Governance Mappings
PEAC receipts provide portable, signed evidence that maps to requirements across major AI governance frameworks. Each mapping documents which PEAC extension groups, receipt types, and verification behaviors satisfy specific framework controls.
Available Mappings
| Framework | Scope | Mapping |
|---|---|---|
| NIST AI RMF | AI risk management lifecycle | Map, Measure, Manage, Govern functions |
| EU AI Act | European AI regulation | High-risk system documentation, transparency, human oversight |
| OWASP ASI | Agent security | ASI-01 through ASI-10 zero-trust controls |
| ISO 42001 | AI management systems | Annex A controls for AI lifecycle management |
| IEEE 7001 | Transparency | Algorithmic transparency and explainability |
| OECD AI Principles | International AI principles | Accountability, transparency, robustness |
| Singapore MGFAA | Financial AI governance | Model governance for financial institutions |
| AWS RAI | Responsible AI practices | AWS responsible AI service mapping |
Compliance Documentation
| Document | Scope |
|---|---|
| GDPR | Data protection and privacy rights |
| SOC 2 | Trust services criteria mapping |
| EU AI Act (detailed) | Article-level compliance mapping |
How PEAC Supports Governance
PEAC does not enforce governance requirements. It provides the evidence layer:
- Consent extension records consent basis, scope, and expiry for GDPR Article 7
- Safety extension records guardrail evidence for EU AI Act Article 14
- Compliance extension records framework controls and assessment results
- Provenance extension records data lineage for NIST AI RMF Map function
- Attribution extension records content origin for IEEE 7001 transparency
- Offline verification provides audit-ready evidence without network dependencies
Related
- Profiles: 9 pillar usage profiles with governance-relevant field tables
- Protocol Scope: 10 verification domains
- Conformance Levels: 219 conformance requirement IDs