Convergence Radar Convergence Engine

← Feed

D

C-UAS Certification & Incident-Log Compliance Kit for Small Police Agencies

43/100

Audit-ready certification-workflow and drone-detection incident-logging software for small SLTT law-enforcement agencies gaining first-time Counter-UAS authority under the July 2026 rule β€” sold as cheap micro-SaaS, not defense-contractor gear.

Archive. Β· created 2026-07-10 01:06 UTC

industrialsaaspublic recordslong-termrevisit later

Scorecard

newness 8/10
convergence 6/10
demand evidence 3/10
existing spend 4/10
solo feasibility 6/10
speed to mvp 7/10
speed to revenue 3/10
distribution 4/10
competitive gap 5/10
expansion 6/10
founder fit 6/10

Penalty flags
heavy compliance long trust cycle no urgent pain (βˆ’14 from raw 52)

Opportunity brief

What changed
FACT (Federal Register, 2026-07-06): a new rule grants state, local, tribal, and territorial (SLTT) law-enforcement and correctional agencies legal authority to conduct drone detection and mitigation under a defined certification framework β€” an activity previously restricted to federal agencies. FACT (Hackster sources): commodity RF sensing (~$100 QuadRF) and low-power dual-band GNSS (u-blox F11) have recently become credible at hobbyist prices. HYPOTHESIS: the rule 'implies' training, approved-equipment, and reporting obligations β€” the provided source text confirms only a certification framework, not any mandatory filing or reporting duty.
Why now
The rule became effective days ago (July 2026), so thousands of agencies confront the certification framework from day one, before any incumbent has packaged an affordable compliance offering. However, the implementing guidance, certifying body, and approved-equipment criteria are likely not yet published (HYPOTHESIS β€” not in source text), which cuts both ways: early-mover advantage vs. building against an undefined spec.
Converging signals
(1) Counter-UAS SLTT authority rule under a certification framework [federalregister.gov, regulation]; (2) QuadRF: real-time RF/Wi-Fi visualization on ~$100 commodity hardware [hackster.io, industrial]; (3) u-blox F11 dual-band GNSS at half the power [hackster.io, industrial]. Honest assessment: signal 1 carries the entire opportunity; signals 2-3 show detection hardware is commoditizing but do NOT establish that commodity gear will satisfy any approved-equipment requirement β€” the GNSS signal is largely decorative here.
Customer pain
HYPOTHESIS: small agencies want the new authority (drones over jails, stadium events, pursuits) but cannot afford defense-grade C-UAS systems and have no staff to build a certification-compliant program: policies, training records, detection-event logs, and defensible incident documentation. CRITICAL CAVEAT: the rule grants authority; nothing in the provided text compels an agency to act. An agency can simply decline to run C-UAS operations, so pain is aspirational, not forced β€” unlike FMCSA ELDT, where trainers were legally required to file.
Who pays
Primary: small/mid SLTT police departments, sheriff's offices, and correctional facilities (budget or grant money, often p-card-sized purchases under ~$5k). Secondary and likely faster: C-UAS training vendors and consultants who need white-label certification-workflow and documentation tooling for their agency clients. HYPOTHESIS: no evidence of actual purchasing behavior yet β€” the authority is days old.
Solved today
HYPOTHESIS: not solved β€” federal agencies used contractor systems (Dedrone/Axon, DroneShield); small SLTT agencies had no legal authority, therefore no tooling, no budget line, and no habits. Adjacent compliance/policy needs are served by Lexipol and PowerDMS, either of which could bolt this on.
Why current solutions are bad
Defense-contractor C-UAS suites are five-to-six-figure deals sized for federal buyers; no product yet packages 'certification paperwork + commodity-sensor event logging + audit-ready reports' at small-agency prices. HYPOTHESIS based on market structure, not on observed listings.
Proposed product
'C-UAS Program-in-a-Box': (a) certification-application workflow that walks an agency through the framework's requirements; (b) policy/SOP template pack; (c) detection-event log that ingests alerts from whatever sensor the agency runs (manual entry first, commodity-RF integrations later) and produces timestamped, audit-ready incident reports; (d) training-record tracker. Deliberately NOT the radio β€” the wedge is the paperwork and evidence trail.
MVP version
A one-agency pilot: Federal-Register-derived requirements checklist, 10-15 policy/SOP templates, and a dead-simple event-log web app (FastAPI + Postgres β€” his existing stack) that outputs PDF incident reports. Buildable solo in 2-3 weeks. Prerequisite: 2-3 days reading the actual rule text to extract every 'shall/must' β€” the product spec IS the rule.
30-day build
Days 1-3: read the full rule; enumerate every obligation, the certifying authority, and any reporting/filing requirement (this determines go/no-go). Days 4-14: build checklist + templates + event logger. Days 15-30: cold-outreach 30 small sheriff's offices and county jails plus every C-UAS training vendor found via the rule's docket comments; leverage fire-service/public-safety credibility for 5 discovery calls.
60-day build
Pilot with 1-3 agencies free-or-cheap in exchange for testimonials and workflow correction; sign one training vendor as a white-label/referral channel; publish a free 'SLTT C-UAS certification requirements explained' guide to capture search demand from confused agencies.
90-day revenue plan
Target: 3-5 paying agencies at $99-$299/mo or a $1,500-$2,500 one-time 'certification readiness package' (fits p-card thresholds, dodges procurement), plus one training-vendor deal at $500+/mo. Realistic ceiling in 90 days: $1k-$5k MRR-equivalent. HYPOTHESIS β€” government buying cycles make even this optimistic.
Distribution path
No-enterprise paths: SEO on the rule's exact terminology (agencies are Googling it now), the Federal Register docket's public comments as a lead list, state sheriff/police-chief association newsletters, C-UAS training vendors as channel partners, and direct email to correctional-facility administrators (drones-over-prisons is the most acute use case).
Pricing hypothesis
$1,500-$2,500 one-time readiness package (fast cash, p-card friendly) + $99-$299/mo per agency for the event log/audit module; $500-$1,000/mo white-label for training vendors.
Technical difficulty
Low-moderate for the software (CRUD + PDF reports + checklist logic β€” well inside his FastAPI/Postgres/AI-assisted stack). The hard part is domain accuracy: misreading the rule produces a compliance product that mis-advises armed government agencies.
Legal / regulatory risk
Moderate-high. Selling compliance guidance about a brand-new federal rule to law enforcement invites 'unauthorized practice of law'-adjacent exposure and reputational blowup if wrong; mitigate by positioning as documentation/record-keeping software, not legal advice. Mitigation (jamming/takedown) is far more regulated than detection β€” stay strictly on the detection/documentation side. CJIS data-handling expectations may apply to incident data (HYPOTHESIS).
Platform dependency
Low. No app store, no third-party platform. Dependency is regulatory: the certification framework's final shape is controlled by the federal government and could be delayed, litigated, or structured to route through approved vendors only.
Founder fit
Partial VERY-HIGH pattern match with one missing keystone. Matches: regulation-driven, government-adjacent, per-transaction-able, solo-buildable compliance layer; his fire-service background gives real credibility with public-safety buyers, and his ELDT win proves he can turn a federal mandate into a filing product. The keystone gap: ELDT worked because trainers were COMPELLED to file into a federal portal. Here, the provided text shows granted authority, not compelled filing β€” nobody is forced to buy anything yet. If reading the full rule reveals a mandatory reporting/filing channel for certified agencies, fit jumps to 9-10; on current evidence it is a 6.
Breakout potential
If the certification framework matures into ongoing reporting obligations, this becomes the system-of-record for thousands of agencies' C-UAS programs, expandable to stadiums, utilities, and critical-infrastructure operators granted similar authority later. Also expandable sideways into general small-agency compliance tooling.
Final recommendation
CONDITIONAL PURSUE β€” cheap discovery now, no build yet. This is a genuine regulatory land-grab with strong thematic founder fit, but it fails the 30-90-day cash test on current evidence because nothing compels purchase and the framework is undefined. Spend 2-3 days reading the full Federal Register rule and its docket. GO signal: the rule contains mandatory reporting/filing/record-keeping duties for certified agencies (recreates the ELDT wedge). NO-GO signal: certification is administered entirely through federal channels with prescribed tooling, or obligations are vague/deferred to future guidance β€” then tag revisit-later and set a watch on the docket.
Next action
Read the full rule at federalregister.gov (doc 2026-13609) and extract every mandatory obligation ('shall', 'must', 'submit', 'report', 'maintain records'), identify the certifying authority and any filing portal, and pull the docket's public comments as a lead list of concerned agencies and vendors β€” decide go/no-go within one week.

Kill arguments (adversarial)

Competitors

β€’ Dedrone (Axon) (link) β€” Market-leading airspace-security/C-UAS detection platform; acquired by Axon, which already has sales relationships with most small US police agencies via body cameras and Evidence.com β€” the biggest bundling threat.
β€’ DroneShield (link) β€” Publicly traded C-UAS detection/mitigation vendor; focused on defense and large-agency deals, less likely to serve tiny agencies but validates the category.
β€’ AeroDefense (link) β€” Sells lower-cost drone detection (AirWarden) into stadiums and corrections β€” closest existing player to the small-agency affordable-detection niche.
β€’ Lexipol / PowerDMS (link) β€” Incumbent policy, training, and accreditation-compliance platforms for law enforcement; could add a C-UAS certification module and already own the agency compliance budget line.

Source citations (facts)

β€’ [Rule] Counter-UAS Authority for State, Local, Tribal, and Territorial Law Enforcement and Correctional Agencies β€” SLTT law-enforcement and correctional agencies can now legally conduct drone detection and mitigation under a defined certification framework (FACT); any training, approved-equipment, or reporting obligations beyond that are inference from the framework's existence (HYPOTHESIS).
β€’ QuadRF: The Open Source RF Camera That Lets You See Wi-Fi Signals β€” Real-time RF/Wi-Fi visualization now runs on ~$100 commodity hardware (FACT), showing RF sensing has commoditized β€” but NOT that such gear would qualify as approved C-UAS detection equipment (HYPOTHESIS).
β€’ New u-blox F11 Platform Promises Dual-Band GPS Accuracy at Half the Power β€” High-precision dual-band GNSS is now available at half the prior power budget (FACT); relevance to this opportunity is marginal β€” it supports future sensor-hardware angles, not the compliance-software wedge.

Actions