AI Solutions Framework — Enterprise AI-Adoption Control Framework (IG1–IG3) · v1.0

AI Solutions Framework — Enterprise AI-Adoption Control Framework (IG1–IG3)

AI Solutions Framework — Enterprise AI-Adoption Control Framework (IG1–IG3) — 40% covered.

15 requirements · 6 enforced · 0 designed · 0 advisory · 0 deferred.

Source: The AI Solutions Framework is an enterprise AI-adoption control framework — a prioritised, maturity-tiered (Implementation Group IG1 through IG3) set of ~90 safeguards organised into six control families: AI governance & accountability, AI risk management, AI safety, data privacy & lineage, compliance monitoring, and audit & evidence. Each safeguard defines a control an organisation adopting AI should operate. KYE Protocol™ governs the SUBSET of these safeguards that resolve at the action boundary — the moment an AI-supported decision or agent action moves toward a consequential effect — and PROVES the authority and evidence later. KYE governs whether the action may proceed (under a named-authority approval, with the required due-diligence / attestation recorded, held advisory through the human-oversight / stage gate, with any exception recorded), and emits the evidence chain. KYE does not author the governance policy, run the risk committee, maintain the AI inventory, deliver the training, or verify the deploy-time infrastructure posture — those organisational and CSPM safeguards are ceded honestly to their owning roles. · License: The AI Solutions Framework is referenced descriptively as an enterprise AI-adoption control framework; KYE registry cites its control families for mapping purposes and asserts no ownership of the framework text.

By category

CategoryReqsEnforcedDesignedAdvisoryDeferredCoverage
AI governance & accountability (enforced action-boundary subset) 2 2 0 0 0 100%
AI risk management & safety (enforced action-boundary subset) 2 2 0 0 0 100%
Compliance monitoring & audit/evidence (enforced action-boundary subset) 2 2 0 0 0 100%
Organisational (out-of-scope — governance-office / ciso) 5 0 0 0 0 0%
Infrastructure posture / CSPM (out-of-scope — cloud-platform / devsecops) 4 0 0 0 0 0%

Every requirement → the KYE artefact that enforces it

IDTitleStatusKYE enforcement
ai-solutions-framework.approval-workflow-authority Approval workflow: an AI-supported decision proceeds to a consequential action only under a recorded named-authority approval enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
dictionaries: internal
engines: internal, internal
audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1
constitution_refs: constitution/12-PURPOSE-PERMISSION.md
ai-solutions-framework.accountability-named-principal Accountability: every AI agent action resolves to exactly one named accountable principal enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
engines: internal
audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1
constitution_refs: constitution/12-PURPOSE-PERMISSION.md
ai-solutions-framework.attestation-due-diligence-before-action Attestation: a required due-diligence / risk attestation is recorded before the AI-supported action proceeds enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
dictionaries: internal
engines: internal, internal
audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1, kye.evidence.pack.v1
constitution_refs: constitution/13-RESILIENCE-LOOP.md
ai-solutions-framework.human-oversight-stage-gate Human-oversight stage gate: a consequential AI action stays advisory until a named human reviewer signs off enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
engines: internal, internal
audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1
constitution_refs: constitution/36-GOVERNEDUI.md
ai-solutions-framework.exception-register Exception register: any deviation / override of an AI control is recorded as a signed, replay-provable exception enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
dictionaries: internal
engines: internal
audit_events: kye.evidence.decision_map.v1, kye.replay.context_seal.v1, kye.evidence.pack.v1
constitution_refs: constitution/13-RESILIENCE-LOOP.md
ai-solutions-framework.audit-evidence-provenance-pin Audit & evidence: every consequential AI action emits a signed, replay-derivable provenance pin verifiable offline enforced rule_packs: kye:rule-pack:ai-solutions-framework-authority
engines: internal, internal
audit_events: kye.evidence.tool_call.v1, kye.replay.context_seal.v1, kye.replay.proof.v1, kye.evidence.pack.v1
constitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/30-AUDIT-WORM-RETENTION.md
ai-solutions-framework.ai-governance-board AI governance board / steering committee established with a charter and decision rights out-of-scope (no enforcement cited)
ai-solutions-framework.ai-system-inventory Authoritative inventory of AI systems, models, and use-cases maintained out-of-scope (no enforcement cited)
ai-solutions-framework.ai-acceptable-use-policy AI acceptable-use and governance policy documents authored, approved, and published out-of-scope (no enforcement cited)
ai-solutions-framework.ai-workforce-training Role-based AI-risk and responsible-use training delivered and tracked out-of-scope (no enforcement cited)
ai-solutions-framework.ai-risk-committee-review Periodic AI-risk committee review of the AI risk register and treatment plans out-of-scope (no enforcement cited)
ai-solutions-framework.model-inference-logging-enabled Model / inference logging enabled and centrally collected at the platform layer out-of-scope (no enforcement cited)
ai-solutions-framework.ai-data-storage-encryption AI training / inference data stores encrypted at rest and in transit out-of-scope (no enforcement cited)
ai-solutions-framework.ai-iam-least-privilege IAM roles for AI workloads enforce least-privilege (no wildcard grants) out-of-scope (no enforcement cited)
ai-solutions-framework.ai-network-egress-posture Network egress controls for AI workloads restrict outbound calls to approved endpoints out-of-scope (no enforcement cited)