RAI Framework

Responsible AI, from principle to audit

A working responsible-AI program, written down. Eight chapters, five toolkits, and more than a hundred implementation steps take you from a first principles statement to controls you can audit. Our principal AI consultants built it, open-sourced it, and use it on client engagements. Take what you need.

How to use it

Modular by design, start where you are

The framework is open source, so use as much or as little as you need. We built it to scale with you.

Begin with Chapter 1 to set your vision and principles, then work through governance, risk classification, and the AI lifecycle.

Chapters 5 through 7 handle the specialised work: generative AI, third-party procurement, and the culture that makes controls stick. Chapter 8 hands you the templates and tools to put it all into practice. Each chapter stands on its own, so you can adopt the parts that match where your organisation is today and add the rest as you go.

8 Chapters 5 Appendices 100+ Implementation Steps Global Compliance Ready
61%

At the strategic stage

Share of organisations that have moved responsible AI from policy into practice.

$35M

Maximum EU AI Act fine

The ceiling for non-compliance under the world's first comprehensive AI regulation.

40%

Higher ROI

Reported return advantage for organisations running a real responsible-AI program.

73%

Prompt-injection risk

Share of LLM applications carrying exposure that guardrails are meant to close.

The Framework

The framework, chapter by chapter

Eight chapters that carry a program from a vision statement to controls at every gate of the AI lifecycle.

Chapter 01

Executive Vision & Scope

The business case, your core ethical principles, and where the framework applies. This is the north star the rest of the program answers to.

Chapter 02

Governance & Structure

The three lines of defense, a RACI matrix for roles and accountability, and clear escalation paths for when something goes wrong.

Chapter 03

Risk Classification & Taxonomy

A risk-tiering system for every AI system you run, plus an impact-assessment method that sends scrutiny where the risk is.

Chapter 04

The Responsible AI Lifecycle

Six phases, from ideation and data curation through training, testing, release, and monitoring. Controls at each gate, not a policy on a shelf.

Chapter 05

Generative AI & LLM Specifics

Guardrails for large language models, and content governance for what they produce.

Chapter 06

Procurement & Supply Chain

A vendor due-diligence checklist and an AI bill of materials, so you know what is inside the models you buy.

Chapter 07

Culture, Training & Adoption

Workforce enablement and change management. Controls only hold when the people around them use them.

Chapter 08 · Appendices

Templates & Toolkits

Ready-to-use artifacts: an algorithmic impact assessment, a vendor security questionnaire, a model card, a risk-scoring matrix, and a glossary of AI-ethics terms.

Compliance

Mapped to the rules you answer to

The framework synthesizes NIST AI RMF, the EU AI Act, ISO/IEC 42001, and industry practice. The table below maps it to the key regulation it references.

Framework What it requires
EU AI Act The world's first comprehensive AI regulation, built on risk-based classification. High-risk obligations take effect August 2026; general-purpose AI obligations began August 2025.
US Executive Orders Federal AI policy aimed at uniform national standards, with FTC oversight of deceptive AI practices.
NIST AI RMF A voluntary risk-management framework organised around Govern, Map, Measure, and Manage. The Generative AI Profile was released July 2024.
GDPR Data-protection requirements that apply whenever an AI system processes personal data. DPIAs are required for high-risk processing.
Rollout

A twelve-month rollout

A sequence that most organisations can run inside a year, without stalling the work the AI is meant to do.

01

Months 1–2 · Foundation

Stand up the governance structure, appoint a chief AI officer, form the AI ethics board, and complete a first inventory of every AI system in use.

02

Months 3–4 · Risk Assessment

Classify every system by risk tier, run algorithmic impact assessments, and find the shadow AI nobody logged.

03

Months 5–6 · Process Implementation

Deploy the lifecycle controls, put guardrails on your LLMs, and stand up monitoring.

04

Months 7–8 · Training & Culture

Roll out workforce training, open feedback channels, and start change management in earnest.

05

Months 9–12 · Optimization & Audit

Run internal audits, tighten the processes that need it, and prepare for external assessment.

Capability Assurance

Watchman makes it verifiable

The framework defines what responsible deployment looks like. Watchman shows, model by model, that you got there. Every model deployed through our platform gets a capability audit: a verified, auditable report of which capabilities are preserved, which are at risk, and which have degraded.

01

Preservation Certificates

An auditable capability-preservation certificate for every compressed model you ship.

02

Compliance-Ready Evidence

Evidence read from the model itself, not from a benchmark run, in a form your auditors accept.

03

Continuous Monitoring

Ongoing capability monitoring that keeps pace with the regulatory duty to watch deployed systems.

04

Protected Fine-Tuning

Proof that the capabilities you fine-tuned in survive compression intact.

Put responsible AI into production

The framework is open source and yours to run. When you need proof that a deployed model is what you claim, that is where we come in.