v2.0 · May 2026 · Reference

AI Governance Matrix

A comprehensive framework–tool–gap map across the seven governance layers that matter in production AI: enterprise, access, application, model, data, infrastructure, and agentic runtime. Built as a clean operating artifact for teams comparing obligations, controls, tooling, and implementation status.

7Governance layers

16Frameworks / regs

60+Tools & platforms

12Governance domains

20Open gaps

How to read the matrix.

The status column is a market-readiness indicator, not a legal conclusion. Solved means mature tooling is broadly available for the control. Partial means tooling exists but coverage, integration, or regulatory certainty remains uneven. Gap means the control usually requires custom architecture, manual evidence assembly, or emerging tooling.

Layer · Org

9 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Org	Policy & Strategy	ISO/IEC 42001; NIST AI RMF Govern; EU AI Act governance obligations; OSFI model-risk governance	AI policy framework, risk appetite, role design, RACI, AI governance committee, approved-use inventory, and executive accountability.	ServiceNow AI Control Tower; IBM watsonx.governance; Credo AI; Holistic AI; Fairly AI; Trustible; Regulativ.ai	Policy-to-control mapping and approved-use inventory synchronization still require careful implementation across GRC, runtime, and procurement systems.	Partial
Org	Risk Management	NIST AI RMF Map/Measure/Manage; ISO/IEC 42001; EU AI Act risk-management system; OSFI E-23; SR 11-7	Enterprise AI risk register, risk tiering, inherent and residual risk scoring, ownership, treatment plans, periodic review, and validation workflow.	IBM OpenPages; Azure AI risk workflows; Credo AI; Holistic AI; FairNow; ServiceNow GRC; Archer GRC	AI-specific taxonomies differ across tools, and LLM/agent validation remains less standardized than traditional model validation.	Partial
Org	Compliance Reporting	EU AI Act conformity assessment; ISO/IEC 42001 monitoring and audit; NIST AI RMF Manage; SOC 2 evidence practice	Evidence pack generation, conformity documentation, audit-ready control evidence, regulatory submission artifacts, and continuous posture dashboards.	IBM watsonx.governance; Vanta; Drata; Sprinto; Secureframe; Regulativ.ai	Cross-framework evidence reuse is improving, but AI-specific evidence formats and regulator-facing submission workflows are not yet standardized.	Gap
Org	Third-Party AI Risk	EU AI Act provider/deployer allocation; OSFI third-party risk guidance; NIST AI RMF Govern; ISO/IEC 42001 supplier controls	Vendor AI assessment, AI bill of materials, model provenance, contractual pass-downs, provider change monitoring, and outsourced AI oversight.	Prevalent; OneTrust; Veracode SCA; Protect AI; Wiz AI-SPM	AIBOM practice is emerging, embedded SaaS AI is hard to see, and vendor model changes are difficult to continuously govern.	Gap
Org	AI Inventory	EU AI Act technical documentation; NIST AI RMF Govern; ISO/IEC 42001 planning and operation; executive AI inventory practice	Portfolio inventory of AI systems, owners, purpose, risk tier, model version, inputs, outputs, operational status, and business use case.	IBM AI FactSheets; Azure AI Catalog; ServiceNow AI Control Tower; Credo AI; Holistic AI; AWS DataZone; Databricks Unity Catalog	Manual intake still dominates in many organizations; shadow AI and embedded AI discovery remain materially incomplete.	Partial
Org	EU AI Act	Regulation (EU) 2024/1689	Risk classification, prohibited-practice screening, high-risk system controls, technical documentation, post-market monitoring, transparency, and GPAI obligations.	Regulativ.ai; Credo AI; Holistic AI; ServiceNow AI Control Tower; IBM watsonx.governance; Trustible; FairNow; Secureframe	Teams should distinguish final statutory requirements from evolving templates, standards, and supervisory practice.	Partial
Org	NIST AI RMF	NIST AI RMF 1.0; NIST Generative AI Profile	Govern, Map, Measure, and Manage functions with GenAI-specific risks such as hallucination, harmful bias, data privacy, data poisoning, and information integrity.	Credo AI; Holistic AI; IBM watsonx.governance; FairNow; Trustible; AWS AI Service Cards; Azure Responsible AI; ServiceNow AI Control Tower	NIST AI RMF is voluntary and not a certification scheme; mappings to technical controls are still organization-specific.	Partial
Org	ISO 42001	ISO/IEC 42001:2023; ISO/IEC 23894; ISO/IEC 42006; related AI standards	AI management system, leadership, policy, roles, risk assessment, lifecycle controls, internal audit, management review, and continual improvement.	Sprinto; Drata AI; Vanta; Secureframe; Regulativ.ai; Controllo.ai; IBM watsonx.governance; ServiceNow AI Control Tower	Certification pathways are maturing; integrated evidence with ISO 27001 and EU AI Act obligations still requires careful scoping.	Partial
Org	OSFI / Model Risk	OSFI model-risk guidance; OSFI technology/third-party guidance; SR 11-7 for US model-risk management	Model inventory, validation, documentation, governance, ongoing monitoring, independent challenge, third-party oversight, and operational resilience.	Fiddler AI; IBM OpenPages; Moody's model validation services; SageMaker Model Monitor; Archer GRC; IBM watsonx.governance	Traditional MRM principles apply, but LLM and agent validation methods remain less settled than classical credit, market, and pricing models.	Partial

Policy & Strategy

Partial

Framework: ISO/IEC 42001; NIST AI RMF Govern; EU AI Act governance obligations; OSFI model-risk governance
Control: AI policy framework, risk appetite, role design, RACI, AI governance committee, approved-use inventory, and executive accountability.
Tools: ServiceNow AI Control Tower; IBM watsonx.governance; Credo AI; Holistic AI; Fairly AI; Trustible; Regulativ.ai
Market note: Policy-to-control mapping and approved-use inventory synchronization still require careful implementation across GRC, runtime, and procurement systems.

Risk Management

Partial

Framework: NIST AI RMF Map/Measure/Manage; ISO/IEC 42001; EU AI Act risk-management system; OSFI E-23; SR 11-7
Control: Enterprise AI risk register, risk tiering, inherent and residual risk scoring, ownership, treatment plans, periodic review, and validation workflow.
Tools: IBM OpenPages; Azure AI risk workflows; Credo AI; Holistic AI; FairNow; ServiceNow GRC; Archer GRC
Market note: AI-specific taxonomies differ across tools, and LLM/agent validation remains less standardized than traditional model validation.

Compliance Reporting

Gap

Framework: EU AI Act conformity assessment; ISO/IEC 42001 monitoring and audit; NIST AI RMF Manage; SOC 2 evidence practice
Control: Evidence pack generation, conformity documentation, audit-ready control evidence, regulatory submission artifacts, and continuous posture dashboards.
Tools: IBM watsonx.governance; Vanta; Drata; Sprinto; Secureframe; Regulativ.ai
Market note: Cross-framework evidence reuse is improving, but AI-specific evidence formats and regulator-facing submission workflows are not yet standardized.

Third-Party AI Risk

Gap

Framework: EU AI Act provider/deployer allocation; OSFI third-party risk guidance; NIST AI RMF Govern; ISO/IEC 42001 supplier controls
Control: Vendor AI assessment, AI bill of materials, model provenance, contractual pass-downs, provider change monitoring, and outsourced AI oversight.
Tools: Prevalent; OneTrust; Veracode SCA; Protect AI; Wiz AI-SPM
Market note: AIBOM practice is emerging, embedded SaaS AI is hard to see, and vendor model changes are difficult to continuously govern.

AI Inventory

Partial

Framework: EU AI Act technical documentation; NIST AI RMF Govern; ISO/IEC 42001 planning and operation; executive AI inventory practice
Control: Portfolio inventory of AI systems, owners, purpose, risk tier, model version, inputs, outputs, operational status, and business use case.
Tools: IBM AI FactSheets; Azure AI Catalog; ServiceNow AI Control Tower; Credo AI; Holistic AI; AWS DataZone; Databricks Unity Catalog
Market note: Manual intake still dominates in many organizations; shadow AI and embedded AI discovery remain materially incomplete.

EU AI Act

Partial

Framework: Regulation (EU) 2024/1689
Control: Risk classification, prohibited-practice screening, high-risk system controls, technical documentation, post-market monitoring, transparency, and GPAI obligations.
Tools: Regulativ.ai; Credo AI; Holistic AI; ServiceNow AI Control Tower; IBM watsonx.governance; Trustible; FairNow; Secureframe
Market note: Teams should distinguish final statutory requirements from evolving templates, standards, and supervisory practice.

NIST AI RMF

Partial

Framework: NIST AI RMF 1.0; NIST Generative AI Profile
Control: Govern, Map, Measure, and Manage functions with GenAI-specific risks such as hallucination, harmful bias, data privacy, data poisoning, and information integrity.
Tools: Credo AI; Holistic AI; IBM watsonx.governance; FairNow; Trustible; AWS AI Service Cards; Azure Responsible AI; ServiceNow AI Control Tower
Market note: NIST AI RMF is voluntary and not a certification scheme; mappings to technical controls are still organization-specific.

ISO 42001

Partial

Framework: ISO/IEC 42001:2023; ISO/IEC 23894; ISO/IEC 42006; related AI standards
Control: AI management system, leadership, policy, roles, risk assessment, lifecycle controls, internal audit, management review, and continual improvement.
Tools: Sprinto; Drata AI; Vanta; Secureframe; Regulativ.ai; Controllo.ai; IBM watsonx.governance; ServiceNow AI Control Tower
Market note: Certification pathways are maturing; integrated evidence with ISO 27001 and EU AI Act obligations still requires careful scoping.

OSFI / Model Risk

Partial

Framework: OSFI model-risk guidance; OSFI technology/third-party guidance; SR 11-7 for US model-risk management
Control: Model inventory, validation, documentation, governance, ongoing monitoring, independent challenge, third-party oversight, and operational resilience.
Tools: Fiddler AI; IBM OpenPages; Moody's model validation services; SageMaker Model Monitor; Archer GRC; IBM watsonx.governance
Market note: Traditional MRM principles apply, but LLM and agent validation methods remain less settled than classical credit, market, and pricing models.

Layer · Access

4 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Access	RBAC / ABAC	NIST AI RMF Govern; ISO/IEC 27001 access control; EU AI Act human oversight; SOC 2 access-control criteria	Role- and attribute-based access for AI tools, model APIs, high-risk approvals, deployment authority, and oversight permissions.	AWS IAM; Azure RBAC and Entra ID; Databricks Unity Catalog ACLs; IBM watsonx access control; Okta; Auth0; HashiCorp Vault	AI-specific entitlements such as guardrail override, production deployment, or model-routing authority are not consistently modeled in standard IAM.	Partial
Access	Agent Identity	NIST AI RMF Govern; ISO/IEC 42001 operational controls; EU AI Act transparency and oversight expectations	Unique non-human identities, scoped task credentials, dynamic token issuance, agent-to-agent authentication, revocation, and lifecycle management.	SPIFFE/SPIRE; HashiCorp Vault; AWS IAM patterns; Azure Managed Identity; CyberArk Conjur; Strata Maverics	Agent identity is still maturing as an enterprise control category, especially for long-running agents and cross-tool credential delegation.	Gap
Access	API Security	NIST AI RMF Manage; ISO/IEC 27001; SOC 2; OSFI technology and model-risk expectations	AI API gateway, authentication, rate limiting, quota enforcement, model routing, cost controls, token budgets, key rotation, mTLS, and region controls.	Kong AI Gateway; Azure API Management for AI; AWS API Gateway with Bedrock; Databricks AI Gateway; LiteLLM; Portkey.ai; Helicone; Traefik AI	Policy synchronization across providers, semantic rate limits, and cross-provider failover with consistent controls are still developing.	Partial
Access	DLP / Data Control	GDPR data protection by design; PIPEDA safeguards; EU AI Act data governance; OSFI third-party and technology risk	Prompt and response DLP, PII detection, sensitive-data blocking before LLM submission, classification enforcement, and regulated-data egress control.	AWS Bedrock Guardrails; Azure AI Content Safety; Nightfall AI; Presidio; Informatica CLAIRE; Netskope CASB; Symantec DLP	Context-aware DLP for multi-turn and multimodal AI interactions remains uneven, especially where indirect identifiers or retrieval context are involved.	Partial

RBAC / ABAC

Partial

Framework: NIST AI RMF Govern; ISO/IEC 27001 access control; EU AI Act human oversight; SOC 2 access-control criteria
Control: Role- and attribute-based access for AI tools, model APIs, high-risk approvals, deployment authority, and oversight permissions.
Tools: AWS IAM; Azure RBAC and Entra ID; Databricks Unity Catalog ACLs; IBM watsonx access control; Okta; Auth0; HashiCorp Vault
Market note: AI-specific entitlements such as guardrail override, production deployment, or model-routing authority are not consistently modeled in standard IAM.

Agent Identity

Gap

Framework: NIST AI RMF Govern; ISO/IEC 42001 operational controls; EU AI Act transparency and oversight expectations
Control: Unique non-human identities, scoped task credentials, dynamic token issuance, agent-to-agent authentication, revocation, and lifecycle management.
Tools: SPIFFE/SPIRE; HashiCorp Vault; AWS IAM patterns; Azure Managed Identity; CyberArk Conjur; Strata Maverics
Market note: Agent identity is still maturing as an enterprise control category, especially for long-running agents and cross-tool credential delegation.

API Security

Partial

Framework: NIST AI RMF Manage; ISO/IEC 27001; SOC 2; OSFI technology and model-risk expectations
Control: AI API gateway, authentication, rate limiting, quota enforcement, model routing, cost controls, token budgets, key rotation, mTLS, and region controls.
Tools: Kong AI Gateway; Azure API Management for AI; AWS API Gateway with Bedrock; Databricks AI Gateway; LiteLLM; Portkey.ai; Helicone; Traefik AI
Market note: Policy synchronization across providers, semantic rate limits, and cross-provider failover with consistent controls are still developing.

DLP / Data Control

Partial

Framework: GDPR data protection by design; PIPEDA safeguards; EU AI Act data governance; OSFI third-party and technology risk
Control: Prompt and response DLP, PII detection, sensitive-data blocking before LLM submission, classification enforcement, and regulated-data egress control.
Tools: AWS Bedrock Guardrails; Azure AI Content Safety; Nightfall AI; Presidio; Informatica CLAIRE; Netskope CASB; Symantec DLP
Market note: Context-aware DLP for multi-turn and multimodal AI interactions remains uneven, especially where indirect identifiers or retrieval context are involved.

Layer · App

5 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
App	Guardrails	EU AI Act risk management; NIST GenAI Profile; ISO/IEC 42001 operational controls; OSFI model-use controls	Input/output guardrails, prompt-injection detection, toxicity screening, PII redaction, topic restrictions, jailbreak detection, and policy filters.	AWS Bedrock Guardrails; Azure AI Content Safety; NVIDIA NeMo Guardrails; Guardrails.ai; Llama Guard; Lakera; Protect AI Rebuff; Galileo Guard	Policy portability, multimodal coverage, hot-reload of rules, and latency management are common design constraints.	Partial
App	AI Evals	NIST AI RMF Measure; NIST GenAI Profile; EU AI Act testing expectations; ISO/IEC 42001 performance evaluation; OSFI monitoring	Pre-deployment red teaming, accuracy/bias/toxicity benchmarks, regression suites, LLM-as-judge workflows, human review, and golden datasets.	Braintrust; Arize Phoenix; Galileo; LangSmith; Langfuse; Ragas; MLflow Evaluate; SageMaker Clarify; Azure Prompt Flow; Confident AI; lm-evaluation-harness	Regulator-accepted benchmarks are not yet settled for many domain-specific LLM and agent use cases.	Partial
App	Decision Logs	EU AI Act logging; NIST AI RMF Manage; ISO/IEC 42001 documented information; GDPR automated-decision rights; OSFI records	Immutable decision logs with inputs, outputs, model version, timestamp, rationale, review status, and audit replay support.	IBM watsonx.governance; Fiddler AI; SageMaker Clarify; Arize; Galileo; SHAP; LIME; Azure Responsible AI Dashboard; Arthur AI	A standard AI decision-log schema is not yet broadly adopted, and rationale capture for generative systems must be designed carefully.	Gap
App	Human Oversight	EU AI Act human oversight; NIST AI RMF Manage; ISO/IEC 42001 operational controls; OSFI governance and monitoring	Override mechanisms, escalation triggers, approval workflows, intervention logging, stop controls, review queues, and confidence thresholds.	AWS Bedrock AgentCore patterns; ServiceNow AI Control Tower; IBM watsonx.governance; Fiddler AI; Galileo Agent Control; Arthur Shield	HITL patterns are easy to describe but harder to standardize across multi-step and multi-agent workflows.	Partial
App	RAG Governance	NIST GenAI Profile; EU AI Act data governance; GDPR data minimization; ISO/IEC 42001 data controls	Data-source authorization, retrieval audit trail, vector-store access control, chunk provenance, citation verification, freshness, and PII handling.	Databricks Unity Catalog and Vector Search; AWS OpenSearch/Kendra; Azure AI Search; Microsoft Purview; Arize Phoenix; Ragas; DataRobot	Chunk-level access control, retrieval auditability, and cross-user leakage prevention are still implementation-heavy.	Gap

Guardrails

Partial

Framework: EU AI Act risk management; NIST GenAI Profile; ISO/IEC 42001 operational controls; OSFI model-use controls
Control: Input/output guardrails, prompt-injection detection, toxicity screening, PII redaction, topic restrictions, jailbreak detection, and policy filters.
Tools: AWS Bedrock Guardrails; Azure AI Content Safety; NVIDIA NeMo Guardrails; Guardrails.ai; Llama Guard; Lakera; Protect AI Rebuff; Galileo Guard
Market note: Policy portability, multimodal coverage, hot-reload of rules, and latency management are common design constraints.

AI Evals

Partial

Framework: NIST AI RMF Measure; NIST GenAI Profile; EU AI Act testing expectations; ISO/IEC 42001 performance evaluation; OSFI monitoring
Control: Pre-deployment red teaming, accuracy/bias/toxicity benchmarks, regression suites, LLM-as-judge workflows, human review, and golden datasets.
Tools: Braintrust; Arize Phoenix; Galileo; LangSmith; Langfuse; Ragas; MLflow Evaluate; SageMaker Clarify; Azure Prompt Flow; Confident AI; lm-evaluation-harness
Market note: Regulator-accepted benchmarks are not yet settled for many domain-specific LLM and agent use cases.

Decision Logs

Gap

Framework: EU AI Act logging; NIST AI RMF Manage; ISO/IEC 42001 documented information; GDPR automated-decision rights; OSFI records
Control: Immutable decision logs with inputs, outputs, model version, timestamp, rationale, review status, and audit replay support.
Tools: IBM watsonx.governance; Fiddler AI; SageMaker Clarify; Arize; Galileo; SHAP; LIME; Azure Responsible AI Dashboard; Arthur AI
Market note: A standard AI decision-log schema is not yet broadly adopted, and rationale capture for generative systems must be designed carefully.

Human Oversight

Partial

Framework: EU AI Act human oversight; NIST AI RMF Manage; ISO/IEC 42001 operational controls; OSFI governance and monitoring
Control: Override mechanisms, escalation triggers, approval workflows, intervention logging, stop controls, review queues, and confidence thresholds.
Tools: AWS Bedrock AgentCore patterns; ServiceNow AI Control Tower; IBM watsonx.governance; Fiddler AI; Galileo Agent Control; Arthur Shield
Market note: HITL patterns are easy to describe but harder to standardize across multi-step and multi-agent workflows.

RAG Governance

Gap

Framework: NIST GenAI Profile; EU AI Act data governance; GDPR data minimization; ISO/IEC 42001 data controls
Control: Data-source authorization, retrieval audit trail, vector-store access control, chunk provenance, citation verification, freshness, and PII handling.
Tools: Databricks Unity Catalog and Vector Search; AWS OpenSearch/Kendra; Azure AI Search; Microsoft Purview; Arize Phoenix; Ragas; DataRobot
Market note: Chunk-level access control, retrieval auditability, and cross-user leakage prevention are still implementation-heavy.

Layer · Model

7 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Model	Model Registry	NIST AI RMF Map; ISO/IEC 42001 lifecycle controls; EU AI Act technical documentation; OSFI E-23; SR 11-7	Model cards, lineage, training metadata, version history, approval gates, champion/challenger management, dependencies, and promotion workflow.	SageMaker Model Registry; Azure ML Model Registry; Databricks MLflow Registry; MLflow OSS; IBM watsonx.governance; Weights & Biases; Comet ML	Foundation-model dependency tracking, RLHF/fine-tune metadata, and multi-cloud registry synchronization remain uneven.	Partial
Model	Model Catalog	NIST AI RMF Govern; EU AI Act GPAI transparency; ISO/IEC 42001 planning; enterprise approved-use governance	Approved model list, foundation-model options, capability and risk profiles, cost tiers, residency constraints, approved use cases, and security assessments.	SageMaker JumpStart; Azure AI Model Catalog; Databricks Marketplace; IBM watsonx.ai Model Hub; Hugging Face Enterprise; ServiceNow AI Control Tower	Approved catalogs are often cloud-specific, and model substitution or vendor model updates can be difficult to monitor.	Partial
Model	Bias & Fairness	EU AI Act data and performance obligations; NIST AI RMF Measure; ISO/IEC 24027; OSFI fairness and outcomes expectations	Protected-attribute analysis, disparate-impact scoring, fairness metrics, bias tests, bias drift monitoring, and review documentation.	SageMaker Clarify; Azure Responsible AI; Fairlearn; IBM AI Fairness 360; Fiddler AI; Arthur AI; SHAP; WhyLabs; FairNow	Generative-output bias, intersectional testing, and RAG retrieval bias are not yet governed by a single accepted protocol.	Gap
Model	Model Drift	NIST AI RMF Manage; ISO/IEC 42001 continual improvement; OSFI E-23 monitoring; SR 11-7 ongoing monitoring	Data drift, concept drift, output-quality degradation, performance SLA breach alerts, retraining triggers, model health, and post-market surveillance.	Fiddler AI; WhyLabs; IBM OpenScale/watsonx; SageMaker Model Monitor; Azure ML Monitoring; Arize; Evidently AI; NannyML	Semantic drift in LLM outputs and vendor-side foundation-model changes are difficult to observe without explicit instrumentation.	Partial
Model	Model Cards / FactSheets	EU AI Act documentation and transparency; NIST AI RMF Govern; ISO/IEC 42001 documented information; executive AI reporting	Intended use, training-data summary, evaluation results, limitations, safety information, transparency records, and lifecycle events.	IBM AI FactSheets; SageMaker Model Cards; Azure Responsible AI; Databricks MLflow Model Cards; Hugging Face Model Cards; Google Model Cards Toolkit	Schemas vary by provider and are often static unless connected to monitoring, inventory, and change-control workflows.	Partial
Model	AI Energy / ESG	EU AI Act transparency recitals; enterprise ESG reporting; ISO 14001-aligned sustainability practice	Compute energy tracking, inference carbon estimates, GPU utilization reporting, sustainable AI metrics, and third-party AI energy disclosure.	CodeCarbon; ML CO2 Impact; Watershed; AWS Customer Carbon Footprint Tool; Azure emissions and carbon optimization tooling	Inference-level carbon accounting is not standardized, and third-party API model energy visibility is limited.	Gap
Model	AI SBOM / AIBOM	SBOM practice; EU AI Act technical documentation; NIST AI RMF Govern; ISO/IEC 42001 documented information	AI component inventory, base model, adapters, plugins, data sources, frameworks, dependencies, provenance, vulnerabilities, and supply-chain integrity.	Protect AI ModelScan; HiddenLayer; Wiz AI-SPM; CycloneDX AI-related work; Snyk partial coverage	AI bill-of-materials practice is emerging but not uniformly adopted across foundation-model vendors and enterprise stacks.	Gap

Model Registry

Partial

Framework: NIST AI RMF Map; ISO/IEC 42001 lifecycle controls; EU AI Act technical documentation; OSFI E-23; SR 11-7
Control: Model cards, lineage, training metadata, version history, approval gates, champion/challenger management, dependencies, and promotion workflow.
Tools: SageMaker Model Registry; Azure ML Model Registry; Databricks MLflow Registry; MLflow OSS; IBM watsonx.governance; Weights & Biases; Comet ML
Market note: Foundation-model dependency tracking, RLHF/fine-tune metadata, and multi-cloud registry synchronization remain uneven.

Model Catalog

Partial

Framework: NIST AI RMF Govern; EU AI Act GPAI transparency; ISO/IEC 42001 planning; enterprise approved-use governance
Control: Approved model list, foundation-model options, capability and risk profiles, cost tiers, residency constraints, approved use cases, and security assessments.
Tools: SageMaker JumpStart; Azure AI Model Catalog; Databricks Marketplace; IBM watsonx.ai Model Hub; Hugging Face Enterprise; ServiceNow AI Control Tower
Market note: Approved catalogs are often cloud-specific, and model substitution or vendor model updates can be difficult to monitor.

Bias & Fairness

Gap

Framework: EU AI Act data and performance obligations; NIST AI RMF Measure; ISO/IEC 24027; OSFI fairness and outcomes expectations
Control: Protected-attribute analysis, disparate-impact scoring, fairness metrics, bias tests, bias drift monitoring, and review documentation.
Tools: SageMaker Clarify; Azure Responsible AI; Fairlearn; IBM AI Fairness 360; Fiddler AI; Arthur AI; SHAP; WhyLabs; FairNow
Market note: Generative-output bias, intersectional testing, and RAG retrieval bias are not yet governed by a single accepted protocol.

Model Drift

Partial

Framework: NIST AI RMF Manage; ISO/IEC 42001 continual improvement; OSFI E-23 monitoring; SR 11-7 ongoing monitoring
Control: Data drift, concept drift, output-quality degradation, performance SLA breach alerts, retraining triggers, model health, and post-market surveillance.
Tools: Fiddler AI; WhyLabs; IBM OpenScale/watsonx; SageMaker Model Monitor; Azure ML Monitoring; Arize; Evidently AI; NannyML
Market note: Semantic drift in LLM outputs and vendor-side foundation-model changes are difficult to observe without explicit instrumentation.

Model Cards / FactSheets

Partial

Framework: EU AI Act documentation and transparency; NIST AI RMF Govern; ISO/IEC 42001 documented information; executive AI reporting
Control: Intended use, training-data summary, evaluation results, limitations, safety information, transparency records, and lifecycle events.
Tools: IBM AI FactSheets; SageMaker Model Cards; Azure Responsible AI; Databricks MLflow Model Cards; Hugging Face Model Cards; Google Model Cards Toolkit
Market note: Schemas vary by provider and are often static unless connected to monitoring, inventory, and change-control workflows.

AI Energy / ESG

Gap

Framework: EU AI Act transparency recitals; enterprise ESG reporting; ISO 14001-aligned sustainability practice
Control: Compute energy tracking, inference carbon estimates, GPU utilization reporting, sustainable AI metrics, and third-party AI energy disclosure.
Tools: CodeCarbon; ML CO2 Impact; Watershed; AWS Customer Carbon Footprint Tool; Azure emissions and carbon optimization tooling
Market note: Inference-level carbon accounting is not standardized, and third-party API model energy visibility is limited.

AI SBOM / AIBOM

Gap

Framework: SBOM practice; EU AI Act technical documentation; NIST AI RMF Govern; ISO/IEC 42001 documented information
Control: AI component inventory, base model, adapters, plugins, data sources, frameworks, dependencies, provenance, vulnerabilities, and supply-chain integrity.
Tools: Protect AI ModelScan; HiddenLayer; Wiz AI-SPM; CycloneDX AI-related work; Snyk partial coverage
Market note: AI bill-of-materials practice is emerging but not uniformly adopted across foundation-model vendors and enterprise stacks.

Layer · Data

4 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Data	Data Catalog & Lineage	EU AI Act data governance; NIST AI RMF Map; ISO/IEC 42001 data controls; GDPR integrity and accountability; OSFI documentation	Training-data lineage, quality scoring, source authorization, consent tracking, data contracts, schema drift, provenance, and training-serving skew.	Informatica IDQ/AXON/EDC; Microsoft Purview; Databricks Unity Catalog; AWS DataZone; Collibra; Alation; Atlan; IBM Knowledge Catalog	End-to-end lineage from raw data to inference outcome is still hard, especially for RAG, synthetic data, and third-party foundation models.	Partial
Data	Privacy Enforcement	GDPR rights and automated decisions; PIPEDA consent and safeguards; CCPA/CPRA; EU AI Act data governance; ISO/IEC 27701	AI privacy-by-design, erasure workflows, consent management for AI use, differential privacy, federated learning controls, and DSAR handling.	OneTrust; Securiti.ai; Microsoft Purview Privacy; OpenDP; PySyft; Transcend	Machine unlearning, AI-inference DSARs, and proof of whether data was used in training remain challenging in production systems.	Partial
Data	Data Residency	GDPR cross-border transfer; EU AI Act data governance; OSFI third-party risk; PIPEDA accountability	Geo-fenced inference, training-data jurisdiction enforcement, cross-border blocking, sovereign deployments, and residency evidence.	AWS regional Bedrock controls; Azure Sovereign Clouds; Kong AI Gateway geo-routing; NVIDIA sovereign AI patterns; IBM Cloud for Financial Services	Multi-step agent workflows can cross services and regions quickly; residency evidence must be designed into routing and logging.	Gap
Data	IP / Copyright	EU AI Act GPAI copyright policy obligations; copyright law; DMCA-style processes; ISO/IEC 42001 data controls	Training-data copyright tracking, opt-out compliance, output infringement screening, indemnity tracking, generated-content policy, and watermarking.	Adobe Content Credentials; Copyleaks; Originality.ai; Azure AI Content Safety; AWS Bedrock indemnity programs; C2PA tooling	Training-data provenance at web scale and opt-out compliance monitoring remain difficult across jurisdictions and model providers.	Gap

Data Catalog & Lineage

Partial

Framework: EU AI Act data governance; NIST AI RMF Map; ISO/IEC 42001 data controls; GDPR integrity and accountability; OSFI documentation
Control: Training-data lineage, quality scoring, source authorization, consent tracking, data contracts, schema drift, provenance, and training-serving skew.
Tools: Informatica IDQ/AXON/EDC; Microsoft Purview; Databricks Unity Catalog; AWS DataZone; Collibra; Alation; Atlan; IBM Knowledge Catalog
Market note: End-to-end lineage from raw data to inference outcome is still hard, especially for RAG, synthetic data, and third-party foundation models.

Privacy Enforcement

Partial

Framework: GDPR rights and automated decisions; PIPEDA consent and safeguards; CCPA/CPRA; EU AI Act data governance; ISO/IEC 27701
Control: AI privacy-by-design, erasure workflows, consent management for AI use, differential privacy, federated learning controls, and DSAR handling.
Tools: OneTrust; Securiti.ai; Microsoft Purview Privacy; OpenDP; PySyft; Transcend
Market note: Machine unlearning, AI-inference DSARs, and proof of whether data was used in training remain challenging in production systems.

Data Residency

Gap

Framework: GDPR cross-border transfer; EU AI Act data governance; OSFI third-party risk; PIPEDA accountability
Control: Geo-fenced inference, training-data jurisdiction enforcement, cross-border blocking, sovereign deployments, and residency evidence.
Tools: AWS regional Bedrock controls; Azure Sovereign Clouds; Kong AI Gateway geo-routing; NVIDIA sovereign AI patterns; IBM Cloud for Financial Services
Market note: Multi-step agent workflows can cross services and regions quickly; residency evidence must be designed into routing and logging.

IP / Copyright

Gap

Framework: EU AI Act GPAI copyright policy obligations; copyright law; DMCA-style processes; ISO/IEC 42001 data controls
Control: Training-data copyright tracking, opt-out compliance, output infringement screening, indemnity tracking, generated-content policy, and watermarking.
Tools: Adobe Content Credentials; Copyleaks; Originality.ai; Azure AI Content Safety; AWS Bedrock indemnity programs; C2PA tooling
Market note: Training-data provenance at web scale and opt-out compliance monitoring remain difficult across jurisdictions and model providers.

Layer · Infra

6 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Infra	Observability	NIST AI RMF Measure; ISO/IEC 42001 monitoring; EU AI Act logging; OSFI ongoing monitoring; SOC 2 monitoring	LLM traces, prompts/completions, tool calls, token/cost metrics, OpenTelemetry instrumentation, span correlation, RAG visibility, and session tracing.	OpenTelemetry; Langfuse; Arize Phoenix; Braintrust; Galileo; Datadog LLM Observability; New Relic; Dynatrace; Elastic; Comet ML; LangSmith	GenAI semantic conventions and multi-vendor agent trace correlation are improving, but retention cost and evidence quality remain design decisions.	Partial
Infra	APM / Infra Monitor	SOC 2 monitoring; NIST AI RMF Manage; ISO/IEC 27001 logging; EU DORA ICT resilience	GPU/CPU utilization, inference latency, error rates, cost per inference, capacity alerts, RUM, and synthetic monitoring of AI endpoints.	Datadog; New Relic; Dynatrace; Elastic APM; AWS CloudWatch/X-Ray; Azure Monitor; Prometheus/Grafana; Splunk Observability	Infrastructure metrics do not automatically describe AI quality, safety, or runaway agent-loop risk without domain-specific signals.	Partial
Infra	Audit Trail	EU AI Act logging; ISO/IEC 42001 documented information; NIST AI RMF Manage; SOC 2 logging; GDPR accountability; OSFI records	Tamper-evident AI audit trail, cross-system correlation, retention policies, evidence-quality logs, SIEM integration, and regulatory replay.	AWS CloudTrail and immutable S3; Azure Monitor Logs and Sentinel; Splunk; IBM watsonx.governance; Informatica AXON; ServiceNow Audit Management; Wiz	Prompt-response privacy, cross-service correlation, and forensic replay of agent decisions are not solved by conventional logging alone.	Gap
Infra	Runtime Compliance	EU AI Act risk management and logging; NIST AI RMF Manage; OSFI monitoring; ISO/IEC 42001 operational controls	Continuous policy enforcement at inference, real-time guardrail evaluation, content classification, policy-based rate limiting, risk scoring, and posture dashboards.	AWS Bedrock Guardrails; Azure AI Content Safety; IBM watsonx.governance; Galileo Agent Control; NVIDIA NeMo Guardrails; Kong AI Gateway; LiteLLM	Runtime controls need to balance latency, consistency across multi-model workflows, and feedback into GRC evidence systems.	Partial
Infra	Incident Response	EU AI Act serious-incident reporting; NIST AI RMF Manage; ISO/IEC 42001 improvement; EU DORA incident reporting; OSFI operational resilience	AI incident taxonomy, detection triggers, triage workflows, mandatory reporting support, rollback procedures, root-cause analysis, and corrective actions.	ServiceNow ITSM; PagerDuty; Jeli; IBM watsonx.governance; Credo AI; AWS Systems Manager	AI-caused, AI-assisted, and AI-detected incidents need distinct classification and playbooks; tooling is still converging.	Gap
Infra	Cross-Cloud Governance	NIST AI RMF Govern; EU AI Act risk management; ISO/IEC 42001 operational controls; third-party risk expectations	Unified policy enforcement across clouds, registry synchronization, consistent guardrails, cost governance, audit trail, and compliance reporting.	LiteLLM; Kong AI Gateway; Portkey.ai; IBM watsonx.governance; Credo AI; Arize	Hybrid and multi-cloud AI policy drift is common unless routing, logging, and evidence collection are explicitly centralized.	Gap

Observability

Partial

Framework: NIST AI RMF Measure; ISO/IEC 42001 monitoring; EU AI Act logging; OSFI ongoing monitoring; SOC 2 monitoring
Control: LLM traces, prompts/completions, tool calls, token/cost metrics, OpenTelemetry instrumentation, span correlation, RAG visibility, and session tracing.
Tools: OpenTelemetry; Langfuse; Arize Phoenix; Braintrust; Galileo; Datadog LLM Observability; New Relic; Dynatrace; Elastic; Comet ML; LangSmith
Market note: GenAI semantic conventions and multi-vendor agent trace correlation are improving, but retention cost and evidence quality remain design decisions.

APM / Infra Monitor

Partial

Framework: SOC 2 monitoring; NIST AI RMF Manage; ISO/IEC 27001 logging; EU DORA ICT resilience
Control: GPU/CPU utilization, inference latency, error rates, cost per inference, capacity alerts, RUM, and synthetic monitoring of AI endpoints.
Tools: Datadog; New Relic; Dynatrace; Elastic APM; AWS CloudWatch/X-Ray; Azure Monitor; Prometheus/Grafana; Splunk Observability
Market note: Infrastructure metrics do not automatically describe AI quality, safety, or runaway agent-loop risk without domain-specific signals.

Audit Trail

Gap

Framework: EU AI Act logging; ISO/IEC 42001 documented information; NIST AI RMF Manage; SOC 2 logging; GDPR accountability; OSFI records
Control: Tamper-evident AI audit trail, cross-system correlation, retention policies, evidence-quality logs, SIEM integration, and regulatory replay.
Tools: AWS CloudTrail and immutable S3; Azure Monitor Logs and Sentinel; Splunk; IBM watsonx.governance; Informatica AXON; ServiceNow Audit Management; Wiz
Market note: Prompt-response privacy, cross-service correlation, and forensic replay of agent decisions are not solved by conventional logging alone.

Runtime Compliance

Partial

Framework: EU AI Act risk management and logging; NIST AI RMF Manage; OSFI monitoring; ISO/IEC 42001 operational controls
Control: Continuous policy enforcement at inference, real-time guardrail evaluation, content classification, policy-based rate limiting, risk scoring, and posture dashboards.
Tools: AWS Bedrock Guardrails; Azure AI Content Safety; IBM watsonx.governance; Galileo Agent Control; NVIDIA NeMo Guardrails; Kong AI Gateway; LiteLLM
Market note: Runtime controls need to balance latency, consistency across multi-model workflows, and feedback into GRC evidence systems.

Incident Response

Gap

Framework: EU AI Act serious-incident reporting; NIST AI RMF Manage; ISO/IEC 42001 improvement; EU DORA incident reporting; OSFI operational resilience
Control: AI incident taxonomy, detection triggers, triage workflows, mandatory reporting support, rollback procedures, root-cause analysis, and corrective actions.
Tools: ServiceNow ITSM; PagerDuty; Jeli; IBM watsonx.governance; Credo AI; AWS Systems Manager
Market note: AI-caused, AI-assisted, and AI-detected incidents need distinct classification and playbooks; tooling is still converging.

Cross-Cloud Governance

Gap

Framework: NIST AI RMF Govern; EU AI Act risk management; ISO/IEC 42001 operational controls; third-party risk expectations
Control: Unified policy enforcement across clouds, registry synchronization, consistent guardrails, cost governance, audit trail, and compliance reporting.
Tools: LiteLLM; Kong AI Gateway; Portkey.ai; IBM watsonx.governance; Credo AI; Arize
Market note: Hybrid and multi-cloud AI policy drift is common unless routing, logging, and evidence collection are explicitly centralized.

Layer · Agentic

7 entries

Layer	Domain	Framework / Reg / Standard	Requirement / Control	Tools / Platforms	Market Note	Status
Agentic	MCP Governance	MCP specification; NIST AI RMF; OWASP LLM guidance; ISO/IEC 42001; EU AI Act risk management	MCP server authentication, authorization, tool-call logs, proxy enforcement, server provenance, schema validation, rate limits, and tool-call policy.	Strata Maverics; AWS Bedrock AgentCore patterns; Galileo Agent Control; Wiz AI-SPM; MCP gateways and proxies	MCP audit trail, server authenticity checks, and external server governance are emerging implementation areas rather than settled standards.	Gap
Agentic	Agent Audit Trail	EU AI Act logging; NIST AI RMF Manage; ISO/IEC 42001 documented information; OWASP LLM guidance	Step-by-step tool invocation records, context snapshots, goal and sub-goal traces, delegation chains, action authorization, and reconstruction evidence.	Galileo; Arize Phoenix; Langfuse; LangSmith/LangGraph; OpenTelemetry GenAI conventions; AWS Bedrock AgentCore tracing patterns	Evidence-quality agent traces must avoid over-reliance on hidden reasoning while preserving enough context for review and incident response.	Gap
Agentic	Agent Execution Engine	NIST AI RMF Govern/Manage; EU AI Act human oversight; ISO/IEC 42001 operational controls	Sandboxing, blast-radius limits, action reversibility, task scope enforcement, loop detection, resource limits, and kill-switch capability.	AWS Bedrock AgentCore; Azure AI Agent Service; LangGraph; AutoGen; CrewAI; Galileo Agent Control	Governance hooks vary by framework, and cross-framework orchestration makes containment and policy enforcement harder.	Gap
Agentic	Agent-to-Agent Auth	NIST AI RMF Govern; EU AI Act transparency and oversight; OWASP LLM guidance; enterprise identity standards	Credential delegation, trust-chain verification, orchestrator/sub-agent boundaries, scope propagation, task attestation, and cross-organization authorization.	SPIFFE/SPIRE; Strata Maverics; emerging A2A protocol work; MCP authorization patterns; CyberArk secrets management	Delegation, mid-task revocation, and cross-cloud agent authorization are still mostly custom architecture decisions.	Gap
Agentic	Prompt Injection	NIST GenAI Profile; EU AI Act robustness and cybersecurity; OWASP LLM Top 10; ISO/IEC 42001 operational controls	Direct and indirect prompt-injection detection, tool-output injection controls, multi-turn jailbreak classification, sanitization, and instruction hierarchy enforcement.	Lakera; Protect AI Rebuff; AWS Bedrock Guardrails; Azure AI Content Safety Prompt Shields; Galileo Guard; Llama Guard; Wiz AI-SPM	Indirect injection from retrieved documents, web content, and tool outputs remains one of the hardest agentic control problems.	Gap
Agentic	Shadow AI Detection	NIST AI RMF Govern; ISO/IEC 42001 inventory controls; EU AI Act documentation practice	Discovery of unapproved AI tools, embedded SaaS AI, personal AI accounts, shadow agents, and unauthorized model/API usage.	Netskope CASB; Zscaler; Wiz Cloud AI Discovery; Microsoft Defender for Cloud Apps; Palo Alto controls	No single control plane comprehensively discovers every embedded, SaaS, API, and developer-deployed AI use case.	Gap
Agentic	Multimodal AI Governance	EU AI Act transparency obligations; NIST GenAI Profile; ISO/IEC 42001 operational controls	Image, audio, and video governance, synthetic media disclosure, watermark/content credential policy, face/voice PII handling, and multimodal guardrails.	Azure AI Content Safety; Hive Moderation; Sightengine; C2PA Content Credentials; Adobe Content Credentials	Multimodal safety tooling is less mature than text tooling, especially for voice cloning, video, and cross-modal PII detection.	Gap

MCP Governance

Gap

Framework: MCP specification; NIST AI RMF; OWASP LLM guidance; ISO/IEC 42001; EU AI Act risk management
Control: MCP server authentication, authorization, tool-call logs, proxy enforcement, server provenance, schema validation, rate limits, and tool-call policy.
Tools: Strata Maverics; AWS Bedrock AgentCore patterns; Galileo Agent Control; Wiz AI-SPM; MCP gateways and proxies
Market note: MCP audit trail, server authenticity checks, and external server governance are emerging implementation areas rather than settled standards.

Agent Audit Trail

Gap

Framework: EU AI Act logging; NIST AI RMF Manage; ISO/IEC 42001 documented information; OWASP LLM guidance
Control: Step-by-step tool invocation records, context snapshots, goal and sub-goal traces, delegation chains, action authorization, and reconstruction evidence.
Tools: Galileo; Arize Phoenix; Langfuse; LangSmith/LangGraph; OpenTelemetry GenAI conventions; AWS Bedrock AgentCore tracing patterns
Market note: Evidence-quality agent traces must avoid over-reliance on hidden reasoning while preserving enough context for review and incident response.

Agent Execution Engine

Gap

Framework: NIST AI RMF Govern/Manage; EU AI Act human oversight; ISO/IEC 42001 operational controls
Control: Sandboxing, blast-radius limits, action reversibility, task scope enforcement, loop detection, resource limits, and kill-switch capability.
Tools: AWS Bedrock AgentCore; Azure AI Agent Service; LangGraph; AutoGen; CrewAI; Galileo Agent Control
Market note: Governance hooks vary by framework, and cross-framework orchestration makes containment and policy enforcement harder.

Agent-to-Agent Auth

Gap

Framework: NIST AI RMF Govern; EU AI Act transparency and oversight; OWASP LLM guidance; enterprise identity standards
Control: Credential delegation, trust-chain verification, orchestrator/sub-agent boundaries, scope propagation, task attestation, and cross-organization authorization.
Tools: SPIFFE/SPIRE; Strata Maverics; emerging A2A protocol work; MCP authorization patterns; CyberArk secrets management
Market note: Delegation, mid-task revocation, and cross-cloud agent authorization are still mostly custom architecture decisions.

Prompt Injection

Gap

Framework: NIST GenAI Profile; EU AI Act robustness and cybersecurity; OWASP LLM Top 10; ISO/IEC 42001 operational controls
Control: Direct and indirect prompt-injection detection, tool-output injection controls, multi-turn jailbreak classification, sanitization, and instruction hierarchy enforcement.
Tools: Lakera; Protect AI Rebuff; AWS Bedrock Guardrails; Azure AI Content Safety Prompt Shields; Galileo Guard; Llama Guard; Wiz AI-SPM
Market note: Indirect injection from retrieved documents, web content, and tool outputs remains one of the hardest agentic control problems.

Shadow AI Detection

Gap

Framework: NIST AI RMF Govern; ISO/IEC 42001 inventory controls; EU AI Act documentation practice
Control: Discovery of unapproved AI tools, embedded SaaS AI, personal AI accounts, shadow agents, and unauthorized model/API usage.
Tools: Netskope CASB; Zscaler; Wiz Cloud AI Discovery; Microsoft Defender for Cloud Apps; Palo Alto controls
Market note: No single control plane comprehensively discovers every embedded, SaaS, API, and developer-deployed AI use case.

Multimodal AI Governance

Gap

Framework: EU AI Act transparency obligations; NIST GenAI Profile; ISO/IEC 42001 operational controls
Control: Image, audio, and video governance, synthetic media disclosure, watermark/content credential policy, face/voice PII handling, and multimodal guardrails.
Tools: Azure AI Content Safety; Hive Moderation; Sightengine; C2PA Content Credentials; Adobe Content Credentials
Market note: Multimodal safety tooling is less mature than text tooling, especially for voice cloning, video, and cross-modal PII detection.

Use the matrix as a scoping artifact.

The fastest way to make AI governance operational is to map obligations to controls, controls to systems, and systems to evidence. This matrix is designed to start that conversation without turning it into a legal memo.

Request a briefing See the artifact set →