Search cases, suites, agents…⌘K
DEMO · synthetic data
Compliance

Governance

Every artifact the platform already produces — sealed runs, judge certificates, dataset provenance, the override ledger — is the evidence. Governance is a read-side projection over the same entities: compliance as a byproduct of engineering, not a parallel paper trail.

Evidence
Generated by daily work
sealed runs · certificates · provenance · overrides
+ Control mappings
AAG-curated packs
control → evidence types + freshness, each with a why
= Compliance posture
Counts + explicit gaps
never a weighted score — gaps name the missing artifact
Controls with current evidence
105 of 117
12 gaps — each names its missing artifact
High-risk agents
2 of 4
EU AI Act Annex III 4(b) — employment decisions
Open critical risks
1
RSK-004 — part-time cohort disparity
Gate overrides this quarter
1
attributed · justified · expired on schedule
EU AI Actregulation
28 of 31controls current3 gaps
Annex III high-risk obligations apply 2 Dec 2027 (as amended) · demo freshness rule: gate evidence ≤ 30 days
Annex III 4(b) covers employment AI — task allocation, monitoring, decisions on terms. Provider-obligation breaches: up to €15M or 3% of global turnover.
NIST AI RMFvoluntary framework
27 of 29controls current2 gaps
No certification exists — conformance via profile + self-attestation, reassessed every release
MEASURE 2.x subcategories map one-to-one onto the concern taxonomy: the eval plan is the framework's measurement plan.
ISO/IEC 42001certifiable standard
18 of 22controls current4 gaps
3-year certificate · surveillance audit every 12 months · next: 2026-09-15
38 Annex A controls; the Statement of Applicability anchors the audit. Certifiable — but not an EU AI Act harmonized standard.
SOC 2 Type IIauditor attestation
17 of 17controls currentno gaps
Type II observation window: 12 months · current window closes 2026-09-30
No AICPA “SOC for AI” exists — the existing PI series carries the AI story: inputs, processing, outputs, storage.
US employment-AI lawstate & local law
1 of 2controls current1 gap
LL144: independent bias audit within the 12 months preceding use, results publicly posted
HB 3773 sets a disparate-impact standard for AI touching terms of employment. The cohort-comparison eval is exactly the audit artifact these laws ask for.
UKG AI Quality Policyinternal policy
14 of 16controls current2 gaps
Checked on every release-gate run — the only framework with per-commit cadence
The floor UKG sets for itself. Stricter than any statute where regulated numbers are concerned.

Evidence decay horizon

nothing is trusted forever — every row resolves to a real entity
overdue
payroll-comp-golden declared-truth conflict awaits SME review (base_rate: declared $31.25/h vs derived $31.75/h)
Blocks Calendar@2026.3 adoption for the payroll gate; ISO A.7.4 and AIQ-5 sit at partial until resolved.
ISO 42001Internalheld since 2026-07-02
overdue
WFM fairness suite unbound — part-time cohort disparity flagged, no cohort eval gating
EU Art. 10 bias examination, MEASURE 2.11, ISO A.5.4, and IL HB 3773 all read gap until the §67 build lands.
EU AI ActNIST AI RMFISO 42001US emp. lawopen since 2026-06-30
due soon
HR Policy Advisor classification sign-off — Art. 6(3) limited-class memo drafted, approval pending
Until approved, the agent's applicable EU control set is undefined — it inherits the high-risk set by default.
EU AI Act2026-07-15
due soon
comp-answer-judge@v1 shadow-mode checkpoint — six-week calibration review vs SME panel
κ still below 0.80 → stays shadow; AIQ-2 remains the payroll profile's one open gap.
InternalNIST AI RMF2026-07-21
due soon
Payroll gate evidence ages out — run_5488 (2026-07-06) hits the 30-day freshness rule
EU Art. 15 accuracy and Art. 9(8) testing revert to stale; any new sealed pass resets the clock.
EU AI Act2026-08-05
scheduled
ISO/IEC 42001 surveillance audit — clauses 8–10 plus Annex A sample
Auditor samples the Statement of Applicability; evidence links must resolve live.
ISO 420012026-09-15
scheduled
refusal-judge@v2 certificate expires — recalibration against the SME panel required
Lapsed certificate pulls the judge from gate duty (AIQ-2); safety concern falls back to classifiers only.
InternalEU AI Act2026-10-02
scheduled
SOC 2 Type II observation window closes — auditor samples sealed runs from the full 12 months
Gaps inside the window can't be patched retroactively; the record is the record.
SOC 22026-09-30

Accountability map

roles are real because artifacts point at them
AI Governance OfficerM. McGonagall
All agents · risk classifications · audit exports
3 classification approvals + 1 override co-sign in the ledger
Risk owner — PayrollB. Weasley
Payroll Copilot · 4 register rows
RSK-001–003, 007 · requested the Q2 break-glass override
Risk owner — WFMP. Weasley
WFM Assistant · 2 register rows
Owns RSK-004 (open) — the portfolio's only critical open risk
Data Protection OfficerA. Bones
Datasets · scrub pipeline · PII lineage
Signs the scrub stage on every trace promotion (AIQ-4)
Ethics review board3 members
High-risk classifications · override cadence review
Minuted in the WFM annual review · quarterly override count review
Freshness rules differ by framework: the EU AI Act demo rule wants gate evidence ≤ 30 days, SOC 2 samples a 12-month window, ISO 42001 audits yearly, LL144 wants a bias audit within 12 months of use. The horizon merges them into one clock.