BSI AIC4 — AI Cloud Service Compliance Criteria · v2021

BSI AIC4 — AI Cloud Service Compliance Criteria

BSI AIC4 — AI Cloud Service Compliance Criteria — 67% covered.

3 requirements · 2 enforced · 0 designed · 0 advisory · 0 deferred.

Source: BSI (German Federal Office for Information Security), AI Cloud Service Compliance Criteria Catalogue (AIC4), 2021. One of the frameworks the CSA AICM crosswalks to. AICM defines the controls; KYE™ operationalises them. KYE binds the security-and-robustness criteria that resolve at AI-action time and marks the cloud-platform operational and training-environment criteria out of scope. · License: BSI AIC4 is published by the BSI; KYE paraphrases each criterion's intent and cites the official identifier for mapping purposes only.

By category

CategoryReqsEnforcedDesignedAdvisoryDeferredCoverage
Security & robustness of AI decisions (evidenced at action time) 1 1 0 0 0 100%
Performance, bias mitigation & explainability of the decision record 1 1 0 0 0 100%
Cloud-platform operations & training-environment criteria 1 0 0 0 0 0%

Every requirement → the KYE artefact that enforces it

IDTitleStatusKYE enforcement
bsi-aic4.security-robustness-action Security & robustness — an AI decision is authorised, evidenced and replay-provable at the moment it occurs enforced audit_events: kye.purpose.admissibility.v1, kye.evidence.pack.v1, kye.replay.proof.v1
engines: internal, internal
constitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/13-RESILIENCE-LOOP.md
bsi-aic4.performance-bias-explainability Performance, bias mitigation & explainability — the AI decision record captures the inputs, policy and rationale enforced audit_events: kye.evidence.decision_map.v1
engines: internal
constitution_refs: constitution/13-RESILIENCE-LOOP.md
bsi-aic4.cloud-platform-operations Cloud-platform operations, data centre & training-environment criteria out-of-scope (no enforcement cited)