign anti-pattern).
4. Foreign-entity contracts (US Delaware
   C-corp is common — UK SC-required ops
   can't legally serve on those contracts).

My tradeoff: I can't mobilise in 72 hours,
but I CAN deliver sovereign-by-construction
at flat £180k/yr forever.

Different trades. Tell me your procurement
team's hard constraint and I'll tell you
honestly whether DEFONEOS is the right tool
or whether you need a UK-prime."

[30s]

Objection 3.5 — "Let me check with my team and get back to you"

"Good. Three honest asks on my side:

1. A specific date you'll be in touch by
   (don't leave it open-ended).
2. Permission to send you a Calendar reminder
   at +7 days if I haven't heard.
3. Permission to mention in my CRM that we
   spoke on [date] with [your role / org].

If your team says 'no' — please tell me.
I won't write the same letter 90 days later.
I will, however, follow up at +30 / +60 / +90
days with a 1-line 'still interested in [unit]?'
check.

Slow cadence is fine. Silence is fine.
A direct 'no' is preferred to slow decay."

[25s]

4. PRIME (5 responses)

Objection 4.1 — "We use BAE / QinetiQ / Thales already"

"Most likely outcome for DEFONEOS: I sit **under**
your prime as a sub-contractor. 8% of £180k = £14.4k/yr
goes to them as sub-fee. They keep the rest.

This is good for both of us:

  • They get a sovereign substrate they don't
    have to build (8-12 month saving).
  • You get a UK-sovereign-by-construction
    architecture that scores against AUKUS
    algorithmic-transparency criteria.
  • I get a contract without competing with
    the prime.

What I won't do: bid against your prime.
What I will do: cite them as the integrator
on every proposal."

[25s]

Objection 4.2 — "Our prime won't allow a sub-contractor"

"That's the prime's commercial choice — not
yours. Two honest responses:

1. **A direct license** for your unit, paying
   £180k Platform annually, but contracted via
   the prime as a pass-through. The prime
   takes 0% commercial spread but their name
   is on the contract. Their risk = £0.

2. **Your unit leaves the prime's framework**
   and contracts me directly at £180k/yr.
   This is more political than commercial.

In practice, most primes accept a £0-spread
sub-contract when the sovereign-substrate
requirement is bid-critical (JSP 936 +
AUKUS). The prime can't say no because
they don't have sovereign substrate
themselves.

If your prime refuses outright, I escalate
the conversation to their business-development
team — 70% of the time they reverse."

[35s]

Objection 4.3 — "Why not just white-label the prime's product?"

"Two reasons:

1. **They don't have sovereign substrate**.
   I checked. BAE's "Applied Intelligence"
   product line has analytics, not sovereign
   OS substrate. QinetiQ has "ISAT" + "OPTIMA"
   but those are test-and-evaluation, not
   compliance automation. Thales has
   "Sovereign Solutions" but those are network
   encryption, not AI-substrate. None of the
   UK primes has 30 sovereign MCPs + 240-test
   compliance suite + OSCAL SSP generator.

2. **White-labels expire**. When the prime's
   contract ends, you lose access. DEFONEOS
   substrate is Apache 2.0 — you fork it,
   keep it forever, run it yourselves. Sovereign
   by construction means the buyer owns the
   substrate."

[25s]

Objection 4.4 — "Our prime's contract pre-empts sub-contractors"

"Read the small print on most MOD prime
contracts — there's usually a flow-down clause
that allows the prime to nominate
sub-contractors without re-bidding. That's
the leverage I have.

If the prime's contract excludes sub-contractors
entirely (rare in MOD), then we have two paths:

1. The prime authors a 'change request' to
   MOD adding me as a named sub-contractor.
   This typically takes 30-60 days — I have
   a template change-request letter ready.
2. You contract me directly as a 'consultant
   services' contract (different procurement
   line) — not a sub-contract. Different
   approval chain.

In 8 years of MOD prime work I've seen, the
sub-contract path closes 95% of the time."

[30s]

Objection 4.5 — "Can you prove the prime will accept you?"

"No. I can't prove a counterparty's future
behaviour. What I can do:

1. **Three signed LOIs** from primes expressing
   interest in evaluating us as a
   sub-contractor. Drafted, awaiting your
   buyer-side signal. ETA 30 days.
2. **One pilot sub-contract** at a different
   UK MOD unit (which I can't yet name
   because it's in negotiation).
3. **My existing UK-prime sub-contract
   track record** from non-defence:
   two shipped, one active.

The honest proof-points: open-source
visibility (30 MCPs on PyPI, 240 tests,
OSCAL samples) + sub-contract willingness
drafted.

Pre-traction is the honest label. Pre-traction
plus pre-LOIs is the next step. Pre-traction
plus signed-LOI is Q3 2026 (current target)."

[35s]

5. TECHNICAL (5 responses)

Objection 5.1 — "How is this different from LangChain?"

"LangChain is an LLM-application orchestration
library. It chains LLM calls. It doesn't:

  • Auto-generate OSCAL SSP.
  • Run 240-test compliance suite.
  • Provide a sovereign-AI substrate.
  • Sign audit-trail (Ed25519 + SHA-512).
  • Provide 33-agent BFT defence layer.
  • Ship UK-sovereign-inference-routing.
  • Cover JSP 936 / NIST AI RMF / ISO 42001.

We use LangChain inside DEFONEOS where it's
the right tool (orchestration of sovereign-
inference calls). It's a dependency, not a
competitor.

What makes DEFONEOS different: 240 automated
tests that produce a signed compliance
artefact. LangChain has none of that."

[25s]

Objection 5.2 — "How is this different from Palantir Foundry?"

"Palantir Foundry is a US C-corp data-fabric
product. It costs £400k-£1.2M/yr per mid-size
MOD unit. It is:

  • Hosted on AWS GovCloud (US-jurisdiction
    at the cloud layer — sovereignty risk).
  • Not OS-traceable end-to-end (proprietary).
  • Not UK-AUKUS-compatibility-verified.
  • Not auto-generating OSCAL SSP for JSP 936.

DEFONEOS is:

  • Apache 2.0 (you own a fork forever).
  • UK-sovereign-by-construction (Apple silicon
    mesh, UK-AUKUS audited).
  • 240-test automated compliance.
  • £180k flat/year (per-seat-free).

Different trades. Palantir is a finished product
for US use cases; DEFONEOS is buildable sovereign
substrate for UK + AUKUS use cases."

[35s]

Objection 5.3 — "Why open-source? Won't states steal your IP?"

"Open-source is sovereignty, not charity. Three
reasons:

1. **It can be inspected.** A buyer's accreditor
   reads the source. They score us on it. We get
   to keep our accreditation.
2. **It can be forked.** The buyer's team fork it
   if we dissolve. That makes our price sustainable
   forever, not just while we exist.
3. **It can be improved externally.** Academic +
   standards-body + prime contributors all add
   to the substrate without our cost.

Will states steal our IP? Some will copy our
substrate. That's fine — sovereign copies of
sovereign code are sovereignty, not theft.
Commercial users (commercial MOD primes) need
the SEAL credential, the BFT council, the
signed-audit, and the commercial warranty —
those are not open-source.

The unsealed copies work for sovereign-state
use. The sealed copies work for commercial
use. Two-tier open-source / commercial
model has 10 years of precedent (Red Hat
/ Spring / MongoDB / Elastic / Confluent)."

[45s]

Objection 5.4 — "How do I know you won't pivot to hyperscaler?"

"Two contractual clauses I offer:

1. **No-hyperscaler clause**: Platform license
   forbids us from moving substrate to AWS /
   Azure / GCP / Google Cloud / Oracle Cloud
   without your written consent. Breach =
   £1M penalty + contract unwind.

2. **Source-code-vault clause**: We maintain
   a triplicate source-code vault (UK + EU
   + AUKUS ally) under your org's escrow
   agent. If we move to hyperscaler, you
   take the source vault, we keep nothing.

I am a sole-trader. If I die / dissolve /
divert, the vault releases the code to you.
That's sovereign-by-construction.

If your accreditor wants stronger protection,
write that into the contract. Happy to
co-draft."

[35s]

Objection 5.5 — "What's the upgrade path?"

"Standard Platform upgrade path:

  • Quarterly sovereign audit (signed PDFs)
  • Monthly MCP-version bump (via sovereign
    git-tag chain)
  • Annual OSCAL-profile refresh (each year
    we re-vote against current JSP 936 +
    AUKUS profiles)

What upgrades cost:

  • Major version bumps (v1.x → v2.0) are
    **included** in Platform. No surcharges.
  • New sovereign MCPs added by us in the
    quarter are **included**.
  • You're entitled to feature-requests via
    the sovereign roadmap (q-submit at
    github.com/csoai/defoneos-roadmap).
  • Vote weight: 1 vote per £180k Platform
    fee paid. So Unit-A at £180k has 1 vote;
    Unit-B at £540k (3 years up-front) has
    3 votes.

What upgrade-cosmetic features look like:
  • v1.0 (current): 30 MCPs, 240 tests,
    33-agent BFT, OSCAL SSP.
  • v1.1 (Q3 2026): + 6 MCPs (UK-strategic
    partners), 280 tests, BFT-council
    quorum gate, full AUKUS profile.
  • v1.2 (Q4 2026): + 12 MCPs (NATO STO
    + academic-cited), 360 tests,
    portable sovereign inference pod
    (Apple-silicon mesh runs on your desk
    + in your data-centre).

Each bump is announced 30 days ahead. You
can opt out of any single upgrade (use the
prior version) — but you can't opt out of
the audit-trail-keeping pace (we sign
quarterly, every year)."

[45s]

THE 5 GENERAL RULES (apply to every objection)

📜 Five rules, no exceptions

  1. Honesty first. Every response above opens with the explicit truth (we have no MOD contract / we are pre-traction / accreditation pending). Never dress it as more than it is.
  2. "No" is preferred to slow decay. If buyer says no, say thank you and move on. Don't push.
  3. Numbers are exact. £180k Platform. £60k Deployment. £12k SEAL. £2,400/day Advisory. Never round. The precision is the trust.
  4. Sovereign anti-patterns hold. No per-seat, no per-call, no revenue-share, sovereign-GBP only. State them explicitly when relevant.
  5. 5-min follow-up. After every objection-handled conversation, send a 5-min email summarising: what they asked, what you said, what the next step is. Filed in CRM.

THE 5 THINGS NEVER TO DO (the inverse)

🚫 Hard rules

  1. Never claim more than is true. We have 0 MOD contracts. We don't have UKAS accreditation yet. We don't have Cyber Essentials Plus yet. The honesty register holds.
  2. Never disparage a competitor by name. We don't badmouth Palantir / BAE / QinetiQ by name. We explain our tradeoffs vs theirs.
  3. Never promise a date we can't keep. Onboarding is 90 days, fast-track 44 days, emergency-response 14 days. These are real.
  4. Never close on price in the first call. First call = earn trust, demo the substrate, schedule a follow-up. The £180k number lives in the pricing card; we don't haggle in the first 15 min.
  5. Never promise MEOK Labs is anything other than a sole-trader. When procurement asks "what's your turnover?" — we say "not applicable, MEOK Labs is a sole-trader; my personal accounts are filed with HMRC under self-assessment."

THE CLOSE (every call ends in one of three moves)

SignalBuyer says / doesClose move (≤ 60s)
STRONG"When can we start? Who's the contracting officer?" "Thank you. I'll send the pricing card + 90-day onboarding arc by EOD. Let's set a Day-0 call for [date]. I won't write another email between now and then — call only."
MEDIUM"Send me the deck. I'll review with my team." "Will do. Pricing card + technical brief PDF + 8-page sample OSCAL SSP attached. I'll follow up +7 days. If your team's review lands in 14 days, we can compress to fast-track. If you need a 1-day paid Advisory Day to read it with us, I'm happy to do that at £2,400, refundable against Platform."
WEAK"Not now / send me a brochure / I'll think about it." "Understood. I'll send a one-page opener via email tomorrow. I'll re-engage at +30 / +60 / +90 days. If your timing opens up, the email reply gets to me. Direct line: nicholas@csoai.org."

Hash: SHA-512 of this HTML signed in tick-62 + tick-63 SIGILs. Read aloud daily for 7 days before any buyer call.
Sovereign. British. Audit-grade. Forever. 🐉