Estonian public procurement open data
RHR AI/PQC/PKI Observatory
A reproducible research pipeline for tracking public procurement signals related to artificial intelligence, post-quantum cryptography, and PKI or trust-service-adjacent infrastructure in Estonia's Riigihangete register open-data exports.
Pilot Corpus
The first bounded run covers January-May 2026 procurement notices and award notices, plus the 2026 procurement-plan export. It parsed 11,191 records and produced 94 record-topic matches: 55 AI hits, 38 PKI hits, and one high-confidence PQC planning signal.
AI
55
52 high-confidence hits
PQC
1
Postkvant teekaardi rakendamine
PKI
38
7 high-confidence; 31 review candidates
Evidence Receipts
Scheduled monitor runs now package the RHR source manifest, normalized corpus, report outputs, and declared artifact hashes into an EATF/AEP evidence snapshot. The receipt verifies package bytes and declared hashes only; it does not certify RHR completeness, source XML signature validity, trust-service status, procurement-law interpretation, or compliance.
EATF/AEP
Signed snapshots
Each monitor run uploads a package and verification receipt with the normalized artifacts.
Monitoring
New-signal notification
A GitHub issue is opened when a new AI, PQC, or PKI signal identity appears after the seeded baseline.
Method Boundary
The observatory uses RHR open-data XML exports for notices, awards, and procurement plans. It does not scrape the public UI, does not use authenticated procurement workflows, and does not claim to certify legal compliance. The EATF receipt is an artifact-integrity receipt rather than a legal or trust-service attestation. Generic certificate language is treated as low-confidence PKI-adjacent signal until reviewed.
Research Use
The observatory supports Tyche's thesis work on public-sector evidence infrastructure: procurement as an early signal for AI deployment, post-quantum transition planning, and PKI governance demand. It is maintained as research infrastructure rather than a product.