Compliance

Mapping AI identity risk to the 11 frameworks that matter.

Sabiki Security·June 2026·6 min read
Evidence, not assertions.

Auditors and insurers don't want to hear that AI is "handled". They want evidence. An AI identity inventory is where that evidence starts.

The common thread across every framework

From the EU AI Act and ISO/IEC 42001 to the NIST AI RMF and DORA, the modern wave of AI and resilience expectations share a premise: you should know which AI systems and identities you run, what they can reach, who is accountable, and be able to show records of oversight. You cannot evidence control over something you can't see.

Where AIRM fits

AIRM maps to 11 governance frameworks, EU AI Act, ISO/IEC 42001, NIST AI RMF, DORA, ISO/IEC 27001, UK NCSC CAF, Essential Eight, MAS TRM, CERT-In, BSI and Cyber Essentials. Not by claiming certification, but by supplying the underlying evidence: a live inventory of every AI and non-human identity, its access and owner, its risk score, and a record of how it's monitored and acted on.

A framework is a set of questions. An identity inventory is how you answer them with proof.

What you can put in front of an auditor

A word on scope

AIRM supports these frameworks; it doesn't replace legal or compliance advice, and adopting it isn't the same as certification. What it does is remove the blind spot that makes the AI sections of those frameworks hard to evidence, and give an MSP a credible, recurring compliance service to deliver.

Turn governance into evidence.

Register free and generate a risk report mapped to the frameworks your clients are asked about, board- and insurer-ready from day one.

Free NHI Risk Score →
← Back to the blog