REIGN · SPINE · ASSURANCE PACKS
Regulator-ready evidence packages.
Continuous Observability + Continuous Assurance. The Trust Layer for Enterprise AI.
Assurance Packs is component 4 of the Reign Spine — submission-ready evidence packages, mapped to the regulatory framework your industry answers to.
Three Lines of Defense
Assurance Packs is the Independent Assurance layer — regulator-facing evidence. AI Gateway is the 1st Line · Model Risk Validation is the 2nd Line · Audit Ledger (CAVR) is the 3rd Line.
Deployment
Same governance layer across every tier.
Audits are passed on packaged evidence — not on logs
Regulated industries do not pass an audit on the strength of their logs. They pass on the strength of evidence that is mapped, signed, and packaged in the format the regulator can read. Today, that packaging is a months-long manual exercise: pull data from logs, reconcile with audit trails, hand-build mapping tables to the framework citations, and assemble a submission document in the format the regulator expects. Compressed timelines make that manual exercise impossible.
- Logs are not evidence. Evidence is logs that have been mapped, signed, and packaged.
- Each regulator wants a different format: eCTD modules for FDA, DORA reporting templates for EU financial services, ISO 42001 audit packages for general AI risk.
- Mapping evidence to specific framework citations (21 CFR Part 11 §11.10, EU AI Act Article 12, AIGF risk #14) is repetitive, error-prone work.
- Cryptographic integrity is required end-to-end — from the original AI inference event through every transformation to the regulator hand-off.
- Compressed regulatory timelines (RAPID, FDA PCCP modifications, DORA incident reporting) mean evidence must be available continuously, not assembled retrospectively.
Reign Assurance Packs provide
Continuous assembly
Pulls from Audit Ledger (CAVR), Model Risk Validation, and AI Gateway automatically — no manual reconciliation.
Framework-mapped
Every evidence element is annotated with the specific regulatory citation it satisfies (21 CFR Part 11 §11.10, EU AI Act Art. 12, AIGF v2.0 risks, NIST AI RMF functions, ISO 42001 clauses).
Multi-format export
IND, NDA, BLA, 510(k), PCCP, DORA reporting templates, AIGF assurance reports, ISO 42001 audit packages — exportable in the format the regulator ingests.
Cryptographic integrity
Hash-chained evidence preserved across handoffs to internal QA, external auditors, and regulators.
Custom packets
Customer-defined templates for joint submissions, audit responses, and partner-facing assurance.
On-demand generation
Available on demand — submission-grade evidence is generated when needed, not assembled six weeks before filing.
The framework your industry answers to
Banking
SR 11-7 · OSFI E-23
Federal Reserve and OSFI model risk management — independent challenge, validation, and ongoing monitoring evidence.
Life Sciences
FDA PCCP · 21 CFR Part 11 · GxP
Predetermined Change Control Plans, electronic records integrity, and Good Practice quality systems.
Capital Markets
FCA · MiFID II · DORA
UK FCA, EU MiFID II, and DORA operational resilience and AI/algorithm trading evidence.
Defense
NIST 800-171 · CMMC
CUI handling, supply-chain attestation, and CMMC Level 2 control evidence.
Templates available through the Design Partner Program
Submission-grade packs mapped to the frameworks regulators expect. New jurisdictions and templates added through design-partner sequencing.
EU AI Act Essentials
Articles 12 & 19. Event logging, retention, risk classification templates, basic regulatory export.
EU AI Act Complete
Full Articles 5–55. Conformity assessment, Annex IV/VII, human oversight dashboards, tamper-evident records, risk scoring.
NIST AI RMF
72 subcategory controls. Govern/Map/Measure/Manage. NIST AI 600-1 overlay. US procurement requirement.
Financial Services Essentials
SR 11-7 model risk, OSFI E-23, SEC 17a-4 WORM, FINRA 4511, SOX controls. Examination-ready packages.
ISO 42001
38 Annex A controls. Statement of Applicability, audit tracker, certification readiness dashboard.
Healthcare & Life Sciences
HIPAA, FDA 21 CFR Part 11, GxP/GMP/GLP/GCP, FDA PCCP. FDA inspection readiness.
Financial Services Complete
DORA, FCA / MiFID II, US Treasury FS AI RMF, FFIEC examination packages, third-party AI vendor risk.
Automotive / Safety-Critical
ISO 26262, UNECE WP.29, SOTIF. Autonomous vehicle & ADAS AI certification.
Defense & Sovereign
NIST 800-171, CMMC Level 2, ITAR, FedRAMP, CUI flow documentation, air-gapped verification.
The regulator-facing output of the Reign Spine
Assurance Packs is the regulator-facing output of the Reign Spine. It consumes the continuous evidence stream from the Audit Ledger (CAVR), the model-version metadata from Model Risk Validation, and the policy decisions plus tool-call graph from the AI Gateway. It assembles all four Spine components’ outputs into a single, signed, regulator-ready submission artifact. Every Assurance Pack is reproducible — the same query against the same evidence corpus produces an identical, hash-verifiable artifact.
Mapped to the frameworks regulators expect
SR 11-7
Federal Reserve Model Risk Management for U.S. banks.
OSFI E-23
Canadian OSFI Enterprise-Wide Model Risk Management.
21 CFR Part 11
Electronic records and signatures (life sciences submissions).
FDA IND / NDA / BLA / 510(k)
Submission templates and required artifacts.
FDA PCCP
Predetermined Change Control Plan submission documents.
EU AI Act Art. 11
Technical documentation for high-risk AI systems.
EU AI Act Art. 12
Record-keeping for high-risk AI systems.
ALCOA+
Data integrity attributes packaged into the submission artifact.
DORA Art. 28 + reporting templates
Third-party ICT incident and audit reports.
FCA / MiFID II
UK and EU capital markets supervisory reporting.
FINOS AIGF v2.0
Assurance reports for the 25 AIGF risk categories, including the six new agentic risks.
ISO 42001
AI management system audit packages.
NIST AI RMF
Function-aligned reporting (Govern, Map, Measure, Manage).
NIST 800-171 / CMMC
Defense industrial base CUI and supply-chain controls.
Frequently Asked Questions
A submission-grade artifact containing the evidence elements required by the chosen framework — for example, an FDA PCCP submission packet contains model version history, change-control packets, validation results, performance monitoring evidence, and the cryptographic chain linking every element to the original AI decision events. The exact contents are determined by the target framework and the customer’s submission scope.
The first packet templates available through the design partner program cover SR 11-7, OSFI E-23, FDA 21 CFR Part 11, FDA PCCP, EU AI Act Art. 11 and Art. 12, ISO 42001, FCA/MiFID II, and FINOS AIGF v2.0 assurance. Additional templates for IND/NDA/BLA, DORA reporting, NIST AI RMF, NIST 800-171/CMMC, and 510(k) are sequenced into the design-partner roadmap.
Yes. Customers and design partners author their own packet templates against the underlying evidence corpus. Joint-submission templates for partner-led filings (CRO, sponsor, system integrator) are first-class supported.
Yes. Every Assurance Pack is hash-chained from the original AI decision event through every transformation, with cryptographic signing at the artifact boundary. The integrity is verifiable independently.
On-demand. The evidence corpus is continuous, so pack assembly is a query against existing evidence in the Audit Ledger, not a retrospective reconstruction. Most submission packets generate in minutes to a few hours, depending on scope.
Reign Assurance Packs are available by application through the Reign Design Partner Program. Design partners shape the packet templates, the framework mappings, and the export formats.
Reign Spine