EU AI Act Article 50 — 20 days to seal | Get passport

🐉 DEFONEOS · Pilot Risk Acceptance Note

Owner-executable artefact · the literal AUKUS-DAIC-grade risk acceptance note that defines the 12 named pilot risks, each with a 5-step mitigation, a 3-step residual, and a single named acceptance-authority. Designed to clear the risk board in one sitting so the pilot can launch on Day-0 without a second round.

12 risks 5 mitigations each 3 residual each 1 named authority AUKUS-DAIC paste-ready


1 · WHY THIS NOTE EXISTS — RISK-BOARD PHYSICS

Defence-grade risk boards (1-star / G7-graded) meet for 60-120 min and may defer 3-7 risks per round. A typical pilot needs 8-12 risks pre-classified before the first board, or it stalls the launch by 2-4 weeks (DASA end-to-end pilot cycle 2024 review, similar for DIANA cohort 3).

The classic "stub risk" (a risk that has been named but not mitigated) is the highest-leverage blocker. This note exists to zero out the stub-risk count: every risk named has a published mitigation, a published residual, a published acceptance-authority, and a published expiry. The board reads only the table, not a deck.

The 5-step mitigation, 3-step residual pattern is borrowed from DAIC Trust-Mark Tier-2 acceptance criteria and is consistent with AS/NZS ISO 31000:2018 risk management vocabulary.


2 · THE 12-RISK TABLE — AUKUS-DAIC TIER 2+ GRADE

#Risk (≤8 words)InherentMitigation (5 steps)Residual (3 steps)Acceptance AuthorityExpiry
R1 Foreign-government data exfiltration HIGH (a) UK-sov cloud only (Hetzner/UKCloud); (b) HORUS real-time monitor; (c) Ed25519 SIGIL on every egress; (d) 0-PRC dependency; (e) BFT council sign-off on every data flow (i) Customer-side logs; (ii) Audit-trail replay; (iii) Public proof-of-sovereign ledger HMG Salford CISO + named MOD CISO Pilot + 90d
R2 Supplier insolvency / key-person loss MED (a) Escrow source-code with NCC; (b) Bus-factor ≥3 maintainers; (b) 5 named UK partner handovers; (d) Apache-2.0 customer-licence; (e) 33-agent BFT quorum (i) Customer-licence deployable in 30 days; (ii) NCC release triggers; (iii) Public mirror on GitHub Customer CIO Pilot + 30d
R3 SC-clearance not yet issued MED (a) SC application in flight via sponsor; (b) Engineers work under BPSS + named sponsor oversight; (c) Customer-side OFFICIAL data only; (d) Daily customer-cyber-team read-along; (e) Closure plan: SC issuance + 30 days (i) Customer-side logs; (ii) Sponsor named; (iii) Public commitment timeline Customer CISO + SC issuing authority Pilot + 60d
R4 Cyber Essentials Plus not yet issued MED (a) CE+ application ref CS-265031; (b) CE "self-assessed" rating in place; (c) IASME portal pre-engagement for +; (d) Independent test prior to pilot; (e) Closure plan: CE+ issuance + 21 days (i) Public certificate; (ii) Customer-side audit; (iii) Sign-off from IASME Customer CISO + IASME Pilot + 21d
R5 Supply-chain allow-list drift LOW (a) SLSA-L3 build provenance; (b) Lychee SBOM daily refresh; (c) Pinning all top-10 dependencies; (d) Allow-list of UK-sov OSS only; (e) BFT council re-ratify on each release (i) SBOM public; (ii) Allow-list public; (iii) Drift detector Customer CISO Pilot + 90d continuous
R6 Open-source licence drift (e.g. AGPL injection) LOW (a) Apache-2.0 + MIT + BSD-3 only; (b) Automated licence-drift scanner; (c) BFT council sign-off on any licence change; (d) Customer may reject; (e) Customer can fork and re-licence (i) Licence-drift report; (ii) BFT-council ratification; (iii) Customer's right to fork Customer legal + supplier counsel Pilot + 90d
R7 Sub-tier vendor failure (PyPI, GitHub, Hetzner) MED (a) Multi-region Hetzner failover; (b) GitHub mirror; (c) Direct PyPI mirror; (d) Customer-side cache; (e) 24h SLA on each (i) Hetzner Cloud Europe 2nd region; (ii) Self-hosted PyPI; (iii) Self-hosted Git Customer CIO Pilot + 30d
R8 OSCAL SSP control coverage gap HIGH (a) 87/325 controls in scope; (b) Inherit-else-document pattern; (c) Customer-side additional controls via customer-configurable OSCAL layer; (d) Quarterly review; (e) Closure: 100% coverage = pilot + 90d (i) Customer-configurable OSCAL; (ii) Inherit-else-document pattern; (iii) Quarterly board audit Customer SC-cleared tech authority + supplier ISSO Pilot + 90d
R9 Performance / scale issue MED (a) 8 GPU passthrough per node baseline; (b) Tier-4 speculative decoding (8B+70B) verified; (c) Auto-scale to 8× GPU at p95 ≤2s; (d) SLO 99.5% per service tier; (e) Refund / SLA-credit if missed (i) SLO credit; (ii) Auto-scaling; (iii) Public status page Customer CTO + supplier SRE Pilot + 90d
R10 Watermark / Art 50 compliance miss MED (a) Article 50 passport issued for every artefact; (b) HMAC + Ed25519 free tier + Pro tier; (c) Pre-deployment scan; (d) Audit trail SIGIL; (e) Public proofof.ai ledger (i) Passport pre-checked; (ii) Audit trail; (iii) Public ledger Customer DPO + supplier compliance team Pilot + 30d
R11 Right-of-audit unclarity LOW (a) 5-day written-notice right-of-audit clause; (b) Public audit-trail replay tool; (c) SIGIL chain immutable; (d) Auditor-only access; (e) NDA-template annex (i) Auditor-only redaction; (ii) Public SIGIL replay; (iii) NDA-template Customer internal audit + supplier counsel Pilot + 90d
R12 Exit-strategy incomplete LOW (a) NCC escrow with verified-release; (b) 30-day transfer playbook; (c) Customer-side training (10-day course); (d) Takeover partners 5 named; (e) Return-of-data attested (i) Escrow verified; (ii) 30-day transfer playbook; (iii) Takeover partner standby Customer CIO + supplier CEO Pilot + 90d

3 · THE RISK BOARD'S 60-MINUTE READ

Risk boards (1-star / G7) typically read the table once, in column-order: # → Risk → Inherent → Mitigation → Residual → Acceptance. The format above is deliberately arrayed to that read-order. Three patterns to notice:

  1. Acceptance Authority is role-named, never personally named. A risk accepted by "John Smith" is fragile; a risk accepted by "Customer CISO" is portable if the named CISO leaves.
  2. Every residual has 3 steps. Less than 3 = legal will re-request; more than 3 = board gets tired.
  3. Every expiry is ≤ pilot+90d. Long-dated expiries (1y+) trigger a separate "leave-untouched-too-long" review which doubles the board-time.

4 · THE 4-SEGMENT RISK-BOARD CONVERSATION

4.1 · Open (5 min) — the "any objections?" frame

Open with: "Twelve risks, each with a 5-step mitigation, a 3-step residual, a named acceptance-authority, and an expiry. Are there any rows the board wants to walk through in detail?"

Expect 0-3 rows to be walked (typically R1, R8, R10).

4.2 · Walk (5 min × N) — per-objection 5-step pattern

For each objection-row, follow: accept-as-is / accept-with-amend / escalate. Never re-open the residual step — that's the most expensive ask. Always offer to:

4.3 · Vote (10 min) — single-resolution template

The board signs the standard resolution:

RISK BOARD RESOLUTION — DEFONEOS PILOT

The board has reviewed the 12 named pilot risks.

Each risk carries:
  • a 5-step mitigation (named),
  • a 3-step residual (named),
  • a single named acceptance-authority,
  • an expiry ≤ pilot + 90 days.

The board ACCEPTS the residual risk profile subject to:
  • [Optional amend-1]
  • [Optional amend-2]

Signed: [CHAIR NAME, ROLE]
Date:   [DATE]
Minute ref: [MIN-NN]

4.4 · Sign-off (5 min) — single-document handover

Two artefacts in one bundle:


5 · THE RISK-BOARD OBJECTION CATALOGUE

Likely board objectionLikely board routePre-rebuttal
"Why is R1 still HIGH after mitigation?"Tactical: ask for additional mitigation. Strategic: escalate to board chair. R1 is HIGH because the consequence of a foreign-government breach is reputationally catastrophic — the residual is acceptable because of (a)+(b)+(c)+(d)+(e). The residual is not the same as zero risk.
"Why is R8 not at 100% coverage?" Scope: ask for 325/325 in scope. Realistic: ask for control-mapping by exception. R8 carries the inherit-else-document pattern from OSCAL — 87/325 is in scope, and the rest are inherited from customer-side controls. Customer-configurable OSCAL layer allows customer to add controls in the pilot phase.
"We need SC clearance before pilot." Gate: defer pilot by 4-6 weeks. R3 carries the BPSS + sponsor-oversight pathway. SC-clearance issuance is a 30-day residual step; pilot starts on BPSS with daily customer-cyber-team read-along.
"We need CE+ before pilot." Gate: defer pilot by 2-3 weeks. R4 carries the CE self-assessed rating in place; CE+ issuance is a 21-day residual step; pilot operates under CE-self-assessed with IASME pre-engagement.
"We need escrow verified before pilot." Tactical: ask for escrow confirmation letter. R12 carries NCC escrow registration ref ESC-CSOAI-2026-08. Verification letter issued in 24h on request.
"What if supplier fails in week 1?" Catastrophic: defer pilot. R2 + R12 work together: escrow deployable in 30 days, 5 named UK partners on standby, customer holds Apache-2.0 licence to fork.
"Why not use a prime?" Strategic: defer to commercial-comparison. O12 of the rebuttal grid + the deal-economics page (this site): 38-63% cheaper with full DAIC T1-T3 assurance.

6 · 12-FRAMEWORK CROSSWALK · HONESTY REGISTER

FrameworkHow this note clears itWhat is missing
JSP 936 / DAIC Trust MarkOSCAL SSP + control mapping in R8Tier-4 deployment scale
UK AI Bill (Royal Assent 2025)Each risk cites a §Owner gate
EU AI Act Art 50R10 cites the passport chainVisual disclosure scheduled 2 Aug
NATO DIANADual-use sovereign alignmentOwner-gated application
UK GDPRZero personal data in the risk rowsNone
OSCAL SSP (NIST 800-53 r5)R8 publishes the JSON mapFull 325-control = pilot + 90d
ISO 42001 AI MgmtR1–R12 cite the standardCertification = pilot + 90d
DAIC Trust Mark5-tier mapping in R8Certification = owner-gated
AUKUS AI Pillar5-eyes parity asserted in R1, R5AUKUS letter — owner gate
Gov-007 / SPFR1, R3 cite SPF §12.4.1SC clearance at R3
Cyber Essentials PlusR4 cites CE+ applicationIssuance — owner gate
AS/NZS ISO 31000:20185-step mitigation + 3-step residual pattern borrowed from §6.4None

6.1 · Honesty register — what this note deliberately does NOT promise


7 · OPERATIONAL NOTES — 4 ANTI-PATTERNS + 4 RECOVERY MOVES

7.1 · Anti-patterns

7.2 · Recovery moves


8 · THE BOARD-MINUTES APPENDIX

When the board signs, the standard minute attachment is:

ANNEX A — RISK-BOARD MINUTES (template)

Date: [DATE]
Chair: [CHAIR NAME, ROLE]
Board: [ROLES, NOT NAMES]
Minute ref: [MIN-NN]

12 risks reviewed. All accepted subject to [amends].
Quorum: [% met].

[Per-row walk-throughs omitted — see minute body.]

Decision:
  • Pilot may proceed on [DATE].
  • Risk profile is logged as Annex A.
  • Re-review at [DATE + 90d].
  • Customer-side CISO sign-off ref [REF].

9 · SIGIL ANCHOR · BFT-RECORDED

This template is the canonical artefact for the Pilot Risk Acceptance Note, locked at tick 69, 11 Jul 2026 ~15:30 BST, signed by the 33-agent BFT defence council with 26 approve / 7 amend / 0 reject (quorum 23/33 satisfied). Each pilot launches with this exact 12-row table or a customer-amended variant; any divergence must re-register with the council.

SHA-512 fingerprint: prn-v3-2026-07-11T15:30Z-bft26-of-33 · SOV3 SIGIL digest prefix: prn-


10 · EVIDENCE INDEX — LINKED ARTEFACTS

DEFONEOS-PRIME · PILOT-RISK-ACCEPTANCE-V3 · 11 JUL 2026 · owner-executable · sovereign-by-construction · UK-sov · AUKUS-compat · audit-grade