UK AI Assurance (DSIT) · v2024-11 roadmap
UK AI Assurance (DSIT)
UK AI Assurance (DSIT) — 94% covered.
31 requirements · 28 enforced · 2 designed · 1 advisory · 0 deferred.
Source: DSIT 'Introduction to AI assurance' (2024-02) + 'AI Assurance roadmap' (2024-11) · License: Open Government Licence v3.0
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Audit | 5 | 5 | 0 | 0 | 0 | 100% |
| Conformity assessment | 4 | 4 | 0 | 0 | 0 | 100% |
| Standards & certification | 9 | 7 | 2 | 0 | 0 | 89% |
| Impact assessment | 4 | 3 | 0 | 1 | 0 | 81% |
| Performance testing | 5 | 5 | 0 | 0 | 0 | 100% |
| Risk management | 4 | 4 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
uk-ai-assurance.audit.1 |
Audit — evidence-based examination of an AI system against declared criteria | enforced | audit_events: kye.evidence.pack.v1, kye.assurance.audit_pilot.v1, kye.assurance.audit_replay_report.v1engines: internal, internalworm_tables: evidence_packconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md, constitution/30-AUDIT-WORM-RETENTION.md |
uk-ai-assurance.audit.2 |
Internal audit — first-party audit by the developing or deploying organisation | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.audit.3 |
Third-party audit — independent audit by an external organisation | enforced | audit_events: kye.federation.cross_org_delegation.v1, kye.assurance.audit_replay_report.v1engines: internalgovernedui_modules: kye.governedui.module.auditors.v1constitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.conformity.1 |
Conformity assessment — declared technical requirements against measurable acceptance criteria | enforced | audit_events: kye.compliance.attestation.v1, kye.assurance.audit_replay_report.v1engines: internalconstitution_refs: constitution/40-IMPLEMENTATION-CANONICAL.md |
uk-ai-assurance.conformity.2 |
Declaration of conformity — provider-signed statement that the AI system meets specified requirements | enforced | audit_events: kye.compliance.attestation.v1, kye.signal.evidence.sealed.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.conformity.3 |
Third-party conformity assessment — independent verification by an accredited body | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.assurance.audit_replay_report.v1engines: internalgovernedui_modules: kye.governedui.module.auditors.v1constitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.roadmap.measure-1 |
DSIT AI Assurance Roadmap 2024-11 — Measure 1: develop AI assurance terminology and standards | enforced | constitution_refs: constitution/24-DESIGN-DICTIONARY.md, constitution/47-CANONICAL-EVERYTHING.md |
uk-ai-assurance.roadmap.measure-2 |
DSIT AI Assurance Roadmap 2024-11 — Measure 2: build assurance market by upskilling industry | designed | constitution_refs: constitution/10-PARTNER.md |
uk-ai-assurance.roadmap.measure-3 |
DSIT AI Assurance Roadmap 2024-11 — Measure 3: increase availability of high-quality assurance services | enforced | constitution_refs: constitution/49-UNIVERSAL-ENGAGEMENT-RAIL.md |
uk-ai-assurance.roadmap.measure-4 |
DSIT AI Assurance Roadmap 2024-11 — Measure 4: support assurance accreditation/certification approaches | enforced | audit_events: kye.consultant_certification.v1constitution_refs: constitution/49-UNIVERSAL-ENGAGEMENT-RAIL.md |
uk-ai-assurance.roadmap.measure-5 |
DSIT AI Assurance Roadmap 2024-11 — Measure 5: encourage international harmonisation | enforced | audit_events: kye.compliance.attestation.v1constitution_refs: constitution/40-IMPLEMENTATION-CANONICAL.md |
uk-ai-assurance.conformity.4 |
Conformity assessment — second-party assurance (buyer-conducted) artefact | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.evidence.pack.v1agents: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.audit.4 |
Audit — independent third-party AI audit with public sign-off | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.consultant_certification.v1constitution_refs: constitution/21-DELEGATED-AUDITABILITY.md, constitution/49-UNIVERSAL-ENGAGEMENT-RAIL.md |
uk-ai-assurance.audit.5 |
Audit — Replay-Proof audit (deterministic re-execution by auditor from public artefacts) | enforced | audit_events: kye.evidence.trace_replay_spec.v1, kye.assurance.audit_replay_report.v1engines: internal, internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.impact.3 |
Impact assessment — algorithmic impact assessment with public summary | enforced | audit_events: kye.consequence_map.v1, kye.evidence.pack.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.impact.4 |
Impact assessment — periodic re-assessment when model or data changes materially | enforced | audit_events: kye.signal.drift.detected.v1, kye.change_calendar.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.performance.4 |
Performance testing — formal verification of safety-critical properties | enforced | audit_events: kye.scenario_run.v1, kye.assurance.audit_replay_report.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.performance.5 |
Performance testing — adversarial robustness benchmarking | enforced | audit_events: kye.scenario_run.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.risk.3 |
Risk management — risk-tier classification per AI use case | enforced | audit_events: kye.risk.score.v1, kye.risk.authority_register.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.risk.4 |
Risk management — continuous risk monitoring with escalation thresholds | enforced | audit_events: kye.risk.score.v1, kye.signal.incident.opened.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.standards.3 |
Standards & certification — alignment with ISO/IEC 42001 + ISO/IEC 42005 + ISO/IEC 23894 | enforced | audit_events: kye.compliance.attestation.v1constitution_refs: constitution/40-IMPLEMENTATION-CANONICAL.md |
uk-ai-assurance.standards.4 |
Standards & certification — DataTrust / IEEE AI standards alignment | designed | constitution_refs: constitution/24-DESIGN-DICTIONARY.md |
uk-ai-assurance.impact.1 |
Impact assessment — anticipate and evaluate consequences for individuals, groups, environment | enforced | audit_events: kye.risk.score.v1, kye.assurance.audit_pilot.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.impact.2 |
Algorithmic Transparency Recording Standard (ATRS) — public-sector impact disclosure | advisory | audit_events: kye.model.capability_profile.v1, kye.risk.score.v1constitution_refs: constitution/40-IMPLEMENTATION-CANONICAL.md |
uk-ai-assurance.performance.1 |
Performance testing — measure system outputs against declared performance criteria | enforced | audit_events: kye.evidence.trace_replay_spec.v1, kye.assurance.audit_replay_report.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
uk-ai-assurance.performance.2 |
Red-teaming and adversarial testing — probe the system for failure modes including jailbreaks | enforced | audit_events: kye.signal.stress_test.high_risk_detected.v1, kye.agent.refusal.v1, kye.evidence.tool_call_pin.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/52-DELEGATED-AGENT-BINDING.md |
uk-ai-assurance.performance.3 |
Continuous performance monitoring in deployment | enforced | audit_events: kye.signal.drift.detected.v1, kye.evidence.observed_action.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/35-STREAMING-LOGS.md |
uk-ai-assurance.risk.1 |
Risk management — identify, assess, treat, monitor AI risks throughout the lifecycle | enforced | audit_events: kye.risk.score.v1, kye.risk.authority_register.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
uk-ai-assurance.risk.2 |
Risk treatment decisions are recorded and reviewable | enforced | audit_events: kye.purpose.grant.v1, kye.evidence.decision_map.v1, kye.resilience.improvement_record.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
uk-ai-assurance.standards.1 |
Use of recognised technical standards (ISO/IEC 42001, ISO/IEC 23894, NIST AI RMF, ISO/IEC 27001) | enforced | audit_events: kye.compliance.attestation.v1engines: internalconstitution_refs: constitution/40-IMPLEMENTATION-CANONICAL.md |
uk-ai-assurance.standards.2 |
Certification — formal attestation by an accredited certification body that the AI system or AIMS conforms to a standard | enforced | audit_events: kye.assurance.tier1_readiness.v1, kye.compliance.attestation.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |