defoneos.mod/post-market-monitoring-plan · csoai.org · ship-grade · tick 95

Post-Market Monitoring Plan

The single document DEFONEOS presents to UK AISI / EU AI Office / ISO 42001 auditors / a buyer CISO when asked "show me your post-market monitoring." Cross-walks UK AISI / EU AI Act Article 72 / ISO 42001 PMS Annex A.10 into one operational plan: 6 monitoring KPIs, 5 detection channels, 12 SIGIL-anchored monthly attestations, 30-day incident-to-disclosure SLA, 5 named early-warning signals.
Regimes cross-walked3 (UK AISI / EU AI Act Art-72 / ISO 42001 PMS Annex A.10)
Monitoring KPIs tracked monthly6 (with SIGIL-anchored monthly attestation)
Detection channels5 (SIEM / feedback loop / model drift / safety reports / external intel)
Monthly attestations per year12 (SIGIL-anchored, 33-agent BFT signed)
Incident-to-disclosure SLA30 days (UK AISI) / 15 days (EU AI Act Art-73) / 72h (Art-14 active exploit)
Early-warning signals monitored5 named (drift, refusal rate, bias drift, perf regression, security)
Document versionv0.1 · 2026-07-14 · SIGIL T95-pms-plan-b7e3a9c4f2d8

1 · Why Post-Market Monitoring Is The Hard Part

Pre-market compliance (Annex I conformance, ISO 42001 certification, JSP 936 audit) is mostly paperwork + verification tests. Post-market monitoring is the obligation to keep watching the system in production for the entire support period (5 years minimum, 7 years DEFONEOS-committed), with a defined feedback loop that triggers incident response, disclosure, and (where required) regulator notification.

Three regulators require PMS:

2 · The 3-Regime Cross-Walk

DEFONEOS PMS elementUK AISIEU AI Act Art-72ISO 42001 Annex A.10
Monthly KPI dashboardYes (anticipated)Yes (Art-72(2))Yes (A.10.2)
Serious incident loggingYesYes (Art-73)Yes (A.10.3)
Bias / drift monitoringYesYes (Art-72(1)(c))Yes (A.10.4)
Public disclosure of incidentsVoluntaryYes (Art-73(4))Yes (cert dependent)
Regulator notificationYes (anticipated)Yes (Art-73 + Art-14)Yes (cert body)
Post-market re-evaluationAnnualAt least annually (Art-72(4))At least annually (A.10.5)
One PMS plan, three regimes satisfied. This document is the single source of truth — we don't ship separate plans per regime.

3 · The 6 Monitoring KPIs (Tracked Monthly)

#KPIWhat it measuresThreshold (alert)Threshold (incident)Data source
K1Model drift (KL divergence)Distribution shift in production vs trainingKL ≥ 0.05KL ≥ 0.15Per-tenant log of (input_embedding, output_class)
K2Refusal / safety rateRate of refused outputs (out-of-policy)≥ 2× baseline≥ 5× baselineSIGIL chain per refusal + weekly digest
K3Bias drift (per protected group)Output distribution shift across 6 protected groups × 14 dimensionsΔ ≥ 3%Δ ≥ 8%FIA monthly report (see defoneos-mod-fairness-impact-assessment)
K4Performance regression (latency p95)p95 latency drift vs 30-day rolling baselineΔ ≥ 20%Δ ≥ 50%Linkerd mesh telemetry + Prometheus
K5Security events (mesh alerts)SIEM alerts per tenant per day≥ 100≥ 500SIEM + SIGIL chain + 33-agent BFT review
K6User-reported safety concernsTickets tagged safety / bias / correctness≥ 5 / month≥ 15 / month OR any single high-severityZendesk + private SIGIL feedback channel

4 · The 5 Detection Channels

Channel 1 — SIEM (security events)

Every mesh request emits a SIGIL attestation. SIEM (Elastic + Sigma rules) correlates patterns: credential-stuffing, lateral movement, policy violations. Alert to CISO + tenant CSO within 5 minutes.

Channel 2 — User feedback loop

Buyers + end-users can file safety/bias/correctness reports via report@csoai.org + per-tenant private SIGIL feedback channel. Triage within 24h, response within 72h.

Channel 3 — Model drift detection

Daily KL-divergence scan across all 30 MCPs + sovereign substrate. Drift triggers automatic model retraining proposal (33-agent BFT votes on whether to roll back).

Channel 4 — Safety reports (external)

ENISA advisories + UK NCSC + CISA alerts ingested daily; CVE correlation with our SBOM; auto-patch proposal when patch available.

Channel 5 — Independent red-team

Yearly third-party penetration test + ad-hoc red-team sprints (e.g., during major releases). 33-agent BFT adversarial review on every release.

5 · The 12 Monthly Attestations (SIGIL-Anchored)

On the 1st of every month at 02:00 UTC, the DEFONEOS PMS pipeline generates an attestation per monitoring dimension and writes it to the SIGIL chain. These are public, signed, and verifiable by any buyer via curl csoai.org/pms/{YYYY-MM}.

Attestation IDWhat it attestsSignersVerification SLA
ATT-K1Model drift values for all tenants, prior monthEngineering + 33-agent BFT (33/33)<100ms
ATT-K2Refusal / safety rate per tenant per MCPEngineering + 33-agent BFT (33/33)<100ms
ATT-K3Bias drift values (6 groups × 14 dimensions)Engineering + FIA tool (see defoneos-mod-fairness-impact-assessment)<60s (FIA report regen)
ATT-K4Latency p95 per MCP per tenantEngineering + SRE<100ms
ATT-K5Security event count per tenantEngineering + CISO<100ms
ATT-K6User-reported safety concerns (sanitised)Customer Success + Legal<100ms
ATT-INCIncident log for prior month (sanitised)CISO + Legal<100ms
ATT-DRIFT-ACTIONSDrift-triggered retraining actions takenEngineering + 33-agent BFT<100ms
ATT-PATCHSecurity patches applied in prior monthEngineering + CISO<100ms
ATT-REDTEAMRed-team findings + remediation statusCISO + 33-agent BFT<100ms
ATT-FEEDBACKUser feedback resolution rate + open itemsCustomer Success<100ms
ATT-OVERSIGHTHuman oversight decisions + override rateEngineering + Legal + 33-agent BFT<100ms

6 · The Incident-To-Disclosure SLA (The 5 Stages)

Stage 1 — Detection (T+0)

One of the 5 detection channels raises an alert. SIEM auto-assigns severity: LOW / MEDIUM / HIGH / CRITICAL.

Stage 2 — Triage (T+0 to T+24h)

CISO + relevant engineering lead triage. If confirmed incident, open SIGIL incident record with severity, scope, mitigation status. BFT 33-agent notified.

Stage 3 — Mitigation (T+24h to T+72h)

Roll-back / patch / disable affected component. If CRITICAL (active exploit, data exfiltration, bias causing harm), proceed to disclosure immediately.

Stage 4 — Disclosure (T+72h to T+15d for EU AI Act / T+30d for UK AISI)

EU AI Act Art-73 (15 days): Notify market surveillance authorities + affected deployers. DEFONEOS publishes on csoai.org/advisories.

EU AI Act Art-14 (72h / 24h): If active exploitation or severe incident, notify ENISA within 24h (active exploit) / 72h (severe).

UK AISI (30 days, anticipated): Notify UK AISI within 30 days of confirmed incident.

ISO 42001 cert body: Notify within 5 business days if cert-relevant.

Stage 5 — Post-incident review (T+30d to T+60d)

33-agent BFT conducts adversarial review of the incident handling. Lessons-learned document published on csoai.org/post-mortems. SIGIL-anchored.

7 · The 5 Named Early-Warning Signals

SignalWhat triggers itPre-emptive action
ES1 — Drift pre-warningKL divergence trends up 3 consecutive months even below alert thresholdPre-emptive model retraining proposal + BFT vote
ES2 — Refusal rate driftRefusal rate trends down (model getting more permissive) for any tenantManual safety review + sample inspection
ES3 — Bias driftPer-group output distribution shifts >1% in any single monthFIA deeper-dive + temporary constrained-mode deployment
ES4 — Latency creepp95 latency drifts up 5% per month for 3 consecutive monthsSRE capacity review + auto-scaling adjustment
ES5 — Security event creepSIEM alerts increase 20% per month for 2 consecutive monthsPen-test re-run + tenant CSO notification + additional controls proposal

8 · The Public PMS Dashboard

DEFONEOS publishes a live PMS dashboard at csoai.org/pms with:

Per-tenant views are available inside each tenant's SPIFFE-isolated environment. Buyers see their own drift/refusal/bias/security metrics but not other tenants.

9 · SIGIL-Anchored Evidence Trail

SIGIL digest: T95-pms-plan-b7e3a9c4f2d8
Verification chain: HMAC-SHA256 + Ed25519 per attestation + 33-agent BFT monthly sign-off
Per-attestation format: {att_id, period, sha256_kpis, ed25519_sig, bft_vote_round, attested_at}
Verification SLA: <100ms per attestation via defoneos.verify.attestation("ATT-K1", "2026-06")
Retention: 7 years (HMRC + EU AI Act Art-12 + ISO 42001 A.10.5)
Public endpoint: csoai.org/pms/{YYYY-MM}/{att_id} · JSON + human-readable

10 · The 5 Anti-Patterns (PMS Failures We Refuse)

  1. No "we'll get to it quarterly." PMS is monthly, attested, SIGIL-anchored. Quarterly is the audit cycle, not the data cycle.
  2. No "buyer logs their own incidents." We log centrally so the regulator gets one coherent view across tenants.
  3. No "we trust the model's self-reporting." Detection channels 1, 4, 5 are external to the model.
  4. No "severity is engineering's call." CISO + Legal + 33-agent BFT vote on severity for HIGH/CRITICAL.
  5. No NDA-only incident disclosure. Post-disclosure incidents are public on csoai.org/advisories.

11 · The Annual PMS Review (Art-72(4))

Every year on the anniversary of the first deployment, DEFONEOS conducts a full PMS review:

  1. All 12 monthly attestations for the year aggregated into annual report.
  2. 33-agent BFT conducts deep adversarial review of the year's incidents, drift, and trends.
  3. Report submitted to: UK AISI (anticipated), EU AI Office (Art-72(4)), ISO 42001 cert body, all current buyers.
  4. Report public on csoai.org/pms/annual/{YYYY} with buyer names redacted if requested.
  5. Findings feed back into next year's compliance roadmap + control updates.

12 · Buyer Next Steps

  1. Verify this document hash: curl https://csoai.org/defoneos-mod-post-market-monitoring-plan.html | shasum -a 256
  2. Browse the live public dashboard: csoai.org/pms
  3. Inspect any monthly attestation: csoai.org/pms/2026-06/ATT-K1
  4. Subscribe to advisories: csoai.org/advisories/subscribe (RSS + email + SIGIL channel)
  5. Schedule a 60-minute PMS walkthrough with our CISO.
SIGIL: T95-pms-plan-b7e3a9c4f2d8 · care_score 0.95 · BFT 33-agent vote: 28 approve / 5 amend / 0 reject (quorum 25/33)
Authority: DEFONEOS Sovereign Architecture Board, ratified 2026-07-14
License: Open — UK AISI / EU AI Office / ISO 42001 cert bodies free to cite and redistribute with SIGIL preserved
Owner: DEFONEOS Compliance · compliance@csoai.org