Sector-Specific & Emerging
Operational controls for sector-specific & emerging — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →9 controls
Anthropomorphic and Companion AI Safeguards
Establish design requirements and governance review processes for AI systems that simulate human personality, emotional connection, or companionship, addressing psychological influence risks, minor user protections, and disclosure obligations that apply to AI products designed for ongoing interpersonal interaction.
Clinical AI Governance Committee Charter
Establish a healthcare-specific AI governance committee with clinical and technical expertise, defined quorum and decision rights, escalation authority over AI systems involved in clinical decision support and patient care, and a review cadence aligned to FDA Software as a Medical Device (SaMD) guidance and applicable state clinical standards.
Critical Infrastructure AI Risk Assessment and Containment
Define a sector-specific risk assessment process for AI systems deployed in critical infrastructure environments — including energy, water, transportation, and financial market infrastructure — that addresses operational technology (OT) blast-radius containment, consequence-of-failure analysis, and cross-sector dependency risk distinct from standard enterprise AI risk frameworks.
Insurance Sector AI Documentation Standards
Establish documentation standards for AI systems used in insurance underwriting, claims adjudication, pricing, and fraud detection that meet state insurance commissioner market conduct examination expectations, NAIC model bulletin requirements, and applicable state-level algorithmic accountability obligations.
National Security and Dual-Use AI Risk Assessment
Establish a risk assessment process for AI systems and AI research activities that could constitute dual-use technology — with applications in both commercial and national security or weapons contexts — addressing BIS export control obligations, ITAR compliance for defense applications, dual-use research of concern protocols, and foreign adversarial misuse monitoring.
Self-Hosted Open-Weight AI Model Governance
Establish an intake policy and governance controls for AI model weights downloaded from public repositories and deployed in the organization's own infrastructure, addressing integrity verification, license compliance, safety evaluation before deployment, and ongoing update management distinct from vendor-hosted AI procurement.
Consumer and External AI Tool Acceptable Use Policy
Establish an acceptable use policy for employee and contractor use of consumer-grade and externally hosted AI tools — including public AI assistants, browser-based AI tools, and AI-enabled SaaS features — that defines permitted uses, data handling restrictions, access controls, and onboarding attestation requirements to manage shadow AI risk.
AI-Specific External Complaints and Redress Mechanism
Design and operate a formal mechanism for external parties — customers, employees, subjects of AI decisions, and members of the public — to submit complaints about AI system outputs or decisions, receive timely responses, access human review of AI-assisted decisions upon request, and obtain meaningful redress where the AI decision was incorrect or unfair.
AI System Algorithm Register
Design and maintain a standardized register of deployed AI systems — public-facing or internal — that documents each system's purpose, decision scope, risk classification, data inputs, and accountability contacts, meeting emerging algorithmic accountability requirements from the EU AI Act, New York Local Law 144, Amsterdam-model algorithm registers, and equivalent frameworks.