Trust and compliance
Regulatory mapping matrix. EU AI Act, Colorado SB 205, NYC LL 144, SR 11-7, ISO 42001-adjacent.
What this is
COHESION exists to produce the compliance proof regulators require. This page is the matrix.
Regulatory mapping
| Framework | COHESION surface | Status |
|---|---|---|
| EU AI Act Article 14 (Human Oversight) | 7-dimension JIS + operator profile + compliance report | Direct mapping in the normative spec |
| Colorado SB 205 (effective 2026-06-30) | Duty of care for AI developers and deployers; JIS evidences human oversight | Mapping in docs/trust/colorado-sb-205-mapping.md |
| NYC Local Law 144 | Automated Employment Decision Tool bias-audit; dashboard + compliance report | Mapping in docs/trust/nyc-local-law-144-mapping.md |
| SR 11-7 (US model risk management) | Effective challenge of model output; JIS quantifies human challenge | Discussed in sales-engineering sessions |
| ISO/IEC 42001 | AI management system; COHESION is a control under clause 8 (operation) | Adjacent alignment |
| NIST AI RMF | MEASURE and MANAGE functions | JIS plus dashboard satisfy MEASURE 2.8, 2.9; maintenance recommendation satisfies MANAGE 2.3 |
| SOC 2 Type I | Trust service criteria | Planned Q3 2026 |
| GDPR | Personal data processing | DPA, DPIA, SCCs available today |
Artifacts
Normative spec
The certification spec v1.0 is the source of truth for the 7 dimensions, decay model, invisible maintenance protocol, and certification tiers.
Patent
Provisional filed 2026-04-13, 31 claims covering middleware, telemetry, JIS computation, and invisible intervention. Full-filing deadline 2027-04-13.