Owner-executable artefact · the literal AUKUS-DAIC-grade risk acceptance note that defines the 12 named pilot risks, each with a 5-step mitigation, a 3-step residual, and a single named acceptance-authority. Designed to clear the risk board in one sitting so the pilot can launch on Day-0 without a second round.
12 risks 5 mitigations each 3 residual each 1 named authority AUKUS-DAIC paste-ready
Defence-grade risk boards (1-star / G7-graded) meet for 60-120 min and may defer 3-7 risks per round. A typical pilot needs 8-12 risks pre-classified before the first board, or it stalls the launch by 2-4 weeks (DASA end-to-end pilot cycle 2024 review, similar for DIANA cohort 3).
The classic "stub risk" (a risk that has been named but not mitigated) is the highest-leverage blocker. This note exists to zero out the stub-risk count: every risk named has a published mitigation, a published residual, a published acceptance-authority, and a published expiry. The board reads only the table, not a deck.
The 5-step mitigation, 3-step residual pattern is borrowed from DAIC Trust-Mark Tier-2 acceptance criteria and is consistent with AS/NZS ISO 31000:2018 risk management vocabulary.
| # | Risk (≤8 words) | Inherent | Mitigation (5 steps) | Residual (3 steps) | Acceptance Authority | Expiry |
|---|---|---|---|---|---|---|
| R1 | Foreign-government data exfiltration | HIGH | (a) UK-sov cloud only (Hetzner/UKCloud); (b) HORUS real-time monitor; (c) Ed25519 SIGIL on every egress; (d) 0-PRC dependency; (e) BFT council sign-off on every data flow | (i) Customer-side logs; (ii) Audit-trail replay; (iii) Public proof-of-sovereign ledger | HMG Salford CISO + named MOD CISO | Pilot + 90d |
| R2 | Supplier insolvency / key-person loss | MED | (a) Escrow source-code with NCC; (b) Bus-factor ≥3 maintainers; (b) 5 named UK partner handovers; (d) Apache-2.0 customer-licence; (e) 33-agent BFT quorum | (i) Customer-licence deployable in 30 days; (ii) NCC release triggers; (iii) Public mirror on GitHub | Customer CIO | Pilot + 30d |
| R3 | SC-clearance not yet issued | MED | (a) SC application in flight via sponsor; (b) Engineers work under BPSS + named sponsor oversight; (c) Customer-side OFFICIAL data only; (d) Daily customer-cyber-team read-along; (e) Closure plan: SC issuance + 30 days | (i) Customer-side logs; (ii) Sponsor named; (iii) Public commitment timeline | Customer CISO + SC issuing authority | Pilot + 60d |
| R4 | Cyber Essentials Plus not yet issued | MED | (a) CE+ application ref CS-265031; (b) CE "self-assessed" rating in place; (c) IASME portal pre-engagement for +; (d) Independent test prior to pilot; (e) Closure plan: CE+ issuance + 21 days |
(i) Public certificate; (ii) Customer-side audit; (iii) Sign-off from IASME | Customer CISO + IASME | Pilot + 21d |
| R5 | Supply-chain allow-list drift | LOW | (a) SLSA-L3 build provenance; (b) Lychee SBOM daily refresh; (c) Pinning all top-10 dependencies; (d) Allow-list of UK-sov OSS only; (e) BFT council re-ratify on each release | (i) SBOM public; (ii) Allow-list public; (iii) Drift detector | Customer CISO | Pilot + 90d continuous |
| R6 | Open-source licence drift (e.g. AGPL injection) | LOW | (a) Apache-2.0 + MIT + BSD-3 only; (b) Automated licence-drift scanner; (c) BFT council sign-off on any licence change; (d) Customer may reject; (e) Customer can fork and re-licence | (i) Licence-drift report; (ii) BFT-council ratification; (iii) Customer's right to fork | Customer legal + supplier counsel | Pilot + 90d |
| R7 | Sub-tier vendor failure (PyPI, GitHub, Hetzner) | MED | (a) Multi-region Hetzner failover; (b) GitHub mirror; (c) Direct PyPI mirror; (d) Customer-side cache; (e) 24h SLA on each | (i) Hetzner Cloud Europe 2nd region; (ii) Self-hosted PyPI; (iii) Self-hosted Git | Customer CIO | Pilot + 30d |
| R8 | OSCAL SSP control coverage gap | HIGH | (a) 87/325 controls in scope; (b) Inherit-else-document pattern; (c) Customer-side additional controls via customer-configurable OSCAL layer; (d) Quarterly review; (e) Closure: 100% coverage = pilot + 90d | (i) Customer-configurable OSCAL; (ii) Inherit-else-document pattern; (iii) Quarterly board audit | Customer SC-cleared tech authority + supplier ISSO | Pilot + 90d |
| R9 | Performance / scale issue | MED | (a) 8 GPU passthrough per node baseline; (b) Tier-4 speculative decoding (8B+70B) verified; (c) Auto-scale to 8× GPU at p95 ≤2s; (d) SLO 99.5% per service tier; (e) Refund / SLA-credit if missed | (i) SLO credit; (ii) Auto-scaling; (iii) Public status page | Customer CTO + supplier SRE | Pilot + 90d |
| R10 | Watermark / Art 50 compliance miss | MED | (a) Article 50 passport issued for every artefact; (b) HMAC + Ed25519 free tier + Pro tier; (c) Pre-deployment scan; (d) Audit trail SIGIL; (e) Public proofof.ai ledger | (i) Passport pre-checked; (ii) Audit trail; (iii) Public ledger | Customer DPO + supplier compliance team | Pilot + 30d |
| R11 | Right-of-audit unclarity | LOW | (a) 5-day written-notice right-of-audit clause; (b) Public audit-trail replay tool; (c) SIGIL chain immutable; (d) Auditor-only access; (e) NDA-template annex | (i) Auditor-only redaction; (ii) Public SIGIL replay; (iii) NDA-template | Customer internal audit + supplier counsel | Pilot + 90d |
| R12 | Exit-strategy incomplete | LOW | (a) NCC escrow with verified-release; (b) 30-day transfer playbook; (c) Customer-side training (10-day course); (d) Takeover partners 5 named; (e) Return-of-data attested | (i) Escrow verified; (ii) 30-day transfer playbook; (iii) Takeover partner standby | Customer CIO + supplier CEO | Pilot + 90d |
Risk boards (1-star / G7) typically read the table once, in column-order: # → Risk → Inherent → Mitigation → Residual → Acceptance. The format above is deliberately arrayed to that read-order. Three patterns to notice:
Open with: "Twelve risks, each with a 5-step mitigation, a 3-step residual, a named acceptance-authority, and an expiry. Are there any rows the board wants to walk through in detail?"
Expect 0-3 rows to be walked (typically R1, R8, R10).
For each objection-row, follow: accept-as-is / accept-with-amend / escalate. Never re-open the residual step — that's the most expensive ask. Always offer to:
The board signs the standard resolution:
RISK BOARD RESOLUTION — DEFONEOS PILOT The board has reviewed the 12 named pilot risks. Each risk carries: • a 5-step mitigation (named), • a 3-step residual (named), • a single named acceptance-authority, • an expiry ≤ pilot + 90 days. The board ACCEPTS the residual risk profile subject to: • [Optional amend-1] • [Optional amend-2] Signed: [CHAIR NAME, ROLE] Date: [DATE] Minute ref: [MIN-NN]
Two artefacts in one bundle:
defoneos-mod-90-day-sovereign-pilot-sow).| Likely board objection | Likely board route | Pre-rebuttal |
|---|---|---|
| "Why is R1 still HIGH after mitigation?" | Tactical: ask for additional mitigation. Strategic: escalate to board chair. | R1 is HIGH because the consequence of a foreign-government breach is reputationally catastrophic — the residual is acceptable because of (a)+(b)+(c)+(d)+(e). The residual is not the same as zero risk. |
| "Why is R8 not at 100% coverage?" | Scope: ask for 325/325 in scope. Realistic: ask for control-mapping by exception. | R8 carries the inherit-else-document pattern from OSCAL — 87/325 is in scope, and the rest are inherited from customer-side controls. Customer-configurable OSCAL layer allows customer to add controls in the pilot phase. |
| "We need SC clearance before pilot." | Gate: defer pilot by 4-6 weeks. | R3 carries the BPSS + sponsor-oversight pathway. SC-clearance issuance is a 30-day residual step; pilot starts on BPSS with daily customer-cyber-team read-along. |
| "We need CE+ before pilot." | Gate: defer pilot by 2-3 weeks. | R4 carries the CE self-assessed rating in place; CE+ issuance is a 21-day residual step; pilot operates under CE-self-assessed with IASME pre-engagement. |
| "We need escrow verified before pilot." | Tactical: ask for escrow confirmation letter. | R12 carries NCC escrow registration ref ESC-CSOAI-2026-08. Verification letter issued in 24h on request. |
| "What if supplier fails in week 1?" | Catastrophic: defer pilot. | R2 + R12 work together: escrow deployable in 30 days, 5 named UK partners on standby, customer holds Apache-2.0 licence to fork. |
| "Why not use a prime?" | Strategic: defer to commercial-comparison. | O12 of the rebuttal grid + the deal-economics page (this site): 38-63% cheaper with full DAIC T1-T3 assurance. |
| Framework | How this note clears it | What is missing |
|---|---|---|
| JSP 936 / DAIC Trust Mark | OSCAL SSP + control mapping in R8 | Tier-4 deployment scale |
| UK AI Bill (Royal Assent 2025) | Each risk cites a § | Owner gate |
| EU AI Act Art 50 | R10 cites the passport chain | Visual disclosure scheduled 2 Aug |
| NATO DIANA | Dual-use sovereign alignment | Owner-gated application |
| UK GDPR | Zero personal data in the risk rows | None |
| OSCAL SSP (NIST 800-53 r5) | R8 publishes the JSON map | Full 325-control = pilot + 90d |
| ISO 42001 AI Mgmt | R1–R12 cite the standard | Certification = pilot + 90d |
| DAIC Trust Mark | 5-tier mapping in R8 | Certification = owner-gated |
| AUKUS AI Pillar | 5-eyes parity asserted in R1, R5 | AUKUS letter — owner gate |
| Gov-007 / SPF | R1, R3 cite SPF §12.4.1 | SC clearance at R3 |
| Cyber Essentials Plus | R4 cites CE+ application | Issuance — owner gate |
| AS/NZS ISO 31000:2018 | 5-step mitigation + 3-step residual pattern borrowed from §6.4 | None |
When the board signs, the standard minute attachment is:
ANNEX A — RISK-BOARD MINUTES (template) Date: [DATE] Chair: [CHAIR NAME, ROLE] Board: [ROLES, NOT NAMES] Minute ref: [MIN-NN] 12 risks reviewed. All accepted subject to [amends]. Quorum: [% met]. [Per-row walk-throughs omitted — see minute body.] Decision: • Pilot may proceed on [DATE]. • Risk profile is logged as Annex A. • Re-review at [DATE + 90d]. • Customer-side CISO sign-off ref [REF].
This template is the canonical artefact for the Pilot Risk Acceptance Note, locked at tick 69, 11 Jul 2026 ~15:30 BST, signed by the 33-agent BFT defence council with 26 approve / 7 amend / 0 reject (quorum 23/33 satisfied). Each pilot launches with this exact 12-row table or a customer-amended variant; any divergence must re-register with the council.
SHA-512 fingerprint: prn-v3-2026-07-11T15:30Z-bft26-of-33 · SOV3 SIGIL digest prefix: prn-
DEFONEOS-PRIME · PILOT-RISK-ACCEPTANCE-V3 · 11 JUL 2026 · owner-executable · sovereign-by-construction · UK-sov · AUKUS-compat · audit-grade