Compliance

Your auditor asked about AI. Here's your answer.

TrustScope generates framework-mapped evidence across runtime governance controls, with verifiable records and explicit gap labeling.

Start Free Book Compliance Walkthrough

Last verified mapping date: February 19, 2026

The compliance paradox

Prove the controls ran without exposing sensitive data.

Traditional logs either reveal too much data or too little proof. TrustScope evidence shows which checks executed, which policy path was taken, and what action was enforced, without disclosing protected payloads.

Evidence chain

Trace
27 Engines
Policy
Receipt
Hash Chain
Framework Mapping
Export

AIUC-1 domain snapshot

A. Data & Privacy

Strong

PII, secrets, redaction controls

B. Security

Strong

Injection, jailbreak, command firewall

C. Safety

Strong

Toxicity, hallucination, fairness strand (C003)

D. Reliability

Good

Loop killer, velocity, error rate

E. Accountability

Strong

Hash-chained receipts, audit exports

F. Cyber Misuse

Strong

CBRN prevention via security engines

Framework pages

AIUC-1

Strong across all 6 domains

Primary framework for runtime AI governance.

SOC 2

6 ready / 10 AI-relevant controls

Trust services criteria mapping.

EU AI Act

Strong on Articles 9, 11, 12, 13, 14

High-risk obligations converge by August 2, 2026.

NIST AI RMF

42 ready / 63 applicable

Safe-harbor relevant posture for TRAIGA contexts.

ISO 42001

22 ready / 38 controls

AIMS controls with organizational gaps clearly separated.

Source: EUR-Lex AI Act timelineSource: TrustScope AIUC-1 mapping methodology

Critical customer requirements

Third-party testing controls (AIUC-1 B001, C010-C012, D002, D004) require an external assessor.
Written policy documents are customer-authored; TrustScope enforces and evidences execution.
Training-data governance remains outside TrustScope runtime scope and must come from customer controls.

Enforce

$199/mo

  • 27 engines with AI-hybrid detections
  • Audit trail exports and retention controls
  • Popular tier for audit prep

Govern

Contact Sales

  • Signed evidence chain and long-term retention
  • BYOK signing and underwriting-grade exports
  • Advanced compliance workflows and reviews

Evidence, not legal determination

TrustScope provides governance evidence, not compliance determinations. Compliance assessment requires review by qualified legal, audit, or compliance professionals.

Need framework-specific mapping detail?

Open the framework pages for control-level tables and evidence references.

View AIUC-1 MappingCompare Plans