Executive Vision & Scope
The business case, your core ethical principles, and where the framework applies. This is the north star the rest of the program answers to.
A working responsible-AI program, written down. Eight chapters, five toolkits, and more than a hundred implementation steps take you from a first principles statement to controls you can audit. Our principal AI consultants built it, open-sourced it, and use it on client engagements. Take what you need.
The framework is open source, so use as much or as little as you need. We built it to scale with you.
Begin with Chapter 1 to set your vision and principles, then work through governance, risk classification, and the AI lifecycle.
Chapters 5 through 7 handle the specialised work: generative AI, third-party procurement, and the culture that makes controls stick. Chapter 8 hands you the templates and tools to put it all into practice. Each chapter stands on its own, so you can adopt the parts that match where your organisation is today and add the rest as you go.
Share of organisations that have moved responsible AI from policy into practice.
The ceiling for non-compliance under the world's first comprehensive AI regulation.
Reported return advantage for organisations running a real responsible-AI program.
Share of LLM applications carrying exposure that guardrails are meant to close.
Eight chapters that carry a program from a vision statement to controls at every gate of the AI lifecycle.
The business case, your core ethical principles, and where the framework applies. This is the north star the rest of the program answers to.
The three lines of defense, a RACI matrix for roles and accountability, and clear escalation paths for when something goes wrong.
A risk-tiering system for every AI system you run, plus an impact-assessment method that sends scrutiny where the risk is.
Six phases, from ideation and data curation through training, testing, release, and monitoring. Controls at each gate, not a policy on a shelf.
Guardrails for large language models, and content governance for what they produce.
A vendor due-diligence checklist and an AI bill of materials, so you know what is inside the models you buy.
Workforce enablement and change management. Controls only hold when the people around them use them.
Ready-to-use artifacts: an algorithmic impact assessment, a vendor security questionnaire, a model card, a risk-scoring matrix, and a glossary of AI-ethics terms.
The framework synthesizes NIST AI RMF, the EU AI Act, ISO/IEC 42001, and industry practice. The table below maps it to the key regulation it references.
| Framework | What it requires |
|---|---|
| EU AI Act | The world's first comprehensive AI regulation, built on risk-based classification. High-risk obligations take effect August 2026; general-purpose AI obligations began August 2025. |
| US Executive Orders | Federal AI policy aimed at uniform national standards, with FTC oversight of deceptive AI practices. |
| NIST AI RMF | A voluntary risk-management framework organised around Govern, Map, Measure, and Manage. The Generative AI Profile was released July 2024. |
| GDPR | Data-protection requirements that apply whenever an AI system processes personal data. DPIAs are required for high-risk processing. |
A sequence that most organisations can run inside a year, without stalling the work the AI is meant to do.
Stand up the governance structure, appoint a chief AI officer, form the AI ethics board, and complete a first inventory of every AI system in use.
Classify every system by risk tier, run algorithmic impact assessments, and find the shadow AI nobody logged.
Deploy the lifecycle controls, put guardrails on your LLMs, and stand up monitoring.
Roll out workforce training, open feedback channels, and start change management in earnest.
Run internal audits, tighten the processes that need it, and prepare for external assessment.
The framework defines what responsible deployment looks like. Watchman shows, model by model, that you got there. Every model deployed through our platform gets a capability audit: a verified, auditable report of which capabilities are preserved, which are at risk, and which have degraded.
An auditable capability-preservation certificate for every compressed model you ship.
Evidence read from the model itself, not from a benchmark run, in a form your auditors accept.
Ongoing capability monitoring that keeps pace with the regulatory duty to watch deployed systems.
Proof that the capabilities you fine-tuned in survive compression intact.
The framework is open source and yours to run. When you need proof that a deployed model is what you claim, that is where we come in.