C3. Residual Risk Acceptance Sign-offs Formal records of the AI Governance Lead’s acceptance of residual risk at each governance gate. Each sign-off records the specific residual risks accepted, the compensating controls in place, and the conditions under which the acceptance remains valid. Generated at Phase 1, Phase 2, Phase 3, Phase 5, and operational review gates. Retained for the ten-year period. Responsible party: AI Governance Lead signs. AI System Assessor prepares the residual risk profile. Regulations addressed: Article 9(4) (residual risk communication to deployers); Article 9(2)(a) (risk acceptance); Article 14 (human oversight, as residual risks inform oversight design). Key outputs

• Per-gate signed risk acceptance with conditions
• Deployer communication cross-reference to IFU