Skip to main content
    iTmethods

    REGULATORY FRAMEWORKS · THE REIGN TRUST LAYER

    The regulatory frameworks Reign maps to.

    Continuous Observability + Continuous Assurance, pre-mapped.

    14 frameworks. Four regulated industries. Native vocabulary that matches the submission your regulator already accepts.

    14 frameworks4 regulated industriesNative regulator vocabulary

    Banking & Capital Markets

    Frameworks for the regulated balance sheet.

    Federal Reserve, OSFI, the EU AI Act, FINOS, and the Basel Committee — the framework stack the world's largest banks and capital-markets institutions answer to. Reign pre-maps to all five.

    Federal Reserve SR 26-2

    Model Risk Management — replaces SR 11-7

    LIVE

    Joint Federal Reserve / OCC / FDIC supervisory guidance on model risk management. Replaces SR 11-7 issued April 17, 2026. Requires segregation of duties, challenger model validation, and ongoing monitoring for all material models including AI/ML.

    Effective
    Jurisdiction
    April 17, 2026
    United States

    How Reign maps

    Reign Model Risk Validation pre-maps to SR 26-2 effective challenge, registry, and ongoing monitoring requirements. Audit Ledger CAVR produces the SR 26-2-grade evidence regulators ask for.

    OSFI E-23

    Canadian FRFI Model Risk Management

    IN FORCE

    Office of the Superintendent of Financial Institutions guideline E-23 — the Canadian equivalent of SR 26-2. Final version published September 2025; in force May 1, 2027. Applies to all federally regulated financial institutions.

    Effective
    Jurisdiction
    May 1, 2027
    Canada

    How Reign maps

    Reign Model Risk Validation + Audit Ledger CAVR pre-map to OSFI E-23 model owner identification, challenger validation, and the May 2027 in-force date.

    EU AI Act (High-Risk)

    Annex III high-risk AI obligations

    BINDING DATE

    EU regulation 2024/1689 on artificial intelligence. High-risk obligations binding August 2, 2026. Annex III covers credit scoring, fraud detection, AML, automated underwriting, employment AI, and other high-stakes AI deployments. Penalties up to €35M or 7% global turnover.

    Effective
    Jurisdiction
    August 2, 2026
    European Union

    How Reign maps

    Reign AI Gateway + Assurance Packs pre-map to EU AI Act Article 12 (record-keeping), Article 14 (human oversight), Article 15 (accuracy and robustness). Reign for Life Sciences extends EU AI Act to GMP Annex 11 contexts.

    Read the deep-dive

    FINOS AIGF v2.0

    AI Governance Framework — open source

    STANDARD

    Fintech Open Source Foundation AI Governance Framework. Version 2.0 (April 2026) added a dedicated agentic AI risk catalogue. 25 risk categories pre-mapped to EU AI Act, DORA, NIST AI RMF, ISO 42001, OWASP, MITRE ATLAS. Six new agentic AI risk categories added in v2.0.

    Effective
    Jurisdiction
    April 2026
    Global

    How Reign maps

    Reign covers all 25 AIGF risk categories natively. The six v2.0 agentic AI risks are addressed by Reign AI Gateway (MCP-native) and Audit Ledger CAVR.

    Read the deep-dive

    BCBS 239

    Risk Data Aggregation and Risk Reporting

    LIVE

    Basel Committee on Banking Supervision principles for effective risk data aggregation and risk reporting at G-SIBs and D-SIBs. The data-quality and lineage backbone behind every regulator interaction in banking.

    Effective
    Jurisdiction
    in force
    Global

    How Reign maps

    Reign Audit Ledger CAVR provides the AI-decision lineage backbone BCBS 239 expects of all material risk reports.

    DORA

    Digital Operational Resilience Act

    LIVE

    EU Regulation 2022/2554 on digital operational resilience for financial services. Enforcement live January 2025. Includes ICT third-party risk management and incident reporting requirements that apply to AI/ML providers.

    Effective
    Jurisdiction
    January 17, 2025
    European Union

    How Reign maps

    Reign Audit Ledger CAVR + Assurance Packs deliver DORA ICT third-party evidence and incident-reporting timelines.

    Read the deep-dive

    Life Sciences

    Frameworks for the regulated lab and the regulated factory.

    FDA PCCP, 21 CFR Part 11, GxP, ICH Q9, and EU GMP Annex 11 — the discipline behind every AI/ML deployment in pharma manufacturing, clinical, and regulatory affairs. Reign for Life Sciences extends the platform with GxP-fluent vocabulary and ALCOA+ data integrity.

    EU AI Act (High-Risk)

    Annex III high-risk AI obligations

    BINDING DATE

    EU regulation 2024/1689 on artificial intelligence. High-risk obligations binding August 2, 2026. Annex III covers credit scoring, fraud detection, AML, automated underwriting, employment AI, and other high-stakes AI deployments. Penalties up to €35M or 7% global turnover.

    Effective
    Jurisdiction
    August 2, 2026
    European Union

    How Reign maps

    Reign AI Gateway + Assurance Packs pre-map to EU AI Act Article 12 (record-keeping), Article 14 (human oversight), Article 15 (accuracy and robustness). Reign for Life Sciences extends EU AI Act to GMP Annex 11 contexts.

    Read the deep-dive

    FDA PCCP

    Predetermined Change Control Plan for AI/ML

    FINAL GUIDANCE

    FDA final guidance on Predetermined Change Control Plans for AI/ML-enabled medical device software. Live final guidance + August 2025 international guiding principles (FDA + Health Canada + MHRA).

    Effective
    Jurisdiction
    live
    United States

    How Reign maps

    Reign Model Risk Validation + Audit Ledger CAVR support PCCP submission preparation: pre-validated change envelopes, automated drift detection within the PCCP boundary, and submission-ready evidence packages.

    21 CFR Part 11

    Electronic records + electronic signatures

    LIVE

    FDA regulation governing electronic records and electronic signatures in life-sciences GxP. Audit trail integrity, attribution, and signature controls are foundational to every AI/ML deployment in regulated pharma manufacturing and clinical workflows.

    Effective
    Jurisdiction
    in force
    United States

    How Reign maps

    Reign Audit Ledger CAVR is hash-chained, tamper-evident, and identity-bound — designed for 21 CFR Part 11 attestation.

    GxP

    GCP, GMP, GLP — Good Practice

    LIVE

    Quality guidelines and regulations covering Good Clinical Practice (GCP), Good Manufacturing Practice (GMP), and Good Laboratory Practice (GLP) in pharmaceutical and biotech operations. The operating-discipline lens that AI/ML must satisfy.

    Effective
    Jurisdiction
    in force
    Global

    How Reign maps

    Reign for Life Sciences extends the platform with GxP-fluent control vocabulary and ALCOA+ data integrity primitives.

    ICH Q9

    Quality Risk Management

    LIVE

    International Council for Harmonisation guideline on Quality Risk Management for pharmaceutical manufacturing. AI/ML deployments must satisfy Q9 risk-management discipline.

    Effective
    Jurisdiction
    in force
    Global

    How Reign maps

    Reign Model Risk Validation produces ICH Q9-grade risk artifacts for each model deployed in GMP scope.

    EU GMP Annex 11

    Computerised Systems

    LIVE

    EU Good Manufacturing Practice guideline Annex 11 — governs computerised systems in pharmaceutical manufacturing, including validation, change control, and audit trails. Applies to AI/ML systems in regulated pharma.

    Effective
    Jurisdiction
    in force
    European Union

    How Reign maps

    Reign Audit Ledger CAVR + Assurance Packs deliver Annex 11-grade audit trails and validation evidence.

    Cross-industry

    Standards that bind across every regulated industry.

    ISO/IEC 42001, NIST AI RMF, DORA, and the NAIC AI Bulletin — the cross-cutting standards every CRO, CISO, and Chief AI Officer is asked to satisfy. Reign's four-component spine is aligned to all four.

    EU AI Act (High-Risk)

    Annex III high-risk AI obligations

    BINDING DATE

    EU regulation 2024/1689 on artificial intelligence. High-risk obligations binding August 2, 2026. Annex III covers credit scoring, fraud detection, AML, automated underwriting, employment AI, and other high-stakes AI deployments. Penalties up to €35M or 7% global turnover.

    Effective
    Jurisdiction
    August 2, 2026
    European Union

    How Reign maps

    Reign AI Gateway + Assurance Packs pre-map to EU AI Act Article 12 (record-keeping), Article 14 (human oversight), Article 15 (accuracy and robustness). Reign for Life Sciences extends EU AI Act to GMP Annex 11 contexts.

    Read the deep-dive

    FINOS AIGF v2.0

    AI Governance Framework — open source

    STANDARD

    Fintech Open Source Foundation AI Governance Framework. Version 2.0 (April 2026) added a dedicated agentic AI risk catalogue. 25 risk categories pre-mapped to EU AI Act, DORA, NIST AI RMF, ISO 42001, OWASP, MITRE ATLAS. Six new agentic AI risk categories added in v2.0.

    Effective
    Jurisdiction
    April 2026
    Global

    How Reign maps

    Reign covers all 25 AIGF risk categories natively. The six v2.0 agentic AI risks are addressed by Reign AI Gateway (MCP-native) and Audit Ledger CAVR.

    Read the deep-dive

    ISO/IEC 42001

    AI Management Systems

    STANDARD

    ISO/IEC 42001 — international standard for AI management systems, published December 2023. Emerging as the de facto AI compliance standard for 2026. Microsoft and SAP already certified. KPMG issued the first ISO 42001 audit claim.

    Effective
    Jurisdiction
    2024 (in deployment)
    Global

    How Reign maps

    Reign architecture is ISO 42001-aligned by design: roles + responsibilities (Annex A), AI policy authoring, risk assessment, treatment, monitoring, and continual improvement.

    NIST AI RMF

    AI Risk Management Framework

    STANDARD

    National Institute of Standards and Technology AI Risk Management Framework, published January 2023, with the GenAI Profile released July 2024. Voluntary US framework with global adoption.

    Effective
    Jurisdiction
    2023 (with 2024 GenAI extension)
    United States (global adoption)

    How Reign maps

    Reign's four-component spine pre-maps to AI RMF GOVERN, MAP, MEASURE, MANAGE functions. Audit Ledger CAVR produces the documentation NIST profiles expect.

    NAIC AI Model Bulletin

    US insurance AI governance

    STANDARD

    National Association of Insurance Commissioners Model Bulletin on the Use of Artificial Intelligence Systems by Insurers. Adopted by approximately half of US states as of 2025.

    Effective
    Jurisdiction
    Adopted by ~half of US states
    United States (state-by-state)

    How Reign maps

    Reign's framework-mapping content covers NAIC AI Bulletin documented program requirements. Maps to insurance underwriting AI use cases.

    HOW REIGN MAPS — THREE LINES OF DEFENSE + INDEPENDENT ASSURANCE

    The frameworks talk. Reign translates.

    Every framework above expresses the same underlying control discipline. Reign ships the architecture pre-mapped — so you operate the controls, not author them from scratch.

    Continuous Observability + Continuous Assurance

    Reign Trust Layer

    Pre-mapped to every framework above. AI Gateway, Model Risk Validation, Audit Ledger CAVR, Assurance Packs.

    Business + Engineering

    1st Line — Risk Owners

    Operate with policy enforcement at the model layer. Identity-bound runtime decisions with full provenance.

    Model Risk + Compliance

    2nd Line — Risk Function

    Effective challenge, validation, and ongoing monitoring backed by independent, machine-verifiable evidence.

    Independent Assurance

    3rd Line — Internal Audit

    Tamper-evident Audit Ledger CAVR and submission-ready Assurance Packs map directly to regulator vocabulary.

    See how Reign maps to your specific exposure.

    Frameworks are the language regulators speak. Reign is the system that satisfies them — pre-mapped, identity-bound, and submission-ready by default.

    21 years operating regulated infrastructure. Architected for the agentic era.