Standards & Compliance Mapping
Every AI governance instrument names an obligation — record-keeping, robustness, post-market monitoring, human oversight — but none names a metric. PSA is the behavioral evidence layer: the deterministic, timestamped, externally-verifiable measurement that discharges the measurable half of those obligations. This page maps PSA, honestly, onto twelve frameworks in force in 2026.
Thesis
Read the AI governance instruments of 2026 side by side and the same shape appears every time. Each tells an organization what it must achieve — keep records, be robust to attack, monitor the system after deployment, keep a human in the loop, manage risk. Not one tells you how to measure whether you did it. They are, by design, technology-agnostic: they name the obligation and leave the metric to you.
That gap is the opportunity. PSA is the behavioral evidence layer — the instrument that turns "we monitor for drift" into a deterministic, timestamped number with a defined formula, and "we log relevant events" into a hash-chained record you can verify without trusting us. PSA does not replace a management system or a governance function. It supplies the proof under the promise.
The Six Evidence Primitives
Across all twelve frameworks, PSA's contribution reduces to six evidence primitives. Each crosswalk row maps a requirement to one or more of these.
| ID | Primitive | PSA signals |
|---|---|---|
| E1 | Deterministic behavioral event log | Posture codes (I/P/M/H/G) + alert ladder |
| E2 | Tamper-evident log integrity, externally verifiable | SIGTRACK — hash-chained, drand-anchored, /verify-chain |
| E3 | Adversarial / robustness measurement | C0 input intent (I0–I9), C1 adversarial stress, CPI |
| E4 | Human–AI interaction risk (incl. psychological harm) | DRM (IRS, RAS, RAG), HRI |
| E5 | Continuous monitoring & forecasting | BHS, POI, DPI, PE, CPF3 (EWMA+HMM) |
| E6 | Behavioral transparency / explainability | Named posture codes + named, auditable alert reasons |
Framework → PSA Crosswalk
Requirement-by-requirement mapping. Filter by framework or by coverage level. Coverage is marked honestly — green only where PSA produces exactly the evidence asked for.
| Requirement | PSA mapping | Coverage |
|---|---|---|
| ISO/IEC 42001:2023 — AI management system (the certifiable anchor — see the dedicated mapping) | ||
| A.6.2.6/.8 · A.5 · C.2.8–11 | Evidence layer: operation logs, impact, robustness/transparency/safety → BHS/POI/DRM/SIGTRACK/CPF3 | DIRECT |
| EU AI Act — Regulation (EU) 2024/1689 | ||
| Art. 12 — Record-keeping | Automatic event logging over lifetime → E1 posture log + E2 SIGTRACK tamper-evident trail | DIRECT |
| Art. 15 — Accuracy, robustness, cybersecurity | Resilience to adversarial inputs → E3 C0/C1/CPI runtime measurement | DIRECT |
| Art. 72 — Post-market monitoring | Continuous documented monitoring → E5 BHS/POI longitudinal + CPF3 forecast | DIRECT |
| Art. 13 — Transparency to deployers | Interpretable operation → E6 named posture codes + named alert reasons | PARTIAL |
| Art. 14 — Human oversight | Enable intervention → E4 DRM/IRS real-time risk surfacing + alert ladder | PARTIAL |
| Art. 9 — Risk management system | Iterative risk evaluation → E4/E5 runtime signals feed the process | PARTIAL |
| Art. 55 — GPAI systemic risk | Model eval, adversarial testing, incident tracking → E3 war-zone probes + E1 incident logging | PARTIAL |
| Art. 10/11/17 — Data governance, technical docs, QMS | Procedural / organizational | OUT |
| NIST AI RMF 1.0 (2023) + Generative AI Profile (NIST-AI-600-1, 2024) | ||
| MEASURE 2.x — TEVV & monitoring | PSA's home function — E1–E6 across the board | DIRECT |
| MEASURE 2.6 / 2.7 — Safety; security & resilience | E3 adversarial + E4 safety risk | DIRECT |
| MEASURE 2.8 / 2.9 — Transparency, accountability, explainability | E6 posture codes + E2 SIGTRACK | DIRECT |
| MEASURE 2.3 / 2.5 / 2.13 — Eval, validity, ongoing monitoring | E5 BHS/POI/CPF3 | DIRECT |
| MANAGE 4.x — Monitoring & incident response | E5 + alert ladder feed the function | PARTIAL |
| MAP 1–5 — Context establishment | E4 DRM domain targeting (legal/health/finance) | PARTIAL |
| GOVERN | Organizational culture, policy, accountability structures | OUT |
| MEASURE 2.11 — Fairness & bias | Protected attributes never ingested | OUT |
| ISO/IEC 23894:2023 — AI risk management (guidance) | ||
| Risk identification & analysis | E4 DRM runtime risk + E1 posture evidence | PARTIAL |
| Risk monitoring & review | E5 BHS/POI/CPF3 | PARTIAL |
| Risk treatment & governance integration | Procedural | OUT |
| ISO/IEC 42005 — AI system impact assessment | ||
| Evidence of actual behavioral impacts | E4 DRM (IRS, RAS) runtime — incl. psychological harm | PARTIAL |
| Documentation & sign-off of the assessment | Procedural | OUT |
| ISO/IEC TR 24028 (trustworthiness) & TR 24027 (bias) | ||
| TR 24028 — robustness & transparency aspects | E3 adversarial + E6 transparency | PARTIAL |
| TR 24027 — bias in AI systems | Protected attributes never ingested | OUT |
| OECD AI Principles (2019, updated 2024) | ||
| 1.4 — Robustness, security & safety | E3 C1/C5 + E5 CPF3 | DIRECT |
| 1.3 — Transparency & explainability | E6 posture codes | PARTIAL |
| 1.5 — Accountability | E2 SIGTRACK verifiable trail | PARTIAL |
| 1.2 — Human-centred values & fairness | Bias subset out of scope | OUT |
| Council of Europe — Framework Convention on AI (2024) | ||
| Documentation, traceability, oversight | E1/E2 + E4 | PARTIAL |
| Rights-based governance, redress | Treaty-level / procedural | OUT |
| US Colorado AI Act — SB 24-205 (effective 2026) | ||
| Risk-management policy & programme | E5 monitoring evidence | PARTIAL |
| Impact assessment for consequential decisions | E4 behavioral evidence | PARTIAL |
| Duty to avoid algorithmic discrimination | Bias on protected attributes — out of scope | OUT |
| Singapore — Model AI Governance Framework / AI Verify | ||
| Robustness & behavioral safety testing | E3 C-classifiers + war-zone probes | DIRECT |
| Operations management & monitoring | E5 BHS/CPF3 | PARTIAL |
| AI Verify fairness testing | Bias subset out of scope | OUT |
| MITRE ATLAS — adversarial ML threat knowledge base | ||
| Prompt injection, jailbreak, evasion at runtime | E3 C0 input intent (I1–I9), C1 adversarial stress, CPI, semantic-drift detection | DIRECT |
| Model/data poisoning, supply-chain, weight exfiltration | Outside the text-behavioral surface | OUT |
| SOC 2 / ISO/IEC 27001 — security & audit controls | ||
| Audit-log integrity, tamper-evidence, monitoring | E2 SIGTRACK — verifiable without trusting the issuer | PARTIAL |
| Full ISMS (access control, change mgmt, …) | Procedural / infrastructural | OUT |
| Sectoral instruments | ||
| GDPR Art. 22 — Automated decision-making safeguards | E4 DRM evidence + E6 named reasons | PARTIAL |
| HIPAA — health conversational-AI safety | E4 IRS/DRM crisis detection (safety layer, not a HIPAA control) | PARTIAL |
| SR 11-7 — model risk management (finance) | E5 CPF3 + behavioral drift + benchmark (ongoing monitoring + effective challenge) | PARTIAL |
Where PSA Stops — Said Plainly
The honest half of the story is the part PSA does not cover, and it is the same boundary in every framework. PSA reads what a model does, from its output text, from the outside. It therefore says nothing about the procedural and organizational half of governance — leadership, policy, human resources, data governance, third-party management, conformity assessment. Those are real obligations; they are simply not measurements.
And PSA is deliberately silent on bias and fairness over protected attributes. PSA never ingests demographics — it has no race, gender, or age field to discriminate on. That makes it structurally non-discriminatory, but it also means PSA cannot evidence the fairness duties at the centre of NIST MEASURE 2.11, ISO/IEC TR 24027, or Colorado's anti-discrimination core. We do not claim that ground; we name it as out of scope on every row.
The result is a clean division of labour. The framework is the certifiable anchor and the organizational programme. PSA is the telemetry and the evidence store underneath it — covering the measurable half, and pointing honestly at the half it does not touch.