# Standard Intelligence — EU AI Act Technical Documentation > 673-article implementation guide for Regulation (EU) 2024/1689 (EU AI Act). > Covers risk classification, the twelve-module AI System Documentation Package (AISDP), > conformity assessment, cybersecurity (OWASP LLM Top 10, CRA, NIS2, DORA), > post-market monitoring, human oversight, and system decommissioning. > Produced by Standard Intelligence — https://standardintelligence.com ## Full Content - [Complete documentation (plain text)](https://docs.standardintelligence.com/llms-full.txt): Full text of all 673 articles, suitable for LLM ingestion. ## Getting Started - [Data Flow](https://docs.standardintelligence.com/data-flow): Data Flow AISDP module(s): 3 (Architecture and Design) Regulatory basis: Annex IV (2)(b–e); Article 12 The AISDP requires architectural documentation that… - [Delivery Process](https://docs.standardintelligence.com/delivery-process): The delivery process organises compliance activities into seven phases, each with a defined owner, outputs, and governance gate. Phase 1 covers discovery and… - [Domain Expertise](https://docs.standardintelligence.com/domain-expertise): Domain Expertise AISDP module(s): All (contextual) Regulatory basis: N/A (guidance) Different roles require different domain expertise. The table below maps… - [EU AI Act Overview](https://docs.standardintelligence.com/eu-ai-act-overview): EU AI Act Overview AISDP module(s): All (contextual) Regulatory basis: Regulation (EU) 2024/1689 (full text) The EU AI Act (Regulation (EU) 2024/1689) is the… - [Four Risk Tiers](https://docs.standardintelligence.com/four-risk-tiers): Four Risk Tiers AISDP module(s): 1 (System Identity), 6 (Risk Management System) Regulatory basis: Articles 5, 6, 7, 50; Annex III The EU AI Act establishes a… - [Introduction](https://docs.standardintelligence.com/introduction): The introduction provides the regulatory context for the AISDP . The EU AI Act overview summarises the regulation's scope, structure, and timeline. The four… - [Key Concepts](https://docs.standardintelligence.com/key-concepts): Key Concepts AISDP module(s): All (contextual) Regulatory basis: Article 3; Articles 8–15; Annex IV Several concepts recur throughout AISDP preparation and must… - [Outcomes](https://docs.standardintelligence.com/outcomes): Outcomes AISDP module(s): All Regulatory basis: Articles 8–15, 43, 47, 48, 71, 72 The seven-phase delivery process produces a defined set of compliance… - [Penalty Structure](https://docs.standardintelligence.com/penalty-structure): Penalty Structure AISDP module(s): All (contextual) Regulatory basis: Article 99 The AI Act establishes a graduated penalty framework under Article 99,… - [Phase 1 — Discovery & Classification](https://docs.standardintelligence.com/phase-1--discovery-and-classification): Phase 1: Discovery & Classification — Owner & Outputs AISDP module(s): 1 (System Identity) Regulatory basis: Articles 3(1), 5, 6, 7, 50; Annex III Phase 1 runs… - [Phase 2 — Risk Assessment & FRIA](https://docs.standardintelligence.com/phase-2--risk-assessment-and-fria): Phase 2: Risk Assessment & FRIA — Owner & Outputs AISDP module(s): 6 (Risk Management System), 11 (FRIA) Regulatory basis: Articles 9, 27 Phase 2 runs during… - [Phase 3 — Architecture & Design](https://docs.standardintelligence.com/phase-3--architecture-and-design): Phase 3: Architecture & Design — Owner & Outputs AISDP module(s): 2 (Development Process), 3 (Architecture and Design), 4 (Data Governance), 9 (Robustness and… - [Phase 4 — Development & Testing](https://docs.standardintelligence.com/phase-4--development-and-testing): Phase 4: Development & Testing — Owner & Outputs AISDP module(s): 2 (Development Process), 4 ( Data Governance ), 5 (Testing and Validation), 9 (Robustness and… - [Phase 5 — Pre-Deployment Validation](https://docs.standardintelligence.com/phase-5--pre-deployment-validation): Phase 5: Pre-Deployment Validation — Owner & Outputs AISDP module(s): All (compilation and assessment) Regulatory basis: Articles 8–15, 17, 43; Annex IV ; Annex… - [Phase 6 — Registration & Deployment](https://docs.standardintelligence.com/phase-6--registration-and-deployment): Phase 6: Registration & Deployment — Owner & Outputs AISDP module(s): 8 (Transparency and User Information), 12 ( Post-Market Monitoring and Change History)… - [Phase 7 — Operational Monitoring](https://docs.standardintelligence.com/phase-7--operational-monitoring): Phase 7: Operational Monitoring — Owner & Outputs AISDP module(s): 12 (Post-Market Monitoring and Change History) Regulatory basis: Articles 72, 73; Annex IV… - [Roles](https://docs.standardintelligence.com/roles): Roles AISDP module(s): All (cross-cutting) Regulatory basis: Articles 9, 11, 17, 43; Annex VI AISDP preparation requires clearly assigned roles with documented… - [Steps](https://docs.standardintelligence.com/steps): Steps AISDP module(s): All (cross-cutting) Regulatory basis: Articles 8–15 (collectively) The AISDP preparation follows a seven-phase delivery workflow spanning… - [Workflow](https://docs.standardintelligence.com/workflow): The workflow section defines who does what, in what order, with what data, and to what end. Roles describes the ten governance and technical roles. Domain… ## Development - [Access Control — CI/CD Promotes; No Manual Promotion](https://docs.standardintelligence.com/access-control-cicd-promotes-no-manual-promotion): Access Control — CI/CD Promotes; No Manual Promotion AISDP module(s): Module 10 (Record-Keeping), Module 9 (Robustness and Cybersecurity) Regulatory basis:… - [AI-Specific Custom Rules — Hardcoded Threshold Detection](https://docs.standardintelligence.com/ai-specific-custom-rules-hardcoded-threshold-detection): AI-Specific Custom Rules — Hardcoded Threshold Detection AISDP module(s): Module 10 (Record-Keeping), Module 3 (Architecture and Design) Regulatory basis:… - [AI-Specific Custom Rules — Missing Logging Detection (Art. 12)](https://docs.standardintelligence.com/ai-specific-custom-rules-missing-logging-detection-art-12): AI-Specific Custom Rules — Missing Logging Detection (Art. 12) AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 12 Article 12 requires… - [AI-Specific Custom Rules — Model Registry Bypass Detection](https://docs.standardintelligence.com/ai-specific-custom-rules-model-registry-bypass-detection): AI-Specific Custom Rules — Model Registry Bypass Detection AISDP module(s): Module 10 (Record-Keeping), Module 3 (Architecture and Design) Regulatory basis:… - [AI-Specific Custom Rules (Semgrep) — Demographic Feature Flagging](https://docs.standardintelligence.com/ai-specific-custom-rules-semgrep-demographic-feature): AI-Specific Custom Rules (Semgrep) — Demographic Feature Flagging AISDP module(s): Module 4 (Data Governance), Module 6 (Risk Management System) Regulatory… - [Architecture Artefacts](https://docs.standardintelligence.com/architecture-artefacts): Statement of Business Intent (Signed) System Architecture Document (C4 Diagrams) Data Flow & Deployment Diagrams Dependency Maps Per-Layer Control… - [Auditability](https://docs.standardintelligence.com/auditability): Auditability AISDP module(s): 3, 10 Regulatory basis: Article 12 Auditability asks whether the model produces outputs that can be logged, traced, and attributed… - [Automated Documentation](https://docs.standardintelligence.com/automated-documentation): Model Cards (Per Build) AISDP module(s): Module 5 (Testing and Validation), Module 3 (Architecture and Design) Regulatory basis: Annex IV (2), Annex IV(3) Model… - [Automated Test Reports](https://docs.standardintelligence.com/automated-test-reports): Automated Test Reports AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Annex IV (3) This artefact comprises the complete set of… - [Bias Detectability](https://docs.standardintelligence.com/bias-detectability): Bias Detectability AISDP module(s): 3, 4 Regulatory basis: Article 10 Bias detectability asks whether fairness metrics can be computed at the subgroup level,… - [Bias Evaluation Reports (Pre-Training & Post-Training)](https://docs.standardintelligence.com/bias-evaluation-reports-pre-training-and-post-training): Bias Evaluation Reports (Pre-Training & Post-Training) AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory… - [Data Lineage & Version Control](https://docs.standardintelligence.com/bias-mitigation--data-lineage-and-version-control): Data Lineage & Version Control - [Bias Mitigation](https://docs.standardintelligence.com/bias-mitigation): Pre-Processing Techniques (Oversampling, Undersampling, Reweighting, Synthetic Data) In-Processing Techniques (Fairness Constraints, Adversarial Debiasing,… - [Calibration Within Groups — Reliability Diagrams](https://docs.standardintelligence.com/calibration-within-groups-reliability-diagrams): Calibration Within Groups — Reliability Diagrams AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis:… - [Chaos & Fault Injection Testing (Gremlin, Litmus) — Graceful Degradation](https://docs.standardintelligence.com/chaos-and-fault-injection-testing-gremlin-litmus-graceful): Chaos & Fault Injection Testing (Gremlin, Litmus) — Graceful Degradation AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 5 (Testing and… - [CI/CD Artefacts](https://docs.standardintelligence.com/cicd-artefacts): Automated Test Reports Model Cards SBOMs Security Scan Results & Remediation Records Deployment Ledger Entries Exception Approval Records - [CI/CD Pipelines](https://docs.standardintelligence.com/cicd-pipelines): The CI/CD pipeline for a high-risk AI system enforces compliance at every stage, from static analysis through deployment. Static analysis extends conventional… - [Code Version Control](https://docs.standardintelligence.com/code-version-control): Git Repository Management & Branch Protection AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 12 Compliance-grade version control requires… - [Commercial APIs — Contractual Terms & SLAs](https://docs.standardintelligence.com/commercial-apis-contractual-terms-and-slas): Commercial APIs — Contractual Terms & SLAs AISDP module(s): 3, 9 Regulatory basis: Articles 11, 15; Annex IV (2) Models licensed from commercial API providers… - [Commercial APIs — Provider Data Handling & Geographic Considerations](https://docs.standardintelligence.com/commercial-apis-provider-data-handling-and-geographic): Commercial APIs — Provider Data Handling & Geographic Considerations AISDP module(s): 3, 4, 9 Regulatory basis: Articles 10, 15; GDPR Many commercial AI API… - [Compensating Controls — Deployment Restrictions & Residual Bias Acceptance](https://docs.standardintelligence.com/compensating-controls-deployment-restrictions-and-residual): Compensating Controls — Deployment Restrictions & Residual Bias Acceptance AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 6 (Risk Management… - [Compensating Controls — Mandatory Human Review & Enhanced Monitoring](https://docs.standardintelligence.com/compensating-controls-mandatory-human-review-and-enhanced): Compensating Controls — Mandatory Human Review & Enhanced Monitoring AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 7 (Human Oversight)… - [Completeness Assessment](https://docs.standardintelligence.com/completeness-assessment): Population Representativeness AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(3) Population representativeness… - [Compliance Criteria Scoring](https://docs.standardintelligence.com/compliance-criteria-scoring): Six compliance criteria are scored against each candidate model architecture during selection. Together they form the quantitative basis of the Model Selection… - [Compliance-Gated Deployment](https://docs.standardintelligence.com/compliance-gated-deployment): All Four Gates Passed Requirement AISDP module(s): Module 5 (Testing and Validation), Module 2 (Development Process) Regulatory basis: Article 15 No model may… - [Composite Versioning Scheme](https://docs.standardintelligence.com/composite-versioning-scheme): Version Components (Code SHA, Data, Model, Config, Prompt) AISDP module(s): Module 10 (Record-Keeping), Module 12 ( Post-Market Monitoring ) Regulatory basis:… - [Configuration & Prompt Versioning](https://docs.standardintelligence.com/configuration-and-prompt-versioning): Decision Thresholds & Feature Flags AISDP module(s): Module 10 (Record-Keeping), Module 3 (Architecture and Design) Regulatory basis: Article 12 , Article 3(23)… - [Contract Tests (Service-to-Service)](https://docs.standardintelligence.com/contract-tests-service-to-service): Contract Tests (Service-to-Service) AISDP module(s): Module 5 (Testing and Validation), Module 3 (Architecture and Design) Regulatory basis: Article 15 , Annex… - [Copyright & IP Exposure](https://docs.standardintelligence.com/copyright-and-ip-exposure): Training Data Copyright Assessment AISDP module(s): 3, 4 Regulatory basis: Article 53 (1)(c); Directive (EU) 2019/790 The training data used to develop AI… - [Counterfactual Fairness Testing](https://docs.standardintelligence.com/counterfactual-fairness-testing): Counterfactual Fairness Testing AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis: Article 10(2)(f);… - [Data Flow & Deployment Diagrams](https://docs.standardintelligence.com/data-flow-and-deployment-diagrams): Data Flow & Deployment Diagrams AISDP module(s): Module 3 (Architecture and Design), Module 10 (Record-Keeping) Regulatory basis: Annex IV (2)(d), Article 12… - [Data Governance Artefacts](https://docs.standardintelligence.com/data-governance-artefacts): Dataset Documentation Cards Distributional Analysis Reports Bias Evaluation Reports (Pre-Training & Post-Training) Mitigation Effectiveness Assessments Data… - [Data Governance](https://docs.standardintelligence.com/data-governance): Data governance addresses the EU AI Act's Article 10 requirements for training, validation, and testing data. This section covers 43 articles across nine… - [Data Lineage & Version Control](https://docs.standardintelligence.com/data-lineage-and-version-control): Transformation Documentation (Pre-Step / Post-Step) AISDP module(s): 4 (Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2); Annex IV… - [Data Lineage Records](https://docs.standardintelligence.com/data-lineage-records): Data Lineage Records AISDP module(s): 4 (Data Governance and Dataset Documentation ) Regulatory basis: Article 10 ; Annex IV (2)(d) Data Lineage Records… - [Data Pipeline Tests (Normal, Boundary, Pathological, Schema, Distribution, Property-Based)](https://docs.standardintelligence.com/data-pipeline-tests-normal-boundary-pathological-schema): Data Pipeline Tests (Normal, Boundary, Pathological, Schema, Distribution, Property-Based) AISDP module(s): Module 5 (Testing and Validation), Module 2… - [Data Version Control](https://docs.standardintelligence.com/data-version-control): Data Versioning Tooling (DVC, Delta Lake, LakeFS) AISDP module(s): Module 4 (Data Governance), Module 10 (Record-Keeping) Regulatory basis: Article 10 , Article… - [Completeness Assessment](https://docs.standardintelligence.com/dataset-documentation--completeness-assessment): Completeness Assessment - [Dataset Documentation Cards](https://docs.standardintelligence.com/dataset-documentation-cards): Dataset Documentation Cards AISDP module(s): 4 (Data Governance and Dataset Documentation ) Regulatory basis: Article 10 ; Annex IV (2)(d) Dataset Documentation… - [Dataset Documentation](https://docs.standardintelligence.com/dataset-documentation): Source & Acquisition Method Record Count, Schema & Version Identifier Temporal & Geographic Scope Demographic Composition Known Limitations Completeness… - [Deep Neural Networks — Candid Explainability Limitations Assessment](https://docs.standardintelligence.com/deep-neural-networks-candid-explainability-limitations): Deep Neural Networks — Candid Explainability Limitations Assessment AISDP module(s): 3, 7 Regulatory basis: Articles 13, 14 Where a deep neural network is… - [Deep Neural Networks — Types & Post-Hoc Explanation Methods](https://docs.standardintelligence.com/deep-neural-networks-types-and-post-hoc-explanation-methods): Deep Neural Networks — Types & Post-Hoc Explanation Methods AISDP module(s): 2, 3 Regulatory basis: Articles 13, 14, 15; Annex IV (2)(b) Convolutional networks,… - [Demographic Composition](https://docs.standardintelligence.com/demographic-composition): Demographic Composition AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f), 10(3) The demographic composition… - [Dependency Maps](https://docs.standardintelligence.com/dependency-maps): Dependency Maps AISDP module(s): Module 3 (Architecture and Design) Regulatory basis: Annex IV (2)(b) Dependency maps show how the AI system relates to its… - [Dependency Scanning (Snyk, Dependabot, pip-audit, OWASP)](https://docs.standardintelligence.com/dependency-scanning-snyk-dependabot-pip-audit-owasp): Dependency Scanning (Snyk, Dependabot, pip-audit, OWASP) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Every third-party… - [Deployment Ledger Entries](https://docs.standardintelligence.com/deployment-ledger-entries): Deployment Ledger Entries AISDP module(s): Module 10 (Record-Keeping), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 12 This artefact is the… - [Determinism](https://docs.standardintelligence.com/determinism): Determinism AISDP module(s): 3, 10 Regulatory basis: Articles 12, 15 Determinism asks whether the model produces the same output for the same input consistently… - [Development Architectures](https://docs.standardintelligence.com/development-architectures): Development architectures translate the system's compliance requirements into a concrete technical design. This section covers 50 articles across four… - [Distributional Analysis Reports](https://docs.standardintelligence.com/distributional-analysis-reports): Distributional Analysis Reports AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f) Distributional Analysis… - [Distributional Analysis — Statistical Tests & Output Matrix](https://docs.standardintelligence.com/distributional-analysis-statistical-tests-and-output-matrix): Distributional Analysis — Statistical Tests & Output Matrix AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f)… - [Documentability](https://docs.standardintelligence.com/documentability): Documentability AISDP module(s): 3 Regulatory basis: Annex IV (2)(b) Documentability is the first criterion. The question is: can the model's architecture,… - [DPIA (Where Required)](https://docs.standardintelligence.com/dpia-where-required): DPIA (Where Required) AISDP module(s): Module 4 ( Data Governance ) Regulatory basis: GDPR Article 35, EU AI Act Article 27 A Data Protection Impact Assessment… - [Eight-Layer Reference Architecture](https://docs.standardintelligence.com/eight-layer-reference-architecture): The eight-layer reference architecture provides a structured approach to designing high-risk AI systems with compliance controls embedded at every stage of the… - [Embedding Bias & Representational Risk](https://docs.standardintelligence.com/embedding-bias-and-representational-risk): Embedding Bias & Representational Risk AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f), 10(2)(g) Embedding… - [Embedding Version Control](https://docs.standardintelligence.com/embedding-version-control): Embedding Version Control AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 12 ; Article 15 Embedding models produce… - [End-to-End Inference Path Tests (Known Input → Expected Output + Logs)](https://docs.standardintelligence.com/end-to-end-inference-path-tests-known-input-expected-output): End-to-End Inference Path Tests (Known Input → Expected Output + Logs) AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Article 12 , Article… - [Ensemble Methods](https://docs.standardintelligence.com/ensemble-methods): Ensemble Methods AISDP module(s): 2, 3 Regulatory basis: Articles 13, 14; Annex IV (2)(b) Gradient-boosted decision tree ensembles (XGBoost, LightGBM, CatBoost)… - [Equalised Odds — TPR & FPR Parity](https://docs.standardintelligence.com/equalised-odds-tpr-and-fpr-parity): Equalised Odds — TPR & FPR Parity AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis: Article… - [Exception Approval Records](https://docs.standardintelligence.com/exception-approval-records): Exception Approval Records AISDP module(s): Module 6 (Risk Management System), Module 10 (Record-Keeping) Regulatory basis: Article 9 This artefact comprises… - [Explainability Tests (Coverage, Attribution Sums, Fidelity, Format)](https://docs.standardintelligence.com/explainability-tests-coverage-attribution-sums-fidelity): Explainability Tests (Coverage, Attribution Sums, Fidelity, Format) AISDP module(s): Module 5 (Testing and Validation), Module 7 (Human Oversight) Regulatory… - [Fairness Concept Priority Decision & Documented Rationale](https://docs.standardintelligence.com/fairness-concept-priority-decision-and-documented-rationale): Fairness Concept Priority Decision & Documented Rationale AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f);… - [Fairness Tooling (Fairlearn, AI Fairness 360)](https://docs.standardintelligence.com/fairness-tooling-fairlearn-ai-fairness-360): Fairness Tooling (Fairlearn, AI Fairness 360) AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis:… - [Feature Engineering Tests (Registry Match, Determinism, Imputation, Range)](https://docs.standardintelligence.com/feature-engineering-tests-registry-match-determinism): Feature Engineering Tests (Registry Match, Determinism, Imputation, Range) AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Annex IV (3),… - [Feature Registry with Proxy Variable Assessments](https://docs.standardintelligence.com/feature-registry-with-proxy-variable-assessments): Feature Registry with Proxy Variable Assessments AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f) The Feature… - [Fine-Tuning Provider Boundary](https://docs.standardintelligence.com/fine-tuning-provider-boundary): Substantial Modification Assessment AISDP module(s): 3 Regulatory basis: Article 3(23) ; Article 25(1)(b) Fine-tuning a GPAI model for use in a high-risk system… - [Foundation Models & LLMs — Article 53 GPAI Obligations](https://docs.standardintelligence.com/foundation-models-and-llms-article-53-gpai-obligations): Foundation Models & LLMs — Article 53 GPAI Obligations AISDP module(s): 3, 6 Regulatory basis: Articles 25, 51, 53, 55, 56 When a high-risk system incorporates… - [Foundation Models & LLMs — Fine-Tuning Records](https://docs.standardintelligence.com/foundation-models-and-llms-fine-tuning-records): Foundation Models & LLMs — Fine-Tuning Records AISDP module(s): 2, 3 Regulatory basis: Article 25 (1)(b); Annex IV (2) Organisations that fine-tune a foundation… - [Foundation Models & LLMs — Provenance Documentation](https://docs.standardintelligence.com/foundation-models-and-llms-provenance-documentation): Foundation Models & LLMs — Provenance Documentation AISDP module(s): 2, 3 Regulatory basis: Articles 11, 53; Annex IV (2) Large language models and foundation… - [Foundation Models & LLMs — Stochastic Output Handling](https://docs.standardintelligence.com/foundation-models-and-llms-stochastic-output-handling): Foundation Models & LLMs — Stochastic Output Handling AISDP module(s): 3, 10 Regulatory basis: Articles 12, 15 The stochastic nature of LLM outputs, where the… - [Full-Spectrum Evaluation](https://docs.standardintelligence.com/full-spectrum-evaluation): Heuristic & Rule-Based Systems Statistical & Econometric Models Ensemble Methods Deep Neural Networks — Types & Post-Hoc Explanation Methods Deep Neural… - [GDPR Status of Stored Embeddings](https://docs.standardintelligence.com/gdpr-status-of-stored-embeddings): GDPR Status of Stored Embeddings AISDP module(s): 4 (Data Governance and Dataset Documentation ) Regulatory basis: GDPR ; Article 10 Dense vector embeddings… - [Heuristic & Rule-Based Systems](https://docs.standardintelligence.com/heuristic-and-rule-based-systems): Heuristic & Rule-Based Systems AISDP module(s): 2, 3 Regulatory basis: Article 3(1); Annex IV (2)(b) Many organisations operate data-driven decisioning systems… - [Human Oversight Interface Specification](https://docs.standardintelligence.com/human-oversight-interface-specification): Human Oversight Interface Specification AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The Human Oversight Interface Specification is… - [Human Oversight Interface Testing (Selenium/Playwright/Cypress Automation)](https://docs.standardintelligence.com/human-oversight-interface-testing-seleniumplaywrightcypress): Human Oversight Interface Testing (Selenium/Playwright/Cypress Automation) AISDP module(s): Module 7 (Human Oversight), Module 5 (Testing and Validation)… - [Human Oversight Interface Tests (Bypass Prevention, Rationale, Confidence, Countermeasures)](https://docs.standardintelligence.com/human-oversight-interface-tests-bypass-prevention-rationale): Human Oversight Interface Tests (Bypass Prevention, Rationale, Confidence, Countermeasures) AISDP module(s): Module 7 (Human Oversight), Module 5 (Testing and… - [Hybrid Architectures — Component Documentation & Conflict Resolution](https://docs.standardintelligence.com/hybrid-architectures-component-documentation-and-conflict): Hybrid Architectures — Component Documentation & Conflict Resolution AISDP module(s): 3 Regulatory basis: Annex IV (2)(b–e) Many production systems combine… - [Immutable Versioning — Unique Non-Reusable IDs](https://docs.standardintelligence.com/immutable-versioning-unique-non-reusable-ids): Immutable Versioning — Unique Non-Reusable IDs AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 12 Each registered model version must be… - [In-Processing Techniques (Fairness Constraints, Adversarial Debiasing, Invariant Representations)](https://docs.standardintelligence.com/in-processing-techniques-fairness-constraints-adversarial): In-Processing Techniques (Fairness Constraints, Adversarial Debiasing, Invariant Representations) AISDP module(s): 4 ( Data Governance and Dataset Documentation… - [Infrastructure Design](https://docs.standardintelligence.com/infrastructure-design): Cloud Deployment (Multi-AZ, Multi-Region) AISDP module(s): Module 3 (Architecture and Design), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article… - [Integration Testing](https://docs.standardintelligence.com/integration-testing): Contract Tests (Service-to-Service) End-to-End Inference Path Tests (Known Input → Expected Output + Logs) Regression Tests — Golden Dataset with Per-Subgroup… - [Intersectional Pre-Training Analysis — Subgroups & Cell Size Thresholds](https://docs.standardintelligence.com/intersectional-pre-training-analysis-subgroups-and-cell): Intersectional Pre-Training Analysis — Subgroups & Cell Size Thresholds AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis:… - [Knowledge Base Completeness & Currency](https://docs.standardintelligence.com/knowledge-base-completeness-and-currency): Knowledge Base Completeness & Currency AISDP module(s): 4 (Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2), 10(3) In a RAG… - [Known Limitations](https://docs.standardintelligence.com/known-limitations): Known Limitations AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f), 10(3); Annex IV (2)(d) Every dataset has… - [Label Bias Analysis — Ground Truth Contamination Assessment](https://docs.standardintelligence.com/label-bias-analysis-ground-truth-contamination-assessment): Label Bias Analysis — Ground Truth Contamination Assessment AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f)… - [Label Bias Analysis — Inter-Rater Reliability & Relabelling](https://docs.standardintelligence.com/label-bias-analysis-inter-rater-reliability-and-relabelling): Label Bias Analysis — Inter-Rater Reliability & Relabelling AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f)… - [Layer 1 — Data Ingestion](https://docs.standardintelligence.com/layer-1--data-ingestion): Schema Contracts & Quality Specification AISDP module(s): Module 4 (Data Governance), Module 3 (Architecture and Design) Regulatory basis: Article 10 , Article… - [Layer 2 — Feature Engineering](https://docs.standardintelligence.com/layer-2--feature-engineering): Training-Serving Consistency — Feature Stores & Single Computation Spec AISDP module(s): Module 3 (Architecture and Design), Module 5 (Testing and Validation)… - [Layer 3 — Model Inference](https://docs.standardintelligence.com/layer-3--model-inference): Model Version Pinning & Cryptographic Hash Verification AISDP module(s): Module 3 (Architecture and Design), Module 10 (Record-Keeping) Regulatory basis:… - [Layer 4 — Post-Processing](https://docs.standardintelligence.com/layer-4--post-processing): Business Rule Application — Documentation & Override Logging AISDP module(s): Module 3 (Architecture and Design), Module 6 (Risk Management System) Regulatory… - [Layer 5 — Explainability](https://docs.standardintelligence.com/layer-5--explainability): Explanation Methods (SHAP, LIME, GradCAM, Attention) AISDP module(s): Module 3 (Architecture and Design), Module 7 (Human Oversight) Regulatory basis: Article… - [Layer 6 — Human Oversight Interface](https://docs.standardintelligence.com/layer-6--human-oversight-interface): Mandatory Review Workflow — Auto-Acceptance Prevention AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The human oversight interface… - [Layer 7 — Logging & Audit](https://docs.standardintelligence.com/layer-7--logging-and-audit): Immutable Logging — Append-Only & Cryptographic Hash Chains AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 12 Article 12 requires… - [Layer 8 — Monitoring](https://docs.standardintelligence.com/layer-8--monitoring): Intent Alignment Dashboards — Real-Time vs AISDP Thresholds AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 , Article 9 The… - [Licence Compliance Scanning (FOSSA, Black Duck, pip-licenses)](https://docs.standardintelligence.com/licence-compliance-scanning-fossa-black-duck-pip-licenses): Licence Compliance Scanning (FOSSA, Black Duck, pip-licenses) AISDP module(s): Module 3 (Architecture and Design), Module 9 (Robustness and Cybersecurity)… - [Lineage Tracking (Data → Code → Pipeline → Model)](https://docs.standardintelligence.com/lineage-tracking-data-code-pipeline-model): Lineage Tracking (Data → Code → Pipeline → Model) AISDP module(s): Module 10 (Record-Keeping), Module 3 (Architecture and Design) Regulatory basis: Article 12 ,… - [Linting & Type Checking](https://docs.standardintelligence.com/linting-and-type-checking): Linting & Type Checking AISDP module(s): Module 2 (Development Process), Module 5 (Testing and Validation) Regulatory basis: Annex IV (2) Standard linting and… - [Load Testing (Locust, k6) — Latency & Throughput Under Load](https://docs.standardintelligence.com/load-testing-locust-k6-latency-and-throughput-under-load): Load Testing (Locust, k6) — Latency & Throughput Under Load AISDP module(s): Module 5 (Testing and Validation), Module 3 (Architecture and Design) Regulatory… - [Long-Term Retrieval (Ten-Year Archive)](https://docs.standardintelligence.com/long-term-retrieval-ten-year-archive): Long-Term Retrieval (Ten-Year Archive) AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 18 Archived models must be retrievable for the full… - [Maintainability](https://docs.standardintelligence.com/maintainability): Maintainability AISDP module(s): 3 Regulatory basis: Article 15 Maintainability asks whether the model can be retrained, fine-tuned, or recalibrated in response… - [Manual Alternative (Directories, Spreadsheet, Signed Approval)](https://docs.standardintelligence.com/manual-alternative-directories-spreadsheet-signed-approval): Manual Alternative (Directories, Spreadsheet, Signed Approval) AISDP module(s): Module 3 (Architecture and Design), Module 10 (Record-Keeping) Regulatory basis:… - [Metadata Attachment (Dataset, Code, Pipeline, Hash, Hyperparameters, Metrics, Approval)](https://docs.standardintelligence.com/metadata-attachment-dataset-code-pipeline-hash): Metadata Attachment (Dataset, Code, Pipeline, Hash, Hyperparameters, Metrics, Approval) AISDP module(s): Module 3 (Architecture and Design), Module 10… - [Mitigation Effectiveness Assessments](https://docs.standardintelligence.com/mitigation-effectiveness-assessments): Mitigation Effectiveness Assessments AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f) Each bias mitigation… - [Model Cards](https://docs.standardintelligence.com/model-cards): Model Cards AISDP module(s): Module 5 (Testing and Validation), Module 3 (Architecture and Design) Regulatory basis: Annex IV (2), Annex IV(3) This artefact… - [Model Inference Tests (Registry Load, Format, Determinism, Latency, Degradation)](https://docs.standardintelligence.com/model-inference-tests-registry-load-format-determinism): Model Inference Tests (Registry Load, Format, Determinism, Latency, Degradation) AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Article 15… - [Model Origin Risk](https://docs.standardintelligence.com/model-origin-risk): Open-Source Models — Training Data Provenance Open-Source Models — Licensing Compatibility Open-Source Models — Development Governance Gaps Open-Source Models —… - [Model Registry](https://docs.standardintelligence.com/model-registry): Tooling (MLflow, W&B, SageMaker, Vertex AI) Immutable Versioning — Unique Non-Reusable IDs Metadata Attachment (Dataset, Code, Pipeline, Hash, Hyperparameters,… - [Model Selection Artefacts](https://docs.standardintelligence.com/model-selection-artefacts): Five artefacts are produced during the model selection process. Together they provide the documented evidence trail from candidate evaluation through to the… - [Model Selection](https://docs.standardintelligence.com/model-selection): Model selection is the first major technical decision in the AISDP lifecycle. The choice of model architecture determines the system's compliance profile across… - [Model Validation Gates](https://docs.standardintelligence.com/model-validation-gates): Performance Gate (AUC-ROC, F1, Precision, Recall, Brier, Calibration) AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Article 15 , Annex IV… - [Multilingual Performance](https://docs.standardintelligence.com/multilingual-performance): Multilingual Performance AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f), 10(3) Most widely available… - [Open-Source Models — Bias Testing & Adversarial Evaluation History](https://docs.standardintelligence.com/open-source-models-bias-testing-and-adversarial-evaluation): Open-Source Models — Bias Testing & Adversarial Evaluation History AISDP module(s): 3, 5 Regulatory basis: Articles 9, 10, 15 For open-source models… - [Open-Source Models — Development Governance Gaps](https://docs.standardintelligence.com/open-source-models-development-governance-gaps): Open-Source Models — Development Governance Gaps AISDP module(s): 3, 6 Regulatory basis: Articles 9, 10; Annex IV (2) Open-source models are frequently… - [Open-Source Models — Licensing Compatibility](https://docs.standardintelligence.com/open-source-models-licensing-compatibility): Open-Source Models — Licensing Compatibility AISDP module(s): 3 Regulatory basis: Annex IV (2)(b) The licensing terms attached to open-source models carry… - [Open-Source Models — Residual Non-Conformity Risk](https://docs.standardintelligence.com/open-source-models-residual-non-conformity-risk): Open-Source Models — Residual Non-Conformity Risk AISDP module(s): 3, 6 Regulatory basis: Articles 9, 11; Annex IV After completing provenance assessment,… - [Open-Source Models — Training Data Provenance](https://docs.standardintelligence.com/open-source-models-training-data-provenance): Open-Source Models — Training Data Provenance AISDP module(s): 3, 4 Regulatory basis: Article 10 ; Annex IV (2)(d) Open-source models from repositories such as… - [Per-Layer Control Specifications](https://docs.standardintelligence.com/per-layer-control-specifications): Per-Layer Control Specifications AISDP module(s): Module 3 (Architecture and Design), Module 6 (Risk Management System) Regulatory basis: Article 9 , Article 15… - [Post-Processing Techniques (Threshold Calibration, Score Adjustment, Reject Option)](https://docs.standardintelligence.com/post-processing-techniques-threshold-calibration-score): Post-Processing Techniques (Threshold Calibration, Score Adjustment, Reject Option) AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 2… - [Post-Processing Tests (Thresholds, Calibration, Business Rules, Edge Cases)](https://docs.standardintelligence.com/post-processing-tests-thresholds-calibration-business-rules): Post-Processing Tests (Thresholds, Calibration, Business Rules, Edge Cases) AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Article 15 ,… - [Bias Mitigation](https://docs.standardintelligence.com/post-training-bias-evaluation--bias-mitigation): Bias Mitigation - [Post-Training Bias Evaluation](https://docs.standardintelligence.com/post-training-bias-evaluation): Selection Rate Ratio (Four-Fifths Rule) Equalised Odds — TPR & FPR Parity Predictive Parity Calibration Within Groups — Reliability Diagrams Counterfactual… - [Pre-Processing Techniques (Oversampling, Undersampling, Reweighting, Synthetic Data)](https://docs.standardintelligence.com/pre-processing-techniques-oversampling-undersampling): Pre-Processing Techniques (Oversampling, Undersampling, Reweighting, Synthetic Data) AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory… - [Post-Training Bias Evaluation](https://docs.standardintelligence.com/pre-training-bias-assessment--post-training-bias-evaluation): Post-Training Bias Evaluation - [Pre-Training Bias Assessment](https://docs.standardintelligence.com/pre-training-bias-assessment): Distributional Analysis — Statistical Tests & Output Matrix Label Bias Analysis — Inter-Rater Reliability & Relabelling Label Bias Analysis — Ground Truth… - [Predictive Parity](https://docs.standardintelligence.com/predictive-parity): Predictive Parity AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis: Article 10(2)(f); Article 9… - [Proxy Variable Detection — Correlation Methods & Thresholds](https://docs.standardintelligence.com/proxy-variable-detection-correlation-methods-and-thresholds): Proxy Variable Detection — Correlation Methods & Thresholds AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f)… - [Proxy Variable Detection — Justification Review for Retained Proxies](https://docs.standardintelligence.com/proxy-variable-detection-justification-review-for-retained): Proxy Variable Detection — Justification Review for Retained Proxies AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article… - [Data Governance Artefacts](https://docs.standardintelligence.com/rag-specific-governance--data-governance-artefacts): Data Governance Artefacts - [RAG-Specific Governance](https://docs.standardintelligence.com/rag-specific-governance): Knowledge Base Completeness & Currency Embedding Bias & Representational Risk Multilingual Performance GDPR Status of Stored Embeddings Embedding Version… - [Record Count, Schema & Version Identifier](https://docs.standardintelligence.com/record-count-schema-and-version-identifier): Record Count, Schema & Version Identifier AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2); Annex IV (2)(d) The… - [Regression Tests — Golden Dataset with Per-Subgroup Cases](https://docs.standardintelligence.com/regression-tests-golden-dataset-with-per-subgroup-cases): Regression Tests — Golden Dataset with Per-Subgroup Cases AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Article 9 , Article 10 , Article… - [SBOMs](https://docs.standardintelligence.com/sboms): SBOMs AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 3 (Architecture and Design) Regulatory basis: Article 15 , Annex IV (2) This artefact… - [Secret Detection (Pre-Commit Hooks & CI Steps)](https://docs.standardintelligence.com/secret-detection-pre-commit-hooks-and-ci-steps): Secret Detection (Pre-Commit Hooks & CI Steps) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Credentials, API keys,… - [Security Scan Results & Remediation Records](https://docs.standardintelligence.com/security-scan-results-and-remediation-records): Security Scan Results & Remediation Records AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 This artefact comprises the… - [Selection Rate Ratio (Four-Fifths Rule)](https://docs.standardintelligence.com/selection-rate-ratio-four-fifths-rule): Selection Rate Ratio (Four-Fifths Rule) AISDP module(s): 4 ( Data Governance and Dataset Documentation ), 5 (Testing and Validation) Regulatory basis: Article… - [Service Dependency Management](https://docs.standardintelligence.com/service-dependency-management): Microservice Dependency Mapping AISDP module(s): Module 3 (Architecture and Design) Regulatory basis: Annex IV (2)(b), Article 12 High-risk AI systems built on… - [Source & Acquisition Method](https://docs.standardintelligence.com/source-and-acquisition-method): Source & Acquisition Method AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2); Annex IV (2)(d) Every dataset used… - [Special Category Data](https://docs.standardintelligence.com/special-category-data): Legal Basis & Purpose Limitation AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(5); GDPR Article 9 Article 10(5)… - [Stage Management (Experimental, Staging, Production, Archived)](https://docs.standardintelligence.com/stage-management-experimental-staging-production-archived): Stage Management (Experimental, Staging, Production, Archived) AISDP module(s): Module 3 (Architecture and Design), Module 10 (Record-Keeping) Regulatory basis:… - [Statement of Business Intent (Signed)](https://docs.standardintelligence.com/statement-of-business-intent-signed): Statement of Business Intent (Signed) AISDP module(s): Module 1 (System Identity) Regulatory basis: Annex IV (1) The Statement of Business Intent is the… - [Statement of Business Intent](https://docs.standardintelligence.com/statement-of-business-intent): System Purpose & Constraints AISDP module(s): Module 1 (System Identity), Module 3 (Architecture and Design) Regulatory basis: Annex IV(1), Article 9 Before any… - [Static Analysis](https://docs.standardintelligence.com/static-analysis): Linting & Type Checking AI-Specific Custom Rules (Semgrep) — Demographic Feature Flagging AI-Specific Custom Rules — Hardcoded Threshold Detection AI-Specific… - [Statistical & Econometric Models](https://docs.standardintelligence.com/statistical-and-econometric-models): Statistical & Econometric Models AISDP module(s): 2, 3 Regulatory basis: Article 3(1); Articles 13, 14; Annex IV (2)(b) Logistic regression, linear regression,… - [Substantial Modification Detection](https://docs.standardintelligence.com/substantial-modification-detection): Modification Threshold Framework AISDP module(s): Module 6 (Risk Management System), Module 12 (Post-Market Monitoring) Regulatory basis: Article 3(23) Article… - [System Architecture Document (C4 Diagrams)](https://docs.standardintelligence.com/system-architecture-document-c4-diagrams): System Architecture Document (C4 Diagrams) AISDP module(s): Module 3 (Architecture and Design) Regulatory basis: Annex IV (2)(b-e) The System Architecture… - [Temporal & Geographic Scope](https://docs.standardintelligence.com/temporal-and-geographic-scope): Temporal & Geographic Scope AISDP module(s): 4 ( Data Governance and Dataset Documentation ) Regulatory basis: Article 10(2)(f), 10(3) The temporal and… - [Testability](https://docs.standardintelligence.com/testability): Testability AISDP module(s): 3, 5 Regulatory basis: Article 15 Testability asks whether the model architecture supports the testing required by Article 15. Can… - [Tooling (MLflow, W&B, SageMaker, Vertex AI)](https://docs.standardintelligence.com/tooling-mlflow-wandb-sagemaker-vertex-ai): Tooling (MLflow, W&B, SageMaker, Vertex AI) AISDP module(s): Module 3 (Architecture and Design), Module 10 (Record-Keeping) Regulatory basis: Article 12 , Annex… - [Traceability](https://docs.standardintelligence.com/traceability): Technical Traceability (Model, Code, Data, Infrastructure, Input — All Hash-Verified) AISDP module(s): Module 10 (Record-Keeping) Regulatory basis: Article 12 ,… - [Unit Testing](https://docs.standardintelligence.com/unit-testing): Data Pipeline Tests (Normal, Boundary, Pathological, Schema, Distribution, Property-Based) Feature Engineering Tests (Registry Match, Determinism, Imputation,… - [Version Control Artefacts](https://docs.standardintelligence.com/version-control-artefacts): Version-Controlled Code, Data, Model, Config AISDP module(s): Module 2 (Development Process), Module 10 (Record-Keeping) Regulatory basis: Article 12, Article… - [Version Control](https://docs.standardintelligence.com/version-control): Version control for high-risk AI systems extends well beyond conventional source code management. The composite versioning scheme assigns each release an… ## Security - [Additional Threat-Specific Testing](https://docs.standardintelligence.com/additional-threat-specific-testing): Output Validation Testing AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 For systems where model outputs are consumed by… - [Adversarial ML Test Results](https://docs.standardintelligence.com/adversarial-ml-test-results): Adversarial ML Test Results AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 5 (Testing and Validation) Regulatory basis: Article 15 The… - [Adversarial ML Testing Frequency](https://docs.standardintelligence.com/adversarial-ml-testing-frequency): Adversarial ML Testing Frequency AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The Technical SME conducts the full… - [Adversarial ML Testing](https://docs.standardintelligence.com/adversarial-ml-testing): Evasion/Adversarial Examples — White-Box & Black-Box Adversarial Testing by Modality Data Poisoning Simulation Prompt Injection Testing (LLM Systems) Model… - [Adversarial Testing by Modality](https://docs.standardintelligence.com/adversarial-testing-by-modality): Adversarial Testing by Modality AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 5 (Testing and Validation) Regulatory basis: Article 15… - [AI-Specific Rules](https://docs.standardintelligence.com/ai-specific-rules): AI-Specific Rules AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Standard security scanning tools do not detect… - [AI-Specific Threat Categories](https://docs.standardintelligence.com/ai-specific-threat-categories): This section covers the following topics: OWASP LLM01: Prompt Injection OWASP LLM02: Sensitive Info Disclosure OWASP LLM03: Supply Chain OWASP LLM04: Data and… - [API Logging & Audit](https://docs.standardintelligence.com/api-logging-and-audit): API Logging & Audit AISDP module(s): Module 10 (Record-Keeping), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 12 , Article 15 Every… - [API Security](https://docs.standardintelligence.com/api-security): Authentication — API Keys & Per-Consumer Identity Rate Limiting Input Validation & Sanitisation Output Filtering Inference Timeout Enforcement API Versioning &… - [API Versioning & Deprecation](https://docs.standardintelligence.com/api-versioning-and-deprecation): API Versioning & Deprecation AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 3 (Architecture and Design) Regulatory basis: Article 12 When a… - [Applicable Regimes](https://docs.standardintelligence.com/applicable-regimes): Regime Determination AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , NIS2 , CRA , DORA The first step in the… - [Art. 73(9) Simplification for NIS2/DORA Entities](https://docs.standardintelligence.com/art-739-simplification-for-nis2dora-entities): Art. 73(9) Simplification for NIS2/DORA Entities AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 73(9) Article 73(9) provides… - [Attack Surface Identification](https://docs.standardintelligence.com/attack-surface-identification): Attack Surfaces (Eight Categories) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The first stage of threat modelling… - [Authentication & Access Control](https://docs.standardintelligence.com/authentication-and-access-control): MFA, RBAC & Service-to-Service mTLS AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Multi-factor authentication (MFA)… - [Authentication — API Keys & Per-Consumer Identity](https://docs.standardintelligence.com/authentication-api-keys-and-per-consumer-identity): Authentication — API Keys & Per-Consumer Identity AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Every inference endpoint… - [Beyond OWASP Top 10](https://docs.standardintelligence.com/beyond-owasp-top-10): Adversarial Examples — Attack Vectors & Controls (Adversarial Training, Input Validation, Ensemble Methods) AISDP module(s): Module 5 (Testing and Validation),… - [Consolidated Mapping](https://docs.standardintelligence.com/consolidated-mapping): Mapping Table AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , NIS2 , CRA , DORA The consolidated mapping table maps… - [CRA Deemed Compliance Pathway](https://docs.standardintelligence.com/cra-deemed-compliance-pathway): CRA Scope & Product Classification AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: CRA Article 12 , AI Act Article 15 The CRA scope… - [CRA Scope Determination & Product Classification](https://docs.standardintelligence.com/cra-scope-determination-and-product-classification): CRA Scope Determination & Product Classification AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: CRA Article 12 , AI Act Article 15… - [Cross-Regulatory Mapping Tables](https://docs.standardintelligence.com/cross-regulatory-mapping-tables): Cross-Regulatory Mapping Tables AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , NIS2 , CRA , DORA The cross-regulatory… - [Cross-Regulatory Mapping](https://docs.standardintelligence.com/cross-regulatory-mapping): This section covers the following topics: Applicable Regimes Consolidated Mapping CRA Deemed Compliance Pathway NIS2 Interaction DORA Interaction Emerging… - [Cybersecurity Foundations](https://docs.standardintelligence.com/cybersecurity-foundations): Cybersecurity foundations establish the baseline security posture for the AI system's infrastructure and operations. Network security covers dedicated VPC… - [Cybersecurity Testing Programme](https://docs.standardintelligence.com/cybersecurity-testing-programme): The cybersecurity testing programme validates the security controls documented throughout the AISDP . Penetration testing requires annual independent… - [DAST](https://docs.standardintelligence.com/dast): DAST AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Dynamic Application Security Testing (DAST) tests running application… - [Data Poisoning Simulation](https://docs.standardintelligence.com/data-poisoning-simulation): Data Poisoning Simulation AISDP module(s): Module 4 (Data Governance), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 10 , Article 15 Data… - [Data Security in ML Pipelines](https://docs.standardintelligence.com/data-security-in-ml-pipelines): Training Data Security Feature Store Security Model Artefact Security Inference Log Security Vector Database Security — Write/Read Separation Vector Database… - [Dependency Management](https://docs.standardintelligence.com/dependency-management): Version Pinning & Private Repositories AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Every dependency is pinned to an… - [Detection & Triage — Cross-Regime Assessment](https://docs.standardintelligence.com/detection-and-triage-cross-regime-assessment): Detection & Triage — Cross-Regime Assessment AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 12 ( Post-Market Monitoring ) Regulatory basis:… - [DevSecOps Integration](https://docs.standardintelligence.com/devsecops-integration): SAST (Bandit, SonarQube, Semgrep) DAST SCA/Dependency & Container Image Scanning IaC Security Scanning AI-Specific Rules Manual Security Code Review SBOM… - [DORA Interaction](https://docs.standardintelligence.com/dora-interaction): DORA ICT Risk Extension AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: DORA, Article 15 DORA's requirements overlap substantially… - [DORA Third-Party Register & Risk Assessments](https://docs.standardintelligence.com/dora-third-party-register-and-risk-assessments): DORA Third-Party Register & Risk Assessments AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: DORA Articles 28–30 The DORA third-party… - [DORA Third-Party Register](https://docs.standardintelligence.com/dora-third-party-register): All AI-Related Service Providers AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: DORA Article 28(3), Annex IV Every AI-related… - [Emerging Interactions](https://docs.standardintelligence.com/emerging-interactions): EU Data Act & EHDS Overlays AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: EU Data Act, EHDS Two additional regulatory instruments… - [Encryption](https://docs.standardintelligence.com/encryption): Data at Rest (AES-256) & Data in Transit (TLS 1.3) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The engineering team… - [Evasion/Adversarial Examples — White-Box & Black-Box](https://docs.standardintelligence.com/evasionadversarial-examples-white-box-and-black-box): Evasion/Adversarial Examples — White-Box & Black-Box AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 5 (Testing and Validation) Regulatory… - [Evidence Preservation — No System Alteration Prior to Notification](https://docs.standardintelligence.com/evidence-preservation-no-system-alteration-prior-to): Evidence Preservation — No System Alteration Prior to Notification AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 73(6)… - [Feature Store Security](https://docs.standardintelligence.com/feature-store-security): Feature Store Security AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Feature stores aggregate and serve pre-computed… - [Fundamental Rights Dimension Assessment](https://docs.standardintelligence.com/fundamental-rights-dimension-assessment): Fundamental Rights Dimension Assessment AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 6 (Risk Management System) Regulatory basis: Article 73… - [IaC Security Scanning](https://docs.standardintelligence.com/iac-security-scanning): IaC Security Scanning AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Infrastructure-as-code security scanning validates… - [Incident Response Plan with Decision Tree](https://docs.standardintelligence.com/incident-response-plan-with-decision-tree): Incident Response Plan with Decision Tree AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 73 , NIS2 , DORA , CRA The incident… - [Incident Response](https://docs.standardintelligence.com/incident-response): Incident response for high-risk AI systems must account for multiple overlapping reporting obligations under the AI Act, GDPR , DORA (Regulation (EU)… - [Inference Log Security](https://docs.standardintelligence.com/inference-log-security): Inference Log Security AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 10 (Record-Keeping) Regulatory basis: Article 12 , Article 15 Inference… - [Inference Timeout Enforcement](https://docs.standardintelligence.com/inference-timeout-enforcement): Inference Timeout Enforcement AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Inference timeout enforcement sets a maximum… - [Input Validation & Sanitisation](https://docs.standardintelligence.com/input-validation-and-sanitisation): Input Validation & Sanitisation AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Model endpoints validate inputs against a… - [Integrated Incident Response Plan](https://docs.standardintelligence.com/integrated-incident-response-plan): Detection & Triage — Cross-Regime Assessment Fundamental Rights Dimension Assessment Parallel Reporting Streams — DORA Parallel Reporting Streams — NIS2… - [Manual Security Code Review](https://docs.standardintelligence.com/manual-security-code-review): Manual Security Code Review AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Beyond automated scanning, the Technical SME… - [Membership Inference Testing](https://docs.standardintelligence.com/membership-inference-testing): Membership Inference Testing AISDP module(s): Module 4 ( Data Governance ), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , GDPR… - [Model Artefact Security](https://docs.standardintelligence.com/model-artefact-security): Model Artefact Security AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Trained model files are valuable intellectual… - [Model Extraction Testing](https://docs.standardintelligence.com/model-extraction-testing): Model Extraction Testing AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Model extraction testing evaluates whether an… - [Model Theft](https://docs.standardintelligence.com/model-theft): Model Theft — Attack Vectors (Extraction via Querying, Infrastructure Compromise, Artefact Exfiltration) AISDP module(s): Module 9 (Robustness and… - [Module 9 Test Summary Table](https://docs.standardintelligence.com/module-9-test-summary-table): Module 9 Test Summary Table AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The Module 9 test summary table is retained as… - [Network Security](https://docs.standardintelligence.com/network-security): Dedicated VPC with Segmentation AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The AI system's infrastructure should be… - [NIS2 Interaction](https://docs.standardintelligence.com/nis2-interaction): NIS2 Scope, Dual Reporting & Simplification AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: NIS2, Article 73(9) NIS2 applies to… - [Output Filtering](https://docs.standardintelligence.com/output-filtering): Output Filtering AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Model outputs pass through a filtering layer before… - [OWASP LLM01: Prompt Injection](https://docs.standardintelligence.com/owasp-llm01-prompt-injection): Prompt Injection — Attack Vectors (Direct, Indirect, Multi-Turn) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Prompt… - [OWASP LLM02: Sensitive Info Disclosure](https://docs.standardintelligence.com/owasp-llm02-sensitive-info-disclosure): Information Disclosure — Attack Vectors (Memorisation, Membership Inference, Property Inference) AISDP module(s): Module 4 ( Data Governance ), Module 9… - [OWASP LLM03: Supply Chain](https://docs.standardintelligence.com/owasp-llm03-supply-chain): Supply Chain — Attack Vectors (Dependencies, Pre-Trained Models, Third-Party Services) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory… - [OWASP LLM04: Data and Model Poisoning](https://docs.standardintelligence.com/owasp-llm04-data-and-model-poisoning): Data Poisoning — Attack Vectors (Targeted, Untargeted, Label Flipping, Backdoor) AISDP module(s): Module 4 (Data Governance), Module 9 (Robustness and… - [OWASP LLM05: Improper Output Handling](https://docs.standardintelligence.com/owasp-llm05-improper-output-handling): Insecure Output — Attack Vectors (XSS, SQL Injection, Command Injection via Output) AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 3… - [OWASP LLM06: Excessive Agency](https://docs.standardintelligence.com/owasp-llm06-excessive-agency): Excessive Agency — Attack Vectors & Controls (Least Privilege, Permission Inventory, Access Reviews) AISDP module(s): Module 1 (System Identity), Module 9… - [OWASP LLM09: Misinformation](https://docs.standardintelligence.com/owasp-llm09-misinformation): ℹ This topic is covered within the parent article. See the full AI-Specific Threat Categories page. - [OWASP LLM10: Unbounded Consumption](https://docs.standardintelligence.com/owasp-llm10-unbounded-consumption): Model DoS — Attack Vectors & Controls (Rate Limiting, Timeouts, Cost Caps) AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 5 (Testing and… - [Parallel Reporting Streams — AI Act Art. 73](https://docs.standardintelligence.com/parallel-reporting-streams-ai-act-art-73): Parallel Reporting Streams — AI Act Art. 73 AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 12 ( Post-Market Monitoring ) Regulatory basis:… - [Parallel Reporting Streams — CRA](https://docs.standardintelligence.com/parallel-reporting-streams-cra): Parallel Reporting Streams — CRA AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: CRA Article 14 For products with digital elements… - [Parallel Reporting Streams — DORA](https://docs.standardintelligence.com/parallel-reporting-streams-dora): Parallel Reporting Streams — DORA AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: DORA Article 19 For financial entities subject to… - [Parallel Reporting Streams — NIS2](https://docs.standardintelligence.com/parallel-reporting-streams-nis2): Parallel Reporting Streams — NIS2 AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: NIS2 Article 23 For entities subject to NIS2,… - [Patch Management](https://docs.standardintelligence.com/patch-management): Documented Schedule, Zero-Day Process & Staging Testing AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Operating system,… - [Penetration Test Reports](https://docs.standardintelligence.com/penetration-test-reports): Penetration Test Reports AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The penetration test report archive contains the… - [Penetration Testing](https://docs.standardintelligence.com/penetration-testing): Annual Independent Penetration Testing AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Penetration testing is conducted… - [Plugin Security (cf. LLM06 Agency)](https://docs.standardintelligence.com/plugin-security-cf-llm06-agency): Plugin Security — Attack Vectors & Controls (Allowlists, Validation, Human Approval, Logging) AISDP module(s): Module 7 (Human Oversight), Module 9 (Robustness… - [Pre-Drafted Reporting Templates](https://docs.standardintelligence.com/pre-drafted-reporting-templates): Pre-Drafted Reporting Templates AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 73 , NIS2 , DORA , CRA Pre-drafted… - [Prompt Injection Testing (LLM Systems)](https://docs.standardintelligence.com/prompt-injection-testing-llm-systems): Prompt Injection Testing (LLM Systems) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 For systems incorporating LLMs,… - [Rate Limiting](https://docs.standardintelligence.com/rate-limiting): Rate Limiting AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Rate limiting on inference endpoints prevents denial of… - [Red Team Exercise Reports](https://docs.standardintelligence.com/red-team-exercise-reports): Red Team Exercise Reports AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The red team report archive contains the full… - [Red Team Exercises](https://docs.standardintelligence.com/red-team-exercises): Annual Red Team — Scenarios AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Annual red team exercises simulate realistic… - [Regulator Contact Register](https://docs.standardintelligence.com/regulator-contact-register): Per-Jurisdiction Authority Contacts AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 11 (Regulator Interaction) Regulatory basis: Article 73 ,… - [SAST (Bandit, SonarQube, Semgrep)](https://docs.standardintelligence.com/sast-bandit-sonarqube-semgrep): SAST (Bandit, SonarQube, Semgrep) AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 2 (Development Process) Regulatory basis: Article 15 Static… - [SBOM Generation — CycloneDX/SPDX with ML Components](https://docs.standardintelligence.com/sbom-generation-cyclonedxspdx-with-ml-components): SBOM Generation — CycloneDX/SPDX with ML Components AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 3 (Architecture and Design) Regulatory… - [SBOM (Per Build)](https://docs.standardintelligence.com/sbom-per-build): SBOM (Per Build) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , CRA The SBOM archive contains the SBOM generated for… - [SBOM](https://docs.standardintelligence.com/sbom): SBOM — Standard & ML-Specific Components AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , CRA The AI system's supply… - [SCA/Dependency & Container Image Scanning](https://docs.standardintelligence.com/scadependency-and-container-image-scanning): SCA/Dependency & Container Image Scanning AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Software Composition Analysis… - [Pre-Drafted Reporting Templates](https://docs.standardintelligence.com/security-artefacts--pre-drafted-reporting-templates): Pre-Drafted Reporting Templates AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 73 , NIS2 , DORA , CRA The pre-drafted… - [Regulator Contact Register](https://docs.standardintelligence.com/security-artefacts--regulator-contact-register): Regulator Contact Register AISDP module(s): Module 9 (Robustness and Cybersecurity), Module 11 (Regulator Interaction) Regulatory basis: Article 73 , NIS2 ,… - [Security Artefacts](https://docs.standardintelligence.com/security-artefacts): Threat Model (Living Document) Cross-Regulatory Mapping Tables CRA Scope Determination & Product Classification DORA Third-Party Register & Risk Assessments… - [Security Code Review Records](https://docs.standardintelligence.com/security-code-review-records): Security Code Review Records AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The security code review records archive… - [Supply Chain Risk Assessments](https://docs.standardintelligence.com/supply-chain-risk-assessments): Supply Chain Risk Assessments AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 , DORA Articles 28–30 The supply chain risk… - [Supply Chain Security](https://docs.standardintelligence.com/supply-chain-security): Supply chain security addresses the risks introduced by third-party components: open-source libraries, pre-trained models, commercial APIs, and cloud… - [Test Result Mapping](https://docs.standardintelligence.com/test-result-mapping): Summary Table per Test Type AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 All cybersecurity testing produces a summary… - [Third-Party Model Provider Assessment](https://docs.standardintelligence.com/third-party-model-provider-assessment): AI Act Model Origin Risk Assessment AISDP module(s): Module 3 (Architecture and Design), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 ,… - [Threat Actor Profiles](https://docs.standardintelligence.com/threat-actor-profiles): Threat Actors AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The threat model must identify the threat actors whose… - [Threat Model (Living Document)](https://docs.standardintelligence.com/threat-model-living-document): Threat Model (Living Document) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The threat model is the primary security… - [Threat Modelling — Attack Surfaces & Actors](https://docs.standardintelligence.com/threat-modelling--attack-surfaces-and-actors): This section covers the following topics: Attack Surface Identification Threat Actor Profiles - [Threat Modelling — Methodology](https://docs.standardintelligence.com/threat-modelling--methodology): STRIDE (Traditional Software Threats — Six Categories) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 STRIDE is a threat… - [Threat Modelling Artefacts](https://docs.standardintelligence.com/threat-modelling-artefacts): Threat Model Document (Living) AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The threat model document is the central… - [Threat Modelling](https://docs.standardintelligence.com/threat-modelling): Threat modelling for AI systems combines traditional software security analysis with AI-specific threat taxonomies. Methodology applies STRIDE for conventional… - [Training Data Security](https://docs.standardintelligence.com/training-data-security): Training Data Security AISDP module(s): Module 4 (Data Governance), Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 10 , Article 15 Training… - [Vector Database Security — Adversarial Document Injection](https://docs.standardintelligence.com/vector-database-security-adversarial-document-injection): Vector Database Security — Adversarial Document Injection AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Adversarial… - [Vector Database Security — Bulk Extraction Monitoring](https://docs.standardintelligence.com/vector-database-security-bulk-extraction-monitoring): Vector Database Security — Bulk Extraction Monitoring AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 An attacker with… - [Vector Database Security — Write/Read Separation](https://docs.standardintelligence.com/vector-database-security-writeread-separation): Vector Database Security — Write/Read Separation AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Systems using… - [Vulnerability Management Register](https://docs.standardintelligence.com/vulnerability-management-register): Vulnerability Management Register AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The vulnerability management register is… - [Vulnerability Management](https://docs.standardintelligence.com/vulnerability-management): Continuous Scanning & Remediation SLAs AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 Continuous vulnerability scanning… - [Vulnerability Scanning](https://docs.standardintelligence.com/vulnerability-scanning): Continuous Automated Scanning — Four Layers AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 The vulnerability scanning… - [Zero Trust Architecture](https://docs.standardintelligence.com/zero-trust-architecture): Independent Service Authentication & Authorisation AISDP module(s): Module 9 (Robustness and Cybersecurity) Regulatory basis: Article 15 A zero trust… ## Governance - [Agile Adaptation](https://docs.standardintelligence.com/agile-adaptation): Sprint-Level Compliance Activities AISDP module(s): All modules (incremental) Regulatory basis: Articles 8–15 The compliance framework integrates with agile… - [AI Governance Lead — Responsibilities & Authority](https://docs.standardintelligence.com/ai-governance-lead-responsibilities-and-authority): AI Governance Lead — Responsibilities & Authority AISDP module(s): All modules (approval authority) Regulatory basis: Article 17 The AI Governance Lead holds… - [AI Office & European-Level Oversight](https://docs.standardintelligence.com/ai-office-and-european-level-oversight): AI Office Functions AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Articles 64–68, Article 88 The European AI Office coordinates the… - [AI System Assessor — Classification, AISDP, Independence](https://docs.standardintelligence.com/ai-system-assessor-classification-aisdp-independence): AI System Assessor — Classification, AISDP, Independence AISDP module(s): All modules (compilation) Regulatory basis: Article 17 , Annex VI The AI System… - [Annex I Product Integration — Three Coordination Models](https://docs.standardintelligence.com/annex-i-product-integration-three-coordination-models): Annex I Product Integration — Three Coordination Models AISDP module(s): Module 6 (Risk Management System), Module 3 (Architecture) Regulatory basis: Article… - [Annex VI Internal Assessment](https://docs.standardintelligence.com/annex-vi-internal-assessment): ℹ Awaiting content from a subsequent batch (v13). Awaiting content. - [Annex VII Procedural Mapping](https://docs.standardintelligence.com/annex-vii-procedural-mapping): Annex VII Procedural Mapping AISDP module(s): All 12 modules Regulatory basis: Annex VII Annex VII establishes a five-point sequence running from initial… - [Article 6(3) Exception Assessment](https://docs.standardintelligence.com/article-63-exception-assessment): Art. 6(3) Functional Criterion AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 6(3) Article 6(3) allows certain systems that would… - [Assessment Checklist](https://docs.standardintelligence.com/assessment-checklist): Assessment Checklist AISDP module(s): All 12 modules Regulatory basis: Articles 8–15, Article 17 , Annex IV The completed assessment checklist is retained as… - [Assessment Execution Methodology](https://docs.standardintelligence.com/assessment-execution-methodology): ℹ is populated. are awaiting content from a subsequent batch. Phase 5: Synthesis & Reporting AISDP module(s): All 12 modules Regulatory basis: Annex VI Phase 5… - [Assessment Failure Pathways](https://docs.standardintelligence.com/assessment-failure-pathways): Remediation & Re-Assessment AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Annex VI Remediation and re-assessment is the most common… - [Assessment Plan](https://docs.standardintelligence.com/assessment-plan): Assessment Plan AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Annex VI The Assessment Plan is prepared before the assessment begins and… - [Assessment Tools & Technology](https://docs.standardintelligence.com/assessment-tools-and-technology): ℹ This topic is covered within the parent article. See the full QMS Framework page. - [Assessor Independence & Competence Records](https://docs.standardintelligence.com/assessor-independence-and-competence-records): Assessor Independence & Competence Records AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 , Annex VI The assessor records… - [Assessor Independence & Competence](https://docs.standardintelligence.com/assessor-independence-and-competence): Conflict of Interest Declarations AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 , Annex VI Each assessor participating in the… - [Brownfield Compliance](https://docs.standardintelligence.com/brownfield-compliance): Gap Assessment — Per Module Documentation Reconstruction — Transparent Labelling Retrofitting Version Control — Baseline Capture Retrofitting Testing —… - [CE Marking](https://docs.standardintelligence.com/ce-marking): Affixation Requirements AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 48 Article 48 requires high-risk AI systems to bear the CE… - [Certification, Standards & Legal](https://docs.standardintelligence.com/certification-standards-and-legal): Certification, standards, and legal obligations intersect to define the compliance pathway for high-risk AI systems. The harmonised standards landscape covers… - [Change Management (S.6 Integration)](https://docs.standardintelligence.com/change-management-s6-integration): Change Management (S.6 Integration) AISDP module(s): Module 2 (Development Process), Module 6 (Risk Management System) Regulatory basis: Article 17 Change… - [Classification Decision Record](https://docs.standardintelligence.com/classification-decision-record): CDR Content AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Articles 5, 6 The Classification Decision Record (CDR) is the formal artefact… - [Classification Reviewer — Independent CDR Validation](https://docs.standardintelligence.com/classification-reviewer-independent-cdr-validation): Classification Reviewer — Independent CDR Validation AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Articles 5, 6 The Classification… - [Communication Protocols](https://docs.standardintelligence.com/communication-protocols): Proactive Engagement & Consistent Messaging AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 Organisations should introduce… - [Conflicting Guidance Position Papers](https://docs.standardintelligence.com/conflicting-guidance-position-papers): Conflicting Guidance Position Papers AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 Where conflicting member state guidance was… - [Conflicting Guidance](https://docs.standardintelligence.com/conflicting-guidance): Identifying, Resolving & Documenting Conflicting Positions AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 In the early… - [Conformity Assessment Artefacts](https://docs.standardintelligence.com/conformity-assessment-artefacts): Internal Assessment Report Non-Conformity Register Evidence Register Assessment Checklist Assessor Independence & Competence Records Assessment Plan Stakeholder… - [Conformity Assessment Coordinator — Gates, Evidence, Registration](https://docs.standardintelligence.com/conformity-assessment-coordinator-gates-evidence): Conformity Assessment Coordinator — Gates, Evidence, Registration AISDP module(s): Module 10 (Compliance Record), Module 12 ( Post-Market Monitoring )… - [Conformity Assessment](https://docs.standardintelligence.com/conformity-assessment): Conformity assessment is the process by which the provider demonstrates that the high-risk AI system meets the requirements of the EU AI Act. Annex VI internal… - [Continual Improvement](https://docs.standardintelligence.com/continual-improvement): Continual Improvement AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 Continual improvement requires mechanisms for learning… - [Continuous Assessment & Surveillance](https://docs.standardintelligence.com/continuous-assessment-and-surveillance): Continuous Assessment & CI/CD as Continuous Checking AISDP module(s): All modules (cross-cutting) Regulatory basis: Articles 9, 18, 72 The internal conformity… - [Data Access Protocol](https://docs.standardintelligence.com/data-access-protocol): Data Access Protocol AISDP module(s): Module 4 ( Data Governance ), Module 9 (Cybersecurity) Regulatory basis: Annex VII , points 4.3, 4.5 Annex VII points 4.3… - [Data Sovereignty Constraints](https://docs.standardintelligence.com/data-sovereignty-constraints): Data Sovereignty Constraints AISDP module(s): Module 4 ( Data Governance ), Module 9 (Cybersecurity) Regulatory basis: GDPR , National data protection… - [Declaration of Conformity](https://docs.standardintelligence.com/declaration-of-conformity): Eight Mandatory Content Points AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 47, Annex V Annex V specifies eight mandatory content… - [Delivery Artefacts](https://docs.standardintelligence.com/delivery-artefacts): Programme Plan & Milestone Calendar AISDP module(s): Cross-cutting Regulatory basis: Articles 8–15 The programme plan documents the seven-phase delivery… - [Deployer Communication Records](https://docs.standardintelligence.com/deployer-communication-records): Deployer Communication Records AISDP module(s): Module 8 (Transparency), Module 11 (Deployer Obligations) Regulatory basis: Article 13 , Article 26 The deployer… - [Deployer Communications per Member State](https://docs.standardintelligence.com/deployer-communications-per-member-state): Deployer Communications per Member State AISDP module(s): Module 8 (Transparency), Module 11 (Deployer Obligations) Regulatory basis: Article 13 , Article 26… - [Deployer Registration (Art. 49(3), Annex VIII-C)](https://docs.standardintelligence.com/deployer-registration-art-493-annex-viii-c): Deployer Registration (Art. 49(3), Annex VIII-C) AISDP module(s): Module 11 (Deployer Obligations) Regulatory basis: Article 49 (3), Annex VIII Section C Public… - [Document Control](https://docs.standardintelligence.com/document-control): Document Control AISDP module(s): All modules (cross-cutting) Regulatory basis: Article 17 , Article 18 Document control requires that every AISDP module,… - [Documentation Reconstruction — Transparent Labelling](https://docs.standardintelligence.com/documentation-reconstruction-transparent-labelling): Documentation Reconstruction — Transparent Labelling AISDP module(s): All 12 modules Regulatory basis: Articles 11, 18, Annex IV For brownfield system s, some… - [DPO Liaison — DPIA & Special Category Data](https://docs.standardintelligence.com/dpo-liaison-dpia-and-special-category-data): DPO Liaison — DPIA & Special Category Data AISDP module(s): Module 4 (Data Governance) Regulatory basis: GDPR, Article 10 The DPO Liaison confirms that data… - [End-to-End Technical Delivery](https://docs.standardintelligence.com/end-to-end-technical-delivery): End-to-end technical delivery translates the AISDP 's compliance requirements into a practical project execution framework. The seven-phase delivery framework… - [Enforcement & Penalties](https://docs.standardintelligence.com/enforcement-and-penalties): Penalty Tiers (Art. 99) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 99 Article 99 establishes three penalty tiers calibrated to… - [EU Database Registration Confirmation](https://docs.standardintelligence.com/eu-database-registration-confirmation): EU Database Registration Confirmation AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 , Article 71 The EU database registration… - [EU Database Registration](https://docs.standardintelligence.com/eu-database-registration): Provider Registration (Art. 49(1), Annex VIII-A) Non-High-Risk Provider Registration (Art. 49(2), Annex VIII-B) Deployer Registration (Art. 49(3), Annex VIII-C)… - [Evidence Register](https://docs.standardintelligence.com/evidence-register): Evidence Register AISDP module(s): All 12 modules Regulatory basis: Articles 11, 18, Annex IV The evidence register is retained as the master index linking… - [Fee Structures & Budget](https://docs.standardintelligence.com/fee-structures-and-budget): Fee Structures & Budget AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 43 Notified body assessment is a commercial service. Common… - [Five-Method Risk Identification](https://docs.standardintelligence.com/five-method-risk-identification): FMEA — Structured Failure Mode Analysis AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 9 Failure Mode and Effects Analysis (FMEA),… - [Four-Tier Framework Overview](https://docs.standardintelligence.com/four-tier-framework-overview): Four-Tier Framework Overview AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Articles 5, 6, 50 The EU AI Act establishes a four-tier risk… - [Fundamental Rights Impact Assessment](https://docs.standardintelligence.com/fundamental-rights-impact-assessment): ℹ is populated. are awaiting content from a subsequent batch. FRIA Scope & EU Charter Rights AISDP module(s): Module 11 (Deployer Obligations), Module 6 (Risk… - [Gap Assessment — Per Module](https://docs.standardintelligence.com/gap-assessment-per-module): Gap Assessment — Per Module AISDP module(s): All 12 modules Regulatory basis: Articles 8–15 Many organisations must bring existing AI systems into compliance.… - [GPAI Model Risk Assessment](https://docs.standardintelligence.com/gpai-model-risk-assessment): ℹ Awaiting content from a subsequent batch (v13). Awaiting content. - [Harmonised Standards Landscape](https://docs.standardintelligence.com/harmonised-standards-landscape): CEN/CENELEC JTC 21 AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 40 CEN/CENELEC Joint Technical Committee 21 (JTC 21) is… - [Incident Reporting Across Borders](https://docs.standardintelligence.com/incident-reporting-across-borders): Incident Reporting Across Borders AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 73 A serious incident under Article 73 must be… - [Inspection Readiness Drill Records](https://docs.standardintelligence.com/inspection-readiness-drill-records): Inspection Readiness Drill Records AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 74 The drill records archive documents each annual… - [Inspection Readiness](https://docs.standardintelligence.com/inspection-readiness): Readiness Capability — AISDP Retrieval & Drills AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 74 The organisation maintains an… - [Interaction Protocol](https://docs.standardintelligence.com/interaction-protocol): Interaction Protocol AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Annex VII A formal interaction protocol is established with the… - [Internal Assessment Report](https://docs.standardintelligence.com/internal-assessment-report): Internal Assessment Report AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Annex VI The Internal Assessment Report is the formal output of… - [Internal Audit Assurance Lead — Annual Audit](https://docs.standardintelligence.com/internal-audit-assurance-lead-annual-audit): Internal Audit Assurance Lead — Annual Audit AISDP module(s): All modules (assurance) Regulatory basis: Article 17 The Internal Audit Assurance Lead provides… - [ISO 42001:2023 — Foundation](https://docs.standardintelligence.com/iso-420012023-foundation): ISO 42001:2023 — Foundation AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 ISO/IEC 42001:2023 (Artificial Intelligence… - [Iterative Risk Management](https://docs.standardintelligence.com/iterative-risk-management): ℹ Awaiting content from a subsequent batch (v13). Awaiting content. - [Jurisdiction-Specific Guidance & Quarterly Monitoring](https://docs.standardintelligence.com/jurisdiction-specific-guidance-and-quarterly-monitoring): Jurisdiction-Specific Guidance & Quarterly Monitoring AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 The Legal and Regulatory… - [Keeping Registration Current](https://docs.standardintelligence.com/keeping-registration-current): Updates on Material Changes & Version Alignment AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 The AI Act requires registration… - [Language & Translation](https://docs.standardintelligence.com/language-and-translation): Language & Translation AISDP module(s): Module 8 (Transparency), Module 10 (Compliance Record) Regulatory basis: Article 13 (3)(b)(ii), Article 47, Article 73… - [Legal & Regulatory Advisor — Provider Boundary, IP, Cross-Regulatory](https://docs.standardintelligence.com/legal-and-regulatory-advisor-provider-boundary-ip-cross): Legal & Regulatory Advisor — Provider Boundary, IP, Cross-Regulatory AISDP module(s): Cross-cutting (legal review) Regulatory basis: Article 17 The Legal and… - [Liability & Insurance](https://docs.standardintelligence.com/liability-and-insurance): Legal Significance — Binding Statement & Personal Exposure AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 47, Article 99(5) The… - [Maintaining NB Certification](https://docs.standardintelligence.com/maintaining-nb-certification): Maintaining NB Certification AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 44, Annex VII points 5.1–5.3 Notified body… - [Milestones Before August 2026](https://docs.standardintelligence.com/milestones-before-august-2026): Milestones Before August 2026 AISDP module(s): All 12 modules Regulatory basis: Article 113 The August 2026 deadline applies to the Chapter 2 requirements… - [Multi-Jurisdiction Checklist](https://docs.standardintelligence.com/multi-jurisdiction-checklist): Multi-Jurisdiction Checklist AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Articles 49, 70, 73 Completed per-jurisdiction deployment… - [Multi-Jurisdiction Cost Implications & Phased Rollout](https://docs.standardintelligence.com/multi-jurisdiction-cost-implications-and-phased-rollout): Multi-Jurisdiction Cost Implications & Phased Rollout AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Articles 49, 70 Multi-jurisdiction… - [Multi-Jurisdiction Deployment](https://docs.standardintelligence.com/multi-jurisdiction-deployment): Language & Translation Jurisdiction-Specific Guidance & Quarterly Monitoring Deployer Communications per Member State Incident Reporting Across Borders Data… - [Multi-Jurisdiction Registration](https://docs.standardintelligence.com/multi-jurisdiction-registration): Multi-Jurisdiction Registration AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 , Article 71 The EU database is a single European… - [Multi-System & Continuous Assessment](https://docs.standardintelligence.com/multi-system-and-continuous-assessment): This section covers the following topics: Multi-System Assessment Continuous Assessment & Surveillance - [Multi-System Assessment](https://docs.standardintelligence.com/multi-system-assessment): Multi-System Assessment Coordination AISDP module(s): All modules (cross-cutting) Regulatory basis: Article 17 , Annex VI Organisations with multiple high-risk… - [Mutual Recognition & Single Market](https://docs.standardintelligence.com/mutual-recognition-and-single-market): Mutual Recognition & Single Market AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Regulation (EU) 2024/1689 (direct applicability as EU… - [National Competent Authority Landscape](https://docs.standardintelligence.com/national-competent-authority-landscape): NCA Maturity Levels AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 National competent authorities are at varying stages of… - [NB Evidence Pack](https://docs.standardintelligence.com/nb-evidence-pack): NB Evidence Pack AISDP module(s): All 12 modules Regulatory basis: Article 43, Annex VII Notified body documentation expectations are materially more demanding… - [NCA Engagement Log](https://docs.standardintelligence.com/nca-engagement-log): NCA Engagement Log AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 70 The NCA engagement log archive is the master record of all… - [Non-Conformity Management](https://docs.standardintelligence.com/non-conformity-management): Critical NC — Definition & Effect AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 , Annex VI A critical non-conformity indicates… - [Non-Conformity Register](https://docs.standardintelligence.com/non-conformity-register): Non-Conformity Register AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 , Annex VI The Non-Conformity Register is a compliance… - [Non-High-Risk Provider Registration (Art. 49(2), Annex VIII-B)](https://docs.standardintelligence.com/non-high-risk-provider-registration-art-492-annex-viii-b): Non-High-Risk Provider Registration (Art. 49(2), Annex VIII-B) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 (2), Annex VIII… - [Notified Bodies](https://docs.standardintelligence.com/notified-bodies): When NB Required NB Evidence Pack Data Access Protocol Annex VII Procedural Mapping Interaction Protocol Fee Structures & Budget Timeline Planning Annex I… - [Organisational Roles](https://docs.standardintelligence.com/organisational-roles): AI Governance Lead — Responsibilities & Authority AI System Assessor — Classification, AISDP, Independence Conformity Assessment Coordinator — Gates, Evidence,… - [Parallel Track Coordination](https://docs.standardintelligence.com/parallel-track-coordination): Portfolio Prioritisation — Four Axes AISDP module(s): Cross-cutting Regulatory basis: Articles 8–15 Organisations with multiple high-risk systems cannot address… - [Per-Jurisdiction Deployment Checklist](https://docs.standardintelligence.com/per-jurisdiction-deployment-checklist): Per-Jurisdiction Deployment Checklist AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Articles 49, 70, 73 Each additional deployment… - [Phase 1: Discovery & Classification (Weeks 1–3)](https://docs.standardintelligence.com/phase-1-discovery-and-classification-weeks-1-3): Phase 1: Discovery & Classification (Weeks 1–3) AISDP module(s): Module 1 (System Identity), Module 6 (Risk Management System) Regulatory basis: Articles 3, 5,… - [Phase 2: Risk Assessment & FRIA (Weeks 2–6)](https://docs.standardintelligence.com/phase-2-risk-assessment-and-fria-weeks-2-6): Phase 2: Risk Assessment & FRIA (Weeks 2–6) AISDP module(s): Module 6 (Risk Management System), Module 11 (Deployer Obligations) Regulatory basis: Article 9 ,… - [Phase 3: Architecture & Design (Weeks 4–8)](https://docs.standardintelligence.com/phase-3-architecture-and-design-weeks-4-8): Phase 3: Architecture & Design (Weeks 4–8) AISDP module(s): Module 2 (Development Process), Module 3 (Architecture), Module 4 ( Data Governance ), Module 9… - [Phase 4: Development & Testing (Weeks 6–18)](https://docs.standardintelligence.com/phase-4-development-and-testing-weeks-6-18): Phase 4: Development & Testing (Weeks 6–18) AISDP module(s): Modules 2–5, 7, 9 (Development, Architecture, Data, Testing, Transparency, Cybersecurity)… - [Phase 5: Pre-Deployment Validation (Weeks 16–20)](https://docs.standardintelligence.com/phase-5-pre-deployment-validation-weeks-16-20): Phase 5: Pre-Deployment Validation (Weeks 16–20) AISDP module(s): All 12 modules Regulatory basis: Articles 8–17, Annex IV , Annex VI Phase 5 validates the… - [Phase 6: Registration & Deployment (Weeks 20–22)](https://docs.standardintelligence.com/phase-6-registration-and-deployment-weeks-20-22): Phase 6: Registration & Deployment (Weeks 20–22) AISDP module(s): Module 10 (Compliance Record), Module 8 (Transparency) Regulatory basis: Articles 48, 49, 71… - [Phase 7: Operational Monitoring (Ongoing)](https://docs.standardintelligence.com/phase-7-operational-monitoring-ongoing): Phase 7: Operational Monitoring (Ongoing) AISDP module(s): Module 12 ( Post-Market Monitoring ), all modules (living document updates) Regulatory basis:… - [Phased Compliance (A: Critical, B: Documentation, C: Infrastructure)](https://docs.standardintelligence.com/phased-compliance-a-critical-b-documentation-c): Phased Compliance (A: Critical, B: Documentation, C: Infrastructure) AISDP module(s): All 12 modules Regulatory basis: Articles 8–15 Brownfield compliance need… - [Pre-Assessment Readiness](https://docs.standardintelligence.com/pre-assessment-readiness): Evidence Currency — 60-Day Maximum & Staleness Tracking AISDP module(s): All 12 modules Regulatory basis: Articles 11, 18 Evidence artefacts have a freshness… - [Procedural Alternative for Small Portfolios](https://docs.standardintelligence.com/procedural-alternative-for-small-portfolios): Procedural Alternative for Small Portfolios AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 A QMS is fundamentally a set of… - [Provider Registration (Art. 49(1), Annex VIII-A)](https://docs.standardintelligence.com/provider-registration-art-491-annex-viii-a): Provider Registration (Art. 49(1), Annex VIII-A) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 (1), Annex VIII Section A Providers… - [Non-Conformity Management](https://docs.standardintelligence.com/qms-framework--non-conformity-management): Non-Conformity Management AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 17 When a gap between the system's actual state and its… - [QMS Framework](https://docs.standardintelligence.com/qms-framework): ISO 42001:2023 — Foundation Document Control Change Management (S.6 Integration) Non-Conformity Management Continual Improvement Procedural Alternative for… - [Real-World Testing Registration (Art. 60, Annex IX)](https://docs.standardintelligence.com/real-world-testing-registration-art-60-annex-ix): Real-World Testing Registration (Art. 60, Annex IX) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 60 , Annex IX Article 60 permits… - [Real-World Testing Registration](https://docs.standardintelligence.com/real-world-testing-registration): Real-World Testing Registration AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 60 , Annex IX Where real-world testing was conducted… - [Reclassification Triggers](https://docs.standardintelligence.com/reclassification-triggers): Reclassification Triggers AISDP module(s): Module 6 (Risk Management System), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 6, Article 9 A… - [Registration Data Quality Assurance](https://docs.standardintelligence.com/registration-data-quality-assurance): Registration Data Quality Assurance AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 , Article 71 The EU database registration is… - [Regulator Interaction & Registration](https://docs.standardintelligence.com/regulator-interaction-and-registration): Regulator interaction spans the full lifecycle of a high-risk AI system, from initial EU database registration through ongoing reporting to inspection readiness… - [Regulator Interaction Artefacts](https://docs.standardintelligence.com/regulator-interaction-artefacts): EU Database Registration Confirmation Real-World Testing Registration Deployer Communication Records Inspection Readiness Drill Records NCA Engagement Log… - [Regulatory Sandbox](https://docs.standardintelligence.com/regulatory-sandbox): Strategic Benefits & Practical Considerations (Regulatory Sandbox) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 57 Sandbox… - [Reputational Risk Assessment](https://docs.standardintelligence.com/reputational-risk-assessment): Five Reputational Risk Dimensions AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 9 Reputational risk, though not explicitly within… - [Residual Risk & Acceptability](https://docs.standardintelligence.com/residual-risk-and-acceptability): Operationalising "As Far As Possible" AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 9 (4) Article 9(4) requires that risks be… - [Resource Estimation](https://docs.standardintelligence.com/resource-estimation): FTE per System AISDP module(s): Cross-cutting Regulatory basis: Article 17 Resource estimation for a single medium-complexity high-risk system typically… - [Retrofitting Testing — Comprehensive Retrospective](https://docs.standardintelligence.com/retrofitting-testing-comprehensive-retrospective): Retrofitting Testing — Comprehensive Retrospective AISDP module(s): Module 5 (Testing and Validation) Regulatory basis: Articles 9, 15 Systems that were not… - [Retrofitting Version Control — Baseline Capture](https://docs.standardintelligence.com/retrofitting-version-control-baseline-capture): Retrofitting Version Control — Baseline Capture AISDP module(s): Module 2 (Development Process) Regulatory basis: Article 11 , Article 18 Systems that were not… - [Risk Assessment Artefacts](https://docs.standardintelligence.com/risk-assessment-artefacts): ℹ Awaiting content from a subsequent batch (v13). Awaiting content. - [Risk Assessment for Specific Categories](https://docs.standardintelligence.com/risk-assessment-for-specific-categories): ℹ Awaiting content from a subsequent batch (v13). Awaiting content. - [Risk Assessment](https://docs.standardintelligence.com/risk-assessment): Risk assessment under the EU AI Act begins with classification and extends through identification, scoring, mitigation, and iterative review. Risk… - [Risk Classification](https://docs.standardintelligence.com/risk-classification): Four-Tier Framework Overview Tier 1: Prohibited Practices (Art. 5) — Seven Categories & Immediate Cessation Tier 2: High-Risk (Annex III) — Eight Domains Tier… - [Risk Scoring & Calibration](https://docs.standardintelligence.com/risk-scoring-and-calibration): Four Scoring Dimensions AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 9 Risks are scored using a likelihood-impact matrix. Impact… - [Sensitive Domains — Non-Public Section](https://docs.standardintelligence.com/sensitive-domains-non-public-section): Sensitive Domains — Non-Public Section AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 49 (4) High-risk AI systems under Annex III… - [Seven-Phase Delivery Framework](https://docs.standardintelligence.com/seven-phase-delivery-framework): Phase 1: Discovery & Classification (Weeks 1–3) Phase 2: Risk Assessment & FRIA (Weeks 2–6) Phase 3: Architecture & Design (Weeks 4–8) Phase 4: Development &… - [Stakeholder Interview Records](https://docs.standardintelligence.com/stakeholder-interview-records): Stakeholder Interview Records AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Annex VI The stakeholder interview records from Phase 4 of… - [Technical SME — Risk, Architecture, Testing](https://docs.standardintelligence.com/technical-sme-risk-architecture-testing): Technical SME — Risk, Architecture, Testing AISDP module(s): Modules 2–5, 9, 10 (Development, Architecture, Data, Testing, Cybersecurity) Regulatory basis:… - [Third-Country Providers — Authorised Representative (Art. 22)](https://docs.standardintelligence.com/third-country-providers-authorised-representative-art-22): Third-Country Providers — Authorised Representative (Art. 22) AISDP module(s): Module 10 (Compliance Record) Regulatory basis: Article 22 Providers established… - [Tier 1: Prohibited Practices (Art. 5) — Seven Categories & Immediate Cessation](https://docs.standardintelligence.com/tier-1-prohibited-practices-art-5-seven-categories-and): Tier 1: Prohibited Practices (Art. 5) — Seven Categories & Immediate Cessation AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 5… - [Tier 2: Annex I Safety Components](https://docs.standardintelligence.com/tier-2-annex-i-safety-components): Tier 2: Annex I Safety Components AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 6(1), Annex I AI systems that constitute safety… - [Tier 2: Full Obligation Set (AISDP, Conformity Assessment, CE, EU DB)](https://docs.standardintelligence.com/tier-2-full-obligation-set-aisdp-conformity-assessment-ce): Tier 2: Full Obligation Set (AISDP, Conformity Assessment, CE, EU DB) AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Articles 8–15, 43,… - [Tier 2: High-Risk (Annex III) — Eight Domains](https://docs.standardintelligence.com/tier-2-high-risk-annex-iii-eight-domains): Tier 2: High-Risk (Annex III) — Eight Domains AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 6, Annex III Annex III defines eight… - [Tier 3: Limited Risk (Art. 50) — Transparency Obligations](https://docs.standardintelligence.com/tier-3-limited-risk-art-50-transparency-obligations): Tier 3: Limited Risk (Art. 50) — Transparency Obligations AISDP module(s): Module 6 (Risk Management System), Module 8 (Transparency) Regulatory basis: Article… - [Tier 4: Minimal Risk — Baseline AISDP Only](https://docs.standardintelligence.com/tier-4-minimal-risk-baseline-aisdp-only): Tier 4: Minimal Risk — Baseline AISDP Only AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Residual (no specific AI Act obligation) Systems… - [Timeline Planning](https://docs.standardintelligence.com/timeline-planning): Timeline Planning AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 43 Timeline planning accounts for the full assessment lifecycle.… - [Translation Records](https://docs.standardintelligence.com/translation-records): Translation Records AISDP module(s): Module 8 (Transparency), Module 10 (Compliance Record) Regulatory basis: Article 13 (3)(b)(ii) The translation records… - [When NB Required](https://docs.standardintelligence.com/when-nb-required): When NB Required AISDP module(s): Module 6 (Risk Management System) Regulatory basis: Article 43(1) Article 43(1) establishes the conformity assessment regime… ## Operations - [AI Literacy](https://docs.standardintelligence.com/ai-literacy): Tiered Programme — Five Levels AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 4 The AI Governance Lead tiers AI literacy training to the… - [AISDP Version Updates](https://docs.standardintelligence.com/aisdp-version-updates): AISDP Version Updates AISDP module(s): All modules (living document) Regulatory basis: Article 11 , Article 18 Each material change to the system, its… - [Alerting & Escalation Framework](https://docs.standardintelligence.com/alerting-and-escalation-framework): Informational Tier Warning Tier Critical Tier Escalation Path Design Silent Escalation Detection Threshold Calibration — Derivation & Quarterly Review - [Alerting Layer](https://docs.standardintelligence.com/alerting-layer): Alerting Layer AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Alerts are routed through a dedicated alerting service… - [Annual Break-Glass Testing](https://docs.standardintelligence.com/annual-break-glass-testing): Annual Break-Glass Testing AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The Technical Owner tests the break-glass procedure at least… - [Annual Oversight Audit Report](https://docs.standardintelligence.com/annual-oversight-audit-report): Annual Oversight Audit Report AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 17 , Article 72 The Internal Audit Assurance Lead's… - [Art. 3(49) Definition — Five Categories of Serious Incident](https://docs.standardintelligence.com/art-349-definition-five-categories-of-serious-incident): Art. 3(49) Definition — Five Categories of Serious Incident AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 3(49), Article 73… - [Availability & Uptime vs SLO](https://docs.standardintelligence.com/availability-and-uptime-vs-slo): Availability & Uptime vs SLO AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 The engineering team measures system… - [Board & Committee Reporting Materials](https://docs.standardintelligence.com/board-and-committee-reporting-materials): Board & Committee Reporting Materials AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 17 Board and committee reporting materials (risk… - [Break-Glass Procedures](https://docs.standardintelligence.com/break-glass-procedures): Who Can Trigger Break-Glass (Level 2 or Above) In-Application Stop Button Infrastructure Kill Switch Feature Flag Pattern Immediate Actions (Halt, Hold, Notify… - [Break-Glass Test Records](https://docs.standardintelligence.com/break-glass-test-records): Break-Glass Test Records AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Break-glass test records document each annual exercise: the… - [Change Impact Assessment](https://docs.standardintelligence.com/change-impact-assessment): Substantial Modification Threshold Check per Change AISDP module(s): Module 12 ( Post-Market Monitoring ), Module 2 (Development Process) Regulatory basis:… - [Composite System Monitoring](https://docs.standardintelligence.com/composite-system-monitoring): Per-Component & Aggregate Monitoring AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 Composite systems (combining multiple… - [Computation Layer](https://docs.standardintelligence.com/computation-layer): Computation Layer AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Metric computation runs on a scheduled basis (hourly, daily,… - [Continuous Oversight Governance](https://docs.standardintelligence.com/continuous-oversight-governance): Quarterly Oversight Reviews — Six Agenda Items AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The AI Governance Lead convenes a… - [Corporate Governance Integration](https://docs.standardintelligence.com/corporate-governance-integration): Board Risk Committee — AI Compliance Reporting AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 17 For organisations with material AI… - [Critical Tier](https://docs.standardintelligence.com/critical-tier): Critical Tier AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 , Article 73 A critical alert indicates that a metric has… - [Cross-Deployer Pattern Analysis](https://docs.standardintelligence.com/cross-deployer-pattern-analysis): Cross-Deployer Pattern Analysis AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Individual deployer reports may appear minor in… - [Cross-Regime Interaction (Art. 73(9))](https://docs.standardintelligence.com/cross-regime-interaction-art-739): Cross-Regime Interaction (Art. 73(9)) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73(9) High-risk AI systems in sectors with… - [Dashboard Layer](https://docs.standardintelligence.com/dashboard-layer): Dashboard Layer AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Dashboards serve two audiences. The operational dashboard… - [Data Collection Layer](https://docs.standardintelligence.com/data-collection-layer): Data Collection Layer AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 The data collection layer captures inference inputs,… - [Data Drift Monitoring](https://docs.standardintelligence.com/data-drift-monitoring): Input Drift AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 (1) The Technical SME compares the distribution of incoming data… - [Data Lifecycle Closure Record](https://docs.standardintelligence.com/data-lifecycle-closure-record): Data Lifecycle Closure Record AISDP module(s): Module 4 ( Data Governance ) Regulatory basis: Article 18 , GDPR Article 5 (1)(e) The data lifecycle closure… - [Decommission Record](https://docs.standardintelligence.com/decommission-record): Decommission Record AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 18 The decommission record consolidates the seven workstream… - [Dependency Health](https://docs.standardintelligence.com/dependency-health): Dependency Health AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 The AI system depends on upstream services (data sources,… - [Deployer Feedback Channels](https://docs.standardintelligence.com/deployer-feedback-channels): Deployer Feedback Channels AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Structured feedback channels make it easy for… - [Deployer Monitoring Support](https://docs.standardintelligence.com/deployer-monitoring-support): Instructions for Use Guidance (Art. 26(4)) Deployer Feedback Channels Limited-Visibility Deployments — Telemetry Agents Limited-Visibility Deployments —… - [Deployer Notification Records](https://docs.standardintelligence.com/deployer-notification-records): Deployer Notification Records AISDP module(s): Module 8 (Transparency), Module 11 (Deployer Obligations) Regulatory basis: Article 13 , Article 20 Deployer… - [Detection Infrastructure](https://docs.standardintelligence.com/detection-infrastructure): Detection Infrastructure AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73 The PMM system is configured to detect events that… - [End-of-Life Artefacts](https://docs.standardintelligence.com/end-of-life-artefacts): End-of-Life Plan Deployer Notification Records Technical Shutdown Log Data Lifecycle Closure Record Final AISDP Version Decommission Record Post-Decommission… - [End-of-Life Plan](https://docs.standardintelligence.com/end-of-life-plan): End-of-Life Plan AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 16 The end-of-life plan documents the trigger, the governance… - [End-of-Life Planning](https://docs.standardintelligence.com/end-of-life-planning): Lead Times by Trigger Type AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 16, Article 79 Lead times vary by trigger type.… - [End-of-Life Triggers](https://docs.standardintelligence.com/end-of-life-triggers): Planned Retirement (Commercial, Technical, Strategic) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 16 A system reaches… - [Error Rate Tracking by Type](https://docs.standardintelligence.com/error-rate-tracking-by-type): Error Rate Tracking by Type AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 Errors are classified by type, each with… - [Escalation & Override Logs](https://docs.standardintelligence.com/escalation-and-override-logs): Escalation & Override Logs AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Escalation and override logs capture every operator… - [Escalation Path Design](https://docs.standardintelligence.com/escalation-path-design): Escalation Path Design AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 The AI Governance Lead documents and rehearses the… - [Escalation Without Reprisal](https://docs.standardintelligence.com/escalation-without-reprisal): Whistleblower Protection (Directive 2019/1937) AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Directive 2019/1937, Article 14 The organisation… - [Evidence Preservation (Art. 73(6))](https://docs.standardintelligence.com/evidence-preservation-art-736): Evidence Preservation (Art. 73(6)) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73(6) Article 73(6) explicitly prohibits the… - [Fairness Monitoring](https://docs.standardintelligence.com/fairness-monitoring): Fairness Metrics AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 10(2)(f) Selection rate ratios, equalised odds, predictive… - [Feature Flag Pattern](https://docs.standardintelligence.com/feature-flag-pattern): Feature Flag Pattern AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 (4)(e) Feature flags (LaunchDarkly, Unleash, Flagsmith) provide a… - [Feedback Loop to Governance](https://docs.standardintelligence.com/feedback-loop-to-governance): Feedback Loop Metrics (Meta-Monitoring) AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 The Technical SME monitors the feedback… - [Final AISDP Version](https://docs.standardintelligence.com/final-aisdp-version): Final AISDP Version AISDP module(s): All modules Regulatory basis: Article 11 , Article 18 The final AISDP version incorporates the decommissioning record… - [Fresh Eyes Review Reports](https://docs.standardintelligence.com/fresh-eyes-review-reports): Fresh Eyes Review Reports AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Fresh eyes review reports document each review: the reviewer… - [Human Oversight Monitoring](https://docs.standardintelligence.com/human-oversight-monitoring): Override Rate Analysis AISDP module(s): Module 7 (Human Oversight), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 14 Override rates carry… - [Immediate Actions (Halt, Hold, Notify Deployers)](https://docs.standardintelligence.com/immediate-actions-halt-hold-notify-deployers): Immediate Actions (Halt, Hold, Notify Deployers) AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 (4)(e) When break-glass is activated,… - [In-Application Stop Button](https://docs.standardintelligence.com/in-application-stop-button): In-Application Stop Button AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 (4)(e) The primary break-glass mechanism is a prominent,… - [Inference Latency](https://docs.standardintelligence.com/inference-latency): Inference Latency AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 Latency monitoring tracks mean response times and tail… - [Informational Tier](https://docs.standardintelligence.com/informational-tier): Informational Tier AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 An informational alert indicates that a metric has shifted… - [Infrastructure Kill Switch](https://docs.standardintelligence.com/infrastructure-kill-switch): Infrastructure Kill Switch AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 (4)(e) The secondary break-glass mechanism is an… - [Initial Report Content (Art. 73(5))](https://docs.standardintelligence.com/initial-report-content-art-735): Initial Report Content (Art. 73(5)) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73(5) The initial report is prepared using… - [Instructions for Use Guidance (Art. 26(4))](https://docs.standardintelligence.com/instructions-for-use-guidance-art-264): Instructions for Use Guidance (Art. 26(4)) AISDP module(s): Module 8 (Transparency), Module 11 (Deployer Obligations) Regulatory basis: Article 13 , Article… - [Investigation & Corrective Action](https://docs.standardintelligence.com/investigation-and-corrective-action): Investigation & Corrective Action AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73(6) Following the initial report, Article… - [Level 1: Technical Monitoring](https://docs.standardintelligence.com/level-1-technical-monitoring): Level 1: Technical Monitoring — Personnel & Function AISDP module(s): Module 7 (Human Oversight), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article… - [Level 2: AI System Operators](https://docs.standardintelligence.com/level-2-ai-system-operators): Level 2: AI System Operators — Personnel & Function AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Level 2 comprises the human… - [Level 3: Product Management & Business](https://docs.standardintelligence.com/level-3-product-management-and-business): Level 3: Product Management & Business — Personnel & Function AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Level 3 comprises product… - [Level 4: Compliance, Legal & Data Protection](https://docs.standardintelligence.com/level-4-compliance-legal-and-data-protection): Level 4: Compliance, Legal & Data Protection — Personnel & Function AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 , Article 17 Level… - [Level 5: Executive Leadership](https://docs.standardintelligence.com/level-5-executive-leadership): Level 5: Executive Leadership — Personnel & Function AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Level 5 comprises the CEO, CTO,… - [Level 6: External Oversight](https://docs.standardintelligence.com/level-6-external-oversight): Level 6: External Oversight — Bodies & Organisation's Role AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Articles 70, 74 Level 6 comprises… - [Limited-Visibility Deployments — Callback APIs](https://docs.standardintelligence.com/limited-visibility-deployments-callback-apis): Limited-Visibility Deployments — Callback APIs AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Callback APIs provide a… - [Limited-Visibility Deployments — Synthetic Monitoring](https://docs.standardintelligence.com/limited-visibility-deployments-synthetic-monitoring): Limited-Visibility Deployments — Synthetic Monitoring AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Synthetic monitoring is… - [Limited-Visibility Deployments — Telemetry Agents](https://docs.standardintelligence.com/limited-visibility-deployments-telemetry-agents): Limited-Visibility Deployments — Telemetry Agents AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Many high-risk systems are… - [LLM & Generative AI Monitoring](https://docs.standardintelligence.com/llm-and-generative-ai-monitoring): Hallucination Detection AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 For generative AI systems that produce factual… - [Monthly PMM Reports](https://docs.standardintelligence.com/monthly-pmm-reports): Monthly PMM Reports AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Monthly PMM reports document the monitoring results for… - [Non-Retaliation for Break-Glass](https://docs.standardintelligence.com/non-retaliation-for-break-glass): Non-Retaliation for Break-Glass AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The organisation's AI governance policy explicitly… - [Notification Chain](https://docs.standardintelligence.com/notification-chain): Notification Chain AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The break-glass activation event triggers an automated notification… - [Operational Monitoring](https://docs.standardintelligence.com/operational-monitoring): Availability & Uptime vs SLO Inference Latency Error Rate Tracking by Type Resource Utilisation & Capacity Dependency Health Operational vs Model Incident… - [Operational Oversight](https://docs.standardintelligence.com/operational-oversight): Operational oversight ensures that human control over AI systems remains effective throughout production operation. The six-level oversight pyramid defines… - [Operational vs Model Incident Triage](https://docs.standardintelligence.com/operational-vs-model-incident-triage): Operational vs Model Incident Triage AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 When a monitoring alert fires, the… - [Operator Training & Certification Records](https://docs.standardintelligence.com/operator-training-and-certification-records): Operator Training & Certification Records AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 4 , Article 17 Training and certification… - [Oversight Across Boundaries](https://docs.standardintelligence.com/oversight-across-boundaries): Provider-Deployer Boundary AISDP module(s): Module 7 (Human Oversight), Module 11 (Deployer Obligations) Regulatory basis: Article 14 , Article 26 An oversight… - [Oversight Artefacts](https://docs.standardintelligence.com/oversight-artefacts): Operator Training & Certification Records Break-Glass Test Records Oversight Audit Reports Portfolio Compliance Dashboards Board & Committee Reporting Materials… - [Oversight Audit Reports](https://docs.standardintelligence.com/oversight-audit-reports): Oversight Audit Reports AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 17 The annual oversight audit report documents the six… - [Oversight Fatigue Countermeasures](https://docs.standardintelligence.com/oversight-fatigue-countermeasures): Personnel Rotation (6–12 Month Cycles) AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Personnel responsible for daily oversight tasks… - [Performance Monitoring](https://docs.standardintelligence.com/performance-monitoring): Accuracy Metrics AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 (1) The Technical SME computes the system's core accuracy… - [Periodic Deployer Audits & Satisfaction Surveys](https://docs.standardintelligence.com/periodic-deployer-audits-and-satisfaction-surveys): Periodic Deployer Audits & Satisfaction Surveys AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Periodic audits, where the… - [PMM Artefacts](https://docs.standardintelligence.com/pmm-artefacts): Monthly PMM Reports Quarterly Review Minutes Annual Oversight Audit Report Serious Incident Reports & Register AISDP Version Updates Updated Risk Register… - [PMM as Continuous Compliance](https://docs.standardintelligence.com/pmm-as-continuous-compliance): PMM That Collects Without Acting Is Non-Compliant AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Article 72 requires a PMM… - [PMM Data Retention & Privacy](https://docs.standardintelligence.com/pmm-data-retention-and-privacy): Lawful Basis (GDPR Art. 6(1)(f) + AI Act Art. 72) AISDP module(s): Module 4 ( Data Governance ), Module 12 (Post-Market Monitoring) Regulatory basis: GDPR… - [PMM Governance & Maintenance](https://docs.standardintelligence.com/pmm-governance-and-maintenance): This section covers the following topics: Quarterly PMM Reviews Feedback Loop to Governance Change Impact Assessment PMM Data Retention & Privacy PMM Resource… - [PMM Infrastructure Architecture](https://docs.standardintelligence.com/pmm-infrastructure-architecture): Data Collection Layer Storage Layer Computation Layer Alerting Layer Dashboard Layer PMM Tooling - [PMM Plan](https://docs.standardintelligence.com/pmm-plan): Data Collection Strategy AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 72(3) The PMM plan's data collection strategy specifies… - [PMM Resource Planning](https://docs.standardintelligence.com/pmm-resource-planning): Personnel (0.25–0.5 FTE per System) AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 PMM requires dedicated analytical capacity.… - [PMM Tooling](https://docs.standardintelligence.com/pmm-tooling): PMM Tooling AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 The PMM tooling landscape spans several categories. Metric… - [Portfolio Compliance Dashboards](https://docs.standardintelligence.com/portfolio-compliance-dashboards): Portfolio Compliance Dashboards AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 Portfolio dashboard snapshots are captured quarterly… - [Portfolio Scaling](https://docs.standardintelligence.com/portfolio-scaling): Shared Monitoring Infrastructure & Cross-System Analysis AISDP module(s): Module 7 (Human Oversight), Module 12 ( Post-Market Monitoring ) Regulatory basis:… - [Post-Decommission Monitoring Schedule](https://docs.standardintelligence.com/post-decommission-monitoring-schedule): Post-Decommission Monitoring Schedule AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 , Article 73 The post- decommission… - [Post-Decommission Obligations](https://docs.standardintelligence.com/post-decommission-obligations): 10-Year Document Retention AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 18 The ten-year documentation retention obligation runs… - [Post-Market Monitoring](https://docs.standardintelligence.com/post-market-monitoring): Post-market monitoring is the continuous compliance obligation that runs from the moment a high-risk AI system enters production until decommissioning . The PMM… - [Quarterly PMM Reviews](https://docs.standardintelligence.com/quarterly-pmm-reviews): Review Agenda AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 The AI Governance Lead convenes quarterly PMM review meetings… - [Quarterly Review Minutes](https://docs.standardintelligence.com/quarterly-review-minutes): Quarterly Review Minutes AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Quarterly review minutes document the governance… - [Regulatory Basis](https://docs.standardintelligence.com/regulatory-basis): Applicable Articles (Art. 3(16–17), 16, 18, 20, 49/71, 72, 73, 79) AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Articles 3(16), 3(17),… - [Reporting Execution](https://docs.standardintelligence.com/reporting-execution): Reporting Execution AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73 The incident lead prepares the initial report. The Legal… - [Reporting Timelines (2/10/15 Days)](https://docs.standardintelligence.com/reporting-timelines-21015-days): Reporting Timelines (2/10/15 Days) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73(1) The reporting regime is tiered by… - [Resource Utilisation & Capacity](https://docs.standardintelligence.com/resource-utilisation-and-capacity): Resource Utilisation & Capacity AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 15 The engineering team tracks CPU, GPU, memory,… - [Resumption Criteria](https://docs.standardintelligence.com/resumption-criteria): Resumption Criteria AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 The break-glass procedure specifies what conditions must be met… - [Serious Incident Register](https://docs.standardintelligence.com/serious-incident-register): Serious Incident Register AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73 The serious incident register tracks every event… - [Serious Incident Reporting](https://docs.standardintelligence.com/serious-incident-reporting): Art. 3(49) Definition — Five Categories of Serious Incident Reporting Timelines (2/10/15 Days) Detection Infrastructure Triage Process Evidence Preservation… - [Serious Incident Reports & Register](https://docs.standardintelligence.com/serious-incident-reports-and-register): Serious Incident Reports & Register AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73 The serious incident reports archive… - [Seven Decommission Workstreams](https://docs.standardintelligence.com/seven-decommission-workstreams): WS1: Deployer Transition — Notification & Arrangements WS1: API-Served Systems (Deprecation, Sunset, Cut-Off) WS1: Embedded/On-Premises & Workflow-Integrated… - [Silent Escalation Detection](https://docs.standardintelligence.com/silent-escalation-detection): Silent Escalation Detection AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 A common failure mode is the "silent escalation,"… - [Six-Level Oversight Pyramid](https://docs.standardintelligence.com/six-level-oversight-pyramid): This section covers the following topics: Level 1: Technical Monitoring Level 2: AI System Operators Level 3: Product Management & Business Level 4: Compliance,… - [Storage Layer](https://docs.standardintelligence.com/storage-layer): Storage Layer AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 , Article 18 Monitoring data is stored in a time-series database… - [System End-of-Life & Decommissioning](https://docs.standardintelligence.com/system-end-of-life-and-decommissioning): System end-of-life planning begins during architecture design and executes when the system reaches the end of its operational life. The regulatory basis… - [Technical Shutdown Log](https://docs.standardintelligence.com/technical-shutdown-log): Technical Shutdown Log AISDP module(s): Module 3 (Model Documentation), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 18 The technical shutdown… - [Threshold Calibration — Derivation & Quarterly Review](https://docs.standardintelligence.com/threshold-calibration-derivation-and-quarterly-review): Threshold Calibration — Derivation & Quarterly Review AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Threshold calibration… - [Triage Process](https://docs.standardintelligence.com/triage-process): Triage Process AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 73 Any detection event triggers a predefined triage process… - [Updated Risk Register Entries](https://docs.standardintelligence.com/updated-risk-register-entries): Updated Risk Register Entries AISDP module(s): Module 6 (Risk Management System), Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 9 PMM findings… - [Warning Tier](https://docs.standardintelligence.com/warning-tier): Warning Tier AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 A warning alert indicates that a metric has breached its warning… - [Who Can Trigger Break-Glass (Level 2 or Above)](https://docs.standardintelligence.com/who-can-trigger-break-glass-level-2-or-above): Who Can Trigger Break-Glass (Level 2 or Above) AISDP module(s): Module 7 (Human Oversight) Regulatory basis: Article 14 (4)(e) The break-glass procedure defines… - [WS1: API-Served Systems (Deprecation, Sunset, Cut-Off)](https://docs.standardintelligence.com/ws1-api-served-systems-deprecation-sunset-cut-off): WS1: API-Served Systems (Deprecation, Sunset, Cut-Off) AISDP module(s): Module 8 (Transparency) Regulatory basis: Article 13 For API-served systems, the… - [WS1: Deployer Transition — Notification & Arrangements](https://docs.standardintelligence.com/ws1-deployer-transition-notification-and-arrangements): WS1: Deployer Transition — Notification & Arrangements AISDP module(s): Module 8 (Transparency), Module 11 (Deployer Obligations) Regulatory basis: Article 13 ,… - [WS1: Embedded/On-Premises & Workflow-Integrated Systems](https://docs.standardintelligence.com/ws1-embeddedon-premises-and-workflow-integrated-systems): WS1: Embedded/On-Premises & Workflow-Integrated Systems AISDP module(s): Module 8 (Transparency) Regulatory basis: Article 13 For embedded or on-premises… - [WS2: Technical Shutdown (Controlled, Logged, Reversible)](https://docs.standardintelligence.com/ws2-technical-shutdown-controlled-logged-reversible): WS2: Technical Shutdown (Controlled, Logged, Reversible) AISDP module(s): Module 3 (Model Documentation), Module 12 ( Post-Market Monitoring ) Regulatory basis:… - [WS3: Data Lifecycle Closure](https://docs.standardintelligence.com/ws3-data-lifecycle-closure): WS3: Data Lifecycle Closure AISDP module(s): Module 4 ( Data Governance ) Regulatory basis: Article 18 , GDPR Article 5 (1)(e) Data lifecycle closure reconciles… - [WS4: Downstream Decision Monitoring — Historical Outputs](https://docs.standardintelligence.com/ws4-downstream-decision-monitoring-historical-outputs): WS4: Downstream Decision Monitoring — Historical Outputs AISDP module(s): Module 12 (Post-Market Monitoring) Regulatory basis: Article 72 Decisions made by the… - [WS5: Documentation Finalisation — Final AISDP Version](https://docs.standardintelligence.com/ws5-documentation-finalisation-final-aisdp-version): WS5: Documentation Finalisation — Final AISDP Version AISDP module(s): All modules Regulatory basis: Article 11 , Article 18 The AI System Assessor prepares the… - [WS6: Archival — 10-Year Retention](https://docs.standardintelligence.com/ws6-archival-10-year-retention): WS6: Archival — 10-Year Retention AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Article 18 The Conformity Assessment Coordinator… - [WS7: Regulatory Notifications (EU DB, Deployers, CA)](https://docs.standardintelligence.com/ws7-regulatory-notifications-eu-db-deployers-ca): WS7: Regulatory Notifications (EU DB, Deployers, CA) AISDP module(s): Module 12 ( Post-Market Monitoring ) Regulatory basis: Articles 49, 71, Article 20 Three… ## Resources - [Abbreviations](https://docs.standardintelligence.com/abbreviations): Abbreviations AISDP module(s): Cross-cutting Key abbreviations: AISDP (AI System Documentation Package), AUC-ROC (Area Under the Receiver Operating… - [Additional Diagrams (Remaining 11)](https://docs.standardintelligence.com/additional-diagrams-remaining-11): Additional Diagrams (Remaining 11) AISDP module(s): Various Additional Mermaid diagrams are included: the end-of-life workflow (seven workstreams from trigger… - [AISDP — 12 Module Overview](https://docs.standardintelligence.com/aisdp-12-module-overview): AISDP — 12 Module Overview AISDP module(s): All modules Regulatory basis: Article 11 , Annex IV The AISDP is structured as twelve modules, each mapping to… - [AISDP Assembly Timeline (Incremental, Phase 1 to Phase 5)](https://docs.standardintelligence.com/aisdp-assembly-timeline-incremental-phase-1-to-phase-5): AISDP Assembly Timeline (Incremental, Phase 1 to Phase 5) AISDP module(s): All modules Regulatory basis: Article 11 The AISDP is assembled incrementally across… - [Architectural Diagrams](https://docs.standardintelligence.com/architectural-diagrams): Risk Classification Diagram Oversight Pyramid Diagram Incident Response Diagram Feedback Loop Diagram Delivery Timeline Diagram Additional Diagrams (Remaining… - [Break-Glass Mechanisms Summary](https://docs.standardintelligence.com/break-glass-mechanisms-summary): Break-Glass Mechanisms Summary AISDP module(s): Module 7 Regulatory basis: Article 14 (4)(e) Three independent halt mechanisms: in-application stop button… - [Brownfield Systems](https://docs.standardintelligence.com/brownfield-systems): Gap Assessment Approach AISDP module(s): Cross-cutting Regulatory basis: Article 16 For systems already in production, the AI System Assessor examines each… - [CDR — Content & Process Summary](https://docs.standardintelligence.com/cdr-content-and-process-summary): CDR — Content & Process Summary AISDP module(s): Module 1 (System Description) Regulatory basis: Article 6 The Classification Decision Record documents the… - [CI/CD Pipeline with Four Compliance Gates](https://docs.standardintelligence.com/cicd-pipeline-with-four-compliance-gates): CI/CD Pipeline with Four Compliance Gates AISDP module(s): Module 2 , Module 5 Regulatory basis: Annex IV (2)(e), Article 9 (7) The CI/CD pipeline enforces four… - [Code Examples](https://docs.standardintelligence.com/code-examples): Data Validation Examples AISDP module(s): Module 4 Code examples are provided for data validation including Great Expectations data quality checks, schema… - [Compliance-at-Deployment](https://docs.standardintelligence.com/compliance-at-deployment): Compliance-at-Deployment AISDP module(s): Module 12 Treating compliance as a gate to pass at deployment, overlooking ongoing obligations. The AISDP is a living… - [Conformity Assessment Reference](https://docs.standardintelligence.com/conformity-assessment-reference): Route Determination (Annex VI, NB, Voluntary) AISDP module(s): Cross-cutting Regulatory basis: Article 43 Three conformity assessment routes: Annex VI internal… - [Core Artefacts to Produce](https://docs.standardintelligence.com/core-artefacts-to-produce): CDR — Content & Process Summary AISDP — 12 Module Overview Module 1: System Description & Intended Purpose Module 2: Development Process Module 3: Model… - [Cross-Reference Index](https://docs.standardintelligence.com/cross-reference-index): Article-to-Section Mapping AISDP module(s): Cross-cutting The cross-reference index maps every EU AI Act Article cited in this documentation to the sections… - [Cross-Regulatory Instruments](https://docs.standardintelligence.com/cross-regulatory-instruments): Cross-Regulatory Instruments AISDP module(s): Cross-cutting Key cross-regulatory instruments: CRA (Cyber Resilience Act, Regulation (EU) 2024/2847), DORA… - [Cybersecurity as Afterthought](https://docs.standardintelligence.com/cybersecurity-as-afterthought): Cybersecurity as Afterthought AISDP module(s): Module 9 Bolting security on as a final pre-deployment gate instead of embedding it from the outset through… - [Declaration of Conformity — Eight Points & Legal Significance](https://docs.standardintelligence.com/declaration-of-conformity-eight-points-and-legal): Declaration of Conformity — Eight Points & Legal Significance AISDP module(s): Cross-cutting Regulatory basis: Article 47, Annex V The Declaration of Conformity… - [Decommissioning as Afterthought](https://docs.standardintelligence.com/decommissioning-as-afterthought): Decommissioning as Afterthought AISDP module(s): Module 12 Treating end-of-life as an operational task with no governed process risks orphaned personal data,… - [Delivery Timeline Diagram](https://docs.standardintelligence.com/delivery-timeline-diagram): Delivery Timeline Diagram AISDP module(s): Cross-cutting The seven-phase delivery Gantt chart shows the overlapping phases from Phase 1 (Discovery, Weeks 1–3)… - [Document Terms](https://docs.standardintelligence.com/document-terms): Document Terms AISDP module(s): Cross-cutting Key document terms: AISDP (AI System Documentation Package), CDR (Classification Decision Record), Declaration of… - [Eleven Common Pitfalls](https://docs.standardintelligence.com/eleven-common-pitfalls): Retrospective Documentation Legal Document Syndrome Empty Evidence Pack Human Oversight as Checkbox Compliance-at-Deployment Cybersecurity as Afterthought… - [Empty Evidence Pack](https://docs.standardintelligence.com/empty-evidence-pack): Empty Evidence Pack AISDP module(s): Cross-cutting Producing an AISDP narrative without assembling the supporting evidence. Every material claim must trace to a… - [End-of-Life Reference](https://docs.standardintelligence.com/end-of-life-reference): Plan During Architecture Phase AISDP module(s): Module 12 Regulatory basis: Article 16 End-of-life planning begins during the system's design phase (Phase 3),… - [Evidence & Document Management](https://docs.standardintelligence.com/evidence-and-document-management): Evidence & Document Management AISDP module(s): Cross-cutting Regulatory basis: Article 17 , Article 18 Four management components: evidence repository… - [Evidence Pack — Traceability & Currency Requirements](https://docs.standardintelligence.com/evidence-pack-traceability-and-currency-requirements): Evidence Pack — Traceability & Currency Requirements AISDP module(s): Cross-cutting Regulatory basis: Annex IV , Annex VI Every material claim in the AISDP must… - [Explainability Summary](https://docs.standardintelligence.com/explainability-summary): Explainability Summary AISDP module(s): Module 3 , Module 8 Regulatory basis: Article 13 , Article 86 Model-agnostic methods: SHAP (feature attribution), LIME… - [Fairness & Bias Tooling Summary](https://docs.standardintelligence.com/fairness-and-bias-tooling-summary): Fairness & Bias Tooling Summary AISDP module(s): Module 4 , Module 5 , Module 12 Regulatory basis: Article 10 Four-stage fairness tooling: pre-training (data… - [Feedback Loop Diagram](https://docs.standardintelligence.com/feedback-loop-diagram): Feedback Loop Diagram AISDP module(s): Module 12 The PMM feedback loop diagram shows the cycle from PMM finding through decision authority (with four-tier… - [FRIA Report — Scope & Separation Requirement](https://docs.standardintelligence.com/fria-report-scope-and-separation-requirement): FRIA Report — Scope & Separation Requirement AISDP module(s): Module 11 Regulatory basis: Article 27 The FRIA examines the impact on all potentially affected EU… - [Roles](https://docs.standardintelligence.com/glossary--roles): Roles AISDP module(s): Cross-cutting Ten governance and technical role definitions: AI Governance Lead, AI System Assessor, Business Owner, Classification… - [Glossary](https://docs.standardintelligence.com/glossary): Regulatory Terms Document Terms Roles Cross-Regulatory Instruments Standards & Bodies Technical Terms Tools Abbreviations - [Governance Structure](https://docs.standardintelligence.com/governance-structure): Seven Roles Summary & Multi-Role Assignment AISDP module(s): Cross-cutting Regulatory basis: Article 17 Seven functional governance roles thread through every… - [Human Oversight as Checkbox](https://docs.standardintelligence.com/human-oversight-as-checkbox): Human Oversight as Checkbox AISDP module(s): Module 7 Documenting that human oversight "exists" without designing the operational reality: interface, training,… - [Human Oversight Framework Reference](https://docs.standardintelligence.com/human-oversight-framework-reference): Six-Level Pyramid Summary AISDP module(s): Module 7 Regulatory basis: Article 14 Level 1: Technical Monitoring (engineering team, continuous automated… - [Ignoring Cumulative Change](https://docs.standardintelligence.com/ignoring-cumulative-change): Ignoring Cumulative Change AISDP module(s): Module 10 Making individually sub-threshold changes that collectively constitute a substantial modification . Each… - [Incident Response Diagram](https://docs.standardintelligence.com/incident-response-diagram): Incident Response Diagram AISDP module(s): Module 12 The serious incident response flowchart traces the pathway from event detection through triage, severity… - [L1 Awareness](https://docs.standardintelligence.com/l1-awareness): L1 Awareness AISDP module(s): Cross-cutting The organisation is aware of the EU AI Act. AI systems are identified but not classified. No AISDP, no formal risk… - [L2 Foundational](https://docs.standardintelligence.com/l2-foundational): L2 Foundational AISDP module(s): Cross-cutting Systems classified; governance roles assigned; AISDP preparation begun for highest-risk systems; basic version… - [L3 Structured](https://docs.standardintelligence.com/l3-structured): L3 Structured AISDP module(s): Cross-cutting AISDPs under preparation for all high-risk systems; version control covers code, data, and models; CI/CD includes… - [L4 Operational](https://docs.standardintelligence.com/l4-operational): L4 Operational AISDP module(s): Cross-cutting Conformity assessment s completed; Declarations of Conformity signed; high-risk systems registered; PMM producing… - [L5 Optimising](https://docs.standardintelligence.com/l5-optimising): L5 Optimising AISDP module(s): Cross-cutting Compliance is a natural byproduct of engineering and governance workflow; evidence generated automatically;… - [Legal Document Syndrome](https://docs.standardintelligence.com/legal-document-syndrome): Legal Document Syndrome AISDP module(s): Cross-cutting Treating the AISDP as a legal document (vague, hedged, written to minimise exposure) when it should be a… - [LLM / Generative AI Tooling Summary](https://docs.standardintelligence.com/llm-generative-ai-tooling-summary): LLM / Generative AI Tooling Summary AISDP module(s): Module 12 Regulatory basis: Article 72 Five monitoring domains for LLM/generative AI systems: hallucination… - [Maturity Model](https://docs.standardintelligence.com/maturity-model): L1 Awareness L2 Foundational L3 Structured L4 Operational L5 Optimising Target: Level 4 Before August 2026 - [Module 1: System Description & Intended Purpose](https://docs.standardintelligence.com/module-1-system-description-and-intended-purpose): Module 1: System Description & Intended Purpose AISDP module(s): Module 1 Regulatory basis: Annex IV (1) Module 1 identifies the system (name, version,… - [Module 10: Version Control & Change Management](https://docs.standardintelligence.com/module-10-version-control-and-change-management): Module 10: Version Control & Change Management AISDP module(s): Module 10 Regulatory basis: Annex IV (2)(b), Article 12 Module 10 records the versioning scheme… - [Module 11: Fundamental Rights Impact Assessment](https://docs.standardintelligence.com/module-11-fundamental-rights-impact-assessment): Module 11: Fundamental Rights Impact Assessment AISDP module(s): Module 11 Regulatory basis: Article 27 Module 11 contains the FRIA methodology, Charter rights… - [Module 12: Post-Market Monitoring & Change History](https://docs.standardintelligence.com/module-12-post-market-monitoring-and-change-history): Module 12: Post-Market Monitoring & Change History AISDP module(s): Module 12 Regulatory basis: Article 72 , Annex IV (2)(g) Module 12 contains the PMM plan ,… - [Module 2: Development Process](https://docs.standardintelligence.com/module-2-development-process): Module 2: Development Process AISDP module(s): Module 2 Regulatory basis: Annex IV (2)(a) Module 2 documents the development methodology, coding standards,… - [Module 3: Model Documentation](https://docs.standardintelligence.com/module-3-model-documentation): Module 3: Model Documentation AISDP module(s): Module 3 Regulatory basis: Annex IV (2)(b)–(e) Module 3 provides the complete model description: architecture,… - [Module 4: Data Governance & Dataset Documentation](https://docs.standardintelligence.com/module-4-data-governance-and-dataset-documentation): Module 4: Data Governance & Dataset Documentation AISDP module(s): Module 4 Regulatory basis: Article 10 , Annex IV (2)(d), (f) Module 4 documents training data… - [Module 5: Testing & Validation](https://docs.standardintelligence.com/module-5-testing-and-validation): Module 5: Testing & Validation AISDP module(s): Module 5 Regulatory basis: Annex IV (2)(e), Article 9 (7) Module 5 documents the test strategy, unit and… - [Module 6: Risk Management System](https://docs.standardintelligence.com/module-6-risk-management-system): Module 6: Risk Management System AISDP module(s): Module 6 Regulatory basis: Article 9 , Annex IV (2)(g) Module 6 documents the risk identification methodology… - [Module 7: Human Oversight](https://docs.standardintelligence.com/module-7-human-oversight): Module 7: Human Oversight AISDP module(s): Module 7 Regulatory basis: Article 14 , Annex IV (3) Module 7 documents the oversight architecture (six-level… - [Module 8: Transparency & User Information](https://docs.standardintelligence.com/module-8-transparency-and-user-information): Module 8: Transparency & User Information AISDP module(s): Module 8 Regulatory basis: Article 13 , Annex IV(3), Article 47 Module 8 contains the Instructions… - [Module 9: Robustness & Cybersecurity](https://docs.standardintelligence.com/module-9-robustness-and-cybersecurity): Module 9: Robustness & Cybersecurity AISDP module(s): Module 9 Regulatory basis: Article 15 , Annex IV (2)(e) Module 9 documents the AI-specific threat… - [Monitoring Infrastructure Summary](https://docs.standardintelligence.com/monitoring-infrastructure-summary): Monitoring Infrastructure Summary AISDP module(s): Module 12 Regulatory basis: Article 72 Five-layer monitoring infrastructure: data collection layer… - [Oversight Designed After Deployment](https://docs.standardintelligence.com/oversight-designed-after-deployment): Oversight Designed After Deployment AISDP module(s): Module 7 Building the operational oversight framework after the system is live, when operators need to be… - [Oversight Pyramid Diagram](https://docs.standardintelligence.com/oversight-pyramid-diagram): Oversight Pyramid Diagram AISDP module(s): Module 7 The six-level oversight pyramid diagram shows the hierarchy from Level 1 (Technical Monitoring) through… - [PMM Plan — Five Dimensions & Proportionality](https://docs.standardintelligence.com/pmm-plan-five-dimensions-and-proportionality): PMM Plan — Five Dimensions & Proportionality AISDP module(s): Module 12 Regulatory basis: Article 72 The PMM plan monitors five dimensions: performance,… - [Production Monitoring Reference](https://docs.standardintelligence.com/production-monitoring-reference): Five Monitoring Dimensions Summary AISDP module(s): Module 12 Regulatory basis: Article 72 Performance (accuracy metrics, ground truth handling, disaggregated… - [Readiness Assessment Checklist](https://docs.standardintelligence.com/readiness-assessment-checklist): Governance Readiness AISDP module(s): Cross-cutting Regulatory basis: Article 17 All ten governance and technical roles appointed: AI Governance Lead with… - [Regulatory Interaction Reference](https://docs.standardintelligence.com/regulatory-interaction-reference): EU Database Registration Summary AISDP module(s): Cross-cutting Regulatory basis: Articles 49, 71, Annex VIII EU database registration is completed before the… - [Regulatory Terms](https://docs.standardintelligence.com/regulatory-terms): Regulatory Terms AISDP module(s): Cross-cutting Key regulatory terms defined in the glossary: AI system (Article 3(1)), high-risk AI system (Article 6),… - [Retrospective Documentation](https://docs.standardintelligence.com/retrospective-documentation): Retrospective Documentation AISDP module(s): Cross-cutting Attempting to reconstruct the development process from memory after the system is built produces… - [Risk Classification Diagram](https://docs.standardintelligence.com/risk-classification-diagram): Risk Classification Diagram AISDP module(s): Module 1 The risk classification decision flowchart traces the assessment pathway from "Is it an AI system?"… - [Risk Register — Living Document Requirements](https://docs.standardintelligence.com/risk-register-living-document-requirements): Risk Register — Living Document Requirements AISDP module(s): Module 6 Regulatory basis: Article 9 The risk register is maintained as a living document… - [Scope Creep Without Reclassification](https://docs.standardintelligence.com/scope-creep-without-reclassification): Scope Creep Without Reclassification AISDP module(s): Module 1 Gradually expanding the system's use beyond its documented intended purpose without… - [Security Stack Summary](https://docs.standardintelligence.com/security-stack-summary): Security Stack Summary AISDP module(s): Module 9 Regulatory basis: Article 15 Eight security domains: SAST (Semgrep/SonarQube), SCA (Dependabot/Snyk), container… - [Standards & Bodies](https://docs.standardintelligence.com/standards-and-bodies): Standards & Bodies AISDP module(s): Cross-cutting Key standards: ISO/IEC 42001 (AI Management System), ISO/IEC 23894 (AI Risk Management), ISO/IEC 27001… - [Suppressed Escalation](https://docs.standardintelligence.com/suppressed-escalation): Suppressed Escalation AISDP module(s): Module 7 Creating formal escalation pathways but cultivating a culture where using them carries career risk. A reprisal… - [Target: Level 4 Before August 2026](https://docs.standardintelligence.com/target-level-4-before-august-2026): Target: Level 4 Before August 2026 AISDP module(s): Cross-cutting Regulatory basis: Article 113 Most organisations in early 2026 are between Level 1 and Level… - [Technical Infrastructure](https://docs.standardintelligence.com/technical-infrastructure): Version Control Summary CI/CD Pipeline with Four Compliance Gates Monitoring Infrastructure Summary Security Stack Summary Fairness & Bias Tooling Summary… - [Technical Terms](https://docs.standardintelligence.com/technical-terms): Technical Terms AISDP module(s): Cross-cutting Key technical terms defined: automation bias, concept drift, data drift, data lineage, data poisoning,… - [Templates & Checklists](https://docs.standardintelligence.com/templates-and-checklists): Templates and checklists provide practical tools for implementing the AISDP . Three core templates cover the AISDP module structure, the classification decision… - [Three Core Templates](https://docs.standardintelligence.com/three-core-templates): A.1: AISDP Module Structure Template AISDP module(s): All modules Regulatory basis: Article 11 , Annex IV The AISDP module structure template provides a… - [Tools](https://docs.standardintelligence.com/tools): Tools AISDP module(s): Cross-cutting Key tools referenced: Fairlearn, Aequitas (fairness); SHAP, LIME (explainability); RAGAS, Trulens, Lakera Guard, NeMo… - [Version Control Summary](https://docs.standardintelligence.com/version-control-summary): Version Control Summary AISDP module(s): Module 10 Regulatory basis: Article 12 , Annex IV (2)(b) Five version-controlled artefact categories: code (Git), data… ## Artefact Taxonomy - [A1. Pipeline Execution Logs](https://docs.standardintelligence.com/a1-pipeline-execution-logs): A1. Pipeline Execution Logs AISDP module(s): Module 2 (Development Process), Module 10 (Version Control) Immutable records of every CI/CD pipeline run,… - [A10. Third-Party Data Quarantine Log](https://docs.standardintelligence.com/a10-third-party-data-quarantine-log): A10. Third-Party Data Quarantine Log AISDP module(s): Module 4 ( Data Governance ) Records of supplier data deliveries that fail intake validation. Each entry… - [A11. Vulnerability Management Register](https://docs.standardintelligence.com/a11-vulnerability-management-register): A11. Vulnerability Management Register AISDP module(s): Module 9 (Robustness and Cybersecurity) Centralised register of all identified security vulnerabilities… - [A12. Operational Dashboard](https://docs.standardintelligence.com/a12-operational-dashboard): A12. Operational Dashboard AISDP module(s): Module 12 (Post-Market Monitoring) Real-time or near-real-time display of system behaviour: current metric values,… - [A13. Evaluation Reports](https://docs.standardintelligence.com/a13-evaluation-reports): A13. Evaluation Reports AISDP module(s): Module 5 (Testing and Validation) Per-build records of all performance, fairness, robustness, and calibration metrics… - [A14. Cumulative Baseline Tracking Record](https://docs.standardintelligence.com/a14-cumulative-baseline-tracking-record): A14. Cumulative Baseline Tracking Record AISDP module(s): Module 10 ( Version Control ) Drift metrics comparing each candidate model version against both the… - [A15. Dead-Letter Queue Investigation Records](https://docs.standardintelligence.com/a15-dead-letter-queue-investigation-records): A15. Dead-Letter Queue Investigation Records AISDP module(s): Module 4 ( Data Governance ) Records of non-conforming data records caught by ingestion boundary… - [A16. Governance Dashboard](https://docs.standardintelligence.com/a16-governance-dashboard): A16. Governance Dashboard AISDP module(s): Module 12 (Post-Market Monitoring) Summary views for the AI Governance Lead and compliance team: compliance metric… - [A2. Model Registry Entries](https://docs.standardintelligence.com/a2-model-registry-entries): A2. Model Registry Entries AISDP module(s): Module 2 (Development Process), Module 10 (Version Control) Central catalogue of all model versions. Each entry… - [A3. Model Card](https://docs.standardintelligence.com/a3-model-card): A3. Model Card AISDP module(s): Module 3 (Architecture and Design), Module 5 (Testing and Validation) Standardised summary of a model version's architecture,… - [A4. Composite Version Identifier (Version Quad)](https://docs.standardintelligence.com/a4-composite-version-identifier-version-quad): A4. Composite Version Identifier (Version Quad) AISDP module(s): Module 10 (Version Control) A single immutable reference linking code commit, data version,… - [A5. Deployment Ledger](https://docs.standardintelligence.com/a5-deployment-ledger): A5. Deployment Ledger AISDP module(s): Module 10 (Version Control) Immutable, append-only record of every deployment event. Each entry records the deployment… - [A6. SBOM (Software/ML Bill of Materials)](https://docs.standardintelligence.com/a6-sbom-softwareml-bill-of-materials): A6. SBOM (Software/ML Bill of Materials) AISDP module(s): Module 3 (Architecture and Design), Module 9 (Robustness and Cybersecurity) Complete dependency… - [A7. Data Lineage Records](https://docs.standardintelligence.com/a7-data-lineage-records): A7. Data Lineage Records AISDP module(s): Module 4 (Data Governance), Module 10 (Version Control) End-to-end provenance chain tracing raw data sources through… - [A8. Feature Registry](https://docs.standardintelligence.com/a8-feature-registry): A8. Feature Registry AISDP module(s): Module 4 ( Data Governance ) Central catalogue of all features used by the system. Each entry records the feature name,… - [A9. Override and Escalation Logs](https://docs.standardintelligence.com/a9-override-and-escalation-logs): A9. Override and Escalation Logs AISDP module(s): Module 7 (Human Oversight), Module 12 (Post-Market Monitoring) Immutable records of every operator override,… - [Artefact Interdependencies](https://docs.standardintelligence.com/artefact-interdependencies): Artefact Interdependencies AISDP module(s): Cross-cutting The 61 artefacts form a dependency graph rather than an independent list. Six artefacts serve as… - [Artefact Taxonomy](https://docs.standardintelligence.com/artefact-taxonomy): The AISDP v22 generates 61 distinct compliance artefacts across the system lifecycle. This section classifies those artefacts along a spectrum from pure… - [B1. Evidence Pack](https://docs.standardintelligence.com/b1-evidence-pack): B1. Evidence Pack AISDP module(s): Cross-cutting The complete collection of supporting artefacts substantiating every material claim in the AISDP. An AISDP… - [B10. PMM Feedback Loop Records](https://docs.standardintelligence.com/b10-pmm-feedback-loop-records): B10. PMM Feedback Loop Records AISDP module(s): Module 12 (Post-Market Monitoring) Traceable records demonstrating the complete cycle for each monitoring… - [B11. Operator Training and AI Literacy Records](https://docs.standardintelligence.com/b11-operator-training-and-ai-literacy-records): B11. Operator Training and AI Literacy Records AISDP module(s): Module 7 (Human Oversight) LMS-based records of operator training on system capabilities,… - [B12. Archived Model and Documentation Package](https://docs.standardintelligence.com/b12-archived-model-and-documentation-package): B12. Archived Model and Documentation Package AISDP module(s): Module 10 (Version Control) Complete preservation of model artefacts, AISDP modules, evidence… - [B13. Inspection Readiness Pack](https://docs.standardintelligence.com/b13-inspection-readiness-pack): B13. Inspection Readiness Pack AISDP module(s): Cross-cutting Pre-assembled documentation package enabling rapid response to competent authority requests.… - [B14. Cross-Reference Index](https://docs.standardintelligence.com/b14-cross-reference-index): B14. Cross-Reference Index AISDP module(s): Cross-cutting Consolidated mapping of every cited EU AI Act article, annex, and AISDP module to the documentation… - [B2. Evidence Register](https://docs.standardintelligence.com/b2-evidence-register): B2. Evidence Register AISDP module(s): Cross-cutting Structured catalogue of every artefact in the evidence pack. Each entry records a unique artefact… - [B3. Distributional Analysis Reports](https://docs.standardintelligence.com/b3-distributional-analysis-reports): B3. Distributional Analysis Reports AISDP module(s): Module 4 ( Data Governance ) Consolidated report per dataset combining the distributional analysis output… - [B4. Fairness Evaluation Report](https://docs.standardintelligence.com/b4-fairness-evaluation-report): B4. Fairness Evaluation Report AISDP module(s): Module 4 ( Data Governance ), Module 5 (Testing and Validation) Central fairness evidence document. Contains… - [B5. Dataset Documentation](https://docs.standardintelligence.com/b5-dataset-documentation): B5. Dataset Documentation AISDP module(s): Module 4 (Data Governance) Per- dataset documentation recording source, size, temporal period, geographic coverage,… - [B6. Data Retention Plan](https://docs.standardintelligence.com/b6-data-retention-plan): B6. Data Retention Plan AISDP module(s): Module 4 ( Data Governance ) Per-data-category specification of retention periods, justifications, storage tiers and… - [B7. Threat Model](https://docs.standardintelligence.com/b7-threat-model): B7. Threat Model AISDP module(s): Module 9 (Robustness and Cybersecurity) Living document mapping the system's threat landscape using combined STRIDE, MITRE… - [B8. Penetration Testing Reports](https://docs.standardintelligence.com/b8-penetration-testing-reports): B8. Penetration Testing Reports AISDP module(s): Module 9 (Robustness and Cybersecurity) Results of security testing including AI-specific attack scenarios… - [B9. Substantial Modification Assessment](https://docs.standardintelligence.com/b9-substantial-modification-assessment): B9. Substantial Modification Assessment AISDP module(s): Module 10 (Version Control) Formal assessment of whether a system change crosses quantitative… - [C1. Classification Decision Record (CDR)](https://docs.standardintelligence.com/c1-classification-decision-record-cdr): C1. Classification Decision Record (CDR) AISDP module(s): Module 1 (System Identity) Records whether the system falls within the AI Act's scope, its risk tier,… - [C10. D&O and Insurance Coverage Review](https://docs.standardintelligence.com/c10-dando-and-insurance-coverage-review): C10. D&O and Insurance Coverage Review AISDP module(s): Module 6 (Risk Management System) Assessment of whether D&O insurance covers Article 99 regulatory… - [C11. Regulatory Guidance Monitoring Log](https://docs.standardintelligence.com/c11-regulatory-guidance-monitoring-log): C11. Regulatory Guidance Monitoring Log AISDP module(s): Cross-cutting Quarterly tracking of published guidance, interpretive statements, and enforcement… - [C12. Decommission Plan](https://docs.standardintelligence.com/c12-decommission-plan): C12. Decommission Plan AISDP module(s): Module 12 (Post-Market Monitoring) Structured plan for system end-of-life covering seven workstreams: data disposition,… - [C2. Risk Register](https://docs.standardintelligence.com/c2-risk-register): C2. Risk Register AISDP module(s): Module 6 (Risk Management System) Central living document recording all identified risks. Each entry records risk ID,… - [C3. Residual Risk Acceptance Sign-offs](https://docs.standardintelligence.com/c3-residual-risk-acceptance-sign-offs): C3. Residual Risk Acceptance Sign-offs AISDP module(s): Module 6 (Risk Management System) Formal records of the AI Governance Lead 's acceptance of residual… - [C4. Model Selection Record](https://docs.standardintelligence.com/c4-model-selection-record): C4. Model Selection Record AISDP module(s): Module 3 (Architecture and Design) Documents the full model evaluation, the compliance criteria scoring for each… - [C5. Compliance Criteria Scoring Matrix](https://docs.standardintelligence.com/c5-compliance-criteria-scoring-matrix): C5. Compliance Criteria Scoring Matrix AISDP module(s): Module 3 (Architecture and Design) Quantitative comparison of candidate architectures across six… - [C6. Model Origin Risk Assessment](https://docs.standardintelligence.com/c6-model-origin-risk-assessment): C6. Model Origin Risk Assessment AISDP module(s): Module 3 (Architecture and Design) Evaluation of provenance, governance quality, and inherited risk for each… - [C7. IP and Licensing Analysis](https://docs.standardintelligence.com/c7-ip-and-licensing-analysis): C7. IP and Licensing Analysis AISDP module(s): Module 3 (Architecture and Design) Assessment of copyright exposure, licence compatibility, and IP risk for all… - [C8. Fine-Tuning Provider Boundary Determination](https://docs.standardintelligence.com/c8-fine-tuning-provider-boundary-determination): C8. Fine-Tuning Provider Boundary Determination AISDP module(s): Module 3 (Architecture and Design) Documents whether fine-tuning a GPAI model constitutes a… - [C9. Quarterly PMM Review Minutes](https://docs.standardintelligence.com/c9-quarterly-pmm-review-minutes): C9. Quarterly PMM Review Minutes AISDP module(s): Module 12 (Post-Market Monitoring) Governance record of the primary post-market monitoring forum. Documents… - [Category A — Engineering Work-Product](https://docs.standardintelligence.com/category-a--engineering-work-product): A1. Pipeline Execution Logs A2. Model Registry Entries A3. Model Card A4. Composite Version Identifier (Version Quad) A5. Deployment Ledger A6. SBOM… - [Category B — Compliance Evidence](https://docs.standardintelligence.com/category-b--compliance-evidence): B1. Evidence Pack B2. Evidence Register B3. Distributional Analysis Reports B4. Fairness Evaluation Report B5. Dataset Documentation B6. Data Retention Plan B7.… - [Category C — Governance Decision Record](https://docs.standardintelligence.com/category-c--governance-decision-record): C1. Classification Decision Record (CDR) C2. Risk Register C3. Residual Risk Acceptance Sign-offs C4. Model Selection Record C5. Compliance Criteria Scoring… - [Category D — Assessment Record](https://docs.standardintelligence.com/category-d--assessment-record): D1. Assessment Plan D2. Assessment Checklist D3. Non-Conformity Register D4. Internal Conformity Assessment Report D5. Assessor Records Archive D6. Readiness… - [Category E — Regulatory Instrument](https://docs.standardintelligence.com/category-e--regulatory-instrument): E1. Declaration of Conformity E2. EU Database Registration Entry E3. CE Marking E4. Instructions for Use (IFU) E5. AISDP (Twelve-Module Documentation Package)… - [Collection Method Patterns](https://docs.standardintelligence.com/collection-method-patterns): Collection Method Patterns AISDP module(s): Cross-cutting Three collection patterns cover the 61 artefacts. Automated collection (28 artefacts, predominantly… - [Cross-Cutting Analysis](https://docs.standardintelligence.com/cross-cutting-analysis): Regulatory Mapping Retention Requirements Update Frequencies Collection Method Patterns Responsible Party Distribution Artefact Interdependencies Official… - [D1. Assessment Plan](https://docs.standardintelligence.com/d1-assessment-plan): D1. Assessment Plan AISDP module(s): Cross-cutting Defines the conformity assessment scope, methodology, assessor team, assessment phases, and timeline.… - [D2. Assessment Checklist](https://docs.standardintelligence.com/d2-assessment-checklist): D2. Assessment Checklist AISDP module(s): Cross-cutting Granular per-sub-requirement checklist mapping every requirement of Articles 8–15, Article 17 , and… - [D3. Non-Conformity Register](https://docs.standardintelligence.com/d3-non-conformity-register): D3. Non-Conformity Register AISDP module(s): Cross-cutting Records all non-conformities identified during assessment, classified by severity (critical, major,… - [D4. Internal Conformity Assessment Report](https://docs.standardintelligence.com/d4-internal-conformity-assessment-report): D4. Internal Conformity Assessment Report AISDP module(s): Cross-cutting The assessment's formal concluding document: scope, methodology, assessor team,… - [D5. Assessor Records Archive](https://docs.standardintelligence.com/d5-assessor-records-archive): D5. Assessor Records Archive AISDP module(s): Cross-cutting Documentation demonstrating that the assessment was conducted by competent, independent assessors.… - [D6. Readiness Assessment Checklist](https://docs.standardintelligence.com/d6-readiness-assessment-checklist): D6. Readiness Assessment Checklist AISDP module(s): Cross-cutting Pre-assessment gate confirming that governance, technical, and documentation prerequisites are… - [D7. Annual Oversight Audit Report](https://docs.standardintelligence.com/d7-annual-oversight-audit-report): D7. Annual Oversight Audit Report AISDP module(s): Module 7 (Human Oversight), Module 12 (Post-Market Monitoring) Independent annual audit of monitoring… - [D8. Regulatory Interaction Log](https://docs.standardintelligence.com/d8-regulatory-interaction-log): D8. Regulatory Interaction Log AISDP module(s): Cross-cutting Record of every substantive communication with competent authorities, notified bodies, and market… - [E1. Declaration of Conformity](https://docs.standardintelligence.com/e1-declaration-of-conformity): E1. Declaration of Conformity AISDP module(s): Cross-cutting Legally binding statement under Article 47 that the system conforms to all applicable requirements.… - [E10. Regulator Contact Register](https://docs.standardintelligence.com/e10-regulator-contact-register): E10. Regulator Contact Register AISDP module(s): Cross-cutting Per-jurisdiction register of authority contacts for incident notification and inspection. Lists… - [E11. Break-Glass Procedure Documentation](https://docs.standardintelligence.com/e11-break-glass-procedure-documentation): E11. Break-Glass Procedure Documentation AISDP module(s): Module 7 (Human Oversight) Emergency override and shutdown procedures implementing Article 14 's… - [E2. EU Database Registration Entry](https://docs.standardintelligence.com/e2-eu-database-registration-entry): E2. EU Database Registration Entry AISDP module(s): Cross-cutting Formal submission to the EU database under Articles 49/71. Annex VIII Section A (provider of… - [E3. CE Marking](https://docs.standardintelligence.com/e3-ce-marking): E3. CE Marking AISDP module(s): Cross-cutting Visible declaration that the system conforms to all applicable requirements. Affixed on the system's user… - [E4. Instructions for Use (IFU)](https://docs.standardintelligence.com/e4-instructions-for-use-ifu): E4. Instructions for Use (IFU) AISDP module(s): Module 3 (Architecture and Design), Module 5 (Testing and Validation), Module 6 (Risk Management System), Module… - [E5. AISDP (Twelve-Module Documentation Package)](https://docs.standardintelligence.com/e5-aisdp-twelve-module-documentation-package): E5. AISDP (Twelve-Module Documentation Package) AISDP module(s): All twelve modules The master compliance document comprising twelve modules: System Identity,… - [E6. Serious Incident Reports](https://docs.standardintelligence.com/e6-serious-incident-reports): E6. Serious Incident Reports AISDP module(s): Module 12 ( Post-Market Monitoring ) Formal notifications to the market surveillance authority under Article 73… - [E7. FRIA Report](https://docs.standardintelligence.com/e7-fria-report): E7. FRIA Report AISDP module(s): Module 11 (FRIA) Fundamental Rights Impact Assessment examining the system's impact on all potentially affected EU Charter… - [E8. Data Protection Impact Assessment (DPIA)](https://docs.standardintelligence.com/e8-data-protection-impact-assessment-dpia): E8. Data Protection Impact Assessment (DPIA) AISDP module(s): Module 11 ( FRIA ) Assessment of risks to individuals' rights and freedoms from personal data… - [E9. Affected Person Notification Templates](https://docs.standardintelligence.com/e9-affected-person-notification-templates): E9. Affected Person Notification Templates AISDP module(s): Module 8 (Transparency and User Information) Templates and processes for informing individuals of… - [Five-Category Classification](https://docs.standardintelligence.com/five-category-classification): Taxonomy Overview AISDP module(s): Cross-cutting The 61 artefacts sit along a spectrum from pure engineering output to formal legal instrument. Five categories… - [Official Template Sources](https://docs.standardintelligence.com/official-template-sources): Official Template Sources AISDP module(s): Cross-cutting Seven artefacts have official or authoritative template sources as of February 2026. The European… - [Regulatory Mapping](https://docs.standardintelligence.com/regulatory-mapping): Regulatory Mapping AISDP module(s): Cross-cutting The 61 artefacts address obligations across ten legal instruments: the EU AI Act (Regulation (EU) 2024/1689),… - [Responsible Party Distribution](https://docs.standardintelligence.com/responsible-party-distribution): Responsible Party Distribution AISDP module(s): Module 2 (Development Process) All ten roles from the AISDP governance framework own artefacts. The CI/CD… - [Retention Requirements](https://docs.standardintelligence.com/retention-requirements): Retention Requirements AISDP module(s): Module 10 (Version Control) Article 18 establishes the ten-year retention baseline for technical documentation. This… - [Update Frequencies](https://docs.standardintelligence.com/update-frequencies): Update Frequencies AISDP module(s): Cross-cutting Artefact update frequencies fall into four bands. Continuous artefacts (most of Category A) are updated at… ## Report Errata - [Report Errata](https://docs.standardintelligence.com/errata): ← Back to Documentation Report an Issue Documentation Errata Found an error, inaccuracy, or outdated section in our documentation? Submit a report here. We… --- Generated: 2026-03-05 Contact: https://www.standardintelligence.com Security: https://docs.standardintelligence.com/.well-known/security.txt