AI Solutions Framework — Enterprise AI-Adoption Control Framework (IG1–IG3)
AI Solutions Framework — Enterprise AI-Adoption Control Framework (IG1–IG3) — 40% covered.
15 requirements · 6 enforced · 0 designed · 0 advisory · 0 deferred.
Source: The AI Solutions Framework is an enterprise AI-adoption control framework — a prioritised, maturity-tiered (Implementation Group IG1 through IG3) set of ~90 safeguards organised into six control families: AI governance & accountability, AI risk management, AI safety, data privacy & lineage, compliance monitoring, and audit & evidence. Each safeguard defines a control an organisation adopting AI should operate. KYE Protocol™ governs the SUBSET of these safeguards that resolve at the action boundary — the moment an AI-supported decision or agent action moves toward a consequential effect — and PROVES the authority and evidence later. KYE governs whether the action may proceed (under a named-authority approval, with the required due-diligence / attestation recorded, held advisory through the human-oversight / stage gate, with any exception recorded), and emits the §0.3 evidence chain. KYE does not author the governance policy, run the risk committee, maintain the AI inventory, deliver the training, or verify the deploy-time infrastructure posture — those organisational and CSPM safeguards are ceded honestly to their owning roles. · License: The AI Solutions Framework is referenced descriptively as an enterprise AI-adoption control framework; KYE registry cites its control families for mapping purposes and asserts no ownership of the framework text.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| AI governance & accountability (enforced action-boundary subset) | 2 | 2 | 0 | 0 | 0 | 100% |
| AI risk management & safety (enforced action-boundary subset) | 2 | 2 | 0 | 0 | 0 | 100% |
| Compliance monitoring & audit/evidence (enforced action-boundary subset) | 2 | 2 | 0 | 0 | 0 | 100% |
| Organisational (out-of-scope — governance-office / ciso) | 5 | 0 | 0 | 0 | 0 | 0% |
| Infrastructure posture / CSPM (out-of-scope — cloud-platform / devsecops) | 4 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
ai-solutions-framework.approval-workflow-authority |
Approval workflow: an AI-supported decision proceeds to a consequential action only under a recorded named-authority approval | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authoritydictionaries: internalengines: internal, internalaudit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1constitution_refs: constitution/12-PURPOSE-PERMISSION.md |
ai-solutions-framework.accountability-named-principal |
Accountability: every AI agent action resolves to exactly one named accountable principal | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authorityengines: internalaudit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1constitution_refs: constitution/12-PURPOSE-PERMISSION.md |
ai-solutions-framework.attestation-due-diligence-before-action |
Attestation: a required due-diligence / risk attestation is recorded before the AI-supported action proceeds | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authoritydictionaries: internalengines: internal, internalaudit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1, kye.evidence.pack.v1constitution_refs: constitution/13-RESILIENCE-LOOP.md |
ai-solutions-framework.human-oversight-stage-gate |
Human-oversight stage gate: a consequential AI action stays advisory until a named human reviewer signs off | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authorityengines: internal, internalaudit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1constitution_refs: constitution/36-GOVERNEDUI.md |
ai-solutions-framework.exception-register |
Exception register: any deviation / override of an AI control is recorded as a signed, replay-provable exception | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authoritydictionaries: internalengines: internalaudit_events: kye.evidence.decision_map.v1, kye.replay.context_seal.v1, kye.evidence.pack.v1constitution_refs: constitution/13-RESILIENCE-LOOP.md |
ai-solutions-framework.audit-evidence-provenance-pin |
Audit & evidence: every consequential AI action emits a signed, replay-derivable provenance pin verifiable offline | enforced | rule_packs: kye:rule-pack:ai-solutions-framework-authorityengines: internal, internalaudit_events: kye.evidence.tool_call.v1, kye.replay.context_seal.v1, kye.replay.proof.v1, kye.evidence.pack.v1constitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/30-AUDIT-WORM-RETENTION.md |
ai-solutions-framework.ai-governance-board |
AI governance board / steering committee established with a charter and decision rights | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-system-inventory |
Authoritative inventory of AI systems, models, and use-cases maintained | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-acceptable-use-policy |
AI acceptable-use and governance policy documents authored, approved, and published | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-workforce-training |
Role-based AI-risk and responsible-use training delivered and tracked | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-risk-committee-review |
Periodic AI-risk committee review of the AI risk register and treatment plans | out-of-scope | (no enforcement cited) |
ai-solutions-framework.model-inference-logging-enabled |
Model / inference logging enabled and centrally collected at the platform layer | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-data-storage-encryption |
AI training / inference data stores encrypted at rest and in transit | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-iam-least-privilege |
IAM roles for AI workloads enforce least-privilege (no wildcard grants) | out-of-scope | (no enforcement cited) |
ai-solutions-framework.ai-network-egress-posture |
Network egress controls for AI workloads restrict outbound calls to approved endpoints | out-of-scope | (no enforcement cited) |