Standards & Compliance Mapping — Silicon Psyche Labs
EN<br>IT<br>FR<br>ES<br>DE
Get started
How It Works<br>Field Guide<br>API Docs<br>Explore<br>Pricing<br>Get started
Silicon Psyche Labs
EN<br>IT<br>FR<br>ES<br>DE
Logout
0){mc.scrollTo({top:0,behavior:'smooth'});}window.scrollTo({top:0,behavior:'smooth'});})()" aria-label="Back to top">
Plans & pricing
×
Free
$0
Forever — for trying PSA and light personal use.
50 analyses / month
5 sessions
All metrics
API access
Popular
Pro
$29/mo
For developers and teams building with AI.
5,000 analyses / month
Unlimited sessions
Full API access
Batch analysis
Enterprise
$99/mo
For organizations with compliance needs.
Unlimited analyses
Unlimited sessions
Full API access
Priority support
Get started<br>Prices in USD. Plans billed monthly, cancel anytime.
Silicon<br>Psyche<br>Labs
Standards & Compliance
Standards & Compliance Mapping
Every AI governance instrument names an obligation — record-keeping, robustness,<br>post-market monitoring, human oversight — but none names a metric. PSA is the behavioral<br>evidence layer: the deterministic, timestamped, externally-verifiable measurement that<br>discharges the measurable half of those obligations. This page maps PSA, honestly, onto<br>twelve frameworks in force in 2026.
12
frameworks mapped
evidence primitives
strong-coverage frameworks
languages
Thesis<br>Evidence Primitives<br>Crosswalk<br>Where PSA Stops
Section 01
Thesis
Read the AI governance instruments of 2026 side by side and the same shape appears every<br>time. Each tells an organization what it must achieve — keep records, be robust<br>to attack, monitor the system after deployment, keep a human in the loop, manage risk.<br>Not one tells you how to measure whether you did it. They are, by design,<br>technology-agnostic: they name the obligation and leave the metric to you.
That gap is the opportunity. PSA is the behavioral evidence layer — the<br>instrument that turns "we monitor for drift" into a deterministic, timestamped number<br>with a defined formula, and "we log relevant events" into a hash-chained record you can<br>verify without trusting us. PSA does not replace a management system or a governance<br>function. It supplies the proof under the promise.
PSA public spec — GitHub
Field Guide — every PSA signal
Section 02
The Six Evidence Primitives
Across all twelve frameworks, PSA's contribution reduces to six evidence primitives. Each<br>crosswalk row maps a requirement to one or more of these.
ID<br>Primitive<br>PSA signals
E1Deterministic behavioral event logPosture codes (I/P/M/H/G) + alert ladder<br>E2Tamper-evident log integrity, externally verifiableSIGTRACK — hash-chained, drand-anchored, /verify-chain<br>E3Adversarial / robustness measurementC0 input intent (I0–I9), C1 adversarial stress, CPI<br>E4Human–AI interaction risk (incl. psychological harm)DRM (IRS, RAS, RAG), HRI<br>E5Continuous monitoring & forecastingBHS, POI, DPI, PE, CPF3 (EWMA+HMM)<br>E6Behavioral transparency / explainabilityNamed posture codes + named, auditable alert reasons
Section 03
Framework → PSA Crosswalk
Requirement-by-requirement mapping. Filter by framework or by coverage level. Coverage is<br>marked honestly — green only where PSA produces exactly the evidence asked for.
DIRECT PSA produces the evidence, deterministically.<br>PARTIAL PSA supplies a measurable input to an otherwise procedural requirement.<br>OUT Structurally outside PSA (procedural, or protected-attribute fairness).
All frameworks<br>ISO/IEC 42001<br>EU AI Act<br>NIST AI RMF<br>ISO/IEC 23894<br>ISO/IEC 42005<br>ISO/IEC TR 24028/24027<br>OECD AI Principles<br>CoE Convention<br>Colorado AI Act<br>Singapore MGF / AI Verify<br>MITRE ATLAS<br>SOC 2 / ISO 27001<br>Sectoral (GDPR/HIPAA/SR 11-7)
All coverage levels<br>Direct only<br>Partial only<br>Out of scope only
Requirement<br>PSA mapping<br>Coverage
ISO/IEC 42001:2023 — AI management system (the certifiable anchor — see the dedicated mapping)<br>A.6.2.6/.8 · A.5 · C.2.8–11Evidence layer: operation logs, impact, robustness/transparency/safety → BHS/POI/DRM/SIGTRACK/CPF3DIRECT
EU AI Act — Regulation (EU) 2024/1689<br>Art. 12 — Record-keepingAutomatic event logging over lifetime → E1 posture log + E2 SIGTRACK tamper-evident trailDIRECT<br>Art. 15 — Accuracy, robustness, cybersecurityResilience to adversarial inputs → E3 C0/C1/CPI runtime measurementDIRECT<br>Art. 72 — Post-market monitoringContinuous documented monitoring → E5 BHS/POI longitudinal + CPF3 forecastDIRECT<br>Art. 13 — Transparency to deployersInterpretable operation → E6 named posture codes + named alert reasonsPARTIAL<br>Art. 14 — Human oversightEnable intervention → E4 DRM/IRS real-time risk surfacing + alert ladderPARTIAL<br>Art. 9 — Risk management systemIterative risk evaluation → E4/E5 runtime signals feed the processPARTIAL<br>Art. 55 — GPAI systemic riskModel eval, adversarial testing, incident tracking → E3 war-zone probes + E1 incident loggingPARTIAL<br>Art. 10/11/17 — Data governance, technical docs, QMSProcedural / organizationalOUT
NIST AI RMF 1.0 (2023) + Generative AI Profile (NIST-AI-600-1, 2024)<br>MEASURE 2.x —...