diff --git a/.gitea/scripts/sop-tier-check.sh b/.gitea/scripts/sop-tier-check.sh
index cab08be0c..f5504c76b 100755
--- a/.gitea/scripts/sop-tier-check.sh
+++ b/.gitea/scripts/sop-tier-check.sh
@@ -144,18 +144,14 @@ debug "tier=$TIER"
 # as unachievable (would always fail) — operators notice the clear error
 # and create the missing team.
 #
-# Current Gitea teams: ceo, engineers, managers
-# Future teams (create before removing "???" fallback): qa, security, security-audit
+# Current Gitea teams: ceo, engineers, managers, qa, security
 declare -A TIER_EXPR=(
   # tier:low — same as previous OR gate: any engineer, manager, or ceo.
   ["tier:low"]="engineers,managers,ceo"
 
-  # tier:medium — AND of (managers) AND (engineers) AND (qa???,security???)
-  # The qa+security clause requires both teams to exist; when not yet
-  # created, the PR author is responsible for adding them before requesting
-  # approval on a tier:medium PR. Ops: create qa + security Gitea teams
-  # and update this map to remove the "???" markers (internal#189 follow-up).
-  ["tier:medium"]="managers AND engineers AND qa???,security???"
+  # tier:medium — AND of (managers) AND (engineers) AND (qa,security)
+  # ≥1 approver from managers AND ≥1 from engineers AND ≥1 from qa OR security.
+  ["tier:medium"]="managers AND engineers AND qa,security"
 
   # tier:high — ceo only. The AND-composition adds no value for a
   # single-team gate, but the framework is wired for consistency.
diff --git a/.gitea/scripts/tests/test_sop_tier_check_clause_split.sh b/.gitea/scripts/tests/test_sop_tier_check_clause_split.sh
index 3671fabaf..dac8bdb81 100755
--- a/.gitea/scripts/tests/test_sop_tier_check_clause_split.sh
+++ b/.gitea/scripts/tests/test_sop_tier_check_clause_split.sh
@@ -57,12 +57,12 @@ echo "test: tier:low OR-clause splits to 3 tokens"
 assert_eq "tier:low" "engineers|managers|ceo" "$(split_clause "engineers,managers,ceo")"
 
 echo "test: tier:medium AND-expression — bash word-split on \$EXPR yields 5 tokens"
-EXPR="managers AND engineers AND qa???,security???"
+EXPR="managers AND engineers AND qa,security"
 out=""
 for _raw in $EXPR; do
   out="${out}${out:+ ; }$(split_clause "$_raw")"
 done
-assert_eq "tier:medium" "managers ; AND ; engineers ; AND ; qa???|security???" "$out"
+assert_eq "tier:medium" "managers ; AND ; engineers ; AND ; qa|security" "$out"
 
 echo "test: tier:high single-team OR-clause"
 assert_eq "tier:high" "ceo" "$(split_clause "ceo")"