Governance > Regulatory mapping

One Control Layer. Multiple Regulatory Frameworks.

TrigGuard provides execution authorization, evidence generation, and audit-ready controls aligned to major governance and compliance frameworks.

Request mapping materials View control catalogue

EU AI Act DORA NIS2 SOC 2 ISO 27001 UK GDPR

TrigGuard

Policy Authorization Receipts Audit Trail Evidence

Compliance Outcomes

Section 1

Why Execution Governance Matters

AI systems want to execute. Regulators require accountability, traceability, control, and auditability. TrigGuard is the authorization checkpoint before irreversible actions.

01 · Execution risk

AI wants to execute

Agents, tools, and automated workflows create irreversible actions, transfers, deployments, data access, without a deterministic gate.

02 · Regulatory pressure

Regulators require control

EU AI Act, DORA, NIS2, and sector rules demand pre-execution governance, logging, and evidence, not post-hoc explanations.

03 · Control point

TrigGuard provides the checkpoint

Permit, deny, or silence before execution. Signed receipts prove what happened, offline verifiable, audit-ready.

Section 2

How TrigGuard Maps To Regulation

One control layer spans multiple frameworks. Frameworks define requirements; TrigGuard enforces controls; evidence proves alignment.

EU AI Act · UK GDPR · DORA · NIS2 · ISO/IEC 27001 · SOC 2 · SR 11-7 · PRA SS1/23

TrigGuard Control Layer

Authorization · Audit · Receipts · Evidence

Compliance Outcomes

Section 3

Framework Coverage

Active mappings across UK, EU, and global regulatory requirements, with TrigGuard controls tied to each framework.

Framework	Coverage	Key controls	Status	Mapping
EU AI Act	High-risk AI obligations: risk management, governance, transparency, and logging.	Authorization, Receipts, Audit trail	Mapped	View mapping →
UK GDPR	Lawful processing, data minimization, security, and accountability for AI operations.	Privacy, Minimization, Evidence	Mapped	View mapping →
DORA	Operational resilience, ICT risk controls, incident reporting, third-party governance.	Fail-closed, Risk controls, Logging	Mapped	View mapping →
NIS2	Cybersecurity risk management, supply chain safeguards, incident notification.	Execution controls, Supply chain, Audit	Mapped	View mapping →
ISO/IEC 27001	Information security management system controls and evidence management.	ISMS, Encryption, Key mgmt	Mapped	View mapping →
SOC 2	Security, availability, processing integrity, confidentiality, and privacy criteria.	Processing integrity, Availability, Privacy	Mapped	View mapping →
SR 11-7	Model risk management expectations for financial institutions.	Model risk, Pre-execution, Governance	Mapped	View mapping →
PRA SS1/23	Operational resilience policy statement for banks and insurers.	Resilience, Authorization, Evidence	Mapped	View mapping →

Section 4

Evidence Generated

Every authorization decision produces verifiable artifacts, the evidence procurement and audit teams need.

{
 "receipt_id": "rcpt_8f3a2b1c",
 "decision": "PERMIT",
 "action": "transfer_funds",
 "policy_version": "pol_v12.4",
 "timestamp": "2026-05-14T09:41:22Z",
 "signature": "ed25519:7k2m…"
}

2026-05-14 09:41:22 UTC
agent: payments-agent-03
action: transfer_funds
amount: 50000 GBP
decision: PERMIT
policy: pol_v12.4 §4.2
receipt: rcpt_8f3a2b1c

Immutable record of policy changes with author, timestamp, and diff, linked to every receipt issued under that version.

$ tg verify rcpt_8f3a2b1c
✓ Signature valid
✓ Policy hash matches
✓ Offline verifiable

Section 5

Procurement Package

What customers receive after scoping, tailored to your frameworks and deployment model.

Included deliverables

Control catalogueFull mapping of TrigGuard controls to your regulatory requirements.
Regulatory mapping packageFramework-specific alignment documents for EU AI Act, DORA, NIS2, and sector rules.
Evidence templatesReceipt schemas, audit trail formats, and verification procedures.
Security documentationEncryption, key management, data handling, and privacy controls.
Architecture documentationDeployment patterns, integration reference, and fail-closed design.
Assurance materialsISO/IEC 27001 aligned controls, SOC 2 readiness, trust center references.

Request mapping materials Schedule review

Section 6

Framework Deep Dives

Detailed mappings and guidance for each regulation.

EU · AI EU AI Act High-risk AI execution governance, logging, and human oversight alignment. UK · GDPR UK GDPR Lawful processing, minimization, and accountability for AI operations. EU · DORA DORA ICT risk, operational resilience, and third-party governance. EU · NIS2 NIS2 Cybersecurity risk management and supply chain safeguards. US · MRM SR 11-7 Model risk management for generative AI in financial services. UK · PRA PRA SS1/23 Operational resilience for banks and insurers. ISO ISO/IEC 27001 ISMS controls and evidence management alignment. AICPA SOC 2 Trust services criteria: security, availability, integrity, privacy.

This mapping is for informational purposes and reflects current regulatory guidance as of May 2026. Regulations evolve; contact us for latest updates and custom assessments.