/* Compliance — regulatory framework table */ const FRAMEWORKS = [ { id: "REG / 01", name: "EU AI Act", desc: "Risk classification, conformity assessment, technical documentation and post-market monitoring for high-risk systems.", status: "Active", }, { id: "REG / 02", name: "ISO/IEC 42001", desc: "AI Management System (AIMS). Policy framework, role assignment, risk treatment and continual improvement.", status: "Active", }, { id: "REG / 03", name: "NIST AI RMF 1.0", desc: "Govern · Map · Measure · Manage. Functional alignment for trustworthy AI across the system lifecycle.", status: "Active", }, { id: "REG / 04", name: "ISO/IEC 23894", desc: "AI-specific risk management guidance. Used in conjunction with ISO 31000 risk frameworks.", status: "Active", }, { id: "REG / 05", name: "GDPR & UK GDPR", desc: "DPIA, lawful basis, automated decision-making, data minimisation and Article 22 obligations.", status: "Active", }, { id: "REG / 06", name: "SOC 2 / ISO 27001", desc: "Information security controls. Required surface for enterprise procurement and assurance teams.", status: "Active", }, ]; function Compliance() { return (
06 / Governance & Compliance

Regulation is engineered in.
Not bolted on.

Every engagement begins with a written compliance map covering all applicable frameworks. Documentation, evaluation evidence, and risk treatments are produced as deliverables throughout the engagement, not retrospectively at audit.

Framework register · 06 active Last review · 14 May 2026
{FRAMEWORKS.map((f) => (
{f.id}
{f.name}
{f.desc}
{f.status}
))}
); } Object.assign(window, { Compliance });