Standards, terminology, and regulatory alignment
Terminology
A living glossary anchoring definitions so every agent and human collaborator speaks the same language -- from CROWN routing labels to LEDGER provenance chains.
View Terminology BankStandards Alignment
Agent governance is moving from best practice to legal requirement. ACE is engineered to satisfy these frameworks by design, not retrofit.
Requires organisations to map, measure, manage, and govern AI risk across the lifecycle. ACE implements all four functions through CROWN routing policy, VIGIL boundary inspection, LEDGER audit trails, and DACP lifecycle governance.
Full applicability August 2, 2026. Mandates risk classification, transparency, human oversight, and technical documentation for AI systems. ACE provides tiered autonomy controls, content-aware sensitivity ceilings, and human-in-the-loop gates that map directly to high-risk system obligations.
Requires essential and important entities to implement cybersecurity risk management, incident reporting, and supply chain security. ACE strengthens NIS2 posture by governing agent-to-infrastructure boundaries and producing tamper-evident audit records.
The Digital Operational Resilience Act mandates ICT risk management, incident reporting, and third-party oversight for financial entities. ACE circuit breakers, rollback capabilities, and vendor-agnostic routing satisfy operational resilience requirements for agentic workloads.
First US state-level AI governance law. Requires deployers of high-risk AI to implement risk management, perform impact assessments, and notify consumers. ACE provenance chains and seven-factor evaluation provide the evidence base these assessments require.
International standard for AI management systems. Specifies requirements for establishing, implementing, and continually improving AI governance. ACE architecture maps to ISO 42001 control objectives across policy, risk treatment, and operational planning.
Requires lawful basis, data minimisation, purpose limitation, and accountability for personal data processing. ACE sensitivity ceilings and content-aware boundary inspection prevent agents from accessing or exfiltrating personal data beyond what policy permits.