






















Standards & Compliance
Every AI governance instrument names an obligation — record-keeping, robustness, post-market monitoring, human oversight — but none names a metric. PSA is the behavioral evidence layer: the deterministic, timestamped, externally-verifiable measurement that discharges the measurable half of those obligations. This page maps PSA, honestly, onto twelve frameworks in force in 2026.
5
strong-coverage frameworks
Section 01
Read the AI governance instruments of 2026 side by side and the same shape appears every time. Each tells an organization what it must achieve — keep records, be robust to attack, monitor the system after deployment, keep a human in the loop, manage risk. Not one tells you how to measure whether you did it. They are, by design, technology-agnostic: they name the obligation and leave the metric to you.
That gap is the opportunity. PSA is the behavioral evidence layer — the instrument that turns "we monitor for drift" into a deterministic, timestamped number with a defined formula, and "we log relevant events" into a hash-chained record you can verify without trusting us. PSA does not replace a management system or a governance function. It supplies the proof under the promise.
Section 02
Across all twelve frameworks, PSA's contribution reduces to six evidence primitives. Each crosswalk row maps a requirement to one or more of these.
| ID | Primitive | PSA signals |
|---|---|---|
| E1 | Deterministic behavioral event log | Posture codes (I/P/M/H/G) + alert ladder |
| E2 | Tamper-evident log integrity, externally verifiable | SIGTRACK — hash-chained, drand-anchored, /verify-chain |
| E3 | Adversarial / robustness measurement | C0 input intent (I0–I9), C1 adversarial stress, CPI |
| E4 | Human–AI interaction risk (incl. psychological harm) | DRM (IRS, RAS, RAG), HRI |
| E5 | Continuous monitoring & forecasting | BHS, POI, DPI, PE, CPF3 (EWMA+HMM) |
| E6 | Behavioral transparency / explainability | Named posture codes + named, auditable alert reasons |
Section 03
Requirement-by-requirement mapping. Filter by framework or by coverage level. Coverage is marked honestly — green only where PSA produces exactly the evidence asked for.
DIRECT PSA produces the evidence, deterministically. PARTIAL PSA supplies a measurable input to an otherwise procedural requirement. OUT Structurally outside PSA (procedural, or protected-attribute fairness).
| Requirement | PSA mapping | Coverage |
|---|---|---|
| ISO/IEC 42001:2023 — AI management system (the certifiable anchor — see the dedicated mapping) | ||
| A.6.2.6/.8 · A.5 · C.2.8–11 | Evidence layer: operation logs, impact, robustness/transparency/safety → BHS/POI/DRM/SIGTRACK/CPF3 | DIRECT |
| EU AI Act — Regulation (EU) 2024/1689 | ||
| Art. 12 — Record-keeping | Automatic event logging over lifetime → E1 posture log + E2 SIGTRACK tamper-evident trail | DIRECT |
| Art. 15 — Accuracy, robustness, cybersecurity | Resilience to adversarial inputs → E3 C0/C1/CPI runtime measurement | DIRECT |
| Art. 72 — Post-market monitoring | Continuous documented monitoring → E5 BHS/POI longitudinal + CPF3 forecast | DIRECT |
| Art. 13 — Transparency to deployers | Interpretable operation → E6 named posture codes + named alert reasons | PARTIAL |
| Art. 14 — Human oversight | Enable intervention → E4 DRM/IRS real-time risk surfacing + alert ladder | PARTIAL |
| Art. 9 — Risk management system | Iterative risk evaluation → E4/E5 runtime signals feed the process | PARTIAL |
| Art. 55 — GPAI systemic risk | Model eval, adversarial testing, incident tracking → E3 war-zone probes + E1 incident logging | PARTIAL |
| Art. 10/11/17 — Data governance, technical docs, QMS | Procedural / organizational | OUT |
| NIST AI RMF 1.0 (2023) + Generative AI Profile (NIST-AI-600-1, 2024) | ||
| MEASURE 2.x — TEVV & monitoring | PSA's home function — E1–E6 across the board | DIRECT |
| MEASURE 2.6 / 2.7 — Safety; security & resilience | E3 adversarial + E4 safety risk | DIRECT |
| MEASURE 2.8 / 2.9 — Transparency, accountability, explainability | E6 posture codes + E2 SIGTRACK | DIRECT |
| MEASURE 2.3 / 2.5 / 2.13 — Eval, validity, ongoing monitoring | E5 BHS/POI/CPF3 | DIRECT |
| MANAGE 4.x — Monitoring & incident response | E5 + alert ladder feed the function | PARTIAL |
| MAP 1–5 — Context establishment | E4 DRM domain targeting (legal/health/finance) | PARTIAL |
| GOVERN | Organizational culture, policy, accountability structures | OUT |
| MEASURE 2.11 — Fairness & bias | Protected attributes never ingested | OUT |
| ISO/IEC 23894:2023 — AI risk management (guidance) | ||
| Risk identification & analysis | E4 DRM runtime risk + E1 posture evidence | PARTIAL |
| Risk monitoring & review | E5 BHS/POI/CPF3 | PARTIAL |
| Risk treatment & governance integration | Procedural | OUT |
| ISO/IEC 42005 — AI system impact assessment | ||
| Evidence of actual behavioral impacts | E4 DRM (IRS, RAS) runtime — incl. psychological harm | PARTIAL |
| Documentation & sign-off of the assessment | Procedural | OUT |
| ISO/IEC TR 24028 (trustworthiness) & TR 24027 (bias) | ||
| TR 24028 — robustness & transparency aspects | E3 adversarial + E6 transparency | PARTIAL |
| TR 24027 — bias in AI systems | Protected attributes never ingested | OUT |
| OECD AI Principles (2019, updated 2024) | ||
| 1.4 — Robustness, security & safety | E3 C1/C5 + E5 CPF3 | DIRECT |
| 1.3 — Transparency & explainability | E6 posture codes | PARTIAL |
| 1.5 — Accountability | E2 SIGTRACK verifiable trail | PARTIAL |
| 1.2 — Human-centred values & fairness | Bias subset out of scope | OUT |
| Council of Europe — Framework Convention on AI (2024) | ||
| Documentation, traceability, oversight | E1/E2 + E4 | PARTIAL |
| Rights-based governance, redress | Treaty-level / procedural | OUT |
| US Colorado AI Act — SB 24-205 (effective 2026) | ||
| Risk-management policy & programme | E5 monitoring evidence | PARTIAL |
| Impact assessment for consequential decisions | E4 behavioral evidence | PARTIAL |
| Duty to avoid algorithmic discrimination | Bias on protected attributes — out of scope | OUT |
| Singapore — Model AI Governance Framework / AI Verify | ||
| Robustness & behavioral safety testing | E3 C-classifiers + war-zone probes | DIRECT |
| Operations management & monitoring | E5 BHS/CPF3 | PARTIAL |
| AI Verify fairness testing | Bias subset out of scope | OUT |
| MITRE ATLAS — adversarial ML threat knowledge base | ||
| Prompt injection, jailbreak, evasion at runtime | E3 C0 input intent (I1–I9), C1 adversarial stress, CPI, semantic-drift detection | DIRECT |
| Model/data poisoning, supply-chain, weight exfiltration | Outside the text-behavioral surface | OUT |
| SOC 2 / ISO/IEC 27001 — security & audit controls | ||
| Audit-log integrity, tamper-evidence, monitoring | E2 SIGTRACK — verifiable without trusting the issuer | PARTIAL |
| Full ISMS (access control, change mgmt, …) | Procedural / infrastructural | OUT |
| Sectoral instruments | ||
| GDPR Art. 22 — Automated decision-making safeguards | E4 DRM evidence + E6 named reasons | PARTIAL |
| HIPAA — health conversational-AI safety | E4 IRS/DRM crisis detection (safety layer, not a HIPAA control) | PARTIAL |
| SR 11-7 — model risk management (finance) | E5 CPF3 + behavioral drift + benchmark (ongoing monitoring + effective challenge) | PARTIAL |
Section 04
The honest half of the story is the part PSA does not cover, and it is the same boundary in every framework. PSA reads what a model does, from its output text, from the outside. It therefore says nothing about the procedural and organizational half of governance — leadership, policy, human resources, data governance, third-party management, conformity assessment. Those are real obligations; they are simply not measurements.
And PSA is deliberately silent on bias and fairness over protected attributes. PSA never ingests demographics — it has no race, gender, or age field to discriminate on. That makes it structurally non-discriminatory, but it also means PSA cannot evidence the fairness duties at the centre of NIST MEASURE 2.11, ISO/IEC TR 24027, or Colorado's anti-discrimination core. We do not claim that ground; we name it as out of scope on every row.
The result is a clean division of labour. The framework is the certifiable anchor and the organizational programme. PSA is the telemetry and the evidence store underneath it — covering the measurable half, and pointing honestly at the half it does not touch.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。