Section navigation
ACanonical DefinitionsBConformance ChecklistCRecord Surface Map TemplateDCustody Surface Map TemplateEConfiguration Exposure MatrixFFeedback Routing TableGAudit Evidence ChecklistHConformance Statement TemplateIIndependent Assessor GuidanceJConformance Model CrosswalkKARCS-to-NIST SP 800-53 CrosswalkLVerification and Attestation ProtocolMLegal and Discovery FrameworkNConduit and Custody ModelOIndustry Framework Comparison

Annex O: Industry Framework Comparison

This annex compares the governance scope of ARCS with established AI governance, security, and privacy frameworks to identify where ARCS addresses a governance domain that existing frameworks do not cover. The comparison is factual and identifies structural differences in scope; it does not characterize any framework as deficient. Each framework addresses its intended governance domain. ARCS addresses a different domain: interaction record custody. This annex is informative.

O.1 Frameworks reviewed

The comparison covers FINOS AI Governance Framework v2 (Linux Foundation, October 2025), NIST AI Risk Management Framework 1.0 (January 2023), NIST SP 800-53 Rev. 5, ISO/IEC 42001 (AI Management System), the EU AI Act (entered into force August 2024), and SOC 2 Trust Service Criteria. Each framework was evaluated against five governance questions: whether it addresses interaction record retention as a governance variable, whether it addresses vendor-side custody architecture for interaction records, whether it addresses compelled production of retained AI interaction records, whether it addresses defense-cost exposure from discovery of retained records, and whether it addresses content-telemetry separation as a retention architecture control.

O.2 FINOS AI Governance Framework v2

The FINOS AI Governance Framework is published by the Fintech Open Source Foundation, a Linux Foundation project, and represents the operational governance consensus for AI in financial services. Its membership includes major global financial institutions. The framework identifies 23 risks organized across operational, security, and regulatory categories, with 23 corresponding mitigations.

FINOS coverage is comprehensive for model behavior risks (hallucination, bias, explainability, non-determinism), security risks (prompt injection, data poisoning, supply chain compromise, agent authorization bypass, MCP server governance, credential harvesting), and regulatory compliance (EU AI Act, MiFID II, FINRA guidelines). The agentic security coverage (risks 024 through 029) is among the most thorough publicly available treatments of multi-agent system security.

FINOS does not address interaction record retention as a governance variable. It addresses unauthorized data leakage (records leaving the system without authorization) and data poisoning (records being corrupted) but not the risk created by ordinary, authorized retention of correctly functioning records on vendor infrastructure. FINOS does not address which entity holds custody of interaction records after a session ends, how retention categories are defined across vendor infrastructure, or whether the operator has visibility into backend persistence. FINOS does not address lawful compelled production under subpoena or civil discovery, or the procedural defense costs that arise when retained records become subject to legal process.

FINOS references compliance-mandated logging (AIR-RC-022, citing MiFID II, SEC Rule 17a-4, and FINRA guidelines) but does not address the structural condition in which regulatory mandates create records whose existence generates legal exposure that the organization may not have the insurance coverage or governance infrastructure to manage.

O.3 NIST AI Risk Management Framework

The NIST AI RMF provides a voluntary framework for managing risks in the design, development, deployment, and use of AI systems. It is structured around four functions (Govern, Map, Measure, Manage) and defines characteristics of trustworthy AI including validity, reliability, safety, security, accountability, transparency, explainability, and privacy.

The AI RMF addresses organizational governance, risk identification, and measurement. It does not define interaction record retention as a governance variable, does not address vendor custody architecture for interaction records, and does not address compelled production or discovery exposure. The framework's privacy dimension addresses access controls and individual agency over data but does not extend to retention lifecycle governance for records generated during AI operation.

O.4 NIST SP 800-53 Rev. 5

SP 800-53 defines security and privacy controls for federal information systems. The ARCS-to-SP 800-53 crosswalk is provided in Annex K. SP 800-53 addresses audit and accountability (AU family), media protection (MP family), configuration management (CM family), access control (AC family), and system integrity (SI family). These controls address how records are protected, how access is managed, and how system behavior is monitored.

SP 800-53 does not define retention lifecycle controls for AI interaction records, does not address the custody surface model (records existing across multiple vendors with different retention postures), and does not address compelled production as a governance concern distinct from security. ARCS complements SP 800-53 by governing the layer below what SP 800-53 assumes: whether records exist, where they exist, and what happens when their existence creates legal obligations. See Annex K for the control-level mapping.

O.5 ISO/IEC 42001

ISO 42001 specifies requirements for an AI management system (AIMS) and provides a certification framework for responsible AI. It addresses organizational context, leadership, planning, support, operation, performance evaluation, and improvement within the AI management lifecycle.

ISO 42001 addresses organizational governance of AI systems at the management-system level. It does not define interaction record retention controls, custody surface mapping, non-creation posture governance, or compelled production response procedures. An organization certified under ISO 42001 may have a mature AI management system with no governance framework for the interaction records its AI systems generate.

O.6 EU AI Act

The EU AI Act classifies AI systems by risk level and imposes requirements proportional to the classification. Article 12 requires automatic logging for high-risk AI systems, and Article 19 requires providers to retain those logs for at least six months. These logging mandates create comprehensive, searchable archives of user interactions as a matter of legal compliance.

The EU AI Act addresses logging as a regulatory obligation but does not address the governance of the records that logging creates. It does not define retention lifecycle controls beyond the minimum retention period, does not address vendor custody architecture for the logged records, does not address the custody surface expansion that compliance-mandated logging produces, and does not address the compelled production exposure created by the existence of those records under civil discovery rules in member states.

ARCS provides the governance layer for records whose creation is mandated by the EU AI Act. An operator subject to Article 12 logging requirements can use ARCS-LIF to define lifecycle controls for the logged records, ARCS-CUS to map where the logs are stored, ARCS-TAX to classify the logs by category, and ARCS-PV to define preservation procedures when the logs become subject to legal process.

O.7 SOC 2 Trust Service Criteria

SOC 2 evaluates an organization's information systems against five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC 2 audits are widely used in enterprise procurement and vendor assessment.

SOC 2 addresses whether controls are operating effectively over a reporting period. It does not define interaction record retention as a governance variable, does not address custody surface mapping for AI-generated records, and does not address compelled production exposure. An organization that passes a SOC 2 Type II audit may have no governance framework for the AI interaction records its systems generate.

O.8 Summary of scope comparison

All reviewed frameworks address governance concerns within their intended domains: model behavior, system security, organizational management, regulatory compliance, or audit and accountability. None defines interaction record custody as a governance domain. None addresses retention architecture as a variable that affects legal exposure. None addresses the procedural defense costs that arise when retained records become subject to legal compulsion.

Data protection regimes focus on access, disclosure, and transfer, not on whether interaction artifacts should exist. Regulatory frameworks typically assume that records are created; they do not define architectures in which records are not created. This structural assumption means that existing governance frameworks address the management of records whose existence is taken as given, while ARCS addresses the prior governance question of whether, where, and for how long those records exist.

ARCS addresses these concerns through its ten control families. The relationship is complementary in every case: ARCS does not replace any reviewed framework, and conformance to ARCS does not imply conformance to any external framework. The governance domain ARCS occupies, interaction record custody, is structurally distinct from the domains these frameworks govern.

Annex O is informative. It compares governance scope across frameworks but does not modify the normative requirements of the ARCS standard.