There was no acknowledgement from NLnet, meaning it was seen as a duplicate of the NGI Assure application (which it is). The algorithm to eliminate duplicates is to take the latest submitted. Interestingly this was not applied in this case: Assure was submitted before Entrust. This suggests a human being followed the logic suggested here.