Part of the Canadian AI Sovereignty Series
The implications of data exposure without procurement
For as long as states have worried about technological dependency, procurement has been the vehicle of exposure, and therefore the site of control. You governed the risk by governing the purchase: the contract, the vendor, the terms. That assumption no longer holds. Modern AI systems are architected as shared operational environments, and a state can be fully exposed to one, acting on its outputs daily and feeding it data continuously, without any acquisition event ever occurring.
Exposure has decoupled from procurement. This is extremely dangerous and a potentially euphemistic phrase. Procurement of technology by government has long been an issue, for many reasons: technology is not furniture. It is not a chair. As a result issues like the length of the process, the lack of sophistication and knowledge in the parties doing the procuring, the unwieldiness of the process itself, the potential workarounds like third-parties, the blank cheques of standing offers and other sourcing arrangements, the technical and selling sophistication of vendors versus governments. But at least it was a process, if a set of imperfect vehicles.
Increasingly it is looking like there is no vehicle at all. Data adjacency is in some ways an illustrative, euphemistic term. It’s data exposure through proximity. That occurring without a procurement vehicle negates the purpose and value of procurement and by extension, of sovereignty. We do not know any longer what kind of data exposure we are experiencing.
And it’s not just data. The vehicle is degrading even where it still exists. Governments themselves are failing to follow procedure. Ontario is ramming through single-source contracts on items as simple as school supplies, which seemingly no longer go to multiple bids; just the proverbial iceberg tip.
It’s important to distinguish between interoperability and adjacency. Interoperability means allied systems can communicate. Data adjacency means one state’s data, personnel, and decisions become exposed to or dependent on another state’s procured analytic layer. The issue is not cooperation. The issue is whether cooperation now carries algorithmic governance obligations that older defence agreements never named.
Project Maven is one of the clearest articulations of this shift. Maven is the Pentagon’s AI and intelligence program, established in 2017, whose computer vision functions detect, identify, characterize, extract and attribute objects in imagery and video. The Maven Smart System, its flagship operational layer, is a Palantir-integrated, AI-enabled command-and-control platform that fuses data feeds, displays detections, supports targeting workflows, and generates a shared operational picture. In July 2024, NORAD and USNORTHCOM adopted it. Public reporting indicates the system helped display and track Russian and Chinese military aircraft near North America, and that by 2025 the two commands had roughly 2,000 daily users.
Canada does not “use” Project Maven. That sentence is accurate, sourceable, and almost entirely beside the point. NORAD is binational. Canadian personnel staff it, a Canadian deputy commander helps lead it, and Canadian aircraft scramble on the basis of what its screens show. When the operational picture inside NORAD is increasingly generated, fused, and prioritized by a U.S.-procured, Palantir-integrated AI system, Canada is acting on that system’s outputs every day, while the contract, the evaluation, and the audit rights all sit in Washington.
Calling this condition data adjacency describes the situating, not the risk: sovereignty exposure to an AI system through shared operational environments rather than through procurement. Canada is not a Maven customer. Canada is a Maven-adjacent state. The distinction matters because everything Canada has built to govern technology acquisition attaches to the customer relationship, and almost nothing attaches to the adjacent one.
Adjacency is a structural position
Data adjacency has three defining features that distinguish it from ordinary alliance interoperability.
First, the exposure is continuous, not transactional. Intelligence sharing under Five Eyes involves discrete products crossing a border under negotiated handling rules. Adjacency to an AI-enabled command system means the analytic layer itself, the thing deciding what appears on the screen and in what priority, is foreign-procured and foreign-governed. Canada is adjacent not just to data but to inference: to detection thresholds, target recognition models, confidence scoring, and fusion logic it did not select and cannot inspect.
Second, the exposure is asymmetric by construction. The United States procured the system, holds the contract, sets the data rules, and controls the upgrade path. If Palantir changes data or model behavior, if the Department of Defense changes data retention or classification handling, if U.S. export control policy shifts what functionality allied users can access, the shared picture Canada relies on changes with it. Canada holds no contractual lever on any of those decisions.
Third, the data flows are bidirectional even when the governance is not. Canadian sensor feeds, Canadian radar tracks from the Canadian Air Defence Sector at 22 Wing North Bay, Canadian-collected surveillance data all flow into the shared environment. Once inside a U.S.-procured cloud and software stack, that data lives under U.S. legal regimes, including CLOUD Act reach, regardless of where the sensor sat. Canada contributes the raw material of the shared picture and receives back an interpretation governed by another state’s vendor relationships.
Canada’s own modernization runs on the same rails
Canada’s documented NORAD contribution moves in the same architectural direction. NORAD Cloud-Based Command and Control, or CBC2, formerly Pathfinder, is the Canada-U.S. effort that applies cloud computing and machine learning so NORAD commanders can make faster decisions. Canada demonstrated CBC2 at 22 Wing in January 2024, and NORAD describes the system as drawing on tactically relevant data feeds plus AI and machine learning to improve situational awareness and help leaders develop courses of action. That work sits inside Canada’s $38.6-billion, 20-year NORAD modernization plan spanning command and control, sensors, air weapons, infrastructure, and science and technology.
CBC2 and Maven Smart System are adjacent systems inside the same North American defence stack. Canada’s money, sensors, and personnel modernize one layer while the operational AI layer above it increasingly runs through U.S.-led procurement with Palantir at the integration seam. The sovereignty question is therefore not whether Canada has AI in NORAD. It does, and is paying handsomely for more. The question is which state, which vendor, which cloud, which model, which data rules, and which audit trail govern the shared picture Canada is acting on. On current evidence, the answer to every clause in that sentence is: not Canada’s.
Procurement is the accountability chokepoint, and adjacency routes around it
Nearly all of Canada’s technology governance machinery is procurement-shaped. Contract disclosure, Treasury Board directives, the Directive on Automated Decision-Making, algorithmic impact assessments, PSPC oversight, the Office of the Procurement Ombud, parliamentary committee scrutiny of vendor spending, access-to-information requests against Canadian contract records: every one of these instruments assumes a Canadian buyer, a Canadian contract, and a Canadian paper trail.
Data adjacency delivers the full exposure those instruments exist to control while leaving every one of them dormant. The contract, the impact assessment, the procurement file, and the vendor relationship all exist, but they exist in Washington, attached to another government’s acquisition. The system entered Canada’s operational reality through a binational command arrangement, a vehicle built six decades ago to carry aircraft, radar, and command authority, long before anyone imagined it carrying algorithmic accountability obligations.
This is security leakage in the precise sense. The exposure leaks in around the accountability perimeter rather than through it. Canada carries the complete risk profile of adopting a foreign AI targeting-support system: the model shaping operational decisions, the data flowing into another state’s legal jurisdiction, the vendor dependency at the integration layer. Every process Canada built to manage exactly this category of risk remains intact and is rendered irrelevant simultaneously, because each one waits for a trigger, and the trigger is a purchase that happened in another capital. Full exposure, zero process engagement. The processes still run. They run beside the risk instead of on top of it.
This is the new fragility of procurement as a sovereignty instrument, simultaneously bureaucratically unwieldy and increasingly irrelevant . Procurement governs what you buy. Adjacency delivers what you operate inside, and delivers it ungoverned. A state can maintain immaculate procurement discipline, running every domestic AI acquisition through impact assessment and public disclosure, while its most consequential AI exposure, the system mediating continental air defence decisions, arrives through a treaty relationship that discipline was scoped away from. The oversight architecture works exactly as designed. Adjacency routes the exposure around the design.
The pattern generalizes beyond NORAD. Coalition data-sharing arrangements, allied intelligence fusion environments, NATO interoperability standards, and joint exercises with AI-enabled U.S. platforms all create adjacency without acquisition. Each is a vehicle through which foreign-procured AI becomes operationally load-bearing for Canada while remaining formally invisible to Canadian accountability mechanisms.
Adjacency-aware governance has to be built at the treaty layer
If procurement cannot see adjacency, the governance has to move to where adjacency is created: the binational and alliance agreements themselves.The following four conditions are necessary, at a minimum:
Canada needs adjacency mapping as a standing exercise: a documented inventory of foreign-procured AI systems whose outputs Canadian personnel act on, maintained the way critical infrastructure dependencies are supposed to be.
Canada needs audit and explanation rights negotiated into the NORAD relationship, covering the models and fusion logic that generate the shared picture, at minimum for the systems Canadian data feeds.
Canada needs data governance clauses that follow Canadian-originated sensor data into allied environments, addressing retention, secondary use, model training, and CLOUD Act exposure explicitly rather than by silence.
And Canada needs change notification obligations: a right to know when the analytic behavior of the shared picture changes materially, because a detection threshold adjusted in a vendor update is an operational policy change for both countries, made by one.
None of this requires Canada to refuse the shared picture. Binational defence of the continent is the point of NORAD, and interoperability with U.S. systems is still an operational necessity today. The argument is narrower and harder: interoperability without instrumented accountability converts a defence partnership into a governance dependency. Canada is spending $38.6 billion to modernize its half of a command relationship whose cognitive layer it neither procures nor audits. But it does require us to demand definition, a position which itself may not have a vehicle.
The Canadian AI sovereignty series has traced how Canadian government AI dependency travels through contracts, clouds, and statutes. Data adjacency is the case where it travels through none of them, and yet we must manage it anyway. A sovereignty framework scoped to procurement will certify systems Canada buys while remaining blind to the systems Canada lives inside. The shared picture is already on monitors in North Bay. But who defines the boundaries, how are they maintained, and who gets to ask the questions?
We may be moving to a world of increasingly porous sovereignty or even post-sovereignty. Imagine there’s no countries. I wonder if you can. But we are not there yet. Any movement in that direction must be done carefully and consciously, for reasons that are being made extremely clear in rhetorical and physical violations in the Americas, Europe and the Middle East. Sovereignty testing, from kidnapping heads of governments to ongoing violent border crises and long term incursions to explicitly threatening allies with invasion or subjugation, is happening everywhere. Palantir, whose technologies lead and facilitate much of this, has made their views on American exceptionalism and the acceptability of force clear. We don’t need to be another example.

