SPYN — Risk Register Snapshot
Generated: 2026-05-13 Project: SPYN (CMMI Level 2 · Phase: Project Monitoring and Control) Owner: Mikkel Nygaard
Per-project risk tracking, drawn from the current SPYN risk register. Severity = likelihood × impact (1–25). Reviewed at the cadence indicated by severity tier.
| ID | Risk | Likelihood | Impact | Severity | Owner | Mitigation | Review |
|---|---|---|---|---|---|---|---|
| RISK-SPYN-014 | OpenAI rate limit on AI Diary generation under launch-week load | 4 | 5 | 20 | Ahmed Mahmood Khan | Pre-provisioned enterprise quota + degrade-to-cached-persona fallback | Weekly |
| RISK-SPYN-021 | EU AI Act Article 6 reclassification narrows AI Diaries to high-risk | 2 | 5 | 10 | Head of Legal | Quarterly classification review + Article 50 disclosure already operational | Fortnightly |
| RISK-SPYN-017 | Pusher outage breaks real-time comments and reactions | 2 | 4 | 8 | Tom Hansen | Multi-region Pusher + polling fallback after 30s WS gap | Fortnightly |
| RISK-SPYN-009 | Single-person dependency on Ahmed Mahmood Khan for backend architecture | 3 | 4 | 12 | CEO | Hire Backend Developer in flight + Tom Hansen second-on-call | Weekly |
| RISK-SPYN-024 | App Store / Play Store review delay blocks scheduled release | 3 | 3 | 9 | Lucas Ferreira | Submit 5 days before target ship + feature flag for late changes | Fortnightly |
| RISK-SPYN-002 | DPIA missing for AI Diary demographic personalisation flow | 4 | 4 | 16 | Head of Legal | DPIA drafted; Head of Legal sign-off targeted for end of week | Weekly |
How to read this
- Severity 16–25 — reviewed weekly, surfaced at every project standup.
- Severity 9–15 — reviewed fortnightly.
- Severity 4–8 — reviewed monthly.
Closed risks since last snapshot
- RISK-SPYN-011 (mitigated): OpenAI cost overrun under heavy AI Diary generation. Resolved via prompt-cache strategy; per-user cost down 38%.
- RISK-SPYN-019 (avoided): Google Vision moderation false-positive rate. Mitigated via human-review queue; ≤0.4% false-positive rate confirmed.
Drawn from pm/risk-register and the SPYN risk register in monday.com. Saved to repo as generated/risk-register-spyn-2026-05-13.md would persist the snapshot.