Coverage calendar

Zeph Tech 2023–2025 coverage calendar

Every desk keeps a month-by-month implementation plan so operators can validate compliance, procurement, and delivery milestones before they commit budgets.

Use the cards below to review the full guidance archive for each pillar or return to the homepage summary for the current quarter spotlight.

Full archive

Complete coverage roadmap for AI, cybersecurity, infrastructure, and developer teams

Each checklist, procurement milestone, and regulatory deadline below links directly to the underlying Zeph Tech briefing so operations, security, and platform leaders can execute with confidence.

AI Tools & Automation

January 2023: Stand up AI risk governance using the NIST AI Risk Management Framework 1.0 analysis and companion Playbook.
October 2023: Document compute reporting thresholds and safety testing plans with the White House AI Executive Order briefing before commissioning foundation model training.
February 2024: Coordinate evaluation roadmaps with the NIST AI Safety Institute Consortium launch so internal red-teaming aligns with federal baselines.
March 2024: Stand up Chief AI Officer governance boards and risk assessments using the OMB M-24-10 directive analysis.
April 2024: Apply the Claude 3 enterprise control library to refresh model inventories and SOC integrations.
May 2024: Deploy OpenAI GPT-4o guardrails from our governance blueprint before copilots reach customer workloads.
June 2024: Align WWDC Apple Intelligence announcements with the dual on-device and private cloud oversight plan.
July 2024: Sequence Claude 3.5 Sonnet launch controls and apply the Department of Labor worker-well-being principles before expanding copilots.
August 2024: Inventory banned use cases ahead of the EU AI Act prohibitions detailed in our compliance memo.
September 2024: Coordinate reporting workflows with the new EU AI Office operating mandate.
October 2024: Extend GPT-4o mini procurement checks to every general-purpose assistant in production.
November 2024: Reconcile model risk findings with the Claude 3 enterprise control set before year-end certifications.
December 2024: Refresh commercialization criteria from the Sonnet go-to-market briefing prior to holiday launches.
January 2025: Finalize prohibited-system retirement plans against the February EU AI Act deadline covered in Zeph Tech guidance.
February 2025: Stand up serious-incident reporting and transparency workflows required once the Act’s bans activate.
March 2025: Refresh procurement, risk, and supplier oversight with the EU AI Act prohibited-practices playbook and GPAI transparency roadmap ahead of midyear attestations.
April 2025: Pre-stage AI SaaS vendor inventories so the telemetry guardrails in our AI supply chain briefing land cleanly across SOC and procurement teams.
May 2025: Deploy the AI SaaS supply-chain guardrails, linking telemetry, runbooks, and SOC 2 evidence before renewal negotiations.
June 2025: Dry-run consumer notices and appeals with the Tennessee Elvis Act enforcement memo so right-of-publicity controls are live before go-to-market pushes.
July 2025: Enforce Tennessee’s right-of-publicity safeguards, updating marketing and licensing workflows per the state enforcement analysis.
August 2025: Meet EU AI Act GPAI transparency, incident reporting, and documentation duties using the August enforcement roadmap.
September 2025: Run EU Data Act switching drills with the cloud portability briefing, rehearsing the 30-day Article 23 switching window and documenting how export tooling meets the phased fee caps.
October 2025: Finalize Colorado SB24-205 documentation with the state AI Act readiness guide, locking risk management programmes, impact assessments, and 90-day Attorney General incident reporting pipelines before February 2026 enforcement.
November 2025: Align developer–deployer contracts and escalation matrices with the Colorado SB 24-205 readiness guide, embedding pass-through clauses, AG notice owners, and safe-harbour evidence requests before turnover.
December 2025: Audit consumer notice journeys and annual impact assessments using the Colorado AI Act readiness briefing so discrimination safeguards and 90-day reporting packets withstand pre-enforcement reviews.

Cybersecurity & Privacy

April 2023: Update product roadmaps to meet CISA’s secure-by-design principles before pursuing federal or critical infrastructure contracts.
December 2023: Rehearse SEC Form 8-K Item 1.05 reporting workflows with Zeph Tech’s disclosure rule analysis and the SEC disclosure source extracts so materiality determinations stay within four business days.
April 2024: Determine CIRCIA covered-entity status with Zeph Tech’s NPRM breakdown and enforce telecom identity safeguards from the CSRB Lapsus$ report.
May 2024: Finish mapping program charters to NIST CSF 2.0, updating governance boards before budget submissions.
June 2024: Close secure-by-design remediation items using the vendor accountability scorecard.
July 2024: Apply the OpenSSH regression response plan, PRC living-off-the-land hunting, and OT segmentation guidance.
August 2024: Monitor PRC tradecraft via the joint CISA/FBI advisory mapping while preparing disclosure committee responses using the SEC comment letter analysis.
September 2024: Ready EU programs for the NIS2 transposition deadline and document board briefings.
October 2024: Use Zeph Tech’s Zero Trust platform comparison and SIEM benchmark to negotiate FY25 renewals.
November 2024: Document residual risk and detection debt uncovered during October vendor negotiations so regulators see quantified roadmaps.
December 2024: Brief boards on Digital Operational Resilience Act requirements using the January enforcement checklist and DORA enforcement source extracts.
January 2025: Kick off DORA control uplift alongside third-party fraud analytics planning with the incident-classification source extracts guiding severity triggers.
February 2025: Validate critical infrastructure detection pipelines using the threat hunting brief.
March 2025: Execute PCI DSS 4.0 and fraud analytics final-mile tasks.
April 2025: Complete NYDFS Part 500 uplift using the cyber amendment briefing so board certifications arrive before the spring attestation window closes.
May 2025: Publish post-quantum migration roadmaps aligned to the quantum-ready encryption playbook and begin supplier attestations.
June 2025: Decommission Windows 10 assets and validate compensating controls following Zeph Tech’s end-of-support remediation guide.
July 2025: Build Minnesota Consumer Data Privacy Act DSAR and opt-out workflows with the state privacy enforcement analysis.
August 2025: Ensure radio equipment security gating covers encryption, vulnerability disclosure, and incident logging in line with the EU Radio Equipment Directive cybersecurity mandate.
September 2025: Deliver SEC cyber disclosure year-one retrospectives using the Zeph Tech compliance briefing, mapping comment-letter demands for Item 1C board oversight and four-day Item 1.05 evidence.
October 2025: Harden OT segmentation and remote access controls using the NIST SP 800-82 Rev. 3 winter readiness briefing so DOE and CISA oversight teams see documented mitigations ahead of peak demand.
November 2025: Launch CMMC-focused subcontractor oversight and evidence collection using the NIST SP 800-171 Rev 3 defense industrial base briefing so Rev 3 controls and flow-down clauses are audit-ready.
December 2025: Package board updates and SEC Form 8-K rehearsal evidence with the SEC cyber disclosure research extracts to show Item 1C oversight and 1.05 response playbooks are complete.

Infrastructure & Resilience

September 2023: Build guardrail compliance plans with the CHIPS national security final rule briefing so incentive recipients avoid prohibited expansions.
December 2023: Update defence supply dashboards with the BAE Systems CHIPS funding briefing to track domestic RF capacity upgrades.
March 2024: Incorporate the Intel CHIPS incentive milestones into multi-foundry risk models and allocation planning.
April 2024: Blend TSMC’s Arizona incentives with the Samsung Taylor award to rebalance advanced packaging and trusted foundry contingencies.
May 2024: Lock Blackwell preorder quantities and facility upgrades with the March NVIDIA roadmap as the supply chain sets lead times.
June 2024: Align MI325X and MI350 procurement phasing with the AMD cluster brief before budget cycles close.
July 2024: Finalize Blackwell facility upgrades from our NVIDIA roadmap as TSMC expands CoWoS lines.
August 2024: Stage Gaudi 3 bring-up labs using Zeph Tech integration milestones.
September 2024: Reconcile advanced packaging allocations across Intel, Samsung, and TSMC partners ahead of Q4 ramps.
October 2024: Update power and cooling models with Blackwell B200/GB200 telemetry as outlined in the March roadmap.
November 2024: Negotiate accelerator lease renewals using the MI325X price and lead-time bands we published in June.
December 2024: Lock 2025 capex by cross-walking vendor commitments against Gaudi 3 interoperability testing results.
January 2025: Validate spare-part and RMA coverage for mixed NVIDIA, AMD, and Intel fleets before Lunar New Year shutdowns.
February 2025: Exercise disaster-recovery runbooks that pair GPU clusters with hardened OT environments from our OT security advisory.
March 2025: Fold GlobalFoundries’ Malta expansion milestones into CHIPS allocation models using the Zeph Tech infrastructure briefing.
April 2025: Sequence region build-outs and interconnect upgrades with the AWS global infrastructure roadmap so procurement and facilities stay synchronized.
May 2025: Incorporate Microsoft’s resilience expansion program into capacity planning through the resilience expansion analysis.
June 2025: Adjust network failover and carbon reporting assumptions with the Google regional resilience roadmap.
July 2025: Align transmission monitoring and dynamic line ratings with FERC Order 881 requirements via the ambient-adjusted rating compliance briefing.
August 2025: Update supply chain dashboards with the CISA CHIPS supply-chain framework before FY26 incentive reporting.
September 2025: Model maritime emissions charges and logistics buffers using the EU ETS shipping allowance deadline briefing so 40 percent of 2024 voyage emissions are covered by surrendered allowances.
October 2025: Refresh water and emergency response playbooks for utilities and data centers with the AWIA emergency response update while reconciling maritime emissions budgets against the EU ETS shipping allowance briefing to stay ahead of customs reviews.
November 2025: Lock in OT segmentation, remote access, and monitoring controls with the NIST SP 800-82 Revision 3 infrastructure update so utilities and plants meet winter oversight expectations.
December 2025: Document EU Data Act switching runbooks and exit tooling using the infrastructure portability briefing to show hybrid-cloud workloads can migrate without breaching Article 23 fee caps.

Developer Experience

June 2023: Enforce credential hygiene by rolling out GitHub secret scanning push protection across regulated repositories.
November 2023: Finalise policy controls and onboarding plans using Zeph Tech’s GitHub Copilot enterprise rollout briefing.
February 2024: Roll out Copilot Enterprise governance with SSO, tenant isolation, and Teams-based enablement workflows.
March 2024: Instrument priority services with OpenTelemetry SDKs and collectors so unified traces, metrics, and logs flow into observability pipelines.
April 2024: Stand up GitHub code scanning autofix jobs and roll out GitHub Advanced Security for Azure DevOps so detection baselines are unified.
May 2024: Roll Copilot Extensions guardrails from our governance briefing into developer onboarding.
June 2024: Push autofix SLAs into CI/CD policy code using the April remediation checklist.
July 2024: Harden workspace authentication and billing scopes per the Copilot governance research.
August 2024: Model Python 3.13 upgrade impact ahead of the release readiness timeline.
September 2024: Dry-run developer platform chaos exercises alongside the Python upgrade rehearsal.
October 2024: Capture Python 3.13 beta feedback and feed it back into the readiness backlog.
November 2024: Freeze Copilot automation scopes before change freezes using the May governance controls.
December 2024: Ship the updated OMB M-24-04 attestation package—catalogue critical software, align contract language, map signed forms to inventories, and rehearse resubmission triggers before agencies enforce the critical software deadline.
January 2025: Begin CMP schema reviews that will culminate in the Consent Mode v2 rollout.
February 2025: Stage Consent Mode experiments while packaging SDK updates and the AdSense crawl readiness checklist.
March 2025: Validate OpenJDK 25 regression tests and container images using Zeph Tech’s OpenJDK GA briefing.
April 2025: Coordinate Node.js 18 deprecation and long-term support migration with the Node 18 end-of-life guide.
May 2025: Launch Consent Mode v2 instrumentation and analytics guardrails following the Zeph Tech rollout checklist.
June 2025: Integrate insights from the Stack Overflow Developer Survey analysis into hiring, tooling, and enablement roadmaps.
July 2025: Align IDE, language, and package investment strategies with the Stack Overflow Developer Survey analysis.
August 2025: Start Node.js 22 LTS rehearsal upgrades using the Node 22 readiness briefing.
September 2025: Capture beta telemetry and fix-forward issues discovered during the Node 22 rehearsals, continuing to reference Zeph Tech’s upgrade guidance.
October 2025: Promote Node.js 22 to production with the LTS upgrade plan while locking in audit evidence.
November 2025: Manage PHP 8.2 security support retirement and plan 8.3 migrations with the Zeph Tech PHP end-of-support briefing.
December 2025: Finalize Python 3.9 decommissioning and dependency cleanup using the Python 3.9 EOL guidance.