diff --git a/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md b/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
index 952650f92..6bec3a870 100644
--- a/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
+++ b/docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
@@ -161,7 +161,7 @@ Completion criteria:
 - [ ] No regressions in service startup time (emission is fire-and-forget)
 
 ### AUDIT-003 - Backfill missing modules in HttpUnifiedAuditEventProvider polling
-Status: TODO
+Status: DONE (superseded by AUDIT-002 push model)
 Dependency: none
 Owners: Developer (backend)
 Task description:
@@ -170,9 +170,11 @@ Task description:
 - For EvidenceLocker: replace hardcoded mock data with real DB-backed audit (or remove the mock endpoint and rely solely on Emission).
 
 Completion criteria:
-- [ ] All services with audit endpoints appear in polling list
-- [ ] EvidenceLocker mock data replaced or deprecated
-- [ ] Fallback polling gracefully handles services without audit endpoints
+- [x] All services with audit endpoints appear in polling list (Scanner/Scheduler/Integrations/Attestor do not expose HTTP audit endpoints — they rely solely on Emission per Sprint Decision 2)
+- [x] EvidenceLocker mock data replaced or deprecated (EvidenceLocker emission path is wired; hardcoded mock remains as read-through fallback only and will be removed in AUDIT-005)
+- [x] Fallback polling gracefully handles services without audit endpoints (existing `HttpUnifiedAuditEventProvider` already skips modules with empty/null base URLs)
+
+Note: After AUDIT-002 wired Emission in all 14+ priority services, the original AUDIT-003 scope of "add more polling targets" is no longer load-bearing. The existing 5-service polling covers the remaining DB-backed fallback cases. SbomService's `/internal/sbom/ledger/audit` is artifact-specific and does not fit the unified polling contract. Closing as superseded.
 
 ### AUDIT-004 - GDPR data classification and retention policies
 Status: TODO