Regulatory Framework Mapping
Activate compliance frameworks on your AI systems. Obligations are pre-mapped, scoped to your role and risk level, and ready to assess. One platform for every regulation you face.
The regulatory mapping is already done
AI Sigil ships with obligation-to-control mappings derived from the regulation text. Requirements trace to specific articles. Controls implement specific obligations. Assessment forms evaluate specific controls. You activate a framework and the full governance structure is there, linked end to end. No consultants. No manual configuration. No starting from a blank template.
Obligations that adapt to your role and your risk level
Are you the provider or the deployer? Is the system high-risk, limited-risk, or GPAI? These two dimensions determine everything: which obligations apply, which controls appear, which assessment questions are relevant. AI Sigil filters dynamically on both axes. A limited-risk deployer sees a fundamentally different compliance surface than a high-risk provider, automatically, from the same framework.
One platform for every regulation you face
You operate across jurisdictions. Each one brings its own AI regulation. AI Sigil lets you activate multiple frameworks on the same AI system, each with its own obligations, controls, and assessments. Your governance structure grows with your regulatory surface. Comply with one regulation today, add another tomorrow, without rebuilding anything.
FAQs
What does "activating a framework" mean?
Activating a framework connects a specific regulation or standard to one of your AI systems. The platform automatically creates the full governance structure for that combination: the regulatory requirements, the controls that implement them, and the assessment forms to evaluate compliance. Everything is scoped to the AI system’s risk classification and your role.
Which compliance frameworks does AI Sigil support?
AI Sigil currently supports the EU AI Act with two role-specific profiles: Provider and Deployer. Additional frameworks (ISO 42001, sector-specific standards) are on the roadmap. The architecture supports unlimited frameworks, each with its own obligation-to-control mapping.
What happens when I deactivate a framework?
All your controls, assessment answers, evidence, and documentation are preserved. Nothing is deleted. Only the rollout link is removed. If you reactivate the same framework later, everything reconnects to the existing data. No work is lost, no data is destroyed.
Can I activate the same framework as both Provider and Deployer?
Yes. Provider and Deployer are separate profiles under the same regulation. Each activates independently with its own set of obligations and controls. Controls that apply to both roles are shared, not duplicated.
How does AI Sigil differ from generic GRC tools?
Generic GRC tools require you to manually map regulations to controls and build your own assessment templates. AI Sigil ships the mapping built in, derived from the regulation text. Activation is one action, not a configuration project. Obligations are scoped to your exact classification and role, not a one-size-fits-all template.
How does risk-level scoping work?
Update the classification and controls re-filter immediately. Previously completed assessments are preserved in case the classification changes back or for audit purposes. No data is lost when reclassifying.
What if my AI system's classification changes?
Update the classification and controls re-filter immediately. Previously completed assessments are preserved in case the classification changes back or for audit purposes. No data is lost when reclassifying.
Can two frameworks share the same controls?
Yes. When a second framework requires a control that already exists from a prior activation, the existing control is reused. Each framework’s contributions are tagged separately. Deactivating one framework does not remove controls still needed by another.
How long does framework activation take?
Activation is a single operation that typically completes in under 2 seconds. It creates all requirements, controls, pages, and assessment forms in one transaction. No background jobs, no waiting.
Do I need to activate a framework before I can assess controls?
Yes. Controls exist within the context of a framework activation. The framework determines which controls apply and how they’re scoped. Without activation, there are no controls to assess.