SWT3 AI Witness Procedures -- Machine-Readable Compliance Evidence for AI Systems
This document defines the Universal Control Taxonomy (UCT) for AI Witness procedures within the SWT3 protocol. Each procedure specifies a discrete, witnessable compliance event with machine-readable factor semantics, deterministic evaluation rules, and cross-references to applicable regulatory frameworks.
The UCT Registry serves as the canonical reference for:
uct-registry.json (Apache 2.0) and can be consumed programmatically by GRC tools,
CI/CD pipelines, and audit platforms.
Every SWT3 Witness Anchor is minted using the following locked formula:
SHA256("WITNESS:" + tenant_id + ":" + procedure_id + ":" + factor_a + ":" + factor_b + ":" + factor_c + ":" + timestamp_ms).hex()[0:12]
This formula is protocol-locked and implemented with cross-language parity across Python, TypeScript, Rust, C#, and Ruby SDKs. Test vectors ensure deterministic output across all implementations.
SWT3 defines four clearing levels that control the information density of witness payloads:
| Level | Name | Behavior |
|---|---|---|
| 0 | Analytics | Full context, model ID, prompt/response hashes |
| 1 | Standard | Context preserved, suitable for most deployments |
| 2 | Sensitive | Context stripped, factors and fingerprint preserved |
| 3 | Classified | Factors and fingerprint only, no contextual metadata |
CJT fields (jurisdiction, legal_basis, purpose_class) survive all clearing levels. Context fields (ai_context) are stripped at Level 2+.
The UCT Registry cross-references procedures to the following regulatory frameworks and standards:
| Identifier | Full Name | Jurisdiction |
|---|---|---|
| EU-AI-ACT | EU Artificial Intelligence Act (Regulation 2024/1689) | European Union |
| GDPR | General Data Protection Regulation (2016/679) | European Union |
| GPAI-CoP | GPAI Code of Practice (July 2025) | European Union |
| NIST-AI-RMF | NIST AI Risk Management Framework (AI 100-1) | United States |
| NIST-AI-100-2 | NIST AI 100-2 Adversarial ML Taxonomy | United States |
| NIST-800-53 | NIST SP 800-53 Rev 5 Security Controls | United States |
| EO-14110 | Executive Order on Safe AI (Oct 2023) | United States |
| EO-14028 | Executive Order on Cybersecurity (May 2021) | United States |
| G7-CISA | G7/CISA SBOM for AI Minimum Elements (May 2026) | International |
Procedures are grouped by namespace. Each procedure defines three factors (A, B, C) with semantic labels, regulatory references, and a deterministic evaluation expression.
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-ACC.1 | Agent Access Control Witnessing |
A: resource_hash
B: scope_hash
C: outcome
|
factor_a != '' and factor_b != '' | Art.9(4)(c) MANAGE 2.4 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-BASE.1 | Agent Behavioral Baseline |
A: dimensions_measured
B: within_envelope
C: mode_code
|
factor_b == 1 or factor_c == 0 or factor_c == 3 | Art.9(2)(b) MEASURE 2.6 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-CHAIN.1 | Multi-Agent Chain Handoff |
A: chain_depth
B: cycle_bound
C: accepted
|
factor_c == 1 | Art.9 GOVERN 1.3 |
| AI-CHAIN.2 | Chain Trust Degradation |
A: previous_trust
B: new_trust
C: degradation_delta
|
factor_c >= 0 | Art.9 GOVERN 1.3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-CHR.1 | Agent Charter Registration |
A: capabilities_declared
B: constraints_declared
C: charter_hash_present
|
factor_a > 0 | Art.13 GOVERN 1.7 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-CONSENT.1 | Data Subject Consent |
A: subjects_covered
B: legal_basis_code
C: withdrawal_available
|
factor_a > 0 | Art.6/7 Art.10 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-DATA.1 | Training Data Provenance |
A: provenance_required
B: provenance_documented
C: reserved
|
factor_b >= factor_a | Art.10(2)(a) MAP 3.5 |
| AI-DATA.2 | Training Data License Compliance |
A: license_check_required
B: license_verified
C: reserved
|
factor_b >= factor_a | Art.10(2)(a) GOVERN 1.7 |
| AI-DATA.3 | Training Data Statistics |
A: row_count
B: feature_count
C: class_balance_ratio
|
factor_a > 0 && factor_b > 0 | Art.10(3) MAP 4.1 |
| AI-DATA.4 | Training Data PII Lifecycle |
A: records_affected
B: event_completed
C: event_type_code
|
factor_b >= 1 | Art.10(5) Art.25 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-ENV.1 | Runtime Environment Attestation |
A: env_hash_present
B: container_isolated
C: runtime_type_code
|
factor_a == 1 | Art.11 GOVERN 1.2 |
| AI-ENV.2 | Dependency Manifest Attestation |
A: dependencies_count
B: all_pinned
C: vulnerabilities_known
|
factor_b == 1 | Art.11 Sec.4 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-EXPL.1 | Explanation Generation |
A: explanation_required
B: explanation_provided
C: reserved
|
factor_b >= factor_a | Art.13(1) MEASURE 2.5 |
| AI-EXPL.2 | Confidence Scoring |
A: min_confidence_threshold
B: model_confidence
C: reserved
|
factor_b >= factor_a | Art.13(3)(b)(ii) MAP 2.3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-FAIR.1 | Bias Disparity Measurement |
A: max_disparity_ratio
B: observed_disparity
C: protected_class_count
|
factor_b <= factor_a | Art.10(2)(f) MEASURE 2.5 |
| AI-FAIR.2 | Fairness Calibration |
A: min_fairness_score
B: actual_fairness_score
C: reserved
|
factor_b >= factor_a | Art.9(4)(a) MAP 2.3 |
| AI-FAIR.3 | Bias Audit Witnessing |
A: groups_tested
B: disparities_found
C: max_disparity_pct
|
factor_a > 0 | Art.10(2)(f) MAP 2.3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-GOV.1 | AI Acceptable Use Policy |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.9 GOVERN 1.1 PL-4 |
| AI-GOV.2 | Employee AI Training |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.4 GOVERN 2.1 AT-2 |
| AI-GOV.3 | Approved Model Registry |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.49 MAP 1.1 CM-8 |
| AI-GOV.4 | Shadow AI Incident Response |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.26 GOVERN 1.5 IR-4 |
| AI-GOV.5 | Third-Party AI Vendor Assessment |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.25 GOVERN 6.1 SA-4 |
| AI-GOV.6 | AI Risk Management Scope Definition |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.17 GOVERN 1.3 PM-9 |
| AI-GOV.7 | AI Governance Resource Allocation |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | GOVERN 2.2 PM-3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-GRD.1 | Guardrail Enforcement — Required Safety Filters Active |
A: guardrails_required
B: guardrails_active
C: reserved
|
factor_b >= factor_a | Art.9(2)(a) |
| AI-GRD.2 | Content Safety Filter — Output Classification Passed |
A: content_safety_required
B: content_safety_passed
C: reserved
|
factor_b >= factor_a | Art.15(3) |
| AI-GRD.3 | PII Redaction |
A: redaction_required
B: redaction_active
C: reserved
|
factor_b >= factor_a | Art.10(2)(f) GOVERN 1.7 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-HITL.1 | Human Review Completion |
A: review_required
B: review_completed
C: reserved
|
factor_b >= factor_a | Art.14(1) GOVERN 1.1 |
| AI-HITL.2 | Human Override Event Tracking |
A: override_logging_required
B: override_logged
C: reserved
|
factor_b >= factor_a | Art.14(4)(d) MANAGE 4.1 |
| AI-HITL.3 | Overseer Identity Capture - Reviewer Identified Per Decision |
A: identity_capture_required
B: identity_captured
C: reserved
|
factor_b >= factor_a | Art.12(2)(d) |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-HW.1 | Hardware Runtime Attestation |
A: gpu_count
B: memory_gb
C: accelerator_type_code
|
factor_a > 0 | Art.11 GOVERN 1.2 |
| AI-HW.3 | TPM Platform Attestation |
A: pcr_count
B: quote_verified
C: tpm_version_code
|
factor_b == 1 | GOVERN 1.2 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-ID.1 | Agent Identity Assertion |
A: agent_id_hash
B: signature_present
C: reserved
|
factor_a != '' and factor_b == 1 | Art.12(1) MAP 1.1 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-IMPACT.1 | AI Societal Impact Assessment |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | MAP 5.2 RA-3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-INF.1 | Inference Provenance — Prompt/Response Hash Capture |
A: provenance_required
B: provenance_captured
C: reserved
|
factor_b >= factor_a | Art.12(1) |
| AI-INF.2 | Inference Latency — Response Time Within Threshold |
A: latency_threshold_ms
B: measured_latency_ms
C: reserved
|
factor_b <= factor_a | Art.12(2) |
| AI-INF.3 | Inference Volume - Hourly Rate Governance |
A: max_inferences_hour
B: actual_inferences
C: reserved
|
factor_b <= factor_a | Art.12(1) GOVERN 2.1 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-IR.1 | AI Incident Response Capability |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | MANAGE 3.1 IR-8 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-LIC.1 | License Provenance |
A: components_checked
B: all_compliant
C: license_type_code
|
factor_b == 1 | Art.53(1)(d) GOVERN 1.7 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-LOG.1 | Log Retention Compliance - Minimum 180-Day Retention Verified |
A: min_retention_days
B: actual_retention_days
C: reserved
|
factor_b >= factor_a | Art.12(3) |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-MARK.1 | Content Provenance Marking |
A: content_count
B: metadata_attached
C: content_type_code
|
factor_a > 0 | Art.50(2) Transparency |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-MDL.1 | Model Weight Integrity — Deployed Hash Matches Approved |
A: model_integrity_required
B: model_identity_verified
C: reserved
|
factor_b >= factor_a | Art.9(4)(a) |
| AI-MDL.2 | Model Version Tracking — Version Identifier Recorded |
A: version_tracking_required
B: version_recorded
C: reserved
|
factor_b >= factor_a | Art.12(2)(b) |
| AI-MDL.3 | Model Drift Detection |
A: drift_threshold
B: drift_score
C: reserved
|
factor_b <= factor_a | Art.72(1) MEASURE 2.6 |
| AI-MDL.4 | Feedback Loop Control - Training Data Isolation From Biased Outputs |
A: feedback_isolation_required
B: feedback_isolation_active
C: reserved
|
factor_b >= factor_a | Art.15(4) |
| AI-MDL.5 | Weight File Integrity |
A: file_size_mb
B: hash_match
C: format_code
|
factor_b == 1 | Art.11 GOVERN 1.2 |
| AI-MDL.6 | Adapter Stack Attestation |
A: adapter_count
B: all_verified
C: adapter_type_code
|
factor_b == 1 | Art.11 GOVERN 1.2 |
| AI-MDL.7 | Quantization Attestation |
A: original_bits
B: quantized_bits
C: method_code
|
factor_b > 0 | MEASURE 2.6 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-MULTI.1 | Multi-Agent Delegation |
A: delegation_depth
B: permissions_granted
C: time_bound_minutes
|
factor_a >= 0 | Art.9 GOVERN 1.3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-RAG.1 | Context Retrieval Provenance |
A: chunks_retrieved
B: corpus_hash_present
C: avg_similarity
|
factor_a > 0 | Art.13 MAP 2.3 |
| AI-RAG.2 | Context Relevance Scoring |
A: chunks_above_threshold
B: total_chunks
C: threshold_pct
|
factor_a > 0 | Art.13 MEASURE 2.5 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-REDTEAM.1 | Adversarial Test Campaign |
A: tests_executed
B: tests_passed
C: coverage_category_code
|
factor_a > 0 and factor_b / factor_a >= 0.8 | Art.9(7) Sec.4.2 Red Teaming |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-REV.1 | Anchor Revocation |
A: revoked_fingerprint_hash
B: reason_code
C: reserved
|
factor_a != '' and factor_b >= 0 and factor_b <= 6 | Art.14(4)(d) Art.17 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-RISK.1 | AI Risk Identification and Categorization |
A: attestation_required
B: attested
C: reserved
|
factor_b >= factor_a | Art.9 MAP 2.1 RA-2 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-SAFE.1 | Safe State Transition |
A: trigger_code
B: actions_suspended
C: recovery_available
|
factor_b >= 0 | Art.9(4)(b) |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-SBOM.1 | AI Bill of Materials |
A: total_components
B: clusters_documented
C: format_code
|
factor_a > 0 and factor_b >= 3 | Art.11 SBOM-AI Sec.4 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-SEC.1 | Adversarial Threat Detection |
A: threats_checked
B: threats_detected
C: blocked
|
factor_a > 0 and factor_b == 0 | Art.15(4) MANAGE 2.3 |
| AI-SEC.2 | Input Validation and Sanitization |
A: validators_required
B: validators_passed
C: input_rejected
|
factor_b >= factor_a | Art.15(3) MANAGE 2.3 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-SKILL.1 | Skill Manifest Attestation |
A: skills_declared
B: manifest_hash_present
C: skills_validated
|
factor_a > 0 | Art.9 GOVERN 1.7 |
| AI-SKILL.2 | Memory Context Binding |
A: memory_entries
B: context_hash_present
C: memory_source_code
|
factor_a >= 0 | MEASURE 2.5 |
| AI-SKILL.3 | Reward Model Binding |
A: reward_score
B: threshold_met
C: reward_model_hash
|
factor_b == 1 | MEASURE 2.6 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-TOOL.1 | Tool Call Witnessing |
A: tool_name_hash
B: args_hash
C: outcome
|
factor_a != '' and factor_b != '' | Art.12(1) GOVERN 1.7 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-TRUST.1 | Trust Verification |
A: trust_level
B: checks_passed
C: checks_total
|
factor_a > 0 | Art.9 GOVERN 1.5 |
| AI-TRUST.2 | Trust Credential Presentation |
A: trust_level
B: signed
C: procedures_witnessed
|
factor_a > 0 | Art.9 GOVERN 1.5 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-VIO.1 | Policy Violation Record |
A: violation_type_code
B: severity
C: auto_remediated
|
factor_a >= 0 | Art.9 MANAGE 4.1 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-AUDIT.1 | Audit Log Integrity |
A: entries_checked
B: integrity_verified (1=yes, 0=no)
C: log_format_code (0=jsonl, 1=syslog, 2=otel, 3=custom)
|
factor_b == 1 | Art.12 Art.30 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-ASSESS.1 | Champion-Challenger Assessment Witnessing |
A: inputs_processed
B: max_divergence_observed (x1000 scale)
C: acceptance_threshold_breached (1=yes, 0=no)
|
factor_c == 0 | Art.15 MAP 2.3 SA-11 IV.A |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-AUTO.1 | Automated Decision Notification |
A: decisions_made
B: human_reviewed
C: decision_type_code (0=credit, 1=employment, 2=insurance, 3=benefits, 4=legal)
|
factor_a >= 0 (informational) | Art.22 Art.14 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-CYBER.1 | Cybersecurity Assessment |
A: controls_assessed
B: compliant
C: framework_code (0=nist_csf, 1=iso27001, 2=owasp, 3=cis, 4=custom)
|
factor_b == factor_a | Art.15(4) NIST-CSF Core |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-DPIA.1 | Data Protection Impact Assessment |
A: risks_identified
B: mitigated
C: processing_type_code (0=profiling, 1=automated_decision, 2=large_scale_monitoring, 3=sensitive_data, 4=public_area)
|
factor_b >= factor_a * 0.8 | Art.35 Art.27 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-DRIFT.1 | Model Drift Detection |
A: metrics_evaluated
B: drifted
C: drift_type_code (0=data, 1=concept, 2=prediction, 3=feature, 4=label, 5=prior_probability)
|
factor_b == 0 | Art.9(2)(b) MEASURE 2.6 |
| AI-DRIFT.2 | Consequence-Mapped Drift Threshold Response |
A: drift_magnitude (PSI/KL divergence)
B: consequence_category (0=safety, 1=environmental, 2=financial, 3=operational, 4=reputational)
C: response_action (0=notify, 1=monitor, 2=throttle, 3=circuit-break, 4=failover, 5=shutdown)
|
factor_c >= factor_b | Art.9(2)(b) MEASURE 2.6 SI-2 IV.A |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-DUALUSE.1 | Dual-Use Model Classification |
A: classification_code (0=standard, 1=dual_use, 2=high_impact)
B: reporting_status_code (0=not_required, 1=pending, 2=notified, 3=acknowledged)
C: compute_threshold_code
|
factor_a == 0 or factor_b >= 2 | Sec.4(a) GOVERN 1.1 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-EMRG.1 | Emergency Override Lifecycle Witnessing |
A: override_trigger_type (0=e-stop, 1=operator, 2=escalation, 3=responder)
B: authorization_level (0=operator, 1=supervisor, 2=manager, 3=responder)
C: fallback_state (0=safe, 1=legacy, 2=manual, 3=degraded, 4=shutdown)
|
factor_b >= factor_a | Art.14 GOVERN 1.1 IR-4 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-INCIDENT.1 | Incident Report |
A: severity_code (1=low, 2=medium, 3=high, 4=critical)
B: authority_notified (1=yes, 0=no)
C: incident_type_code (0=safety, 1=rights, 2=security, 3=performance, 4=bias)
|
factor_a >= 0 (informational) | Art.62 MANAGE 3.2 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-PERF.1 | Performance Metrics |
A: metrics_evaluated
B: passing
C: benchmark_type_code (0=accuracy, 1=precision, 2=recall, 3=f1, 4=auc, 5=custom)
|
factor_b == factor_a | Art.15(1) MEASURE 2.5 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-PMM.1 | Post-Market Monitoring |
A: checks_run
B: anomalies_detected
C: monitoring_type_code (0=performance, 1=fairness, 2=safety, 3=security, 4=comprehensive)
|
factor_a > 0 | Art.72 MANAGE 4.1 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-ROBUST.1 | Robustness Testing |
A: perturbations_tested
B: survived
C: perturbation_type_code (0=noise, 1=corruption, 2=missing_data, 3=out_of_distribution, 4=evasion)
|
factor_b / factor_a >= 0.9 | Art.15(3) MEASURE 2.6 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-SUPPLY.1 | Supply Chain Risk Assessment |
A: suppliers_assessed
B: compliant
C: risk_level_code (0=low, 1=medium, 2=high, 3=critical)
|
factor_b == factor_a | MEASURE 3.1 SBOM-AI Sec.4 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-TRANS.1 | Transparency Disclosure |
A: disclosures_made
B: disclosure_type_code (0=ai_usage, 1=data_processing, 2=automated_decision, 3=profiling, 4=capability_limitation)
C: reserved
|
factor_a > 0 | Art.13 Art.13/14 |
| Procedure | Title | Factors | Evaluation | Frameworks |
|---|---|---|---|---|
| AI-WATERMARK.1 | Watermark Verification |
A: items_checked
B: watermarks_detected
C: detection_method_code (0=c2pa_verify, 1=synthid_check, 2=metadata_scan, 3=spectral_analysis, 4=custom)
|
factor_b == factor_a | Art.50(2) Transparency |
Which procedures provide evidence for which regulatory frameworks.
| Procedure | NIST AI RMF | EO 14028 | EO 14110 | EU AI Act | G7/CISA | GDPR | GPAI CoP | NIST 800-53 | NIST AI 100-2 | NIST AI RMF | IL SB 315 | TN SB 1580 | RI AI Laws | VN Law 134 | Health Ins AI | NY AI 2026 | Treasury FS AI RMF |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AI-ASSESS.1 | -- | -- | -- | Art.15 | -- | -- | -- | SA-11 | -- | MAP 2.3 | -- | -- | -- | -- | -- | -- | -- |
| AI-AUDIT.1 | -- | -- | -- | Art.12 | -- | Art.30 | -- | -- | -- | -- | Audit | -- | Audit | Logging | Records | Workforce | Compliance |
| AI-AUTO.1 | -- | -- | -- | Art.14 | -- | Art.22 | -- | -- | -- | -- | -- | -- | -- | -- | Claims | -- | -- |
| AI-ACC.1 | -- | -- | -- | Art.9(4)(c) | -- | -- | -- | -- | -- | MANAGE 2.4 | -- | -- | -- | -- | -- | -- | -- |
| AI-BASE.1 | -- | -- | -- | Art.9(2)(b) | -- | -- | -- | -- | -- | MEASURE 2.6 | -- | -- | -- | -- | -- | -- | Baseline |
| AI-CHAIN.1 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.3 | -- | -- | -- | -- | -- | -- | -- |
| AI-CHAIN.2 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.3 | -- | -- | -- | -- | -- | -- | -- |
| AI-CHR.1 | -- | -- | -- | Art.13 | -- | -- | -- | -- | -- | GOVERN 1.7 | -- | -- | -- | -- | -- | -- | -- |
| AI-CONSENT.1 | -- | -- | -- | Art.10 | -- | Art.6/7 | -- | -- | -- | -- | -- | Consent | Consent | -- | Consent | Minors | Consumer |
| AI-CYBER.1 | -- | -- | -- | Art.15(4) | -- | -- | -- | -- | -- | -- | Cyber | -- | -- | -- | -- | -- | -- |
| AI-DATA.1 | MAP 3.5 | -- | -- | Art.10(2)(a) | -- | -- | -- | -- | -- | -- | -- | -- | Clinical | Data Gov | Training | Training | Integrity |
| AI-DATA.2 | GOVERN 1.7 | -- | -- | Art.10(2)(a) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-DATA.3 | MAP 4.1 | -- | -- | Art.10(3) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-DATA.4 | -- | -- | -- | Art.10(5) | -- | Art.25 | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-DPIA.1 | -- | -- | -- | Art.27 | -- | Art.35 | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Impact |
| AI-DRIFT.1 | -- | -- | -- | Art.9(2)(b) | -- | -- | -- | -- | -- | MEASURE 2.6 | Risk | -- | -- | -- | -- | -- | Monitor |
| AI-DRIFT.2 | -- | -- | -- | Art.9(2)(b) | -- | -- | -- | SI-2 | -- | MEASURE 2.6 | -- | -- | -- | -- | -- | -- | Threshold |
| AI-DUALUSE.1 | -- | -- | Sec.4(a) | -- | -- | -- | -- | -- | -- | GOVERN 1.1 | -- | -- | -- | -- | -- | -- | -- |
| AI-ENV.1 | -- | -- | -- | Art.11 | -- | -- | -- | -- | -- | GOVERN 1.2 | -- | -- | -- | -- | -- | -- | -- |
| AI-ENV.2 | -- | Sec.4 | -- | Art.11 | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-EXPL.1 | MEASURE 2.5 | -- | -- | Art.13(1) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Explain | Pricing | Decision |
| AI-EXPL.2 | MAP 2.3 | -- | -- | Art.13(3)(b)(ii) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Counterfactual |
| AI-FAIR.1 | MEASURE 2.5 | -- | -- | Art.10(2)(f) | -- | -- | -- | -- | -- | -- | -- | -- | -- | Non-Discrim | Pricing | Pricing | Fair Lending |
| AI-FAIR.2 | MAP 2.3 | -- | -- | Art.9(4)(a) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Bias Test | Testing |
| AI-FAIR.3 | -- | -- | -- | Art.10(2)(f) | -- | -- | -- | -- | -- | MAP 2.3 | -- | -- | -- | -- | -- | -- | Protected |
| AI-GOV.1 | GOVERN 1.1 | -- | -- | Art.9 | -- | -- | -- | PL-4 | -- | -- | -- | Governance | Governance | Representative | Governance | Governance | Strategy |
| AI-GOV.2 | GOVERN 2.1 | -- | -- | Art.4 | -- | -- | -- | AT-2 | -- | -- | -- | -- | -- | -- | -- | -- | Literacy |
| AI-GOV.3 | MAP 1.1 | -- | -- | Art.49 | -- | -- | -- | CM-8 | -- | -- | -- | -- | -- | -- | -- | -- | Inventory |
| AI-GOV.4 | GOVERN 1.5 | -- | -- | Art.26 | -- | -- | -- | IR-4 | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-GOV.5 | GOVERN 6.1 | -- | -- | Art.25 | -- | -- | -- | SA-4 | -- | -- | -- | -- | -- | -- | -- | -- | Vendor |
| AI-GOV.6 | GOVERN 1.3 | -- | -- | Art.17 | -- | -- | -- | PM-9 | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-GOV.7 | GOVERN 2.2 | -- | -- | -- | -- | -- | -- | PM-3 | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-GRD.1 | -- | -- | -- | Art.9(2)(a) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Chatbot | -- |
| AI-GRD.2 | -- | -- | -- | Art.15(3) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Safety | -- |
| AI-GRD.3 | GOVERN 1.7 | -- | -- | Art.10(2)(f) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-HITL.1 | GOVERN 1.1 | -- | -- | Art.14(1) | -- | -- | -- | -- | -- | -- | -- | Oversight | Licensed | High-Risk | Review | Oversight | Oversight |
| AI-HITL.2 | MANAGE 4.1 | -- | -- | Art.14(4)(d) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-HITL.3 | -- | -- | -- | Art.12(2)(d) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-HW.1 | -- | -- | -- | Art.11 | -- | -- | -- | -- | -- | GOVERN 1.2 | -- | -- | -- | -- | -- | -- | -- |
| AI-HW.3 | -- | -- | -- | -- | -- | -- | -- | -- | -- | GOVERN 1.2 | -- | -- | -- | -- | -- | -- | -- |
| AI-ID.1 | -- | -- | -- | Art.12(1) | -- | -- | -- | -- | -- | MAP 1.1 | -- | Identity | Identity | -- | -- | -- | -- |
| AI-EMRG.1 | -- | -- | -- | Art.14 | -- | -- | -- | IR-4 | -- | GOVERN 1.1 | -- | -- | -- | -- | -- | -- | -- |
| AI-INCIDENT.1 | -- | -- | -- | Art.62 | -- | -- | -- | -- | -- | MANAGE 3.2 | 72h Report | -- | -- | Incident | -- | -- | -- |
| AI-IMPACT.1 | MAP 5.2 | -- | -- | -- | -- | -- | -- | RA-3 | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-INF.1 | -- | -- | -- | Art.12(1) | -- | -- | -- | -- | -- | -- | Internal | -- | -- | Transparency | -- | -- | Logging |
| AI-INF.2 | -- | -- | -- | Art.12(2) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Metrics |
| AI-INF.3 | GOVERN 2.1 | -- | -- | Art.12(1) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-IR.1 | MANAGE 3.1 | -- | -- | -- | -- | -- | -- | IR-8 | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-LIC.1 | -- | -- | -- | Art.53(1)(d) | -- | -- | -- | -- | -- | GOVERN 1.7 | -- | -- | -- | -- | -- | -- | -- |
| AI-LOG.1 | -- | -- | -- | Art.12(3) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-MARK.1 | -- | -- | -- | Art.50(2) | -- | -- | Transparency | -- | -- | -- | -- | -- | -- | Content Label | -- | News Label | -- |
| AI-MDL.1 | -- | -- | -- | Art.9(4)(a) | -- | -- | -- | -- | -- | -- | Integrity | -- | -- | Tech Docs | -- | -- | Development |
| AI-MDL.2 | -- | -- | -- | Art.12(2)(b) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-MDL.3 | MEASURE 2.6 | -- | -- | Art.72(1) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Validation |
| AI-MDL.4 | -- | -- | -- | Art.15(4) | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | Security |
| AI-MDL.5 | -- | -- | -- | Art.11 | -- | -- | -- | -- | -- | GOVERN 1.2 | Integrity | -- | -- | -- | -- | -- | Weights |
| AI-MDL.6 | -- | -- | -- | Art.11 | -- | -- | -- | -- | -- | GOVERN 1.2 | -- | -- | -- | -- | -- | -- | -- |
| AI-MDL.7 | -- | -- | -- | -- | -- | -- | -- | -- | -- | MEASURE 2.6 | -- | -- | -- | -- | -- | -- | -- |
| AI-MULTI.1 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.3 | -- | -- | -- | -- | -- | -- | -- |
| AI-PERF.1 | -- | -- | -- | Art.15(1) | -- | -- | -- | -- | -- | MEASURE 2.5 | Audit | -- | -- | -- | -- | -- | KPI |
| AI-PMM.1 | -- | -- | -- | Art.72 | -- | -- | -- | -- | -- | MANAGE 4.1 | -- | -- | -- | -- | -- | -- | -- |
| AI-RAG.1 | -- | -- | -- | Art.13 | -- | -- | -- | -- | -- | MAP 2.3 | -- | -- | -- | -- | -- | -- | Retrieval |
| AI-RAG.2 | -- | -- | -- | Art.13 | -- | -- | -- | -- | -- | MEASURE 2.5 | -- | -- | -- | -- | -- | -- | Relevance |
| AI-REDTEAM.1 | -- | -- | Sec.4.2 | Art.9(7) | -- | -- | -- | -- | Red Teaming | -- | Red Team | -- | -- | -- | -- | -- | -- |
| AI-REV.1 | -- | -- | -- | Art.14(4)(d) | -- | Art.17 | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| AI-RISK.1 | MAP 2.1 | -- | -- | Art.9 | -- | -- | -- | RA-2 | -- | -- | -- | -- | -- | -- | -- | -- | Assessment |
| AI-ROBUST.1 | -- | -- | -- | Art.15(3) | -- | -- | -- | -- | -- | MEASURE 2.6 | Red Team | -- | -- | -- | -- | -- | -- |
| AI-SAFE.1 | -- | -- | -- | Art.9(4)(b) | -- | -- | -- | -- | -- | -- | Risk | Safety | Self-Harm | Safety | Safety | -- | -- |
| AI-SBOM.1 | -- | Sec.4 | -- | Art.11 | SBOM-AI | -- | -- | -- | -- | -- | Inventory | -- | -- | Components | -- | -- | Components |
| AI-SEC.1 | -- | -- | -- | Art.15(4) | -- | -- | -- | -- | -- | MANAGE 2.3 | Cyber | -- | -- | -- | -- | -- | -- |
| AI-SEC.2 | -- | -- | -- | Art.15(3) | -- | -- | -- | -- | -- | MANAGE 2.3 | -- | -- | -- | -- | -- | -- | -- |
| AI-SKILL.1 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.7 | -- | -- | -- | -- | -- | -- | -- |
| AI-SKILL.2 | -- | -- | -- | -- | -- | -- | -- | -- | -- | MEASURE 2.5 | -- | -- | -- | -- | -- | -- | -- |
| AI-SKILL.3 | -- | -- | -- | -- | -- | -- | -- | -- | -- | MEASURE 2.6 | -- | -- | -- | -- | -- | -- | -- |
| AI-SUPPLY.1 | -- | Sec.4 | -- | -- | SBOM-AI | -- | -- | -- | -- | MEASURE 3.1 | -- | -- | -- | -- | -- | -- | Third-Party |
| AI-TOOL.1 | -- | -- | -- | Art.12(1) | -- | -- | -- | -- | -- | GOVERN 1.7 | -- | -- | -- | -- | -- | -- | -- |
| AI-TRUST.1 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.5 | -- | -- | -- | -- | -- | -- | -- |
| AI-TRUST.2 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | GOVERN 1.5 | -- | -- | -- | -- | -- | -- | -- |
| AI-TRANS.1 | -- | -- | -- | Art.13 | -- | Art.13/14 | -- | -- | -- | -- | Disclosure | Disclosure | Disclosure | Disclosure | Disclosure | Disclosure | Reporting |
| AI-VIO.1 | -- | -- | -- | Art.9 | -- | -- | -- | -- | -- | MANAGE 4.1 | Whistle | -- | -- | -- | -- | -- | -- |
| AI-WATERMARK.1 | -- | -- | -- | Art.50(2) | -- | -- | Transparency | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- |
| Version | Date | Changes |
|---|---|---|
| 1.0.0 | 2026-02-26 | Initial UCT Registry with infrastructure controls and 6 AI procedures |
| 1.1.0 | 2026-03-15 | AI governance attestation controls (AI-GOV.1-7). 20 AI procedures. |
| 1.2.0 | 2026-03-29 | AI Witnessing Profile. Protocol Lock Phase 2. 36 AI procedures. |
| 1.3.0 | 2026-04-17 | Framework crosswalk expansion. 38 AI procedures. |
| 1.4.0 | 2026-05-03 | AI-DATA.3/4, model integrity extensions. 42 procedures. |
| 1.5.0 | 2026-05-23 | AI-FAIR.3, AI-CHAIN.2, AI-ENV.1/2, AI-MARK.1, AI-BASE.1. 65 procedures. |
| 1.6.0 | 2026-05-28 | AI-LIC.1 (License Provenance). 48 AI SDK procedures. |
| 1.7.0 | 2026-05-29 | AI-SBOM.1, AI-REDTEAM.1, AI-CONSENT.1, AI-MULTI.1. Full registry synchronization: 27 procedures added from SDK. 65 AI procedures, 33 namespaces, 10 regulatory frameworks. |
| 1.8.0 | 2026-06-02 | AI-AUDIT.1, AI-AUTO.1, AI-CYBER.1, AI-DPIA.1, AI-DRIFT.1, AI-DUALUSE.1, AI-INCIDENT.1, AI-PERF.1, AI-PMM.1, AI-ROBUST.1, AI-SUPPLY.1, AI-TRANS.1, AI-WATERMARK.1. 78 AI procedures, 46 namespaces, 12 regulatory frameworks. |
| 1.9.0 | 2026-07-07 | Illinois SB 315 (AI Safety Measures Act) framework crosswalk. 15 procedures mapped to first US law mandating annual third-party AI safety audits. 103 AI procedures, 52 namespaces, 13 frameworks in coverage matrix. |
| 2.0.0 | 2026-07-11 | Tennessee SB 1580 (AI mental health therapy ban, 6 procedures), Rhode Island AI Laws (therapy/safety/clinical disclosure, 8 procedures), Vietnam Law 134/2025 (first ASEAN AI law, 12 procedures). 103 AI procedures, 52 namespaces, 16 frameworks in coverage matrix. |
| 2.1.0 | 2026-07-11 | Health Insurance AI (6-state composite: IN, AL, UT, WA, IA, GA, 10 procedures). 103 AI procedures, 52 namespaces, 17 frameworks in coverage matrix. |
| 2.2.0 | 2026-07-13 | v6.0 Operational Governance: AI-EMRG.1 (emergency override lifecycle), AI-DRIFT.2 (consequence-mapped drift thresholds), AI-ASSESS.1 (champion-challenger assessment). First multi-anchor lifecycle chain procedures. 106 AI procedures, 55 namespaces, 17 frameworks in coverage matrix. |
| 2.3.0 | 2026-07-13 | New York 2026 AI Legislative Package (6 bills, 12 procedures) and Treasury Financial Services AI Risk Management Framework (230 control objectives, 30 procedures). 106 AI procedures, 55 namespaces, 19 frameworks in coverage matrix. |
Publisher: Tenable Nova LLC | Protocol: SWT3 Witness Anchor | License: Apache 2.0
The UCT Registry is open source. The canonical machine-readable schema is available at uct-registry.json in the SWT3 protocol repository.
SWT3, UCT, Witness Anchor, and Sovereign Witness Token are trademarks of Tenable Nova LLC. Patent pending.
Contact: engineering@tenovaai.com