Methodology — how WULFRN verifies and classifies NATO defense procurement data
WULFRN aggregates publicly published defense procurement data from nine government sources across 32 NATO nations and the US Department of Defense. This page documents exactly how we classify, enrich, and verify every record — every step is open, every limitation is named, and the underlying source-portal URLs are linked throughout so anyone can audit the pipeline against the originals.
By Vilhelm Drosjer, founder, WULFRN·Last updated 2026-05-21·~9 min read
Data sources — the nine portals
WULFRN ingests from nine government portals daily at 06:00 UTC. Each source covers a distinct slice of NATO defense procurement; together they give the most complete public picture available.
TED — Tenders Electronic Daily
EU/EEA + Norway + Iceland + Liechtenstein · Daily (TED v3 API)All above-threshold defense and security tenders from 27 EU member states plus the EEA. Filtered by CPV codes, buyer allowlist, and keyword.
Doffin
Norway (incl. below-threshold) · Daily (REST API)Norwegian national portal — captures the below-threshold notices that never appear on TED. Roughly half of WULFRN's Norwegian defense records come from Doffin-only notices.
NSPA
NATO supranational · Daily (Playwright + Cloudflare bypass)NATO Support and Procurement Agency. Multinational logistics, MRO, ammunition, missile sustainment, airlift. Cloudflare-protected portal — ingested via headless browser.
NCIA
NATO C4ISR / cyber · Daily (Playwright + Cloudflare bypass)NATO Communications and Information Agency. Classified networks, satellite communications, command-and-control software, cybersecurity tooling.
SAM.gov
US Department of Defense · Daily (System for Award Management API)Federal procurement notices from US DoD components — DLA, NAVSEA, AFLCMC, Army, Marine Corps, Space Force, and program offices.
FMV.se / e-Avrop
Sweden (incl. below-threshold) · Daily (web scrape)Swedish Defence Materiel Administration (FMV) and the e-Avrop platform used by Swedish authorities for procurement.
udbud.dk
Denmark (incl. below-threshold) · Daily (web scrape)Danish national procurement portal — DALO and below-threshold Danish defense notices.
HILMA
Finland (incl. below-threshold) · Daily (web scrape)Finnish national procurement notice service (Hankintailmoitukset). Puolustusvoimat and Puolustushallinnon rakennuslaitos defense notices.
Ríkiskaup / island.is
Iceland · Daily (web scrape)Icelandic central procurement portal. Low absolute volume but full coverage; Landhelgisgæsla (coast guard) and ministry procurement.
Refresh cadence is daily at 06:00 UTC, monitored via per-source ingestion-rate counters. Source-portal outages (most commonly Cloudflare challenges on NSPA/NCIA) are logged and re-queued for the next cycle so no record is silently dropped.
Defense classification methodology
Every ingested record is run through a two-rule classifier before being tagged as is_defense=true:
- Rule A — Buyer allowlist: the buyer name is matched against a curated allowlist of 258 NATO defense entities across 32 NATO nations and the US, including 755 known name variants (e.g. FORSVARSMATERIELL, Forsvarsmateriell, Forsvarsmateriell (Defense Equipment) all collapse to the same entity). The allowlist covers central defense procurement agencies (Forsvarsmateriell, BAAINBw, DGA, FMV, DLA, DALO, etc.), defense ministries, defense estates agencies (Forsvarsbygg and equivalents), defense research institutes (FFI, FOI, VTT-MIL, etc.), service branches, cyber commands, intelligence services, NATO supranational bodies (NSPA, NCIA, NATO HQ), and authorised joint-armament organisations (OCCAR programmes route through national agencies).
- Rule B — Defense CPV taxonomy: if the record's CPV code (Common Procurement Vocabulary) falls within the defense-relevant range, it is classified defense regardless of buyer. The taxonomy covers 37 defense-only codes (35200000–35999999 military equipment, weapons, ammunition, naval/air/land systems), 36 dual-use codes (35100000–35199999 security, surveillance, emergency equipment that defense buyers and civilian buyers both purchase), and 7 civilian opt-out codes (medical, education, general construction) that suppress defense classification when the buyer is not on the allowlist.
A record is defense if Rule A OR Rule B fires. Civilian buyers (universities, hospitals, municipalities, fire departments, public utilities) are excluded by default but retained in the database with a secondary classification flag for dual-use queries (e.g. a fire-department C4ISR procurement that may be commercially adjacent to defense).
Both the buyer allowlist and the CPV taxonomy live in version-controlled YAML files in the codebase. Changes are auditable via git history. The classifier itself is a pure function — same input always produces the same output, no machine-learning drift, no opaque decisions.
The honest numbers
WULFRN's headline figures, current to 2026-05-21:
The 12.2% defense ratio is the most honest single statistic on this page. Most procurement-aggregator marketing claims headline numbers — "we cover 500,000 tenders!" — without disclosing that the overwhelming majority are civilian. WULFRN ingests the same kind of noisy pipeline and then filters it. The 22,351 verified-defense records are the actual product; the rest are kept for traceability and dual-use analysis but not surfaced in defense queries.
Known limitations
Every dataset has limits. The ones below shape how WULFRN's figures should be read:
- Award-value disclosure rates vary by source portal. 50.5% of Norwegian defense award notices on Doffin carry a disclosed EUR value; the remaining 49.5% are recorded as awarded without monetary disclosure. This is a source-portal limitation, not a WULFRN gap — Doffin awards in particular almost never publish value. SAM.gov US awards disclose value >95% of the time; TED awards disclose 80-90%. Each record carries a
value_disclosure_statusflag (disclosed / undisclosed / placeholder) and aggregate averages exclude non-disclosing notices. - FMA-routed entities procure under the parent agency's name. Sjøforsvaret, Luftforsvaret, Hæren, Heimevernet, Forsvarsstaben, and Etterretningstjenesten do not generally self-publish; their procurement appears under Forsvarsmateriell or Forsvarsbygg in WULFRN. The buyer search returns FMA notices, not the operating service. Suppliers targeting a specific branch should monitor FMA and look for end-user references in notice text.
- Classified and direct-award procurement is invisible to any public-portal aggregator. WULFRN covers only publicly-published notices. Classified contracts, FMS (Foreign Military Sales) direct awards, sole-source IP-locked sustainment, and notices that buyers exempt under security rules do not appear on any source portal. The publicly-disclosed portion of NATO defense procurement is what WULFRN sees — substantial but inherently partial.
- FX conversion uses static mid-2026 reference rates stored in
scrapers/fx_rates.py. We chose static over daily-rate conversion because the goal is time-series comparability — a 2023 NOK award should compare cleanly to a 2026 NOK award, which floating rates would distort. The trade-off is that very recent FX shifts (post mid-2026) are not reflected; for currency-sensitive analysis use the underlying native-currency field. - Some older TED award records carry null award dates. Historical TED notices ingested from the archive sometimes lack a parsed
award_datefield — they are retained asstatus=awardedwith the award date empty rather than dropped. Counts of "awarded contracts in year X" should be read as "publicly disclosed award notices with parseable award dates in year X" — the unparseable tail is small but non-zero.
AI enrichment
Every verified-defense record is enriched at ingest time by GPT-4o-mini with four classifications:
- Defense-domain classification — one of 13 domains: Naval, Air, Land, C4ISR, Cyber, Ammunition, Logistics, Infrastructure, IT/Software, Space, Medical, Training, Consulting. The domain is derived from tender title, description, and CPV code in a single prompt.
- Capability tags — 3-6 specific capability keywords describing what is being procured (e.g. "tactical radio", "armoured personnel carrier", "satellite communications"). Used for capability-tag alerts and matching.
- SME suitability — a yes/no/conditional flag indicating whether the contract is plausibly winnable by a small or medium enterprise (vs. requiring prime-contractor scale).
- Plain-English summary — a 2-3 sentence overview of what is being procured and who should bid. Translates portal jargon and non-English notices into searchable English.
The classifier itself is deterministic (buyer allowlist + CPV taxonomy); the AI layer adds the structured metadata that makes search useful but does not make the defense-or-not decision. The buyer allowlist is human-curated and version-controlled; the CPV taxonomy is human-curated and version-controlled; only the metadata layer is LLM-generated. If you do not trust the LLM's domain assignment on a specific record, the underlying tender title, description, buyer, and CPV code are all visible alongside.
Coverage verification
Per-source ingestion-rate monitoring runs every 24 hours alongside the data refresh. The pipeline produces three checks:
- Source-availability check — confirms each of the nine portals returned the expected response shape (HTTP 200, JSON or HTML matching the scraper schema). Failures trigger a re-queue for the next cycle; persistent failures are logged for operator attention.
- Volume-anomaly check— compares each source's daily record count to a 7-day rolling baseline. A sudden 50%+ drop is flagged for investigation (most commonly a Cloudflare challenge change on NSPA/NCIA).
- Classification-rate check — tracks the proportion of new records classified as defense per source. Sudden changes (e.g. a TED feed update that adds civilian buyers) surface allowlist or taxonomy gaps for review.
None of these monitors are perfect — silent classification regressions are the hardest category to detect — but together they catch the failure modes that would otherwise drift the dataset away from accuracy. Coverage reports are generated weekly and available to enterprise customers on request.
Frequently asked questions
How does WULFRN classify a tender as defense-related?
A record is classified is_defense=true if either of two conditions is met: (a) the buyer name matches an entry on WULFRN's curated buyer allowlist of 258 NATO defense entities and their 755 known name variants, or (b) the CPV (Common Procurement Vocabulary) code falls within the defense-relevant taxonomy of 37 defense codes plus 36 dual-use codes. Universities, hospitals, and municipalities are excluded from defense queries by default. The allowlist and CPV taxonomy live in version-controlled YAML files maintained alongside the codebase.
Why does WULFRN show fewer defense records than it ingests?
WULFRN ingests 182,470 procurement records from nine government portals. After classification, 22,351 are verified-defense and 160,119 are civilian procurement (universities, hospitals, municipalities, fire departments, public utilities) that publish through the same portals but are not defense buyers. The civilian records are kept in the database for traceability and dual-use queries but are excluded from defense-classified search results, market hubs, and intelligence briefs by default. This 12% defense-ratio is itself a useful signal — most public-procurement portals are dominated by civilian noise.
Does WULFRN cover classified procurement?
No. WULFRN covers only publicly-published procurement notices. Classified procurement, FMS (Foreign Military Sales) direct awards, and notices that buyers exempt under security-classified contract rules do not appear on any of WULFRN's nine source portals — they are not visible to any commercial intelligence product. WULFRN captures the publicly-disclosed portion of NATO defense procurement, which is the segment most defense BD teams compete in.
How current is WULFRN's data?
All nine source portals refresh daily at 06:00 UTC via the WULFRN ingest pipeline. A new tender published on TED, Doffin, NSPA, NCIA, SAM.gov, or the four Nordic national portals appears in WULFRN within 24 hours. The defense classification, capability tagging, and AI summary run inline during ingest, so records are search-ready immediately. Award notices follow the same cadence.
Can I trust WULFRN's contract values?
Disclosed values are taken directly from source-portal notices and converted to EUR at mid-2026 reference rates. Approximately 50.5% of Norwegian defense awards disclose a contract value publicly; the other 49.5% are recorded as awarded without monetary disclosure — a source-portal limitation, not a WULFRN gap. Each award carries a value_disclosure_status flag (disclosed, undisclosed, placeholder) so aggregate calculations exclude non-disclosing notices. Compare award counts (always present) to disclosed cumulative value (always partial) for honest reading.
Why are some service branches not visible as direct buyers?
FMA-routed entities — Sjøforsvaret (Royal Norwegian Navy), Luftforsvaret (Royal Norwegian Air Force), Hæren (Norwegian Army), Heimevernet (Home Guard), Forsvarsstaben (Defence Staff), Etterretningstjenesten (Intelligence Service) — procure through Forsvarsmateriell (FMA) and Forsvarsbygg rather than self-publishing on Doffin or TED. WULFRN surfaces these notices under the parent agency name (FMA / Forsvarsbygg) where the source portal records them. Suppliers targeting a specific service branch should monitor FMA notices and look for end-user references in the notice text.
How does WULFRN handle currency conversion?
All disclosed values are converted to EUR using static mid-2026 exchange rates stored in scrapers/fx_rates.py for reproducibility. Twelve currencies are supported (NOK, SEK, DKK, USD, GBP, PLN, CZK, HUF, RON, BGN, ISK, and others). Static rates are used instead of daily-rate conversion because the goal is comparability across the time-series — historical NOK awards from 2023 should compare cleanly to 2026 awards, which floating rates would distort.
What known limitations should I be aware of?
Five honest limitations: (1) ~50% of Norwegian award notices don't disclose contract values; (2) FMA-routed service branches procure under FMA's name, not their own; (3) classified and direct-award procurement is invisible to all public-portal aggregators including WULFRN; (4) FX conversion uses static mid-2026 rates for comparability; (5) some older TED award notices carry null award dates — recorded as 'awarded' with empty date rather than dropped. These limitations are documented inline on every relevant page so readers can calibrate trust.
Read more
- How WULFRN works — the product walkthrough alongside this methodology page.
- About WULFRN — origin, team, and founder context.
- Pricing — Free / Pro NOK 18,000/yr / Enterprise NOK 120,000+/yr.
- Defense procurement glossary — 38 terms covering portals, regulations, agencies, and procedure types.
- TED glossary entry — definition and history of the EU procurement portal.
- Doffin glossary entry — Norway's national portal and below-threshold coverage.
- Below-threshold procurement — what it is and why it matters for SMB suppliers.
This page is the canonical methodology citation for WULFRN's data claims. If you spot an inaccuracy or have a question this page doesn't answer, email vilhelm@wulfrn.comand we'll update.