The Enterprise Control Index

APPARENS  ·  v7.1  ·  JULY 2026
i-DEPOT 158508  ·  BOIP  ·  CC BY-NC-ND 4.0
CTO
Chief Technology Officer
AI technology strategy, platform selection and build/consume posture
CDO
Chief Data Officer
Data governance, regulatory readiness and evidence integrity
CISO
Chief Info Security Officer
AI-specific threat modelling and security controls
CFO
Chief Financial Officer
AI cost governance, ROI validation and CSRD reporting
EA
Enterprise Architect
Cross-layer integration and architecture coherence
DPO
Data Protection Officer
GDPR compliance, DPIA and data subject rights in AI
PROC
Procurement
Third-party AI governance and vendor concentration risk
LEGAL
Legal / Compliance
AI Act operator-role classification and obligation mapping
Layer-1 decidability  Decidable — a source-anchored rule can settle it  Partly decidable — a gate is mechanical, the substance is judgement  Judgement — no honest rule Dot = where the rule/judgement boundary lies. Open a control to see its boundary and EU AI Act phase-in date. Deciding it for your systems is the app.
CONTROL INDEX FORENSIC EXPOSURE
5 Existential
4 Critical
3 Significant
2 Contained
1 Localised
FRAMEWORK
GLOSSARY
BOUNDARY RULES
ARTIFACTS
RUNTIME
CROSSWALK
AGENTIC PACK
REFERENCES

Alignment on Value

L1Strategy & Accountability
Decision rights · Risk appetite · Operator-role classification · IP policy
L2Ethics & Fairness
Fairness metrics · Bias testing · FRIA · Contestability · RAI Board
PEOPLE & SKILLS

L3

People, Skills &
Operating Model
HUMAN PLANE
Roles · Competencies · Training · Operating model
AI TECHNOLOGY STACK
L4Applications & AgentsUSER PLANE
Enterprise assistants, domain agents and agentic AI application controls
L5AI EngineeringPRODUCTION PLANE
Model lifecycle · Prompt engineering · Evaluation · Testing · Production hardening
L6Data, Context & GovernanceKNOWLEDGE PLANE
Vectors · Lineage · Classification · Consent · GDPR · Synthetic data
L7Systems & SourcesINTEGRATION PLANE
Where AI connects to the organisation's source of truth
L8InfrastructurePHYSICAL PLANE
Compute · Network · Storage · Identity · Sovereign cloud
CONTROL & SUPPORT SHIELD
S1GRC
Governance spine · Evidence · Compliance
S2AI Security & IR
Threat defence · Incident response · Zero trust
S3Supply Chain
Vendor governance · Value chain · Concentration risk
S4Observability
Continuous assurance · Drift · Post-market monitoring
S5FinOps
Cost governance · Token economics · Carbon reporting
Glossary of Terms
Formal definitions using ISO vocabulary discipline where available. All terms are used consistently throughout this specification.
Boundary Rules
When two teams could both own a control, who actually does? These rules prevent governance dead zones — the gaps where nobody is accountable and incidents go unowned.
EXTENSION RULE
Layers may be extended with additional components. New components must pass three tests: (1) Does this belong to an existing layer? (2) Does it duplicate an existing component? (3) Is the evidence output defined?
MOVEMENT RULE
Components may not move between layers without a documented rationale and a boundary rule update. The framework version number increments when boundary rules change.
SCOPE, LIMITATIONS & DISCLAIMERS
IN SCOPE
  • Enterprise AI governance for organisations that develop, deploy, or consume AI systems
  • Full AI lifecycle: strategy, design, development, deployment, monitoring, decommissioning
  • Both build posture (training, fine-tuning, custom models) and consume posture (APIs, SaaS, vendor models)
  • All AI system types: predictive, generative, agentic, multi-agent
  • Aligned with EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP LLM + Agentic Top 10
  • Technology-agnostic: framework applies regardless of model provider, cloud platform, or deployment pattern
OUT OF SCOPE
  • AI research governance (pre-commercialisation, lab environments, academic research)
  • Clinical trial AI governance (covered by Medical Devices Regulation MDR / IVDR)
  • Military and defence AI governance (covered by national security frameworks)
  • Sector-specific AI regulations beyond the EU AI Act horizontal framework (e.g., financial services prudential requirements, telecommunications-specific rules)
  • Implementation services, system integration, or technical deployment guidance
  • AI model selection, benchmarking, or technical performance optimisation
LIMITATIONS & DISCLAIMERS
Not legal advice. This framework provides governance architecture. It does not substitute for legal advice on jurisdiction-specific obligations. Organisations must obtain qualified legal counsel for compliance determinations.
Not an audit. The maturity self-assessment provides an indicative view of implementation status. It is not a substitute for formal internal audit, external certification (ISO/IEC 42001 via ISO/IEC 42006), or regulatory conformity assessment.
Regulatory landscape evolving. The EU AI Act Omnibus (7 May 2026 political agreement) may change high-risk timelines. CEN-CENELEC harmonised standards are in development. The Legal Register (S1) exists specifically to track these transitions.
Framework, not product. Apparens publishes the framework (CC BY-NC-ND 4.0), writes the book, and conducts adversarial review. The organisation implements. The auditor audits. The regulator regulates. These roles are deliberately separated.
Mandatory Artifacts
Without defined artifacts, governance is aspiration. Eight mandatory outputs — click any for the full specification including trigger, contents, regulatory basis, gates, and evidence.
Runtime Oversight
Every layer and shield control is design-time or point-in-time. This plane adds the controls that ask whether the oversight loop actually closes for agentic AI. Three families: enforcement, sensing, and client-side typing.
Standards Crosswalk
Clause-level mappings from four primary standards to framework layers, shields, and evidence artifacts. These mappings substantiate alignment claims with traceability — not "aligned with" claims, but article-to-control-to-evidence chains.
ISO/IEC 42001
NIST AI RMF
EU AI Act
Related Standards
ISO/IEC 42001:2023 — Requirements for an AI Management System (AIMS). Plan-Do-Check-Act structure mapped to framework layers and shields.
P Plan
  • Strategy (L1): Policy, context, leadership (§4, §5)
  • GRC (S1): Risk assessment process (§6.1)
  • Ethics (L2): AI impact assessment (§6.1.4)
  • GRC (S1): Objectives & planning (§6.2)
  • Supply Chain (S3): Supply chain planning (§6.1.5)
  • Strategy (L1): AI Actor Classification + Legal Register
D Do
  • Production (L5): AI system development controls (§8)
  • Knowledge (L6): Data governance, synthetic data (§8.4)
  • People (L3): Competence & awareness (§7.2, §7.3)
  • User Plane (L2): System deployment, agent declarations (§8.6)
  • Security (S2): Security controls, multi-agent (§8.5)
C Check
  • Observability (S4): Performance evaluation, PMM (§9.1)
  • GRC (S1): Internal audit (§9.2)
  • GRC (S1): Management review (§9.3)
  • ART-04: Ongoing eval cadence report
  • Ethics (L2): Fairness monitoring handshake with S4
A Act
  • GRC (S1): Nonconformity & corrective action (§10.1)
  • Security (S2) + ART-08: Incident learning (§10.2)
  • GRC (S1): Continual improvement (§10.3)
  • People (L3): Capability uplift post-incident
ClauseRequirementFramework mappingEvidence
§4.1–4.4Context, interested parties, scope, AIMSStrategy (L1) + AI Actor ClassificationPolicy document, scope statement, AI Actor Register
§5.1–5.3Leadership, policy, roles & responsibilitiesStrategy (L1) + People (L3) RACISigned policy, RACI matrix, board resolution
§6.1.2AI risk assessment processGRC (S1) Risk & Impact AssessmentsART-06 Risk Acceptance Record
§6.1.4AI impact assessment (societal, ethical)Ethics (L2) FRIA + GRC (S1)DPIA/FRIA report
§6.1.5Supply chain AI riskSupply Chain (S3)ART-07 Supplier Assurance Pack
§7.2–7.3Competence, awareness, communicationPeople (L3) AI Literacy + AcademiesTraining records, competence assessments
§8.4Data for AI systemsKnowledge (L6) + Synthetic Data Gov.ART-02 Dataset Datasheet
§8.5Information security for AISecurity (S2) + Multi-Agent OrchestrationRed team reports, adversarial test results
§8.6AI system operationUser (L4) + Production (L5)ART-01 System Card, ART-03 Eval Plan, ART-05 Agent Declaration
§9.1Monitoring, measurement, evaluationObservability (S4) + PMM SystemART-04 Ongoing Evaluation Cadence
§9.2Internal auditGRC (S1) Evidence FactoryAudit logs, audit report
§10.1–10.3Nonconformity, corrective action, improvementSecurity (S2) IR + GRC (S1)ART-08 AI Incident Report
NIST AI RMF 1.0 (AI 100-1, Jan 2023) + Generative AI Profile (AI 600-1, Jul 2024). Four core functions: GOVERN, MAP, MEASURE, MANAGE. RAG-specific governance actions from AI 600-1 mapped separately.
FunctionOutcomeFramework mappingEvidence
GOVERN 1Policies, processes, procedures establishedStrategy (L1) + GRC (S1) Policy-as-CodeGovernance corpus, risk appetite statement
GOVERN 2Accountability structures and cultureStrategy (L1) Executive Accountability + People (L3)RACI, board resolution, capability records
GOVERN 3Workforce AI risk management culturePeople (L3) AI Champions + Ethics (L2) RAI BoardTraining records, review board minutes
GOVERN 5Third-party risk governanceSupply Chain (S3)ART-07 Supplier Assurance Pack
GOVERN 6AI risk management policiesGRC (S1) + Ethics (L2) + Legal RegisterPolicy register, norms documentation, legal register
MAP 1Context established and understoodStrategy (L1) + GRC (S1) AI System InventorySystem inventory, AI Actor Register
MAP 2Categorisation of AI risksEthics (L2) Fairness Metrics RegistryMetric selection rationale (signed by RAI Board)
MAP 3AI benefits and risks mappedGRC (S1) Risk & Impact AssessmentsDPIA/FRIA report
MAP 5Likelihood and severity evaluatedGRC (S1) + Ethics (L2) + Strategy (L1) Risk AppetiteART-06 Risk Acceptance Record
MEASURE 1Risk measurement approachesEthics (L2) Fairness Metrics + Observability (S4)ART-03 Evaluation Plan, ART-04 Cadence Report
MEASURE 2AI systems evaluated for riskObservability (S4) + Production (L5) Release GatesART-03 Release criteria results
MEASURE 4Post-deployment risk monitoredObservability (S4) Drift + HITL + PMM SystemART-04 Ongoing Evaluation
MANAGE 1Risks prioritised and treatedGRC (S1) + Security (S2) ControlsRisk register, treatment plans
MANAGE 4Incidents and errors reportedSecurity (S2) IR + People (L3) TrainingART-08 AI Incident Report
AI 600-1 AgenticAutonomous action, tool use, multi-step reasoningUser (L4) ART-05 + S2 Multi-Agent + Agentic PackART-05 Agent Control Declaration
AI 600-1 MS-2.5-005Verify RAG data provenance and groundingKnowledge (L6) Context Injection + Data LineageRAG permission config, lineage graph
AI 600-1 MG-3.1-003Re-assess model risks after RAG implementationGRC (S1) Lifecycle Workflow + Observability (S4)ART-03 refresh post-RAG deployment
AI 600-1 MG-3.2-002Document RAG adaptations and configurationsProduction (L5) Prompt & RAG GovernanceRAG configuration documentation
EU AI Act (Regulation (EU) 2024/1689). Application: (a) Chapters I-II from 2 Feb 2025; (b) GPAI from 2 Aug 2025; (c) Art. 6(2) high-risk from 2 Aug 2026; (d) Art. 6(1) from 2 Aug 2027. AI Act Omnibus (7 May 2026) proposes postponing (c) to Dec 2027, (d) to Aug 2028.
ArticleObligationApplies toFramework mappingEvidence
Art. 3(1), 3(63)AI system and GPAI model definitionsAll actorsStrategy (L1) AI Actor ClassificationAI Actor Register with operator role per system
Art. 9Risk management system for high-risk AIProviderGRC (S1) + Ethics (L2) + Observability (S4)ART-06 Risk Acceptance + ART-04 Cadence
Art. 9(2)(c); Art. 72Post-market monitoring systemProviderObservability (S4) PMM SystemART-04 Cadence Report, PMM plan
Art. 10Data and data governanceProviderKnowledge (L6) + Synthetic Data Gov.ART-02 Dataset Datasheet
Art. 11 + Annex IVTechnical documentationProviderGRC (S1) Evidence Factory + Production (L5)ART-01 System Card + documentation set
Art. 12Record-keeping and loggingProviderGRC (S1) Evidence FactoryAudit logs, evidence chain
Art. 14Human oversight measuresProvider + DeployerObservability (S4) HITL + User (L4) ART-05ART-05 with human oversight pattern field
Art. 15Accuracy, robustness, cybersecurityProviderSecurity (S2) + Observability (S4) + Production (L5)Red team reports, ART-03 Eval Plan
Art. 17Quality management systemProviderISO 42001 AIMS (full PDCA)Full AIMS evidence set
Art. 25–28Value chain obligationsAll value chain actorsSupply Chain (S3) + Strategy (L1) AI Actor ClassificationART-07 + value chain obligation matrix
Art. 26Deployer obligations — monitoring, reportingDeployerPeople (L3) + Observability (S4)ART-04 + People RACI + PMM plan
Art. 27Fundamental rights impact assessmentPublic bodies + certain deployersEthics (L2) FRIA + GRC (S1)FRIA report with DPO + RAI Board sign-off
Art. 49EU database registrationProvider + DeployerGRC (S1) AI System InventoryRegistration confirmation
Art. 50Transparency — AI interaction disclosureProvider + DeployerUser (L4) Art. 50 DisclosureDisclosure mechanism evidence
Art. 51–56GPAI model obligationsGPAI providerSupply Chain (S3) + GPAI Code of PracticeART-07 + GPAI compliance documentation
Art. 73Serious incident reporting (15 days)Provider + DeployerSecurity (S2) IR + Observability (S4) PMMART-08 AI Incident Report
Art. 86Right to explanation for AI decisionsDeployerEthics (L2) Contestability & RecourseContestability mechanism documentation
Art. 95GPAI transparency (model cards)GPAI providerSupply Chain (S3) + ART-01ART-01 (requested from vendor)
Agentic AI Control Pack
Agentic and LLM systems introduce risk multipliers not present in conventional software: autonomous multi-step reasoning, tool invocation, memory, and non-deterministic outputs. This pack maps OWASP LLM Top 10 v2025.1 + Agentic Applications 2026 threats to framework controls.
References
Standards, regulations, and academic foundations. All references are cited at clause or article level in the framework controls and crosswalk.