What changed
FACT: On 2026-07-06 DOJ+DHS issued an interim final rule codifying the SAFER SKIES Act, authorizing State/local/Tribal/territorial (SLTT) law-enforcement and correctional agencies to conduct counter-UAS (C-UAS) detection and mitigation operations β a legal authority they did not previously have (Federal Register 2026-13609).
Why now
FACT: The rule is already in effect as an IFR, and C-UAS authority is bundled with compliance obligations (authorized-tech limits, mandatory incident reporting, coordination/notification, recordkeeping). HYPOTHESIS: agencies exercising the new power immediately generate reportable incidents they must document to a federal/state standard, with no off-the-shelf workflow.
Converging signals
FACT: three signals β a C-UAS authority rule (regulation), an SBIR e-learning grant line (the cited SBIR is NIEHS HAZMAT-specific, NOT counter-UAS β mapping it here is INFERENCE), and the Workforce Pell short-term-credential final rule (money). The genuine convergence is the rule + the forced compliance/reporting burden; the SBIR and Pell legs are speculative bridges.
Customer pain
HYPOTHESIS (needs the kill-test calls): agencies newly holding C-UAS authority must log every detection/mitigation event, preserve chain-of-custody, and file incident reports, but have no purpose-built system β today it would be a Word template and an evidence locker. This is the founder's proven shape (a mandate compels documentation to a government standard).
Who pays
SLTT law-enforcement and correctional agency operations/compliance budgets (per-seat or per-agency SaaS). The reachable buyer is the agency's C-UAS program lead or records/compliance officer β NOT a state procurement office if sold as a low-cost operational tool.
Solved today
Nothing purpose-built yet (rule is days old). Interim: generic RMS modules, spreadsheets, Word incident templates, and manual evidence handling.
Why current solutions are bad
Generic RMS has no C-UAS incident schema (authorized-tech used, altitude/geofence, mitigation method, coordination notifications, chain-of-custody for seized/downed aircraft). Manual documentation risks non-compliant reports that expose the agency legally given C-UAS is a brand-new, scrutinized authority.
Proposed product
A narrow C-UAS incident-reporting + compliance web tool: structured incident capture mapped to the IFR's reporting requirements, chain-of-custody log, auto-generated compliant report PDF, and an audit trail. Sell to agencies per-seat/per-agency. This fits the founder's FMCSA-style edge far better than running a training academy.
MVP version
Read the IFR's exact reporting/recordkeeping requirements; build a single-form incident intake + chain-of-custody log + one-click compliant report export on an off-the-shelf stack. Pilot with 2 agencies.
30-day build
Pull the IFR reporting/recordkeeping/notification requirements verbatim; interview 5-10 SLTT C-UAS program leads to confirm the reporting obligation and current gap; storyboard the incident schema.
60-day build
Ship MVP intake + chain-of-custody + report export; run a free pilot with 2 agencies; validate the export against the rule's requirements.
90-day revenue plan
Convert pilots to paid per-agency/per-seat contracts ($1-5k/agency/yr); replicate to neighboring agencies via referral. Do NOT bet first revenue on SBIR or Pell timelines.
Distribution path
Direct outreach to agencies standing up C-UAS programs, C-UAS/drone-defense vendor partnerships (they need a reporting layer for their buyers), and law-enforcement tech listservs/associations. Demonstrated-value selling, not RFP chasing.
Pricing hypothesis
$1-5k per agency per year, or per-seat; optional per-incident export add-on. Small enough to buy on an ops card / discretionary line, avoiding procurement.
Technical difficulty
Low-moderate: a structured form + document generation + audit log. The hard part is correctly encoding the regulatory reporting schema, which is the moat.
Legal / regulatory risk
Moderate: must accurately reflect the IFR's requirements; wrong = compliance liability for the buyer. No licensure needed to sell a documentation tool (the founder isn't operating C-UAS himself).
Platform dependency
None β submits/exports for a government-mandated process; no platform owner can deplatform it.
Founder fit
Strong for the REPORTING/COMPLIANCE tool (mirrors his FMCSA portal-filing product). WEAK for the proposed 'academy': Pell eligibility requires being a Title IV-eligible institution (accreditation, program approval) β not solo-buildable β and selling training curricula to police is credential- and trust-heavy.
Breakout potential
Moderate-high: 18,000+ US law-enforcement agencies, 50 states to replicate into, and C-UAS is an expanding authority. Expansion into detection-log analytics and mitigation-tech procurement guidance.
Final recommendation
PIVOT AND PURSUE NARROWLY. Kill the 'Pell-funded counter-drone academy' framing (not solo-buildable, speculative funding). Keep the real, high-value core: a C-UAS incident-reporting/compliance tool sold per-agency β a genuine fresh forced-buyer mandate in the founder's exact wheelhouse. Gate on the kill-test calls confirming the reporting obligation.
Next action
Read Federal Register 2026-13609 in full to extract the exact reporting/recordkeeping/notification requirements, then call 5 SLTT C-UAS program leads to confirm (a) reporting is mandatory and (b) they have no tool.