The Regulated AI Framework
An open standard for deploying traceable, governed automation in compliance-critical professions
Most AI deployments fail regulated professions not because the technology is inadequate, but because the governance layer is absent. This framework defines the minimum requirements for AI systems that must produce defensible outputs — where a licensed professional's signature, a regulatory clause, or a court document depends on what the model produced.
It is written for surveying firms, building compliance consultants, mortgage brokers, audit teams, and any practice where professional indemnity follows the output. It is released as open source so that the standard can be adopted, adapted, and improved by the professions it serves.
1. The Accountability Gap
When a BCA consultant signs a compliance report, their licence is on the line. When a mortgage broker submits a serviceability assessment, their AFSL obligations attach to every figure. When an auditor signs an ISO 19011 finding, that record enters a legal chain.
AI changes who produces the draft — it does not change who is accountable for it.
The problem with most AI tools in these contexts is not capability — it is architecture. They are designed to produce outputs. They are not designed to produce outputs that can be traced, contested, corrected, and signed. That gap is what this framework addresses.
2. Scope
This framework applies to AI systems that operate in the following contexts:
- —Building and construction compliance — NCC 2025, BCA volumes, performance solutions, Section J, fire engineering, access reports
- —Financial services — APRA CPG 230, ATO STP2, serviceability assessments, payslip extraction, income verification
- —Audit and assurance — ISO 19011, internal controls review, management system audits
- —Professional consulting — any engagement where outputs carry professional indemnity exposure
This framework does not apply to internal knowledge tools, marketing copy generation, or customer service automation where no licensed professional's accountability is attached to the output.
3. The Four Requirements
Every AI system operating in scope must satisfy all four of the following. They are not a checklist — they are a spine. A system that satisfies three of four does not partially comply; it does not comply.
3.1Traceable
Every claim in every output must cite its source at the paragraph, page, and revision level. "As per the applicable standard" is not a citation. Provenance is not a footnote — it is a structural requirement built into the data model.
Implementation: The system must store source metadata (document identifier, page number, paragraph reference, revision date) alongside every extracted entity or generated claim. This metadata must travel with the output through every downstream transformation.
Test: Take any sentence in any output. Can you reconstruct the exact source text, document, and revision that produced it? If not, the system fails this requirement.
3.2Standards-Aligned
Outputs that relate to regulatory compliance must map to named clauses in named standards. "Compliant with fire safety requirements" is not standards-aligned. "Compliant with BCA 2025 Part E, Clause E2.2a" is.
Implementation: The system must maintain a structured mapping between output claims and the regulatory instruments they engage. This mapping must be machine-readable so it can be audited, updated as standards change, and tested against known clause variations.
Test: For any compliance determination in any output, can you identify the exact clause and instrument version that was applied? Can the system produce a different output if that clause changes?
3.3Under Oversight
Consequential outputs — those that a licensed professional would sign, that enter a regulatory submission, or that trigger a financial transaction — must pass through human disposition before they are relied upon. The model proposes; the practitioner disposes.
Implementation: The system must support a review state for each consequential output. Review state must be logged with a timestamp, a reviewer identifier, and the disposition decision (accepted / accepted with modification / rejected). This log must be immutable and retrievable.
Test: For any output that has entered reliance, can you identify who reviewed it, when, and what decision they made? If the reviewer made a modification, is the original AI output preserved alongside the final human-approved version?
3.4Secure by Default
Customer data — documents, transactions, submissions — must stay within the customer's tenancy. It must not be used for model training without explicit, reversible, per-engagement consent. Encryption at rest and in transit is a floor, not a ceiling.
Implementation: Data handling must be documented per engagement with a retention schedule and deletion confirmation process. Training opt-in must be explicit and default-off. The system must be able to demonstrate, on request, that no customer data has left the customer's tenancy without consent.
Test: Ask the vendor to demonstrate data residency for the last three engagements. Ask to see the training opt-in log. Ask to see the deletion confirmation for a closed engagement.
4. Implementation Tiers
Organisations implement this framework at one of three tiers, depending on the consequence level of the work being automated.
Tier 1Assisted Review
Appropriate for: First drafts of compliance reports, initial payslip extraction, preliminary clause mapping.
The AI system produces a draft; a human reviews every item before reliance. The human review step is the primary control. Volume and speed are constrained by reviewer capacity — that is intentional.
Tier 2Supervised Automation
Appropriate for: High-volume, standardised work where the routine/exception split is well-understood and stable.
The AI system handles routine items autonomously. Exception items — those below a confidence threshold, outside the training distribution, or flagged by rule — are routed to human review.
The exception routing logic must be documented and tested. Confidence thresholds and routing rules must be reviewed quarterly. The human reviewer must have access to the AI's reasoning for every exception item.
Tier 3Governed Production
Appropriate for: Work where individual item consequence is low, the distribution is stable, and the organisation has demonstrated Tier 2 compliance for at least six months.
The AI system operates in production with periodic human sampling rather than item-by-item review.
Requires: a sampling protocol with minimum rates, a drift detection process, regulatory notification requirements (if any), and a documented escalation path back to Tier 1 if drift is detected.
5. Governance Checklist
Before deployment
- ☐Accountability owner identified for model decisions
- ☐Consequence level assessed for all output types
- ☐Reviewer training completed and documented
- ☐Known-output test suite defined and passed
- ☐Data handling documented per engagement
- ☐Retention and deletion processes confirmed
- ☐Escalation path from automated to human review defined
During operation
- ☐Audit trail active and retrievable
- ☐Reviewer disposition log maintained
- ☐Exception routing reviewed quarterly
- ☐Confidence thresholds reviewed quarterly
- ☐Source document version control confirmed
Post-deployment
- ☐Output sampling at Tier-appropriate rates
- ☐Drift monitoring active
- ☐Model version changes logged and tested before reliance
- ☐Regulatory notification completed (if required)
- ☐Annual framework review against updated standards
6. Contributing to This Framework
This framework is maintained at github.com/hephaistos-pro/regulated-ai-framework and released under Creative Commons Attribution 4.0 (CC-BY 4.0).
You are free to use, adapt, and redistribute it — including commercially — provided you attribute the source. If you adapt it for a specific jurisdiction or profession, we ask that you share your adaptation back to the repository so the standard can grow.
Planned extensions under development:
- —Healthcare and allied health (TGA, AHPRA contexts)
- —Legal practice (privilege, duty of candour, court document requirements)
- —Government procurement (Commonwealth Procurement Rules, state equivalents)
To propose an extension, open an issue or pull request at the repository above.
Need help implementing this?
Hephaistos builds AI agents that ship with this framework pre-baked. Murrai, Daivid, and Johnai are all built on the same assurance spine described here. If you're trying to apply this framework to an existing workflow, we can help you map the gap.