Every framework. Every obligation. Every decision.

Enterprises operating across jurisdictions face overlapping AI frameworks that ask for the same evidence in different languages. Veridra produces it once, maps it everywhere.

The cross-framework problem

A US bank with EU operations and a Singapore branch faces SR 11-7, EU AI Act, and MAS FEAT simultaneously — often for the same AI system. A healthcare provider with payers in three states faces HIPAA, HHS OCR, and state-level AI transparency laws at once. An international insurance carrier faces NAIC guidance, the EU AI Act, and GDPR Article 22 on the same claims adjudication model. These frameworks do not align cleanly, but they ask fundamentally similar evidence questions.

Building separate evidence pipelines for each framework is expensive and creates inconsistency — the fact-of-the-matter about a decision should not change depending on which regulator is asking. Veridra produces a single, consistent evidence stream and maps the output to each framework's specific terminology and obligation set.

How the mapping works

One decision, many framings

A single signed decision record contains the facts: what inputs, what model, what policy, what output, what human oversight, what timestamp, what jurisdiction. The framework crosswalk (maintained in the veridra-frameworks open-source repo) maps those facts to the specific obligations each regulator imposes. A drift event maps to EU AI Act Article 72 (post-market monitoring) for EU regulators, and to NIST AI RMF MEASURE-2.7 (continuous monitoring) for US-facing reports.

Evidence packs, per framework

When a regulator requests evidence, the pack is generated with their framework's terminology and their specific obligation set highlighted. The underlying facts do not change; the presentation does. An EU AI Act pack and a SR 11-7 pack covering the same period will reference the same signed decisions, organized differently.

Regulatory updates propagate

Frameworks evolve. EU AI Act secondary legislation is still emerging. NIST released RMF version 1.1 with updated function definitions. ISO 42001 is itself an evolving standard. The framework data is versioned, and your historical evidence inherits new framing as the crosswalk data updates — without changing the signed facts.

Framework coverage in detail

• EU AI Act — Articles 9 (risk management), 12 (record-keeping), 14 (human oversight), 15 (accuracy / robustness / cybersecurity), 72 (post-market monitoring) — with full article-level crosswalk.
• NIST AI RMF — GOVERN, MAP, MEASURE, MANAGE functions with category and subcategory-level coverage.
• SR 11-7 / OCC 2011-12 / FDIC guidance — three pillars (conceptual soundness, ongoing monitoring, outcomes analysis) — specifically tuned for AI extensions.
• ISO/IEC 42001 — AI Management System clauses 4-10 and Annex A controls for certification readiness.
• HIPAA + FDA SaMD + HHS OCR Section 1557 — healthcare-specific overlay.
• GDPR Article 22 + EU AI Act Article 50 — automated decision transparency and generative AI disclosure.
• State-level laws — CO SB 205, NYC LL 144, TX HB 2060, CA SB 942 and emerging analogues.