T95-pms-plan-b7e3a9c4f2d8Pre-market compliance (Annex I conformance, ISO 42001 certification, JSP 936 audit) is mostly paperwork + verification tests. Post-market monitoring is the obligation to keep watching the system in production for the entire support period (5 years minimum, 7 years DEFONEOS-committed), with a defined feedback loop that triggers incident response, disclosure, and (where required) regulator notification.
Three regulators require PMS:
| DEFONEOS PMS element | UK AISI | EU AI Act Art-72 | ISO 42001 Annex A.10 |
|---|---|---|---|
| Monthly KPI dashboard | Yes (anticipated) | Yes (Art-72(2)) | Yes (A.10.2) |
| Serious incident logging | Yes | Yes (Art-73) | Yes (A.10.3) |
| Bias / drift monitoring | Yes | Yes (Art-72(1)(c)) | Yes (A.10.4) |
| Public disclosure of incidents | Voluntary | Yes (Art-73(4)) | Yes (cert dependent) |
| Regulator notification | Yes (anticipated) | Yes (Art-73 + Art-14) | Yes (cert body) |
| Post-market re-evaluation | Annual | At least annually (Art-72(4)) | At least annually (A.10.5) |
| # | KPI | What it measures | Threshold (alert) | Threshold (incident) | Data source |
|---|---|---|---|---|---|
| K1 | Model drift (KL divergence) | Distribution shift in production vs training | KL ≥ 0.05 | KL ≥ 0.15 | Per-tenant log of (input_embedding, output_class) |
| K2 | Refusal / safety rate | Rate of refused outputs (out-of-policy) | ≥ 2× baseline | ≥ 5× baseline | SIGIL chain per refusal + weekly digest |
| K3 | Bias drift (per protected group) | Output distribution shift across 6 protected groups × 14 dimensions | Δ ≥ 3% | Δ ≥ 8% | FIA monthly report (see defoneos-mod-fairness-impact-assessment) |
| K4 | Performance regression (latency p95) | p95 latency drift vs 30-day rolling baseline | Δ ≥ 20% | Δ ≥ 50% | Linkerd mesh telemetry + Prometheus |
| K5 | Security events (mesh alerts) | SIEM alerts per tenant per day | ≥ 100 | ≥ 500 | SIEM + SIGIL chain + 33-agent BFT review |
| K6 | User-reported safety concerns | Tickets tagged safety / bias / correctness | ≥ 5 / month | ≥ 15 / month OR any single high-severity | Zendesk + private SIGIL feedback channel |
Every mesh request emits a SIGIL attestation. SIEM (Elastic + Sigma rules) correlates patterns: credential-stuffing, lateral movement, policy violations. Alert to CISO + tenant CSO within 5 minutes.
Buyers + end-users can file safety/bias/correctness reports via report@csoai.org + per-tenant private SIGIL feedback channel. Triage within 24h, response within 72h.
Daily KL-divergence scan across all 30 MCPs + sovereign substrate. Drift triggers automatic model retraining proposal (33-agent BFT votes on whether to roll back).
ENISA advisories + UK NCSC + CISA alerts ingested daily; CVE correlation with our SBOM; auto-patch proposal when patch available.
Yearly third-party penetration test + ad-hoc red-team sprints (e.g., during major releases). 33-agent BFT adversarial review on every release.
On the 1st of every month at 02:00 UTC, the DEFONEOS PMS pipeline generates an attestation per monitoring dimension and writes it to the SIGIL chain. These are public, signed, and verifiable by any buyer via curl csoai.org/pms/{YYYY-MM}.
| Attestation ID | What it attests | Signers | Verification SLA |
|---|---|---|---|
| ATT-K1 | Model drift values for all tenants, prior month | Engineering + 33-agent BFT (33/33) | <100ms |
| ATT-K2 | Refusal / safety rate per tenant per MCP | Engineering + 33-agent BFT (33/33) | <100ms |
| ATT-K3 | Bias drift values (6 groups × 14 dimensions) | Engineering + FIA tool (see defoneos-mod-fairness-impact-assessment) | <60s (FIA report regen) |
| ATT-K4 | Latency p95 per MCP per tenant | Engineering + SRE | <100ms |
| ATT-K5 | Security event count per tenant | Engineering + CISO | <100ms |
| ATT-K6 | User-reported safety concerns (sanitised) | Customer Success + Legal | <100ms |
| ATT-INC | Incident log for prior month (sanitised) | CISO + Legal | <100ms |
| ATT-DRIFT-ACTIONS | Drift-triggered retraining actions taken | Engineering + 33-agent BFT | <100ms |
| ATT-PATCH | Security patches applied in prior month | Engineering + CISO | <100ms |
| ATT-REDTEAM | Red-team findings + remediation status | CISO + 33-agent BFT | <100ms |
| ATT-FEEDBACK | User feedback resolution rate + open items | Customer Success | <100ms |
| ATT-OVERSIGHT | Human oversight decisions + override rate | Engineering + Legal + 33-agent BFT | <100ms |
One of the 5 detection channels raises an alert. SIEM auto-assigns severity: LOW / MEDIUM / HIGH / CRITICAL.
CISO + relevant engineering lead triage. If confirmed incident, open SIGIL incident record with severity, scope, mitigation status. BFT 33-agent notified.
Roll-back / patch / disable affected component. If CRITICAL (active exploit, data exfiltration, bias causing harm), proceed to disclosure immediately.
EU AI Act Art-73 (15 days): Notify market surveillance authorities + affected deployers. DEFONEOS publishes on csoai.org/advisories.
EU AI Act Art-14 (72h / 24h): If active exploitation or severe incident, notify ENISA within 24h (active exploit) / 72h (severe).
UK AISI (30 days, anticipated): Notify UK AISI within 30 days of confirmed incident.
ISO 42001 cert body: Notify within 5 business days if cert-relevant.
33-agent BFT conducts adversarial review of the incident handling. Lessons-learned document published on csoai.org/post-mortems. SIGIL-anchored.
| Signal | What triggers it | Pre-emptive action |
|---|---|---|
| ES1 — Drift pre-warning | KL divergence trends up 3 consecutive months even below alert threshold | Pre-emptive model retraining proposal + BFT vote |
| ES2 — Refusal rate drift | Refusal rate trends down (model getting more permissive) for any tenant | Manual safety review + sample inspection |
| ES3 — Bias drift | Per-group output distribution shifts >1% in any single month | FIA deeper-dive + temporary constrained-mode deployment |
| ES4 — Latency creep | p95 latency drifts up 5% per month for 3 consecutive months | SRE capacity review + auto-scaling adjustment |
| ES5 — Security event creep | SIEM alerts increase 20% per month for 2 consecutive months | Pen-test re-run + tenant CSO notification + additional controls proposal |
DEFONEOS publishes a live PMS dashboard at csoai.org/pms with:
Per-tenant views are available inside each tenant's SPIFFE-isolated environment. Buyers see their own drift/refusal/bias/security metrics but not other tenants.
{att_id, period, sha256_kpis, ed25519_sig, bft_vote_round, attested_at}defoneos.verify.attestation("ATT-K1", "2026-06")csoai.org/pms/{YYYY-MM}/{att_id} · JSON + human-readable
csoai.org/advisories.Every year on the anniversary of the first deployment, DEFONEOS conducts a full PMS review:
csoai.org/pms/annual/{YYYY} with buyer names redacted if requested.curl https://csoai.org/defoneos-mod-post-market-monitoring-plan.html | shasum -a 256csoai.org/pmscsoai.org/pms/2026-06/ATT-K1csoai.org/advisories/subscribe (RSS + email + SIGIL channel)compliance@csoai.org