Compliance-Centered AI Governance Framework
- Compliance-centered AI governance is an architecture that translates high-level ethics into measurable controls, evidence, and enforceable processes.
- It integrates process workflows, control libraries, and runtime enforcement to provide continuous auditability and risk-adjusted responses.
- The framework employs quantitative scoring and graded human oversight to convert regulatory mandates into actionable AI practices.
Searching arXiv for papers on compliance-centered AI governance frameworks to ground the article in current literature. A compliance-centered AI governance framework is a governance architecture in which compliance is treated as an operational property of AI systems rather than as an abstract ethics statement. Across recent work, this orientation appears in several recurring moves: translating principles into workflows and controls, externalizing enforcement into runtime services or control planes, instrumenting systems for continuous evidence generation, calibrating oversight to risk, and linking technical behavior to auditability, certification, and regulatory due diligence. In this literature, governance is not limited to policy declaration; it is implemented through process execution, observability, rule evaluation, human oversight, and conformity mechanisms that can be inspected, measured, and, in some cases, enforced before or during action (Pery et al., 2021, Mäntymäki et al., 2022, Choung et al., 2023, Gaurav et al., 26 Aug 2025).
1. From ethical principles to compliance architectures
The foundational claim of compliance-centered governance is that ethics does not self-execute. The multilevel literature states that ethical AI principles do not become operational simply because they are published, and that a mediating governance structure is required to translate high-level ethics into enforceable practice (Choung et al., 2023). The organizational literature makes the same point in lifecycle terms: governance requirements originate in the broader environment, are translated by the organization into internal policies and capabilities, and are then implemented in the concrete AI system and its life cycle (Mäntymäki et al., 2022). Process-oriented work further reframes Trustworthy AI as a compliance-centered, execution-level problem, emphasizing that actual adherence is fragmented across organizational units, external stakeholders, and systems of record, creating process uncertainty, weak auditability, and regulatory exposure (Pery et al., 2021).
This early line of work established three durable premises. First, compliance is fragmented: evidence is spread across logs, documents, model artifacts, monitoring systems, and human approvals (Pery et al., 2021). Second, governance is multilevel: governments provide laws and enforcement, corporations operationalize internal controls, and citizens exert legitimacy and accountability pressure through the trust dimensions of competence, integrity, and benevolence (Choung et al., 2023). Third, governance is lifecycle-embedded: the hourglass model places hard law, principles and guidelines, and stakeholder pressure at the environmental layer, then narrows them through strategic alignment and value alignment into operational AI system controls such as data operations, risk and impacts, transparency, explainability, contestability, accountability, ownership, and compliance (Mäntymäki et al., 2022).
Subsequent frameworks make this operationalization more explicit. APPRAISE treats AI innovation as auditable, coordinated, and compliant rather than merely innovative, and positions audit as the enforcement backbone for conformity regimes with ex-ante assessment and post-market monitoring (Dey et al., 2023). The five-layer framework formalizes a governance chain from laws, regulations, and policies, through standards, standardized assessment procedures, and standardized assessment tools and metrics, to a certification ecosystem (Agarwal et al., 14 Sep 2025). The Unified Control Framework (UCF) similarly argues that fragmented risk frameworks, jurisdictionally fragmented regulations, and high-level standards lacking concrete implementation guidance can be replaced with a common control library mapped both to risks and to policy requirements (Eisenberg et al., 7 Mar 2025).
Taken together, these works suggest that a compliance-centered framework is less a single methodology than a family of architectures whose shared purpose is to convert normative requirements into operational controls, evidence, and enforceable procedures.
2. Major architectural patterns
Recent frameworks differ in implementation, but they converge on a small set of architectural forms: process governance, control libraries, runtime interposition, telemetry-first observability, executable semantics, and graduated human oversight (Gaurav et al., 26 Aug 2025, Gupta, 9 Dec 2025, Sharma et al., 22 May 2026, Bandara et al., 6 Apr 2026, Kang, 21 Jun 2026).
| Framework | Primary mechanism | Compliance artifact |
|---|---|---|
| GaaS | Modular interposition layer with declarative rules and Trust Factor | Logged allow, warn, block, or escalate decisions |
| AI TIPS 2.0 | Six-phase gated lifecycle with 243 AICM controls | Trust Index, pillar scores, role-based scorecards |
| UCF | 42-control library mapped to risks and policy requirements | Evidence linked from regulation to policy requirement to control |
| PASTA | Model-card-to-policy pairwise evaluation | Heatmaps, summaries, issue-fix tables |
| OKBs | Regulatory IR compiled into RDF/OWL schema and SHACL rules | Machine-readable validation reports |
| govllm | Governance-driven routing with criterion-specific regulatory judges | Continuous compliance scores and uncertainty signals |
| AI Trust OS | Zero-trust telemetry boundary with read-only probes | Assertion ledger, registry entries, posture scores |
| GAIE | Oversight Classification Model with three oversight tiers | Classification log, generation trace, deployment authorization |
Process-centric frameworks treat compliance as workflow architecture. The process-mining paper identifies process discovery, conformance checking, and enhancement as the core operations for reconstructing and monitoring fragmented compliance execution from event data (Pery et al., 2021). AI TIPS 2.0 extends this process view into a six-phase gated lifecycle with required deliverables, required controls, minimum pillar score thresholds, approval authority, and gate decision rules, from Concept & Planning through Retirement (Gupta, 9 Dec 2025). SMART+ adopts a parallel lifecycle orientation, embedding Safety, Monitoring, Accountability, Reliability, and Transparency, plus Privacy & Security, Data Governance, Fairness & Bias, and Guardrails, across Objective Setting, Requirements & Specifications, Design & Development, Verification & Validation, Deployment, and Operation & Maintenance (Kandikatla et al., 9 Dec 2025).
Control-library frameworks aim at reuse and de-duplication. UCF organizes governance around a MECE risk taxonomy, a policy requirement library, and 42 controls, with many-to-many mappings between controls, risk scenarios, and policy requirements (Eisenberg et al., 7 Mar 2025). The five-layer framework generalizes this logic upward and downward, making standards, assessment procedures, tools, and certification part of the same compliance chain (Agarwal et al., 14 Sep 2025).
Runtime governance frameworks move enforcement into infrastructure. GaaS is a modular interposition layer between the agentic system and the external environment; actions are intercepted before reaching databases, APIs, content platforms, or trading infrastructure (Gaurav et al., 26 Aug 2025). AAGATE turns the NIST AI RMF into a Kubernetes-native control plane where agents, tool calls, policy decisions, and incidents are mediated through a service mesh, a Tool-Gateway chokepoint, behavioral analytics, and an explainable policy engine (Huang et al., 29 Oct 2025). AI Trust OS reconceptualizes compliance as an always-on telemetry-driven operating layer in which AI systems are discovered through observability signals and validated through read-only probes that collect structural control assertions without ingesting source code or payload-level PII (Bandara et al., 6 Apr 2026).
Executable-compliance frameworks formalize obligations as machine-checkable constraints. OKBs compile human-reviewed obligations into RDF/OWL concept schemas, SHACL validation rules, required evidence artifacts, and PROV-O provenance links, enabling profile-based reconfiguration without modifying service code (Sharma et al., 22 May 2026). AI identification work adds a different infrastructural primitive: persistent identity continuity through model fingerprinting, cryptographic hashing, blockchain-based registration, ZKP-based proof of possession, and post-deployment structural change screening (Gao et al., 12 Apr 2026).
3. Execution logic: rules, scores, routes, and pre-action reasoning
A defining feature of compliance-centered governance is that it specifies execution logic. In GaaS, the general enforcement function is
where the decision depends on the proposed action, the active rule set, and the agent’s violation history (Gaurav et al., 26 Aug 2025). The rules are declarative and typed as coercive, normative, and mimetic/adaptive. Coercive rules are non-negotiable and trigger immediate blocking; normative rules trigger warnings; mimetic rules encode best-practice or exemplar-conformity expectations. The framework’s Trust Factor then modulates enforcement posture over time, so identical rule matches can yield different responses depending on prior behavior and severity-weighted violation history (Gaurav et al., 26 Aug 2025).
AI TIPS 2.0 applies analogous logic at enterprise scale through quantitative scoring. Its Trust Index is defined as
over the eight pillars, while each pillar score is computed as
These scores are then mapped to risk bands and gate decisions: 90–100 corresponds to Low Risk, green; 75–89 to Moderate Risk, yellow; 60–74 to Elevated Risk, orange; and 0–59 to High Risk, red (Gupta, 9 Dec 2025).
govllm generalizes scoring into runtime routing. A governance profile is an ordered set of criteria with weights and thresholds, and the global score for judge on output is
The framework also defines profile-specific scoring and a trajectory-based routing function,
so model selection can be driven by accumulated compliance scores rather than latency or cost alone (Dussert, 23 May 2026). A distinctive feature is that inter-judge disagreement is treated as a regulatory uncertainty signal, not merely as noise requiring aggregation.
GAIE makes routing deterministic through the Oversight Classification Model,
with each task characterized by regulatory impact, customer proximity, reversibility, and data sensitivity. Strategic functions route to Tier 1 human-in-the-loop; direct customer impact routes to Tier 2 human-over-the-loop; low-impact internal work routes to Tier 3 automated-with-monitoring (Kang, 21 Jun 2026). The paper claims monotonicity, fail-safety under correct or uncertain metadata, and totality for this classification function.
OKBs formalize execution as semantic validation. An Ontological Knowledge Block is
where is the obligation set, 0 the RDF/OWL concept schema, 1 the SHACL shape set, 2 the required evidence artifacts, and 3 the PROV-O provenance links. Validation is then performed over evidence graphs under selected governance profiles (Sharma et al., 22 May 2026).
A contrasting design appears in the neurocognitive governance model. Rather than external interposition, it embeds governance into the Pre-Action Governance Reasoning Loop (PAGRL), in which the agent forms an intent, retrieves global, workflow-specific, agent-specific, and situational rules, reasons about permissibility, and outputs one of three decisions: Proceed, Self-correct, or Escalate (Bandara et al., 28 Apr 2026). This creates a direct architectural contrast within the literature: external runtime enforcement versus internalized pre-action deliberation. The papers do not resolve the contrast; they present different solutions to the same problem.
4. Evidence, telemetry, and auditability
Compliance-centered governance is evidentiary. The literature consistently rejects governance that depends only on prose artifacts, screenshots, or self-attestation. Process mining addresses this by reconstructing actual compliance execution from event logs and using conformance checking to compare observed behavior to normative models (Pery et al., 2021). UCF makes evidence explicit in control design: regulation is translated into policy requirements, mapped to controls, and then linked to implementation guidance and evidence requirements (Eisenberg et al., 7 Mar 2025). The hourglass model similarly includes repository and ID controls, approval workflows, monitoring and health checks, and legal and ethical consultation as the mechanisms through which environmental requirements become traceable organizational practice (Mäntymäki et al., 2022).
A newer strand emphasizes telemetry-first evidence. AI Trust OS introduces a zero-trust telemetry boundary in which ephemeral read-only probes validate structural metadata such as access controls, logging, tracing, PII scrubbing, evaluation hooks, and version-locking, while avoiding source code, raw prompts, or payload-level PII (Bandara et al., 6 Apr 2026). Its AI Observability Extractor Agent scans LangSmith and Datadog LLM Observability for tracingEnabled, piiScrubbingInLogs, and evalsConfigured, automatically registering undocumented AI systems in an AI System Registry (Bandara et al., 6 Apr 2026). This changes the epistemic basis of governance from organizational self-report to empirical machine observation.
Documentation-centric systems remain important, but they are being specialized. PASTA starts from a compliance-specialized model card with 23 sections grouped into seven categories, normalizes laws into article/paragraph units, filters irrelevant section–policy pairs, and then performs pairwise LLM evaluation with clause-linked rationales, heatmaps, summaries, and issue-fix tables (Yang et al., 16 Jan 2026). The paper is explicit that this is not a replacement for legal review. Likewise, COMPASS uses Retrieval-Augmented Generation over regulatory text, including the Artificial Intelligence Act, European Union, to generate score-and-explanation judgments for compliance as one of four governance pillars, but its current implementation emphasizes evaluation and explanation more than direct enforcement (Jean-Sébastien et al., 11 Mar 2026).
Executable evidence appears in the semantic and identity infrastructures. OKBs validate RDF evidence graphs with deterministic SHACL checks and produce machine-readable reports identifying which shape fired, on which node, with what message (Sharma et al., 22 May 2026). AI identification work adds a persistent identity layer, with a machine-verifiable primary hash, a human-readable secondary identifier, an append-only registry, selective ZKP-based verification at governance-defined checkpoints, and LZJD-based post-deployment structural change screening (Gao et al., 12 Apr 2026). AAGATE extends evidence into cryptographic compliance claims through signed supply chain metadata, immutable logs, and a ZK-Prover that generates Groth16 proofs and posts them on-chain hourly to demonstrate that incidents remain within contractual risk budgets (Huang et al., 29 Oct 2025).
A common misconception in this area is that documentation alone is compliance. The literature repeatedly denies this. A document can claim that logging, fairness thresholds, or oversight exist; compliance-centered frameworks attempt to verify, monitor, or enforce those claims against actual runtime evidence (Sharma et al., 22 May 2026, Bandara et al., 6 Apr 2026).
5. Risk proportionality, human oversight, and regulatory translation
Compliance-centered governance is rarely uniform. Most frameworks assume proportionate governance, where control intensity, approval authority, or human involvement varies by risk. AI TIPS 2.0 classifies use cases into Unacceptable, High-risk, Limited-risk, and Minimal-risk, assigns pillar priorities as Critical, High, Standard, or Low, and then sets minimum scores and gate conditions proportionate to impact, legal obligations, stakeholder harm potential, and sector context (Gupta, 9 Dec 2025). SMART+ explicitly applies full, moderate, or minimal governance depending on whether the system is high, medium, or low risk, using “the influence and decision-consequence” as the basis for risk classification (Kandikatla et al., 9 Dec 2025).
The five-layer governance framework supplies a macro-level version of this translation problem: high-level regulatory mandates are narrowed into standards, assessment procedures, tools, metrics, and certification mechanisms (Agarwal et al., 14 Sep 2025). APPRAISE adds the organizational dimension, showing how strategic variables such as organization size, exploration versus exploitation, build versus buy, outsourcing, offshoring, and knowledge of the AIA moderate compliance behavior and auditability (Dey et al., 2023). The multilevel framework expands the scope further by locating compliance across governments, corporations, and citizens, with trust organized around competence, integrity, and benevolence (Choung et al., 2023).
Human oversight is therefore not a single mechanism but a graded family. The EU AI Act-facing literature uses human-in-the-loop, human-over-the-loop, and human-on-the-loop arrangements. GAIE formalizes this with three tiers tied to task classification and required evidence artifacts (Kang, 21 Jun 2026). The neurocognitive model routes uncertain or prohibited actions to human review through escalation inside PAGRL (Bandara et al., 28 Apr 2026). AI TIPS 2.0 inserts approval authorities and exception handling into lifecycle gates (Gupta, 9 Dec 2025). SMART+ embeds human oversight, incident response, rollback procedures, governance board meetings, and AI Ethics Board reviews across deployment and operation (Kandikatla et al., 9 Dec 2025).
This risk-proportionate orientation also shapes regulatory translation. UCF argues that one control can mitigate multiple risk scenarios and satisfy multiple policy requirements, reducing duplicated governance work across jurisdictions (Eisenberg et al., 7 Mar 2025). The threat-taxonomy paper approaches the same issue from security and quantitative risk assessment, mapping nine AI threat domains—Misuse, Poisoning, Privacy, Adversarial, Biases, Unreliable Outputs, Drift, Supply Chain, and IP Threat—to business loss categories of Confidentiality, Integrity, Availability, Legal, and Reputation, and aligning them to ISO/IEC 42001, NIST AI RMF, and the EU AI Act (Huwyler, 26 Nov 2025). A plausible implication is that compliance-centered governance increasingly requires a common vocabulary spanning technical, legal, and financial functions, not just model development teams.
6. Empirical findings, limitations, and open problems
Several frameworks report concrete empirical results. GaaS evaluates three open-source LLMs—DeepSeek-R1, Llama-3, and Qwen-3—across essay writing and financial trading, showing that in trading it blocked 33 of 42 trades in Simulation 2 and 693 risky trades in Simulation 3, while trust trajectories penalized repeated coercive violations and system liveness was preserved (Gaurav et al., 26 Aug 2025). In appendix comparisons against keyword filtering, OpenAI’s moderation endpoint, and a constitutional-AI fine-tuned agent, it reports precision 0.95, recall 0.90, and F1 0.92 (Gaurav et al., 26 Aug 2025).
PASTA reports expert alignment with legal reviewers at 4 for violation scoring and 5 for relevance scoring, with five-policy evaluation in 1.5–1.8 minutes at \$Ti = \Sigma [Wp \times (Cmp \times (1 - Re,p))]$63.06 and a user study of 12 practitioners yielding SUS = 73.5 $Ti = \Sigma [Wp \times (Cmp \times (1 - Re,p))]$7 (Yang et al., 16 Jan 2026). govllm evaluates 49 annotated prompt/response pairs across five criteria and finds that no single small LLM dominates across all criteria; the specialized panel reaches 72.6%, compared with a baseline mean of 61.7% and a best single-judge average of 69.1%, while position bias can degrade agreement by up to 25 percentage points (Dussert, 23 May 2026). OKBs report 24 validation runs across four governance profiles, strictly additive violation accumulation, and SHACL validation latency between 12.6 ms and 100.3 ms for the compiler prototype and between 13.5 ms and 248.1 ms for the OKB prototype (Sharma et al., 22 May 2026). The neurocognitive governance model reports 38 correct governance decisions out of 40 runs, or 95% compliance accuracy, with 19 of 19 justified escalations and mean latency overhead of 0.65 seconds per action (Bandara et al., 28 Apr 2026). GAIE does not present production deployment data, but its analytical productivity model suggests that graduated oversight preserves 84–97% of agentic coding velocity, with a central estimate of 91% (Kang, 21 Jun 2026). AI Trust OS reports a posture score of 61/100, classified as Partially Compliant, in a single enterprise workspace evidence run across eight integrations and 15 findings (Bandara et al., 6 Apr 2026).
The limitations are equally consistent. Runtime systems may introduce latency bottlenecks, over-block benign actions, or miss domain nuance when rule patterns are incomplete (Gaurav et al., 26 Aug 2025). Quantitative scores such as Trust Indexes, Trust Factors, Bias Indexes, or compliance scores are often heuristic or profile-dependent rather than legal determinations (Gupta, 9 Dec 2025, Dussert, 23 May 2026). Documentation-based systems assume that model-card-style descriptions are sufficient evidence, which may be false in adversarial or poorly documented settings (Yang et al., 16 Jan 2026). Telemetry-first systems face coverage limits: what is not instrumented may remain invisible (Bandara et al., 6 Apr 2026). Semantic execution systems do not automate legal interpretation; humans must still author and approve obligations (Sharma et al., 22 May 2026). Identity frameworks verify continuity, not fairness, safety, or semantic equivalence (Gao et al., 12 Apr 2026). Human-oversight models can create alert fatigue or escalation overhead if thresholds are mis-specified (Kang, 21 Jun 2026).
A final controversy concerns where governance should reside. External control planes and interposition layers argue that governance must be decoupled from model internals, especially in heterogeneous or untrusted ecosystems (Gaurav et al., 26 Aug 2025, Huang et al., 29 Oct 2025). Internalized reasoning models argue that governance should be consulted before action as part of the agent’s own deliberation (Bandara et al., 28 Apr 2026). The literature presently treats these as complementary rather than mutually exclusive. This suggests that the mature form of compliance-centered AI governance may be layered: organizational process governance at the top, control libraries and standards in the middle, runtime enforcement and telemetry at execution time, and human review at uncertainty boundaries.