A nondescript data centre in Riihimäki, Finland, is now an active bridge between Nordic startups and NATO’s innovation pipeline. Millog Oy launched its test centre operations here in August, plugging directly into the Defence Innovation Network Finland (DEFINE) Innovation Hub. The facility is purpose-built to give early-stage companies—especially those in NATO’s DIANA accelerator—a low-threshold, standards-focused environment to validate dual-use technologies before facing defence procurement scrutiny.
This is not just another sandbox. The centre pairs Millog’s decades-long role as a strategic maintenance partner to the Finnish Defence Forces with HAMK University of Applied Sciences’ GPU-powered AI infrastructure and RAIN.global’s edge integration. The result is a hybrid testbed where software, AI models, and soon hardware prototypes can be stress-tested against safety-critical and defence-grade requirements.
A Practical, Standards-First Testing Environment
The Riihimäki facility is designed to mirror the operational IT stacks used by defence authorities. According to Millog, it offers virtualized Linux and Windows environments, Android emulation, and container orchestration platforms—all accessible remotely or on-site. That means a startup can validate a cloud-native microservice or a field deployment app under realistic network topologies and security constraints before ever setting foot in a military lab.
“The defence sector needs agile innovation and testing capabilities to quickly adopt new technologies. Our test center helps companies develop technologies that enhance the security of Finland and our NATO allies,” said Toni Piispa, Vice President, Authorities and Industry Business Unit at Millog.
The centre’s focus on compliance with defence standards is a recurring theme. Rather than leaving startups to navigate the labyrinth of MIL-STD and cybersecurity frameworks alone, Millog brings domain credibility from its lifecycle support work. That operational insight is embedded into the test environment—enabling developers to align with safety-critical requirements from day one.
AI Readiness: GPU Compute Behind a Controlled Gateway
A critical differentiator is the on-premises GPU server, supplied by HAMK and integrated by RAIN.global. It provides a secure, offline environment for training and inference testing of AI models—including large language models and agent-based defence applications. For startups that lack high-end compute but need to work with sensitive datasets, this is a practical enabler.
The setup sidesteps the usual cloud-dependency risks: model weights and proprietary data stay within a controlled perimeter, reducing exposure to supply-chain attacks and accidental leakage. HAMK’s contribution is explicitly positioned as a “safe AI development environment” for data-sensitive work, a nod to the growing concern over adversarial AI in military contexts.
Beyond Software: Additive Manufacturing on the Horizon
Planned expansion into additive manufacturing will add a physical prototyping dimension. The DEFINE Testing Environment will soon include 3D printing capabilities for enclosures, sensor mounts, and embedded systems. For dual-use hardware startups, this means they can iterate on both code and physical form factor within a single ecosystem—shortening the painful gap between proof-of-concept and field-ready demonstrators.
Inside the Ecosystem: Millog, HAMK, DEFINE, and RAIN.global
The Riihimäki centre is not a solo effort. It sits at the intersection of several key actors:
- Millog contributes the operational maintenance expertise and the physical test environment, along with its direct relationship to the Finnish Defence Forces.
- Häme University of Applied Sciences (HAMK) provides GPU compute resources and applied research capability, essentially serving as an academic AI lab for defence experimentation.
- DEFINE (Defence Innovation Network Finland) coordinates the broader innovation hub, offering accelerator programmes and connecting startups to defence schools, research agencies, and industrial partners.
- RAIN.global handled the technical integration, especially for AI deployment, data streaming, and edge scenarios—weaving together the heterogeneous components into a usable platform.
This ecosystem approach means a startup entering the centre instantly gains access to a network of domain mentors, potential pilot customers, and integration partners. It is a deliberate attempt to collapse the time between a DIANA selection and a demonstrable military capability.
Why This Matters for NATO’s DIANA Initiative
NATO’s Defence Innovation Accelerator for the North Atlantic (DIANA) is built on the premise that commercial deep tech can be adapted for alliance needs faster than traditional defence R&D. But the missing link has always been the availability of realistic, secure testbeds that accept immature technologies and help them mature to procurement-ready levels.
Riihimäki directly addresses that gap. By offering a “low-threshold” environment—meaning reduced cost, less bureaucracy, and no requirement for prior defence contracts—the centre opens the door to a broader pool of innovators. According to the forum analysis, this facility is explicitly targeted at early-stage ventures and SMEs who “typically struggle to access secure, standards-compliant testbeds.”
Moreover, the centre’s alignment with NATO interoperability frameworks means a tested solution can be more easily demonstrated to end users across member states. In practice, that could translate to a Finnish AI sensor fusion platform being evaluated by an Estonian or Dutch brigade with minimal rework—a significant reduction in the friction that often kills small-firm innovations.
Real-World Benefits for Startups and SMEs
For a small team, the appeal goes beyond just server access. The forum post breaks down the realistic benefits:
- Lower cost of entry: Secure test facilities are expensive; this centre promises a low-cost route to verify technical assumptions under realistic security constraints.
- Faster procurement readiness: Early testing against defence standards reduces the re-engineering burden later in procurement cycles—avoiding the “valley of death” where startups exhaust funding before meeting specs.
- Access to domain mentors: Co-location with DEFINE and the Riihimäki defence cluster makes it easier to involve military SMEs during testing campaigns.
- Remote testing options: Both on-site and remote pathways increase accessibility for international DIANA participants and allied companies, which is crucial for a NATO-wide initiative.
These advantages collectively lower the risk for startups considering defence as a viable market—provided they navigate the legal and security caveats.
The Unvarnished Picture: Challenges, Risks, and Unanswered Questions
Beneath the optimism, the forum analysis raises a sobering list of risks and gaps that stakeholders must address.
Security and Attack Surface
Any facility that connects external devices, sensors, and remote participants widens the attack surface. The centre must maintain rigorous network segmentation, hardened endpoints, and continuous monitoring to avoid becoming a vector for supply-chain attacks or IP theft. AI model security is an emergent concern: model weights, training data, and inference endpoints need protection from extraction and poisoning.
Export Controls and Dual-Use Governance
Technologies with both civilian and military applications often fall under national and international export control regimes (e.g., ITAR, EAR). Startups testing in a defence-adjacent environment may inadvertently trigger licensing obligations. Cross-border participation—companies from different NATO members—can require export licenses or intergovernmental agreements for certain hardware or software, adding legal complexity.
Intellectual Property and Commercial Risk
Early-stage companies often trade IP for access to testing and mentoring. Without clear, written agreements, there is a risk of forced technology transfer or unfavourable licensing terms. Incumbent contractors gaining early insight into startup solutions could adapt them without equitable commercial arrangements, a perennial concern in defence innovation hubs.
Classification and Secrecy
The facility appears tailored for unclassified and controlled testing. Moving to classified trials will require additional infrastructure and accreditation. Startups expecting to test sensitive military capabilities may find the current environment insufficient for end-to-end validation.
Scalability and Demand Management
If the centre becomes popular through DIANA and NATO channels, demand for high-end GPU cycles or additive manufacturing slots could exceed capacity. Small teams may face scheduling and prioritisation challenges, potentially undercutting the “low-threshold” promise.
Verification Gaps
Some published claims—specific GPU throughput, additive manufacturing hardware models, cybersecurity accreditations—are not yet publicly verifiable. Companies should obtain concrete service-level agreements and facility specifications before committing critical tests.
Strategic Implications: A Blueprint for NATO-Aligned Innovation Hubs
For Finland, the test centre strengthens its position as a regional defence innovation hub. Combining operational maintenance expertise with academic compute creates a unique value proposition. It signals to NATO that Finland can do more than host exercises; it can incubate the technologies that will shape future warfare.
For NATO, the centre provides a practical node that fits DIANA’s model. If it works, Riihimäki could become a replicable blueprint—co-locating operational know-how, academic AI resources, and accelerator programmes to close the gap between commercial innovation and military deployment.
For industry, existing defence OEMs gain a low-risk channel to discover and integrate promising dual-use technologies. Startups gain credible testing and potential procurement pathways, but only if legal, IP, and security frameworks are robust and transparent.
Practical Recommendations
The forum analysis offers concrete advice for each stakeholder group.
For startups and SMEs:
- Prepare a compliance package: document data classification, export control exposure, and required access levels before booking.
- Sign clear IP and confidentiality agreements to preserve core IP ownership and define boundaries on derivatives.
- Design for data minimisation: use encrypted datasets, ephemeral keys, and container isolation for AI model tests.
- Validate your own security posture: bring penetration test results and hardened builds.
For Millog, HAMK, and DEFINE:
- Publish clear service specifications, including GPU specs, network isolation architecture, additive manufacturing hardware, and SLAs.
- Institute strict onboarding: KYC checks, provenance verification, and export control screening for foreign participants.
- Provide tiered access: an unclassified sandbox for general use and elevated, accredited tracks for controlled or sensitive tests.
- Create a transparent prioritisation mechanism to ensure fair access among local startups, DIANA participants, and large OEMs.
For policymakers and procurement authorities:
- Clarify export control pathways for startups testing in national innovation hubs.
- Fund bridging grants to help startups reach demonstration readiness for NATO or national procurement.
- Encourage development of common testing frameworks to reduce repeated rework during procurement.
Conclusion: A First-Mile Accelerator That Demands Good Governance
The Riihimäki test centre is a tangible answer to the chronic problem of how to turn commercial deep tech into deployable military capability. By lowering barriers and providing standards-conscious infrastructure, it gives startups a credible on-ramp to defence markets. Its success, however, will depend less on the servers and more on the policies that govern access, security, and fair treatment of innovators. If managed well, it could accelerate NATO’s dual-use innovation pipeline and become a model for similar hubs across the alliance.