Sector-Specific & Emerging
Operational controls for sector-specific & emerging — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →7 controls matching filters
Anthropomorphic and Companion AI Safeguards
Establish design requirements and governance review processes for AI systems that simulate human personality, emotional connection, or companionship, addressing psychological influence risks, minor user protections, and disclosure obligations that apply to AI products designed for ongoing interpersonal interaction.
Clinical AI Governance Committee Charter
Establish a healthcare-specific AI governance committee with clinical and technical expertise, defined quorum and decision rights, escalation authority over AI systems involved in clinical decision support and patient care, and a review cadence aligned to FDA Software as a Medical Device (SaMD) guidance and applicable state clinical standards.
Critical Infrastructure AI Risk Assessment and Containment
Define a sector-specific risk assessment process for AI systems deployed in critical infrastructure environments — including energy, water, transportation, and financial market infrastructure — that addresses operational technology (OT) blast-radius containment, consequence-of-failure analysis, and cross-sector dependency risk distinct from standard enterprise AI risk frameworks.
National Security and Dual-Use AI Risk Assessment
Establish a risk assessment process for AI systems and AI research activities that could constitute dual-use technology — with applications in both commercial and national security or weapons contexts — addressing BIS export control obligations, ITAR compliance for defense applications, dual-use research of concern protocols, and foreign adversarial misuse monitoring.
Self-Hosted Open-Weight AI Model Governance
Establish an intake policy and governance controls for AI model weights downloaded from public repositories and deployed in the organization's own infrastructure, addressing integrity verification, license compliance, safety evaluation before deployment, and ongoing update management distinct from vendor-hosted AI procurement.
AI-Specific External Complaints and Redress Mechanism
Design and operate a formal mechanism for external parties — customers, employees, subjects of AI decisions, and members of the public — to submit complaints about AI system outputs or decisions, receive timely responses, access human review of AI-assisted decisions upon request, and obtain meaningful redress where the AI decision was incorrect or unfair.
AI System Algorithm Register
Design and maintain a standardized register of deployed AI systems — public-facing or internal — that documents each system's purpose, decision scope, risk classification, data inputs, and accountability contacts, meeting emerging algorithmic accountability requirements from the EU AI Act, New York Local Law 144, Amsterdam-model algorithm registers, and equivalent frameworks.