The delivery process organises compliance activities into seven phases, each with a defined owner, outputs, and governance gate. Phase 1 covers discovery and classification. Phase 2 addresses risk assessment and the fundamental rights impact assessment. Phase 3 establishes architecture and design. Phase 4 manages development and testing with CI/CD integration.

Phase 5 conducts pre-deployment validation through three assessment workstreams. Phase 6 handles registration and deployment with per-jurisdiction checklists. Phase 7 establishes operational monitoring with a continuous feedback loop from post-market monitoring through to AISDP updates.

Note:

Each phase includes a governance gate that must be passed before proceeding. The gates are designed to prevent compliance debt from accumulating.