AI Compliance Framework Activation, Pre-Mapped Per AI System
AI compliance framework activation maps obligations, controls, and assessments to each of your AI systems automatically. The AI compliance framework you activate adapts to your role and your risk level, then produces the governance structure ready to assess. One platform for every regulation you face.
The AI compliance framework mapping is already done
AI Sigil’s AI compliance framework ships with obligation-to-control mappings derived from the regulation text. Requirements trace to specific articles. Controls implement specific obligations. Assessment forms evaluate specific controls. You activate a framework and the full governance structure is there, linked end to end. No consultants. No manual configuration. No starting from a blank template.
Obligations that adapt to your role and your risk level
Are you the provider or the deployer? Is the system high-risk, limited-risk, or GPAI? These two dimensions determine everything: which obligations apply, which controls appear, which assessment questions are relevant. The AI compliance framework filters dynamically on both axes. A limited-risk deployer sees a fundamentally different compliance surface than a high-risk provider, automatically, from the same framework.
One platform for every AI compliance framework you face
You operate across jurisdictions. Each one brings its own AI regulation. The AI compliance framework engine lets you activate multiple regulations on the same AI system, each with its own obligations, controls, and assessments. Your governance structure grows with your regulatory surface. Comply with one regulation today, add another tomorrow, without rebuilding anything.
AI compliance frameworks supported in AI Sigil
The first AI compliance framework activated in AI Sigil is the EU AI Act, with two role-specific profiles: provider and deployer. The framework ships with obligation-to-control mappings derived from the full text of the regulation, including Annex III high-risk classifications and Article 53 and 55 GPAI requirements.
The ISO/IEC 42001 AI compliance framework is next on the roadmap. It establishes the requirements for an AI management system, including planning (Clause 6), operation (Clause 8), and continual improvement (Clause 10). Activating this AI compliance framework brings in the Annex A controls mapped to your specific scope.
The NIST AI Risk Management Framework follows, with its four core functions: Govern, Map, Measure, Manage. Each function becomes a layer in the AI compliance framework, with controls and assessments scoped to your AI system’s risk classification.
The architecture supports unlimited AI compliance frameworks, each with its own obligation-to-control mapping. Adding a new regulation does not require rebuilding existing activations: controls shared across frameworks are reused rather than duplicated, so your AI system carries one assessment burden, not one per regulation.
FAQs
What does activating an AI compliance framework mean?
Activating an AI compliance framework connects a specific regulation or standard to one of your AI systems. The platform automatically creates the full governance structure for that combination: the regulatory requirements, the controls that implement them, and the assessment forms to evaluate compliance. Everything is scoped to the AI system’s risk classification and your role.
Which compliance frameworks does AI Sigil support?
AI Sigil’s AI compliance framework currently supports the EU AI Act with two role-specific profiles: Provider and Deployer. Additional frameworks (ISO 42001, sector-specific standards) are on the roadmap. The architecture supports unlimited frameworks, each with its own obligation-to-control mapping.
What happens when I deactivate a framework?
All your controls, assessment answers, evidence, and documentation are preserved. Nothing is deleted. Only the rollout link is removed. If you reactivate the same framework later, everything reconnects to the existing data. No work is lost, no data is destroyed.
Can I activate the same framework as both Provider and Deployer?
Yes. Provider and Deployer are separate profiles under the same regulation. Each activates independently with its own set of obligations and controls. Controls that apply to both roles are shared, not duplicated.
How does AI Sigil differ from generic GRC tools?
Generic GRC tools require you to manually map regulations to controls and build your own assessment templates. AI Sigil’s AI compliance framework ships the mapping built in, derived from the regulation text. Activation is one action, not a configuration project. Obligations are scoped to your exact classification and role, not a one-size-fits-all template.
How does risk-level scoping work?
Update the classification and controls re-filter immediately. Previously completed assessments are preserved in case the classification changes back or for audit purposes. No data is lost when reclassifying.
What if my AI system's classification changes?
Update the classification and controls re-filter immediately. Previously completed assessments are preserved in case the classification changes back or for audit purposes. No data is lost when reclassifying.
Can two frameworks share the same controls?
Yes. When a second framework requires a control that already exists from a prior activation, the existing control is reused. Each framework’s contributions are tagged separately. Deactivating one framework does not remove controls still needed by another.
How long does framework activation take?
Activation is a single operation that typically completes in under 2 seconds. It creates all requirements, controls, pages, and assessment forms in one transaction. No background jobs, no waiting.
Do I need to activate a framework before I can assess controls?
Yes. Controls exist within the context of a framework activation. The framework determines which controls apply and how they’re scoped. Without activation, there are no controls to assess.