AI Governance Tools

AI governance tools in this directory are platforms, workflows, and services for AI risk management, policy enforcement, model oversight, governance documentation, and approval controls. This category includes model registries with governance layers, AI bill-of-materials generators, model card frameworks with workflow, AI risk assessment platforms, and AI policy engines. It does not include pure ML observability without governance workflow, pure data catalogs without AI-specific governance, or security tools that lack AI-specific governance features. In scope are tools that generate governance evidence packages and make review and approval traceable.

Buyers are assessing whether the tool helps them document, review, and approve AI systems in a way that survives audit. They look for consistent model registration, version-aware approvals, segregation of duties, risk assessments tied to model changes, and policy enforcement traces that connect back to a system of record. They also evaluate whether evidence maps to concrete regulatory hooks — for example, deployer review checkpoints aligned to EU AI Act Article 26 deployer obligations — and whether exported artifacts can be verified later.

The ladder in this category tracks the quality of governance claims. Listed means the vendor operates in AI governance; no evidence quality is assumed. Vendor-submitted means governance evidence was supplied — sample audit reports, policy templates, integration documentation, or example approval exports. Public-source reviewed means CertifiedData confirmed that public materials support the specific capability claim. Evidence-reviewed means primary artifacts were examined: real workflow exports, enforcement traces showing actual policy decisions, role approvals, and date stamps that align to the claimed obligations, including applicability to Article 26 where relevant.

Certified applies to specific governance artifacts — for example, a policy evidence bundle for one AI system on a defined date, with approver identity, model version, and decisions captured. The certificate binds the bundle’s content hash to an issuer signature and timestamp; JSON exports are RFC 8785 JCS-canonicalized, hashed with SHA-256, and signed with Ed25519 for public verification. Certification adds a tamper-evident wrapper around the governance record. It does not assert that the governance process was sound or sufficient; it asserts that the artifact under review is the one that was originally issued, enabling audit handling and chain-of-custody checks.