Compliance-at-Deployment Treating compliance as a gate to pass at deployment, overlooking ongoing obligations. The AISDP is a living document, PMM operates continuously, and the risk register evolves with operational experience. Post-deployment compliance requires sustained investment (15–25% of annual development cost, ). Key outputs

• Pitfall: deployment-only compliance mindset
• Solution: continuous compliance through PMM and governance