EU AI Act Article 50 — 20 days to seal | Get passport
Co-pilot commercial pack · Post-pilot closeout · Owner-executable

Post-Pilot Lessons Learned

The signed post-pilot lessons-learned template. Five sections, ten rows each, two reviewers, one signed PDF. Designed to be filled in the 30 minutes after pilot close, then archived into the evidence-room bundle.

5sections
10rows per section
2reviewers
1signed PDF
Use now: open this page during the 30 minutes after pilot close, fill each row with one concrete fact, and have both reviewers sign before the renewal or closeout decision.

Purpose of this template

A lessons-learned document is the most undervalued artefact in a pilot cycle. This template forces a structured reflection without dragging the owner into a multi-day debrief. Five sections, ten rows each, two reviewers, one signed PDF.

Section 1 - What we said we would do

The first section is the agreed scope from the contract award letter and the day-0 runbook. Use it as the baseline.

RowCommitted outcomeOwnerDate committed
1.1Work package 1 - evidence and controls delivered.OwnerDay 0
1.2Work package 2 - public-source integration demo operational.OwnerDay 0
1.3Work package 3 - assurance and procurement route signed off.OwnerDay 0
1.4OSCAL-ready control map attached to evidence-room bundle.OwnerDay 15
1.5Human oversight log maintained for every AI-assisted recommendation.Owner + BuyerDay 0
1.6Red-line register signed and reviewed at every decision gate.OwnerDay 0
1.7Named buyer stakeholder trained to use the audit log.OwnerDay 30
1.8All pilot pages and evidence artefacts return HTTP 200 from canonical URLs.OwnerDay 0
1.9Midpoint review held with named buyer contact.Owner + BuyerDay 30
1.10Final go or no-go report issued to buyer.OwnerDay 90

Section 2 - What actually happened

The second section is the actual delivery against the baseline. Each row states the gap and the evidence reference.

RowOutcome deliveredGap vs commitmentEvidence ref
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10

Section 3 - What worked

The third section is the things that worked and should be repeated in the next pilot. Be specific about why each thing worked.

RowWhat workedWhy it workedReusable pattern
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10

Section 4 - What did not work

The fourth section is the things that did not work and should not be repeated. Be specific about why each thing failed.

RowWhat failedWhy it failedReplacement pattern
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10

Section 5 - What we will do differently next time

The fifth section is the changes that will be made in the next pilot cycle. Each row should be a concrete, dated commitment.

RowChangeOwnerDate to apply
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10

Reviewer sign-off

Both reviewers must sign before this document joins the evidence-room bundle.

Reviewer roleNameDateSignature
Pilot owner
Buyer-side named contact

Where this artefact travels

The signed lessons-learned PDF becomes a permanent part of the evidence-room bundle and is referenced in every future pilot of the same buyer or framework route.

12-framework crosswalk

Every page in this tick is written as an owner-executable artefact and an audit trail. These mappings are design mappings, not third-party certifications.

FrameworkHow this page mapsHonesty status
EU AI ActTransparency, human oversight, logging, post-market monitoring, and high-risk discipline when a workflow crosses into regulated public-service use.Designed control language. Verify per-buyer before external submission.
GDPR and UK GDPRData minimisation, lawful basis notes, retention windows, subject-access response path, and no personal-surveillance pattern.Designed control language. Verify per-buyer before external submission.
JSP 936Assurance case language, operator accountability, safety case evidence, and escalation logging suitable for UK defence AI review.Designed control language. Verify per-buyer before external submission.
JSP 440Protective marking, supplier-security posture, evidence handling, and separation of public facts from owner-gated sensitive data.Designed control language. Verify per-buyer before external submission.
NIST AI RMFMap, Measure, Manage, and Govern rows for every buyer artefact, with clear residual-risk ownership.Designed control language. Verify per-buyer before external submission.
ISO 42001AI management-system controls, role ownership, change control, review cadence, and documented competence.Designed control language. Verify per-buyer before external submission.
NIST PQCCryptographic-agility language, no false PQC certification claim, and upgrade path for signed evidence bundles.Designed control language. Verify per-buyer before external submission.
NATO STANAGInteroperability language only, no NATO endorsement claim, and neutral alliance-compatible evidence formatting.Designed control language. Verify per-buyer before external submission.
AUKUS Pillar IIAUKUS-compatible technology framing only, no partnership claim unless a signed letter exists.Designed control language. Verify per-buyer before external submission.
OSCALMachine-readable control catalogue and component-definition path for the evidence room.Designed control language. Verify per-buyer before external submission.
Five Eyes export disciplinePublic-source and EAR/ITAR awareness note, no controlled technical data in this page.Designed control language. Verify per-buyer before external submission.
C2PA 2.0Content provenance, artefact signing, and media lineage notation for decks, screenshots, and demo recordings.Designed control language. Verify per-buyer before external submission.

Honesty register

The register below is deliberately explicit so this page stays usable in a UK-sovereign procurement conversation without overclaiming.