Resources

The consolidated regulation text. Annex III lists high-risk systems. Title III covers obligations for providers and deployers. Essential reading before any compliance planning.

How the EU AI Act requirements map to the NIST AI Risk Management Framework. Useful if your organisation already uses NIST frameworks.

The US voluntary framework for managing AI risks. Structured around four functions: Govern, Map, Measure, Manage. Good complement to the Governed AI Loop.

The revised Swiss data protection legislation, effective September 2023. Broadly aligned with GDPR. Applies to any organisation processing data of Swiss residents.

The international standard for AI management systems. Provides a certifiable framework for responsible AI development and governance. Increasingly referenced in procurement requirements.

The open protocol for connecting AI models to data sources and tools. Relevant to AIOS connector design — MCP-compatible connectors reduce integration friction significantly.

Google's protocol for multi-agent communication. Relevant to governance teams building orchestration layers — A2A defines how agents discover capabilities and delegate tasks.

The ten most critical security risks for LLM-based applications. Prompt injection, insecure output handling, and training data poisoning are the three with the most direct governance implications.

Enterprise API gateway with AI-specific plugins for routing, rate limiting, and observability. One entry point into AIOS Routing & Policy Enforcement.

Open-source AI gateway focused on reliability and observability across LLM providers. Good starting point for teams without an existing API gateway practice.

Cloudflare's managed AI gateway offering caching, rate limiting, and request logging. Lowest-friction entry point for teams already on Cloudflare infrastructure.

Open-source LLM observability platform. Traces, evals, and prompt management. Self-hostable. The closest available starting point for AIOS Observability & Audit Logging.

LLM observability and proxy layer with request logging, cost tracking, and analytics. Useful for teams wanting managed observability without self-hosting.

The emerging standard for AI/ML observability instrumentation. GenAI semantic conventions define how to attribute spans for LLM calls. Foundation for vendor-neutral audit logging.

Continuous compliance automation platform. Relevant for teams managing SOC 2 or ISO 27001 alongside AI governance — evidence collection can be extended to AI system controls.

Security and compliance automation. Similar to Drata. Strong integrations with cloud providers and SaaS tools that AI systems typically depend on.

The foundational paper proposing structured documentation for training datasets — the conceptual precursor to Model Cards. Required reading for anyone designing AI System Records.

The original model card proposal. Defines a structured format for documenting model performance, intended use, and limitations. Now a de facto standard and referenced in the EU AI Act.

A legal and technical framework for AI accountability. Examines how existing legal doctrines apply to AI decision-making. Relevant to teams designing escalation and liability structures.