Standards

Our certification standards are published and transparent. These are the criteria we use to evaluate Evidence Packs for certification.

Certification criteria

To be certified, your Evidence Pack must meet all five criteria below.

1

Complete AI Inventory

Evidence Pack includes a complete register of all AI systems, including third-party tools and shadow usage. Each system is documented with purpose, type, and status.

2

Ownership Documentation

Each AI system has a designated owner with documented accountability. Sign-off documentation is present for all systems.

3

Risk Classification with Rationale

All AI systems are classified by risk level with documented rationale. Classifications align with EU AI Act categories or other relevant frameworks.

4

Monitoring Plan

Evidence Pack includes a monitoring plan that outlines review cadences, metrics tracked, and processes for ongoing oversight.

5

Exportable Format

Evidence Pack is exportable as PDF and shareable via link. All sections are present and properly structured.

Verification vs attestation

What we verify

  • • Completeness of Evidence Pack sections
  • • Presence of required documentation
  • • Consistency of risk classifications with rationale
  • • Exportability and structure of Evidence Pack
  • • Documentation quality and clarity

What you attest to

  • • Accuracy of AI inventory information
  • • Appropriateness of risk classifications
  • • Effectiveness of monitoring and controls
  • • Compliance with applicable regulations
  • • Currency of information in Evidence Pack

Certification process

1

Produce Evidence Pack

Use the Evidence Engine to produce your Evidence Pack. Document all AI systems, ownership, risk classifications, and monitoring processes.

2

Submit for Review

Submit your Evidence Pack for review. Our team will evaluate it against our published criteria.

3

Review Period

We review your Evidence Pack for completeness, structure, and documentation quality. This typically takes 5-7 business days.

4

Certification Decision

If your Evidence Pack meets our standards, certification is issued. If not, we provide feedback for improvement.

Required outputs

Your Evidence Pack must include the following sections, all exportable as PDF:

  • Executive Summary: Overview of AI governance approach and key highlights
  • AI Systems Inventory: Complete register of all AI systems with details, classifications, and status
  • Ownership & Sign-off: Clear documentation of who owns and is accountable for each AI system
  • Risk Classification Rationale: Documented risk classifications with rationale aligned to EU AI Act categories
  • Monitoring Plan: Ongoing monitoring processes, metrics, and review cadences
  • Change Log & Incident Log: History of system updates, changes, and any incidents

Data handling

Your data is used solely to produce and review your Evidence Pack. We do not share your information with third parties.

All data is stored securely and handled in accordance with our privacy policy. You retain full ownership of your Evidence Pack and can export it at any time.

For detailed information about how we handle your data, see our Privacy Policy.

Frequently asked questions