EU AI Act Article 50 — 20 days to seal | Get passport
Co-pilot buyer activation pack

48h Follow-Up Sequence

The literal post-meeting sequence for the first 48 hours after a public-sector or defence-AI conversation: one thread, one ask, one evidence object, no overclaiming.

6timed actions
4reply classes
90dmax nurture window
0endorsement claims
Use now: open this page during the owner workflow, copy the relevant block, verify the honesty register, then log the result in the DEFONEOS CRM. This is designed for a 30 minute action window, not for passive reading.

48-hour operating principle

A first MOD or public-sector conversation is not won by sending a large deck. It is won by returning the buyer to the exact problem they named, with a small proof object and a clean next step.

Send sequence table

The table below is the default post-meeting sequence. The owner may skip steps when a buyer gives a direct instruction.

WindowActionOwner
0 to 30 min after meetingSend same-day thank-you with one precise next-step ask. Attach no more than two links. Log buyer signal score before sending.Owner
2 hoursIf no acknowledgement and meeting ended positively, send the promised artefact only. No pressure.Owner
24 hoursSend the evidence-room link and a 3-bullet summary of buyer pain, agreed constraint, and proposed pilot route.Owner
48 hoursSend commercial next-step: pricing card, SoW page, and a 20-minute technical validation slot.Owner
7 daysSend a single useful object: risk register, procurement route, or stakeholder brief. If no reply, move to nurture.JEEVES draft plus owner send
14 daysEscalate only through public procurement or warm referral. Never spam.Owner

Email 1 — same-day thank-you

Copy this after a call. Replace the bracketed fields and do not add a deck unless the buyer requested it.

Subject: DEFONEOS follow-up — [buyer problem] and [next step]

Thank you for the conversation today. I heard three constraints:
1. [constraint 1 in the buyer words]
2. [constraint 2 in the buyer words]
3. [constraint 3 in the buyer words]

The smallest useful next step is a 90-day sovereign pilot scoped around [use case], with evidence limited to public-source integration, audit-grade logging, and no personal surveillance.

I have put the proof points here:
- Evidence room: https://csoai-static-deploy2.vercel.app/defoneos-mod-evidence-room-index
- Pricing card: https://csoai-static-deploy2.vercel.app/defoneos-mod-pricing-card-onepager
- SoW builder: https://csoai-static-deploy2.vercel.app/defoneos-mod-meeting-notes-to-sow

Would a 20-minute technical validation slot on [two date options] be useful, or should I route this to [named team] instead?

Regards,
Nicholas Templeman
CSOAI Ltd 16939677
DEFONEOS — sovereign by design, audit-grade, signed, neutral

Reply classification

Classify every reply before sending anything else. This prevents the owner from over-talking after a useful first signal.

SignalScore deltaNext move
GREEN technical questionplus 25Answer in 5 bullets and ask for validation slot
GREEN procurement routeplus 30Send acquisition pathway and pricing card
AMBER deck requestplus 8Send 8-page evidence-room route, not a 40-page deck
RED no routeminus 100Thank them, ask for correct route once, then stop
UNKNOWN auto-responsezeroReschedule follow-up based on return date

Boundary rules

These rules keep the pursuit sovereign, useful, and non-spammy.

CRM update block

Paste this into the CRM after each message.

buyer_id: [org-role-date]
state: DISCOVER or DEMO or PILLAR or PACT
last_touch: [YYYY-MM-DD HH:MM BST]
message_sent: [same-day thanks or 24h evidence or 48h commercial]
proof_links: [links]
signal_score_delta: [number]
next_action: [one action]
honesty_flag: public facts only, no endorsement claim, no sensitive data

Buyer-specific follow-up variants

Use the same spine, but lead with the buyer pain. These variants keep the tone useful rather than noisy.

Buyer routeLead proof48h askStop condition
Dstl AI assuranceJSP 936 mapping plus evidence-room shelf mapWould a 20-minute assurance-control validation help?No named assurance owner after two touches
DASA innovation90-day pilot SoW plus DASA submission walkthroughShould this be shaped as an open-call abstract?Buyer says outside competition scope
UKDI regionalPublic-service resilience and Yorkshire digital twinWho owns regional validation for dual-use AI?Referral given or region not in remit
MOD primeReferral partner letter plus pricing cardCan DEFONEOS sit as a sovereign assurance work package?Prime requires exclusivity or unsupported clearance
NATO DIANANon-sensitive dual-use demo and alliance-compatible evidenceIs this better routed as accelerator, test-centre, or mentor review?No active challenge fit
Civil resilience buyer999 integration and no personal-surveillance registerCan we scope a local resilience demo with public data only?Operational data access required before public proof

Subject-line library

Subject lines stay short, concrete, and non-hype. Never claim official backing.

Recovery moves

When a thread stalls, use one of these recovery moves and then stop. The goal is trust, not pressure.

StallRecoveryExact line
No reply after useful callSend one evidence objectI am closing the loop with the smallest proof object we discussed. No action needed unless useful.
Send me a deckSend evidence-room routeRather than a large deck, I have put the three proof links in one evidence room so your team can verify quickly.
Budget uncertainSend capped pilot routeThe cleanest low-risk route is a capped 90-day validation with no per-seat commitment.
Security concernSend governance and red-line registerThe public demo deliberately excludes personal surveillance, controlled technical data, and kinetic-targeting patterns.
Wrong ownerAsk for routing onceIf this is not your lane, who is the right owner for sovereign AI assurance or public-source resilience pilots?

12-framework crosswalk

Every page in this tick is written as an owner-executable artefact and an audit trail. These mappings are design mappings, not third-party certifications.

FrameworkHow this page mapsHonesty status
EU AI ActTransparency, human oversight, logging, post-market monitoring, and high-risk discipline when a workflow crosses into regulated public-service use.Designed control language. Verify per-buyer before external submission.
GDPR and UK GDPRData minimisation, lawful basis notes, retention windows, subject-access response path, and no personal-surveillance pattern.Designed control language. Verify per-buyer before external submission.
JSP 936Assurance case language, operator accountability, safety case evidence, and escalation logging suitable for UK defence AI review.Designed control language. Verify per-buyer before external submission.
JSP 440Protective marking, supplier-security posture, evidence handling, and separation of public facts from owner-gated sensitive data.Designed control language. Verify per-buyer before external submission.
NIST AI RMFMap, Measure, Manage, and Govern rows for every buyer artefact, with clear residual-risk ownership.Designed control language. Verify per-buyer before external submission.
ISO 42001AI management-system controls, role ownership, change control, review cadence, and documented competence.Designed control language. Verify per-buyer before external submission.
NIST PQCCryptographic-agility language, no false PQC certification claim, and upgrade path for signed evidence bundles.Designed control language. Verify per-buyer before external submission.
NATO STANAGInteroperability language only, no NATO endorsement claim, and neutral alliance-compatible evidence formatting.Designed control language. Verify per-buyer before external submission.
AUKUS Pillar IIAUKUS-compatible technology framing only, no partnership claim unless a signed letter exists.Designed control language. Verify per-buyer before external submission.
OSCALMachine-readable control catalogue and component-definition path for the evidence room.Designed control language. Verify per-buyer before external submission.
Five Eyes export disciplinePublic-source and EAR ITAR awareness note, no controlled technical data in the page.Designed control language. Verify per-buyer before external submission.
C2PA 2.0Content provenance, artefact signing, and media lineage notation for decks, screenshots, and demo recordings.Designed control language. Verify per-buyer before external submission.

Honesty register

The register below is deliberately explicit so the artefact stays usable in a UK-sovereign procurement conversation without overclaiming.