Reference

Standards mapping matrix

Every ACF® methodological card is mapped to five major standards: EU AI Act, ISO/IEC 42001, NIST AI RMF, GDPR, COBIT 2019. The mapping is conservative — only the principal article is cited. The full machine-readable matrix is exposed via the acf.regulation.article MCP tool.

iNote

Type into the filter to narrow the matrix to a fiche, an article, or a keyword (“kill switch”, “art. 22”, “audit”…). Click any cell to highlight it. Toggle the standard columns to compare two frameworks side by side.

ACF® Fiche	EU AI Act	ISO/IEC 42001	NIST AI RMF	GDPR	COBIT 2019
`ACF-00`Sovereignty ScoreEvaluates the level of decisional sovereignty preserved by the organisation across the agent portfolio.
`ACF-01`Decision MapMaps every decision the agent makes and its approval chain.
`ACF-02`Criticality MatrixClassifies each agent by criticality, impact, and irreversibility.
`ACF-03`Agentic ConstitutionInternal charter — who decides what, how, with which limits.
`ACF-04`Agent CardOperational identity: perimeter, data, tools, autonomy level.
`ACF-05`Supervision & GovernanceContinuous supervision mechanisms.
`ACF-06`Kill SwitchThree-level emergency shutdown procedure with measurable response times.
`ACF-07`First Agent DossierQualification dossier before production go-live.
`ACF-08`Agentic Decision RegisterCryptographically signed event log (Ed25519 + hash chain).
`ACF-09`Action & Improvement PlanPost-deployment improvement plan.
`ACF-10`30-Day Governance AuditPeriodic internal audit.
`ACF-11`Agentic Risk AssessmentSpecific risk analysis: drift, hallucination, escalation.
`ACF-12`Agent MandateFormal delegation from the organisation to the DDAO.
`ACF-13`Guided Practical CaseWorked use case for training and blind audit.
`ACF-14`Teacher GuidePedagogical run sheet for trainers.
`ACF-15`Governance SimulationSandbox exercise — mandatory quarterly per ACF®.
`ACF-16`Accountability by DesignCross-cutting accountability principle.

17 / 17 fiches5 / 5 standards

How to read the matrix

ACF-08 (Agentic Decision Register) directly implements the EU AI Act Art. 12 obligation on automatic event logging and Art. 26(6) on six-month log retention by the deployer. ISO/IEC 42001-side, it falls under clause 9.1 (monitoring, measurement, analysis, evaluation). NIST AI RMF-side, MEASURE-2. GDPR-side, Art. 30 (record of processing activities). COBIT-side, MEA-01.

A compliance team that deploys ACF-08 produces, in one motion, the artifacts that all five standards demand. That is the economy of scale the matrix makes operational.

Programmatic access

This matrix is derived from the same JSON consumed by the MCP server. To consume it inside an AI agent, use the acf.regulation.article tool and pass an article identifier (e.g. AI Act Art. 9); you get the verified text + the list of ACF® fiches operationalising it + their mapping cells for the other four standards.

Versioning

The mapping is versioned with the doctrine. The current version is embedded in every doctrine_hash emitted by acf-mcp. When a standard evolves (e.g. AI Act amendment), a new doctrine_version ships and the signature changes. Prior versions stay verifiable.