The Dunkirk Swarm Model: Opening National Projects To Small Businesses

Strip away the mythology and Dunkirk was a logistics operation with a very specific form. The state defined a single outcome: evacuate as many men as possible. The Royal Navy provided coordination, routing, and command. Civilian boats, already in existence, already crewed, already seaworthy, were absorbed into a command structure and directed toward the objective.

It was not decentralised anarchy. Nobody opened a telephone line and said "anyone with a boat, do whatever you like." The Admiralty set the mission. The small craft executed it. And the reason it worked was the combination of central intent with distributed execution: a clear objective, a light coordination layer, and a fleet of capable actors who were already there but had never been asked.

Eighty-five years later, Britain faces a procurement crisis built on the opposite principle. The state has spent three decades handing enormous contracts to a handful of enormous firms (Capita, G4S, Serco, Fujitsu) on the faulty theory this transfers risk and guarantees delivery. It does neither. What it produces is an oligopoly of mediocrity: massive latency, hollowed-out domestic industry, and a dependency so deep the state can no longer function without firms it cannot hold to account.

The capability still exists. Across every county, in every trade, there are small engineering firms, IT companies, tradespeople, and manufacturers with the skills to deliver public work often faster and better than the incumbents. But they are locked out. The bidding process is designed for organisations with legal departments and compliance teams. The contract sizes are designed for firms with thousands of employees. The system selects for scale, not competence.

The question is how you unlock the domestic fleet for national capability, at scale, without creating chaos.

The Fleet Already Exists

Britain already has tens of thousands of small and medium firms with proven technical ability. Electricians, software developers, road engineers, fabricators, welders, network installers, designers, surveyors. Most of them work in the private sector because the public sector is unreachable. The barrier is not skill. It is access.

NHS software systems arrive years late, millions over budget, and often don't work. Road maintenance backlogs stretch into decades. Defence procurement moves at geological speed.

The same handful of prime contractors rotate through the same failures, absorb the same penalties, and win the same renewals because there is no alternative pipeline.

A Dunkirk Procurement Model, for lack of a better name, is a way to build one. A permanent, standing network of domestic capability: tested, ranked, and ready to be activated the moment work exists. A system where a two-person IT firm in Sheffield can take a small module, deliver it well, climb the ranks, and within a year be handling six-figure integrations. Where a machinist with a better method can prove it in a sandbox and feed it directly into defence supply chains. Where a local painter can bid for the school down the road without navigating a procurement portal designed by consultants for consultants.

The key is structure. Open the floodgates and you get chaos: bid spam, race-to-the-bottom pricing, no guarantee of delivery. But build the right framework, and you get something far more powerful than any single contractor could provide: a live, continuously improving, nationally distributed engine of execution.

National Capability Registration: A Ladder, Not A Lottery

The first problem is entry. If anyone can bid for anything, the system drowns in noise. If only established firms can enter, you have reproduced exactly what you set out to replace.

The answer is a national capability registry with tiered access earned by performance.

Onboarding is fast; hours, not months. A firm registers with identity verification, insurance, tax compliance, and a skills declaration backed by evidence: prior work, references, a portfolio. This places them immediately into a probationary tier with access to small, low-risk tasks. Real work, paid quickly: fix a defect, build a small software module, wire a cabinet, patch ten metres of road.

Over the first few weeks, every delivery is scored. Speed, quality, reliability, audit results. Pass consistently and the system promotes you to the next tier, where the tasks are larger and more complex. Fail and you stay where you are, or drop. Tier two might carry contracts worth tens of thousands of pounds. Tier three, hundreds of thousands. The ceiling rises with demonstrated competence.

There is no tender process. No procurement committee. No six-month evaluation cycle. The ladder is always open, always running, and always based on what you have actually delivered: not what you promised in a pitch deck.

The Task Stream: Continuous, Not Cyclical

Traditional procurement works in enormous, infrequent blocks. A department identifies a need, writes a specification, issues a tender, evaluates bids, awards a contract, and then waits months or years for delivery. The entire model is built around the transaction: one buyer, one seller, one enormous lump of work.

The Dunkirk model replaces this with a continuous stream of tasks.

Large programmes are broken into discrete, standardised units of work. A nationwide NHS intranet deployment, for instance, does not arrive as a single £200 million contract awarded to one firm. It arrives as thousands of tasks:

• "deploy local network infrastructure at this clinic,"
• "build authentication module to this specification,"
• "integrate patient records API at this trust,"
• "test and certify this installation."

Each task has a defined scope, a price band, a required standard, and a delivery window.

Tasks are not bid on. They are pushed to eligible suppliers by an allocation engine matched on proximity, capacity, specialism, and performance score. A firm can accept or decline within minutes. Decline too often and your priority drops. Deliver well and higher-value tasks flow toward you automatically.

The effect is a standing current of work moving through the system every day. No stop-start procurement cycles. No eighteen-month gaps between contract award and first delivery. No single point of failure if one supplier stumbles, because the work is distributed across dozens or hundreds of capable actors operating simultaneously.

Standards: Essential Central Control

Distributed execution only works if everyone is building to the same specifications. Without hard standards, you get fragmentation, i.e. components don't fit together, software systems can't talk to each other, road surfaces fail at the joins.

So the centre holds the standards with absolute authority. Engineering specifications, materials requirements, safety rules, data schemas, API definitions, security models, interface tolerances. These are published, version-controlled, and open to formal challenge through structured review cycles.

They are written against outcomes, not methods, i.e. "achieve latency below fifty milliseconds under this load," not "use this particular framework." The standard defines what must be true about the finished work, not how you get there.

This is where the shed inventor gets in.

Certification runs on two tracks.

1. The conformance route follows the standard exactly: you build to spec, you pass the tests, you're certified.
2. The equivalence route lets you prove your approach meets or exceeds the required outcome through independent testing, even if your method is entirely unconventional. A tinkerer with a better radar adjustment, a small firm with a novel manufacturing process doesn't need to match the incumbent's method. They need to match or beat the result.

Standards committees are subject to hard anti-capture rules. No firm holding more than a set percentage of system work can sit on the committee setting specifications for its domain. Membership rotates. Conflict-of-interest disclosures are mandatory. This prevents the quiet incumbency where large firms write standards around their own products and methods; the single most common way procurement systems rot from the inside.

Three Layer Sovereignty

Someone has to operate the allocation engine: the system matching tasks to suppliers, tracking delivery, managing the scoring. If the state builds and operates it, you have handed the civil service a centralisation tool more powerful than anything it currently possesses. If a single private vendor builds it, you have created Capita with better software.

The answer is split sovereignty across three layers.

1. The first is an open protocol: the task format, scoring schema, identity and certification standards, and audit logging specifications. This is legislated as public infrastructure, open-source, and immutable without multi-party parliamentary approval. No single entity owns it.
2. The second is a layer of competing allocation engines: multiple licensed operators running the same protocol, competing on efficiency, fairness, and uptime. These are not conventional companies. They are regulated, margin-capped utilities; structurally closer to financial exchanges or payment networks than to technology platforms. They can be mutuals, non-profits, or tightly regulated private operators, but they are prohibited from owning suppliers, executing work, or integrating vertically. They run infrastructure. They do not own the market.
3. The third is a state arbitration layer: small, hard, and precisely bounded. The state audits outcomes, resolves disputes, and enforces the protocol. It does not allocate tasks, operate platforms, or deliver work. Ever.

The result is a system with rails, not a ruler. Multiple dispatchers sharing a common track. If one fails, the others absorb the load. No single monopoly can form. No single entity can capture the whole.

Keeping Score Without Gaming The System

Every task a supplier completes updates their score. Speed, quality, reliability, audit pass rate, variance against peers, long-term durability of delivered work. The score determines what work flows to you, what tier you occupy, how fast you're paid, and how large your tasks can be. It is the currency of the system.

The scoring methodology is fully transparent. Every metric is published. Every weighting is visible. Every firm's historical performance is auditable. There are no hidden variables, no secret formulae, no undisclosed adjustments. Opacity in a public system is a corruption vector: if firms cannot see how they are scored, they cannot challenge unfair outcomes, and whoever controls the hidden inputs holds unaccountable power.

Anti-gaming comes from structural complexity, not secrecy.

Scoring is multi-dimensional, so optimising one axis at the expense of others produces a declining composite. Random audits make enforcement unpredictable. Cross-task variance checks detect "just good enough" behaviour; the firm delivering work barely above the threshold every time. Decay functions erode old performance over time, so no one can rest on a strong quarter two years ago. And for high-risk missions, human review overrides algorithmic assignment entirely.

The principle is simple: you don't hide the rules;you make the game too complex to cheaply exploit.

Old performance fades. Current delivery is everything. The system is not a score to optimise, it is a reputation under constant, visible pressure.

Escrow: Fast, Bounded, And Tied To Merit

The single greatest barrier keeping small firms out of public work is cashflow. A two-person company cannot survive a ninety-day payment cycle on a five-figure contract. The current system is designed around the financial resilience of large corporations, and it filters out precisely the firms most likely to deliver well at lower cost.

In the Dunkirk model, payment is escrowed at the task level. When a task is created, the funds are pre-allocated. When verified completion is confirmed (through automated checks, geo-tagged evidence, telemetry, or audit) payment releases within hours or days, not months.

Pricing is bounded. Each task carries a price band with a floor and ceiling, adjusted by difficulty and urgency multipliers. Firms do not compete on who can underbid to zero. They compete on speed, reliability, and quality of delivery. The bounded pricing prevents the race-to-the-bottom behaviour where the cheapest bid wins regardless of capability: the mechanism responsible for more failed public projects than any other single cause.

High-performing firms receive increasing access to higher-value tasks, tighter SLA bonuses, and faster payment lanes. Optional invoice financing at low rates, backed by the state, removes the working capital barrier entirely for top-tier suppliers.

The effect compounds. Steady work. Fast cash. Merit-based scaling. A small firm delivering well earns more work, earns it faster, and builds the financial base to take on larger scopes. Over time, the best performers grow, not because they won a political relationship, but because they delivered.

Mission Integrators: When Things Go Wrong

If you atomise a road programme into fifty thousand micro-tasks and two hundred of them fail across different suppliers, who is responsible for the programme-level outcome? Task-level warranties don't aggregate into system-level assurance. If everyone is responsible, no one is responsible.

The answer is a thin accountability layer called the Mission Integrator.

A Mission Integrator is not a prime contractor. It does not execute work. It does not monopolise supply. It does not absorb the whole programme into a single contract. What it does is own the overall outcome: defining or validating the task decomposition, monitoring system-level performance, and intervening when failure clusters appear.

Integrators are assigned algorithmically by the allocation engine based on domain-specific score, recent performance, and capacity. No ministerial appointment. No lobbying path. Their fee is capped (one to two per cent of mission value) and they must post a performance bond. If systemic failure occurs on their watch, the bond is hit, their score collapses, and they face temporary or permanent exclusion.

Hard structural constraints prevent the integrator role from becoming a new class of passive rent extraction. Cooldown periods prevent continuous appointment. Concentration limits prevent any firm from dominating integrator assignments in a domain. The role cannot be subcontracted. And integrators are scored with the same rigour as every other participant.

The result is layered accountability.

• Task-level failure sits with the supplier.
• Cluster-level failure triggers automated detection and escalation.
• Mission-level failure falls on the integrator.

Responsibility is not centralised, it is distributed across layers and triggered by failure patterns.

What A Swarm Model Cannot Replace

Honesty matters more than ambition here. A Dunkirk model is not universal. It optimises for work which is repeatable, measurable, and distributable: road maintenance, modular software, component manufacturing, installations, upgrades, inspections. The bulk of public delivery, by volume and cost.

1. It does not replace long-horizon research and development.
2. It does not replace deeply integrated system design where years of accumulated institutional knowledge are genuinely irreducible.
3. It does not replace classified strategic work at the core of defence.

But even non-atomisable systems draw from the capability network. Complex defence platforms still need components, tooling, testing, and iteration. A retained central programme designing a weapons system still sources machined parts, runs simulation environments, and procures maintenance from the distributed supply base beneath it. The model doesn't exclude complexity. It supports it from below.

For defence specifically, the current concentrated supply chain (a handful of primes controlling entire programme lifecycles, i.e. BAE Systems, Babcock International, QinetiQ, Rolls-Royce, and Leonardo UK) is itself a security vulnerability. Single points of failure, slow adaptation, opaque dependencies. A distributed, certified manufacturing base increases surge capacity, reduces dependency risk, and enables faster iteration. The argument is not whether small firms can be trusted with sensitive work. The argument is whether the country can afford to keep concentrating its industrial base in firms whose failure would be catastrophic precisely because there is no alternative.

Parliament's Role Is Non-Negotiable

The state does four things in this model, and only four. It:

1. Sets standards.
2. Runs certification.
3. Audits outcomes, and
4. Enforces the protocol.

It is permanently and explicitly forbidden from allocating work, operating platforms, or executing delivery.

This boundary must be legislated, not merely declared as policy. The protocol layer (task formats, scoring schemas, certification standards) requires parliamentary approval to change. The standards authority reports directly to Parliament, not to a minister with a preference. Select committees scrutinise the scoring methodology, review audit outcomes, and investigate systemic failures.

Every metric the system produces is published. Delivery speeds, failure rates, cost trends, supplier distribution, regional performance; all of it open, all of it auditable. The current system operates behind commercial confidentiality clauses and ministerial discretion. The replacement operates in permanent daylight.

This is not smaller government. It is a narrower state with a sharper edge. One which has given up the functions it performs badly in exchange for total authority over the functions only it can perform.

In Practice: An NHS Intranet

A concrete example makes the model tangible. And let's disregard for a second the NHS needs to be entirely replaced with something better.

Defining What Is Needed

The Department of Health defines a mission: deploy a secure intranet to every NHS trust in England within eighteen months. The standards authority publishes the specification: data schema, security model, API requirements, authentication standard, performance benchmarks. Reference implementations, test suites, and sample code are released publicly.

Allocating The Tasks And Funds

The allocation engine breaks the programme into task units. Infrastructure deployment at each site. Authentication modules. Records integration. Local configuration. Testing and certification. Each task is priced within a band, tagged by specialism and geography, and pushed to eligible suppliers.

Delivery And Payment

A two-person IT firm in Sheffield (let's call them "Athena Digital") registered three months ago. They completed their probationary tasks: a small internal tool for a local council, a module for a GP surgery booking system. Their scores are strong. They accept a task: deploy and configure the intranet at a clinic in Rotherham. The specification is clear. The reference implementation is available. They deliver in four days, upload their evidence, pass the automated checks. Payment lands in forty-eight hours.

Iterating Through More Earned Tasks

Their score updates. A week later, a more complex task arrives: integrating the intranet with patient records at a larger trust. They accept. They deliver. Their tier rises. Within six months, they are handling integration work across South Yorkshire, employing two more staff, and building a track record visible to every potential client in the system.

Monitoring The Integration

Meanwhile, a Mission Integrator (a mid-sized technology consultancy with high domain scores in healthcare IT) monitors the national rollout. Delivery data flows in real time. When a cluster of failures appears in the West Midlands, e.g. three suppliers missing deadlines on infrastructure tasks, the integrator investigates. The root cause is an ambiguity in the specification for older building types. The integrator escalates to the standards authority, which issues a clarification. Replacement tasks are reassigned. The programme continues.

At no point did a single firm own the entire deployment. At no point was a £200 million contract awarded and forgotten. The work moved continuously, failures were detected and contained, and a small firm in Sheffield grew on the strength of what it actually delivered.

Verified Capability As National Export

A firm operating in this system accumulates something no British company currently possesses: a verified, portable, machine-readable track record backed by a national credentialing authority. Should it be desired or required.

Athena Digital, after eighteen months in the system, can demonstrate to any buyer, domestic or foreign, a completion record of four thousand tasks, a 98.7 per cent audit pass rate, and a top-five-per-cent ranking in healthcare IT integration. A foreign hospital chain evaluating vendors can read this record with confidence. The due diligence friction collapses. The credentialing is already done.

Britain has spent decades talking about industrial strategy without building the infrastructure to make it real. A national capability registry, built on open standards with transparent scoring, is industrial infrastructure. It does not protect domestic firms from international competition. It makes them more legible, more trustworthy, and more competitive than firms from countries without an equivalent system.

The export is not just goods and services. It is verified capability, or a quality signal the market can read instantly.

Vulnerability You Cannot Engineer Away

One irreducible risk remains, and it would be dishonest to hide it. The coordination layer (the protocol, the standards authority, the certification regime) must be competently built and competently maintained.

If it is weak, the system fragments. If it is captured, the system rots.

A Dunkirk Model does not remove the need for a capable state. It raises the bar for what capability means.

1. The state must be excellent at setting standards, running certification, auditing outcomes, and enforcing rules.
2. It must be disciplined enough to resist the permanent temptation to expand back into allocation and delivery.
3. It must be institutionally honest enough to publish its own failure data.

Every structural risk in the model (fraud, gaming, fragmentation, political interference) is mitigable through design. Instrumented evidence, random audits, harsh scoring, bounded pricing, transparent metrics, parliamentary oversight. None of these are speculative. They are engineering choices, implementable with existing technology, and they reduce risk to levels far below the catastrophic norm of current procurement.

The greater risk is inaction.

The current model is already failing, visibly, expensively, and repeatedly. The question is not whether a new system carries risk. It is whether the country can continue to tolerate a system where billions are spent, years are lost, and the same firms fail the same contracts while the domestic capability to do the work better sits unused in every town in England.

The Country As A Supply System

Britain does not lack skilled people, functioning firms, or the raw capacity to deliver public work. What it lacks is a system able to see what exists, verify it can perform, and put it to work when work needs doing.

A Dunkirk Procurement Model is a framework for building one. A legislated public protocol for national work, with open standards and certification, executed by a distributed and continuously ranked supplier base, coordinated by competing margin-capped allocation utilities, held accountable by thin bonded mission integrators, and governed under full parliamentary scrutiny.

The gardener gets steady work at the school down the road and advances by delivering well. The small IT firm lands a module, then an integration, then owns a domain. The machinist with a breakthrough proves it in a sandbox and feeds it directly into the national supply chain. Ideas flow upward. Competence compounds. The domestic fleet, already built, already skilled, already waiting, is finally put to use.

We need to stop buying projects, and start running a country.