ReguNav / Frameworkv0.1

The eight layers

Click any layer to inspect its current entries from the v0.1 seed dataset. The full machine-readable graph is at api.regunav.com/v1/ontology.

L1

Authority Document

9 items

Versioned regulations + standards.

  • eu-ai-act@2024-1689Regulation (EU) 2024/1689 on Artificial Intelligence
  • iso-42001@2023Information technology — Artificial intelligence — Management system
  • iso-27001@2022Information security management systems — Requirements
  • gdpr@2016-679Regulation (EU) 2016/679 — General Data Protection Regulation
  • soc2@2017Trust Services Criteria
  • dora@2022-2554Regulation (EU) 2022/2554 — Digital Operational Resilience Act
  • …and 3 more
L2

Obligation

12 items

Canonical, framework-neutral imperatives.

  • OBL-PRIV-ACCESS-001Right of access to personal data
  • OBL-PRIV-ERASURE-001Right to erasure
  • OBL-AI-FRIA-001Fundamental-rights impact assessment for high-risk AI
  • OBL-AI-RISK-MGMT-001AI risk-management system
  • OBL-AI-DATA-GOV-001Training data governance + bias mitigation
  • OBL-AI-LOGGING-001AI system event logging
  • …and 6 more
L3

Control

6 items

Reusable controls with explicit cross-walks.

  • CTRL-IAM-ACCESS-REVIEW-001Quarterly privileged-access review
  • CTRL-INC-RESPONSE-72H-001Personal-data-breach 72h response runbook
  • CTRL-AI-FRIA-AUTHORING-001FRIA authoring + sign-off workflow
  • CTRL-AI-EVENT-LOG-001Automatic AI-system event logging
  • CTRL-AI-DATA-GOV-001Training-data governance + bias-test gating
  • CTRL-AI-LITERACY-001Annual AI-literacy training register
L4

Evidence

8 items

Typed proof artefacts with owner + cadence.

  • EV-IAM-001Privileged access review report
  • EV-INC-001Incident response runbook + tabletop record
  • EV-INC-002Regulator notification draft + timestamp
  • EV-FRIA-001FRIA report — signed
  • EV-AI-LOG-001AI-system event-log retention attestation
  • EV-DATA-GOV-001Bias-test results + dataset card
  • …and 2 more
L5

Software Architecture

6 items

Concrete capabilities + reference patterns.

  • ARCH-IAM-001RBAC/ABAC policy engine + scheduled review job
  • ARCH-IAM-002Approval workflow
  • ARCH-INC-001Immutable audit log + paging chain
  • ARCH-AI-LOG-001AI-system event collector
  • ARCH-AI-FRIA-001FRIA agent + approver chain
  • ARCH-DATA-GOV-001Bias-test gate + lineage capture
L6

Policy-as-Code

3 items

Cerbos / OPA / Cedar / Casbin bundles.

  • POL-IAM-PRIV-001POL-IAM-PRIV-001
  • POL-AI-FRIA-001POL-AI-FRIA-001
  • POL-INC-72H-001POL-INC-72H-001
L7

Audit Trail

0 items

Owner + test cadence + linkage at runtime.

Layer surfaced via the AuditTrailLink + AiSystemGovernance types — populated per tenant in the SaaS, not in the public seed.

L8

AI Governance

0 items

AI-system intended purpose + risk class + lineage.

Layer surfaced via the AuditTrailLink + AiSystemGovernance types — populated per tenant in the SaaS, not in the public seed.