RFP PIPELINE · LIVE
Active Responses
Qualifying
2Etihad Rail
Digital Twin Programme · Asset Intelligence
Nov 14£3.2M
Saudi Data & AI Authority
Sovereign AI Reference Architecture
Nov 28£1.8M
Drafting
4Qatar National Development
Emirates NBD — Regulated AI Platform
12 days$5.6M
FH
KN
SO
NV
PARTNERS · NVIDIA · HPE
du Telecom UAE
Regulated AI Platform · Phase 1
Nov 08£12.4M
PARTNERS · HPE · NVIDIA
Saudi Pro League
Digital Transformation — AI Assistant + App
Dec 02$2.0M
PARTNERS · Core42
Yas Marina Circuit
Racetrack Telemetry Modernisation
Dec 15£4.1M
PARTNERS · NVIDIA · Cerebras
Internal Review
3EDGE Group
Classified Comms Platform
3 days£8.2M
PARTNERS · HPE
Majid Al Futtaim
Retail AI Services Framework
Dec 01£2.8M
Abu Dhabi Sports Council
VAR Decision Support — Phase 1
Dec 06£1.9M
Legal / Risk
2CBUAE
Regulatory SLM Sandbox
Overdue 1d$3.8M
Saudi Ministry of Defence
Sovereign Compute Blueprint
2 days$6.4M
PARTNERS · NVIDIA · Cerebras
Ready
1Qatar Armed Forces
AI Governance Programme
Submit EOD£5.2M
Submitted
2Etisalat Group
Network AI · Phase 3
Oct 22£7.1M
DFSA
Supervisory AI Framework
Oct 18$1.4M
Emirates NBD — Regulated AI Platform· Core42
5 active · CH, KK, SO, +2 external
RFP Summary
extracted by Parser · Nov 04
Tender Code: ENBD-RFP-2026-047 (public sector, AI platform supply)
Issued by: Emirates NBD · Group Technology Procurement
Objective: Procurement of sovereign AI platform for Federal-scope agentic workflows, data-sovereign by default, operated within Core42's MENA infrastructure with full regulatory traceability.
Arabic + English: bilingual RFP (102 pages). Parser extracted from both language streams.
Issued by: Emirates NBD · Group Technology Procurement
Objective: Procurement of sovereign AI platform for Federal-scope agentic workflows, data-sovereign by default, operated within Core42's MENA infrastructure with full regulatory traceability.
Arabic + English: bilingual RFP (102 pages). Parser extracted from both language streams.
Salesforce Opportunity
bidirectional · last sync 14:18 UTC
LIVE
Core42 CRM · Opp #OPP-84127 · Emirates NBD
- Account
- Emirates NBD
- Amount
- $5,600,000 USD
- Close date
- 31 Jan 2026
- Owner
- Faisal Al Hashemi · Head of Strategic Bids
- Probability
- 65%
Stage
Qualification
Discovery
Proposal
RFP Response
Negotiation
Closed Won
14:18:22 · just synced
RFP status → Salesforce custom field
Opp.RFP_Progress__c set to "71.9% · On Track"
#
Section
Question
Owner
State
Words
Activity
Q.01
Security
Describe your SOC 2 Type II compliance posture and provide evidence of last audit.§12.1 · p.34
FH
Approved
412 / 500
2h ago
Q.02
Security
Detail your incident response SLA for P1 security events affecting tenant data.§14.3.2 · p.87
KN
SO
Blocked
287 / 400
14m ago
Q.03
Technical
Outline the reference architecture for multi-tenant inference at 40K req/sec with Arabic NLP.§8.4 · p.52
SO
NV
Drafting
1,847 / 2,000
just now
Q.04
Technical
How does your platform handle model drift detection and automatic remediation?§8.7 · p.58
SO
In Review
623 / 750
47m ago
Q.05
Storage
Provide specifications for primary data store — throughput, IOPS, in-country replication.§9.2 · p.64
HB
HPE · Drafting
412 / 800
23m ago
Q.06
Sovereignty
Confirm no data, metadata, or logs may transit outside UAE territorial boundary.§3.1 · p.12
FH
Approved
892 / 1,000
yesterday
Q.07
Commercial
Provide pricing breakdown for a three-year managed service with 99.95% SLA.§17.1 · p.98
ML
Drafting
342 / 600
1h ago
Q.08
Legal
Confirm willingness to accept uncapped liability for data protection breaches under UAE PDPL.§19.4 · p.102
JW
In Review
184 / 300
3h ago
Q.09
Infra
Describe GPU allocation model, interconnect, and thermal envelope for on-prem deployment.§8.11 · p.71
NV
NVIDIA · Drafting
1,204 / 1,500
1h ago
Q.10
Technical
What is your roadmap for NVAIE and NIM microservice integration across the platform?§8.12 · p.73
—
Unassigned
0 / 800
—
— 22 more questions · 9 unassigned —
EMIRATES NBD Q.02 · SECURITY · INCIDENT RESPONSE SLA
Detail your incident response SLA for P1 security events.
FH
KN
SO
Source · RFP §14.3.2 p.87
Detail your incident response SLA for P1 security events affecting tenant data, including time-to-acknowledge, time-to-contain, and customer notification obligations.
"The Supplier shall maintain a documented incident response capability aligned with ISO 27035. For P1 security events the Supplier shall acknowledge within 15 minutes, contain within 4 hours, and notify the Authority's DPO within 2 hours of containment…"
— Emirates NBD RFP §14.3.2 · p.87
Requirements
- ▸ Word limit: 400
- ▸ Compliance-critical: YES
- ▸ Evidence required: ISO 27035, runbook
- ▸ Section weight: 18%
Incident Response SLA — P1 Security Events
Core42 operates a 24×7 Security Operations Centre aligned to ISO 27035 and NIST SP 800-61 Rev.2SHAREPOINT · Core42 Proposals ArchiveFile: Core42-Bid-2025-MoI.docx
Page: 23
"…aligned to ISO 27035 and NIST SP 800-61 Rev.2 with quarterly tabletop exercises coordinated with the customer CSIRT function…", with P1 event handling governed by our Incident Response Runbook v3.2 (Aug 2026)LIBRARY · lib_sec_ir_003File: IR Runbook v3.2
Reviewed Aug 2026 · Verified by FH
"…On detection of a P1 event, the on-call SOC lead shall acknowledge within 10 minutes via PagerDuty escalation to the incident channel…".
For any P1 event — defined as confirmed or suspected unauthorised access to Customer Data, ransomware activity on platform infrastructure, or platform-wide availability impact — our committed SLA is:
▸ Acknowledgement: within 10 minutes of detection.
▸ Containment: within 3 hours of acknowledgement.
▸ DPO Notification: within 90 minutes of containment.
All responders are SC-cleared and operate under our SOC 2 Type II certified runbookKN, with every action logged to an immutable audit store retained for 7 years.
A full post-incident review is delivered within 10 working daysSHAREPOINT · Core42 Proposals ArchiveFile: Core42-Bid-2024-DHA.docx
Page: 67
"…a full post-incident review delivered within 10 working days, including root-cause analysis and remediation actions…", including root-cause analysis and remediation actions.
287 / 400 words · 3 citations · 1 unresolved comment
Citations & Verifier
Citations (3)
SHAREPOINT · Core42 Proposals
Core42-Bid-2025-MoI.docx · p.23
…aligned to ISO 27035 and NIST SP 800-61 Rev.2 with quarterly tabletop exercises coordinated with the customer CSIRT function…
LIBRARY · VERIFIED
IR Runbook v3.2 · P1 Handling
Section 4.2: On detection of a P1 event, the on-call SOC lead shall acknowledge within 10 minutes via PagerDuty escalation…
⚠ CERT · EXPIRES SOON
SOC 2 Type II Report (2025)
The claim "SOC 2 Type II certified runbook" relies on attestation expiring in 14 days. Renewal audit in progress.
/ Compliance Verifier
FAILED · 1 of 4
ISO 27035 alignment claim
✓ evidence matched · Policy-SEC-001
10-minute acknowledgement SLA
✓ matched to PagerDuty metric · 99.2% p95
7-year audit log retention
✓ matched to data retention policy §3.4
"SOC 2 Type II certified runbook"
✗ certification expires in 14 days · claim is time-bound
Blocking Issue
Cannot transition to Approved. SOC 2 Type II claim references a certification expiring before submission date.
EMIRATES NBD DOCUMENT STRUCTURE
Proposal Structure
Drag sections using the
⋮⋮ handle to reorder. Content, questions, citations, and compliance mappings move with the section. Try: drag Out of Scope above Pricing.
/ 8 sections · 32 questions
last modified 23m ago · SO
EMIRATES NBD COMPLIANCE MATRIX — AUTO-GENERATED
Compliance Matrix
Generator last ran · 12m ago
Compliance-at-inference: this matrix was built from every compliance-critical requirement in the RFP and cross-checked against your library, certifications, and policies. Non-compliant rows block response approval at the moment of generation — not as a post-hoc review. Override requires an evidence citation verified by the Compliance Verifier agent.
#
Section
Requirement
Status
Evidence
Action
R.01
Sovereignty
No Customer Data, metadata, or logs may transit outside UAE territorial boundary.
Compliant
Evidence: Data Residency Policy v2.1
Architecture: in-region deployment to Core42 cloud only · fail-closed egress
Architecture: in-region deployment to Core42 cloud only · fail-closed egress
View →
R.02
Security
Maintain ISO 27001 certification covering all Customer Data processing systems.
Compliant
Evidence: ISO 27001 Certificate · valid to Dec 2026
Scope matches · auditor: BSI Group
Scope matches · auditor: BSI Group
View →
R.03
Security
Supplier shall hold SOC 2 Type II attestation valid throughout the contract term (min. 12 months from contract signature).
Non-Compliant
Evidence: SOC 2 Type II Report (2025)
⚠ Attestation expires 05 Nov 2026 — 14 days. Renewal audit in progress, report expected 5 Dec.
⚠ Attestation expires 05 Nov 2026 — 14 days. Renewal audit in progress, report expected 5 Dec.
Override →
R.04
Legal
Supplier shall comply with UAE Personal Data Protection Law (PDPL) as amended.
Compliant
Evidence: UAE PDPL Compliance Attestation
Legal reviewed Oct 2026 · DPO: J. Webb
Legal reviewed Oct 2026 · DPO: J. Webb
View →
R.05
Technical
Support for Arabic language inference with bilingual response quality ≥ English baseline.
Partial
Evidence: Arabic Language Benchmark (Q3 2026)
Currently 92% of English quality — gap narrowing · Qwen2.5 fine-tune in progress
Currently 92% of English quality — gap narrowing · Qwen2.5 fine-tune in progress
View →
R.06
Infrastructure
Support air-gapped on-premises deployment within Customer's own data centre.
Compliant
Evidence: Air-gapped Runbook v2.3 · Core42 Ref Deploy
Proven reference in Core42 UAE sovereign cloud
Proven reference in Core42 UAE sovereign cloud
View →
R.07
Commercial
Maintain financial covenants: current ratio ≥ 1.2, minimum £5M annual turnover.
Compliant
Evidence: FY25 Audited Accounts
Current ratio 2.4 · turnover £8.7M
Current ratio 2.4 · turnover £8.7M
View →
R.08
Governance
Every deployed AI model must be logged with risk classification, intended use, and approval chain.
Compliant
Evidence: Model Governance Framework v3 · Model Registry
All 14 production models logged · ISO 42001 aligned
All 14 production models logged · ISO 42001 aligned
View →
R.09
Operational
Provide 24×7 in-region support with Arabic-language incident coordinator available.
Partial
Evidence: Support Coverage Matrix
Arabic-language L1 · 08:00–20:00 GST · 24×7 coverage via English-medium rota. Clarification requested.
Arabic-language L1 · 08:00–20:00 GST · 24×7 coverage via English-medium rota. Clarification requested.
View →
R.10
Security
Penetration testing performed at least annually by independent accredited third party.
Compliant
Evidence: Pen Test Report Q3 2026
No findings · auditor: Secureworks
No findings · auditor: Secureworks
View →
— 20 more compliant requirements —
EMIRATES NBD REVIEW GATES · SHIPLEY METHODOLOGY
Review Gates
Rubric mapped to Core42 SOW Section 4.2
Blue · Strategy
Bid/no-bid decision, opportunity shaping, win themes.
Threshold: ≥ 70 of 100 · 4 evaluators
Win theme alignment
Discriminator clarity
Pink · Solution
Technical approach, architecture, mid-draft review.
Threshold: ≥ 75 of 100 · 3 evaluators
Architecture fit
Resourcing credibility
Risk mitigation
Red · Final Draft
Final response quality, compliance, commercial terms. Active · awaiting score.
Threshold: ≥ 80 of 100 · 4 evaluators
Compliance posture (open rubric →)
Commercial competitiveness
Narrative coherence
Gold · Submit
Board / executive sign-off, final legal review.
Threshold: approver sign-off · 2 evaluators
awaiting Red pass
RED GATE · OPEN RUBRIC
Compliance posture — scoring as Rashed Al Mansoori
Criteria: Core42 SOW §4.2 · Pass threshold ≥ 80 of 100 · your scores only
Regulatory evidence
Every compliance-critical claim traceable to a current, valid evidence artefact (certificate, policy, audit).
× weight 30
Sovereignty posture
No data or metadata exfiltration from UAE boundary. Technical controls demonstrable.
× weight 25
Arabic language capability
Bilingual inference quality parity with English baseline. Benchmark credible.
× weight 20
Operational support
In-region 24×7 support coverage with credible incident coordinator capability.
× weight 15
Reference credibility
Verifiable reference deployments at comparable scale within last 24 months.
× weight 10
Your weighted score
— / 100
Pass threshold
≥ 80
Pending
EMIRATES NBD COLLABORATORS & PERMISSIONS
Collaborators
Internal · Core42tenant CORE42-PROD
Person
Role
Sections
Workload
Status
FH
Faisal Al Hashemi
faisal.alhashemi@core42.ai
Approver
All sections
12 assigned
Active
KN
Khalid Al Nuaimi
khalid.alnuaimi@core42.ai
Reviewer
SecurityCommercial
8 assigned
Active
SO
Samir Obeid
samir.obeid@core42.ai
Technical
11 assigned
Active
JW
Jamila Al Wahaibi
jamila.alwahaibi@core42.ai
Reviewer
LegalCompliance
6 assigned
Away 2h
Emirates NBD — Evaluators
Customer-side · invited by Faisal Al Hashemi · Red & Gold gate evaluators
SCOPE Review gates only
Person
Role
Scope
Gate
Status
RM
Rashed Al Mansoori
r.almansoori@emiratesnbd.com
Evaluator
ComplianceTechnical
Red · pending
Active
NK
Nadia Khoury
n.khoury@emiratesnbd.com
Evaluator
Commercial
Red · pending
Offline
AQ
Aisha Al Qasimi
a.alqasimi@emiratesnbd.com
Gold Approver
All
Gold · pending Red
Offline
Hewlett Packard Enterprise
External partner · scope: Infrastructure, Storage
SCOPE InfrastructureStorage
Person
Role
Sections
Workload
Status
HB
Hassan Al Balushi
h.albalushi@hpe.com
StorageInfrastructure
3 assigned
Active
ENFORCED BY POSTGRES RLS · AUDIT-LOGGED · DPA ACTIVE
NVIDIA
External partner · scope: GPU, NVAIE, NIM
SCOPE InfrastructureTechnical
Person
Role
Sections
Workload
Status
NC
Neil Christie
nchristie@nvidia.com
InfrastructureTechnical
2 assigned
Active
RLS-ENFORCED · READ/DRAFT ON INFRA + TECHNICAL · NO PRICING · AUDITED
EMIRATES NBD AUDIT TIMELINE
Activity
14:23:07 · today
Compliance Verifier flagged time-bound claim in Q.02· SOC 2 expires 14 days
view →
14:22:14 · today
Compliance Matrix Generator auto-generated matrix· 30 requirements · 24 compliant · 1 NC
view →
14:18:22 · today
Salesforce Sync wrote
Opp.RFP_Progress__c = "71.9% · On Track"· OPP-84127view →
14:18:43 · today
Khalid Al Nuaimi edited Q.02· +47 words, −12 words
view →
14:07:22 · today
Neil Christie (NVIDIA) edited Q.09 GPU fabric spec· +184 words
view →
13:51:22 · today
Samir Obeid reordered sections· "Out of Scope" moved above "Pricing"
view →
13:22:51 · today
Answer Drafter generated draft for Q.04· 623w · SharePoint: 3 cites · claude-opus-4.7
view →
11:18:22 · today
SharePoint Retriever indexed 50 proposals from Core42 archive· 1,247 chunks · trust-scored
view →
Nov 04 · 17:42
RFP Parser extracted 32 questions· ENBD-RFP-2026-047.pdf · 102 pages · Arabic+English · 142s
view →
Nov 04 · 17:38
Faisal Al Hashemi created RFP workspace· Emirates NBD
view →
ANSWER LIBRARY · CORE42-PROD TENANT
Canonical Answers
What is your SOC 2 Type II compliance status?
Core42 maintains a SOC 2 Type II attestation covering Security, Availability, and Confidentiality trust criteria, most recently attested by BDO for the period 1 Sep 2024 – 31 Aug 2025…
Expires 14d
Describe your approach to multi-tenant data isolation.
Every tenant in the platform is isolated at three layers: database (row-level security keyed on tenant_id with Postgres RLS), compute, and network…
Verified
How do you support data residency in the UAE/GCC region?
All Customer Data for GCC-region tenants is processed and stored exclusively within Core42 MENA region or AWS me-central-1. No data, metadata, prompts, or logs transit outside the region…
Verified
Do you support air-gapped on-premises deployment?
Yes. Core42 ships as a Helm chart deployable to any Kubernetes distribution. Our air-gapped deployment bundle includes all container images, a local model cache with quantised variants…
Verified
How do you prevent prompt injection in agent workflows?
Our Guardrail Engine runs three checks on every tool invocation: input sanitisation, semantic intent classification, and post-execution output scanning…
Verified
What LLM providers do you support?
The platform is model-agnostic via our Model Router abstraction. Native support includes: Anthropic Claude (all variants), OpenAI GPT-4/o-series, Google Gemini, Mistral, Cohere, Meta Llama…
Needs review
Provide three references for deployments at £5M+ scale.
[Reference 1: Etisalat Group — Network AI transformation, $9.4M over 2yr] [Reference 2: Core42 — sovereign AI platform, $4.2M over 18mo] [Reference 3: Gulf Defence prime, NDA]
Verified
Describe your model governance and approval workflow.
Every model deployed into production passes a three-stage gate: capability assessment, risk classification with autonomy ceiling, and Platform Council approval for High-risk agents…
Verified
What is your policy on using Customer Data for model training?
Customer Data is never used for cross-customer training under any circumstances. Contractually enshrined in Clause 11.5 and Schedule 7 of our MSA…
Verified
AGENTS · RFP RESPONSE MODULE
Agent Console
RFP Parser
rfp-parser · v2.1.4
Ingests RFP documents (PDF/DOCX). Extracts structured questions, sections, deadlines, word limits. Arabic + English supported.
RiskLow
AutonomyAutonomous
Modelclaude-haiku-4.5
Toolsdoc-processor
Runs (30d)48
Success100%
Avg time142s
SharePoint Retriever
rfp-sp-retriever · v1.4.0
Searches Customer's SharePoint proposal archive via MS Graph. Chunks, trust-scores, feeds Drafter. Permission-mirrored so access follows the user's SP entitlements.
RiskLow
AutonomyAutonomous
Modelclaude-haiku-4.5
Toolsms-graph, chunker
Indexed1,247
Searches412
Avg relv.0.84
Answer Drafter
rfp-answer-drafter · v3.2.1
RAG drafting over library + SharePoint archive + boilerplate store. Produces cited drafts. Writes rfp.responses as state='draft'.
RiskMedium
AutonomyHITL
Modelclaude-opus-4.7
Toolslib-search, sp-search
Runs (30d)1,247
Accept rate73%
Avg tokens8.4K
Compliance Matrix Generator
rfp-matrix-gen · v1.2.0
Auto-generates the per-requirement Compliant / Partial / Non-Compliant matrix. Runs on every requirement flagged compliance-critical.
RiskHigh
AutonomyHITL
Modelclaude-opus-4.7
Toolsevidence-search
Runs (30d)64
NC flags14
Avg reqs28
Compliance Verifier [MOAT]
rfp-compliance-verifier · v1.8.0
Mandatory gate before any response passes Red review. Enforces policy at inference, not post-draft — the architectural moat.
RiskHigh
AutonomyHITL (locked)
Modelclaude-opus-4.7
Toolsevidence-search
Runs (30d)892
Flags raised41
Avg claims6.2
Salesforce Sync
rfp-sf-sync · v1.1.0
Bidirectional: reads opportunity context from Salesforce, writes back bid status, artefacts, and state changes. Idempotent retries; audit every write.
RiskMedium
AutonomyHITL
Modelclaude-haiku-4.5
Toolssf-api
Reads (30d)342
Writes48
Errors0
Reviewer Router
rfp-reviewer-router · v1.3.2
Routes drafted responses and review-gate packages to the right evaluator. Notifies via Slack/Teams. SLA countdown.
RiskLow
AutonomyOn-loop
Modelclaude-haiku-4.5
Toolswebhooks, slack
Runs (30d)634
SLA hit94%
Escalations8
Library Curator [MOAT]
rfp-library-curator · v2.0.0
Solves 22%-per-month library decay. Uses win/loss + human edits to propose canonical updates. Every proposal requires human approval.
RiskMedium
AutonomyHITL
Modelclaude-opus-4.7
Toolslib-write, diff
Runs (30d)187
Proposals47
Accepted89%