A structured control framework was developed enabling organisations to map regulatory requirements (EU AI Act, ISO, or custom frameworks) to operational controls at organisation, workspace, use-case, and deployment level, including risk assessment, approval workflows, and periodic reviews.
An automated compliance evidence system covers the full AI lifecycle, including inference log archiving, guardrail violation tracking, metadata collection, and automated compliance checks, significantly reducing manual documentation burden.
A system for automated compliance evidence collection was developed, covering the full AI lifecycle from exploration through to retirement. This includes automated event and inference log archiving, guardrail violation tracking, key-value pair metadata collection, and automated binary and calculated compliance checks. This reduces manual documentation burden significantly.
Two Explainable AI (XAI) methods were developed and validated:
(1) a black-box method based on SHAP feature attribution, and
(2) a white-box method based on attention weights and gradient saliency, with specific implementation for generative Hugging Face models. Both methods were validated against EU AI Act requirements in collaboration with external legal and academic experts. A third XAI method targeting closed/inaccessible models is in development. Additionally, a bias detection pipeline was designed covering offline analysis, offline monitoring, online monitoring, and visualisation of sensitive attribute metrics.
A framework-agnostic model onboarding capability enables governance of any AI model (ML, GenAI, Agent) across Kubernetes (KServe), AzureML, and Sagemaker. Enterprise private cloud and hybrid SaaS architectures were validated with TVM, Novo Nordisk, and Healthplus.ai with multi-tenancy, role-based access control, and SSO.