Coverage Map

Important: Scope of this Coverage Map (No automatic compliance)

This Coverage Map provides traceability between AIMO Standard elements and major regulations/standards to accelerate audit explanations and evidence readiness. It does NOT automatically guarantee compliance with any specific regulation or standard. Applicable obligations vary by role (e.g., provider/deployer), use case, risk classification, transition timelines, and authoritative interpretations/certification schemes.

How to use this map (traceability workflow)

1. Start from the external requirement (e.g., ISO/NIST/EU AI Act/ISMS) and find the mapped AIMO Standard elements.
2. Use the linked AIMO elements to identify required artifacts and minimum evidence requirements.
3. Validate completeness and consistency using the Validator, and apply human review where required (see Human Oversight Protocol).

Key resources:

• Taxonomy — classification codes
• Minimum Evidence Requirements — MUST-level checklist
• Evidence Bundle — bundle structure and TOC
• Log Schemas — Shadow AI / agent activity evidence
• Validator — structural consistency checks
• Human Oversight Protocol — machine vs. human review boundary

---

This section maps AIMO Standard evidence and artifacts to external frameworks and regulations for audit explainability. It does not guarantee compliance or provide legal advice.

• Methodology: what the mapping is and is not; how to use it; update policy; relationship to Evidence Bundle and Minimum Evidence Requirements.
• ISO/IEC 42001: ISO/IEC 42001 mapping — AI management system themes.
• NIST AI RMF: NIST AI RMF mapping — Govern, Map, Measure, Manage.
• EU AI Act: EU AI Act mapping — high-level documentation and record-keeping (not legal interpretation).
• ISMS view: ISMS mapping — ISO/IEC 27001/27002 themes (change management, access control, logging, evidence integrity).