ComplyHat ships four framework templates: SR 26-2, EU AI Act, NIST AI RMF, and ISO/IEC 42001. Each encodes which bias tests, protected classes, cadences, and report sections a regulator (or enterprise procurement) expects. When your host callsDocumentation Index
Fetch the complete documentation index at: https://docs.complyhat.ai/llms.txt
Use this file to discover all available pages before exploring further.
reports.start_draft for a framework, ComplyHat returns the template, structured evidence, and your compliance memory; the host composes the prose, the user approves, and reports.finalize persists the audit-tagged document.
The wedge: EU AI Act Article 17. Every provider of a high-risk system on the EU market must keep a technical file ready for the regulator by 2 August 2026. ComplyHat’s EU AI Act template renders the Annex IV sections directly.
SR 26-2
Joint Fed/FDIC/OCC model risk management guidance (issued 2026-04-17). Documentation, validation, and ongoing monitoring for large bank holding companies.
EU AI Act
Regulation (EU) 2024/1689. Annex IV technical-file sections required by Article 17.
NIST AI RMF
NIST AI 100-1. Govern / Map / Measure / Manage attestations. Voluntary baseline, increasingly cited by examiners and named as a safe harbor by state AI laws.
ISO/IEC 42001
ISO/IEC 42001:2023 AI Management System. Annex A controls and management-review artefacts. The certification EU enterprise procurement increasingly requires.
Why these four
Two cover mandatory regulation in the largest AI markets (US banking + EU). Two cover the standard internal-methodology + external-certification pair enterprise buyers expect. State-by-state and vertical-specific frameworks (insurance, healthcare, employment) are tracked in the engine but not in the V1 customer surface; they may return as V2 verticals once the four-framework wedge is proven.Capability matrix
Per-framework support for the five product capabilities.| Framework | Jurisdiction | Bias testing | Drift monitoring | Model cards | Reports | Ongoing monitoring |
|---|---|---|---|---|---|---|
| SR 26-2 | US Federal | ✓ | ✓ | ✓ | ✓ | ✓ |
| EU AI Act | EU | ✓ | ✓ | ✓ | ✓ | ✓ |
| NIST AI RMF | US Federal | ✓ | ✓ | ✓ | ✓ | ✓ |
| ISO/IEC 42001 | International | ✓ | ✓ | ✓ | ✓ | ✓ |
report_templates row, so reports.start_draft returns a structured template for each, and the bias, drift, and explainability engines run framework-agnostically; what changes per framework is which obligations get rendered into the audit trail. Drift cadence defaults to quarterly and is configurable: SR 26-2 and the EU AI Act expect a fixed monitoring rhythm, while NIST AI RMF and ISO/IEC 42001 tie revalidation to your own model lifecycle and scheduled management review.
Bias-test coverage
| Framework | Required tests | Cadence | Use case |
|---|---|---|---|
| SR 26-2 | Four-Fifths, statistical parity | Quarterly (default) | Model risk for large bank holding companies |
| EU AI Act | Four-Fifths, statistical parity, equal opportunity, predictive parity | Quarterly (default) | Broader protected-class coverage for high-risk systems |
| NIST AI RMF | Four-Fifths, statistical parity (mapped to Measure 2.11) | Quarterly (default) | Voluntary baseline / state-AI-law safe harbor |
| ISO/IEC 42001 | Four-Fifths, statistical parity (mapped to Annex A controls) | Quarterly (default) | AI Management System certification evidence |
Helpful resources
Authoritative regulator and standards body text first, then free explainers. Your counsel verifies the current text against the authoritative source; the explainers help your team get oriented. Every report is stamped with the framework version it was authored against, andframeworks.check_freshness returns the authoritative source URL so your host can confirm there have been no amendments before you submit.
EU AI Act
EU AI Act
- Regulation (EU) 2024/1689, full text on EUR-Lex: the authoritative Official Journal text (official source).
- AI Act Explorer: browse the whole Act by article and recital.
- High-level summary: a readable overview of the obligations by risk tier.
- Compliance checker: an interactive questionnaire that triages how the Act applies to your system.
- Small-business guide: what smaller providers and deployers need to do.
SR 26-2 (US model risk management)
SR 26-2 (US model risk management)
- SR 26-2, Revised Guidance on Model Risk Management (Federal Reserve): the current joint Fed/OCC/FDIC interagency guidance, issued April 17, 2026 (official source).
- OCC Bulletin 2026-13, Model Risk Management: the OCC counterpart carrying the identical interagency text for national banks (official source).
- SR 11-7, Guidance on Model Risk Management (Federal Reserve): the 2011 framework SR 26-2 supersedes; still the reference most validators cite (official source).
- FDIC announcement of the revised guidance: confirms all three agencies adopted it (official source).
NIST AI RMF
NIST AI RMF
- AI Risk Management Framework, NIST landing page: overview, timeline, and links to every resource (official source).
- AI RMF 1.0, NIST AI 100-1 (PDF): the framework itself, organized as Govern, Map, Measure, Manage (official source).
- AI RMF Playbook: suggested actions for each function (official source).
- AI RMF crosswalks: mappings from the AI RMF to ISO/IEC 42001, the EU AI Act, OECD, and more (official source).
- Generative AI Profile, NIST AI 600-1 (PDF): the companion profile for generative-AI risks (official source).
ISO/IEC 42001
ISO/IEC 42001
- ISO/IEC 42001:2023, official catalog page: scope and status; the full text is paywalled (official source).
- ISO 42001 explained: ISO’s free plain-language overview (official source).
- AI management systems, what businesses need to know: ISO’s hub on AIMS and 42001 (official source).
- ISO 42001 AI Management System (BSI): a national standards body’s overview and certification path.