This repository was archived by the owner on Apr 28, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmarketplace-data.js
More file actions
108 lines (103 loc) · 26.4 KB
/
marketplace-data.js
File metadata and controls
108 lines (103 loc) · 26.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// marketplace-data.js — Pre-converted YAML catalog data for the marketplace UI
window.MARKETPLACE_DATA = {
// ── Auditors (1 — demo excluded) ───────────────────────────────
auditors: [
{ id: "lucid-llm-judge-auditor", name: "LLM Judge Auditor", description: "LLM-driven programmable guardrails — jailbreak, PII, bias, hallucination, fact-checking, safety benchmarks, and compliance template presets", category: "compliance", phase: "output_policy", icon: "gavel", color: "purple" },
],
// ── Frameworks (36) ────────────────────────────────────────────
frameworks: [
// US
{ id: "soc2", shortName: "SOC 2", name: "SOC 2 Type II", description: "Security, availability, and confidentiality", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "sox", shortName: "SOX", name: "Sarbanes-Oxley Act", description: "Financial reporting and internal controls", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "ccpa", shortName: "CCPA", name: "California Consumer Privacy Act", description: "Consumer privacy rights", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "hipaa", shortName: "HIPAA", name: "Health Insurance Portability and Accountability Act", description: "Protected health information", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "pci_dss", shortName: "PCI-DSS", name: "Payment Card Industry Data Security Standard", description: "Cardholder data protection", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "glba", shortName: "GLBA", name: "Gramm-Leach-Bliley Act", description: "Financial privacy protection", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "ferpa", shortName: "FERPA", name: "Family Educational Rights and Privacy Act", description: "Education records privacy", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "fedramp", shortName: "FedRAMP", name: "Federal Risk and Authorization Management Program", description: "Federal cloud security authorization", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "cmmc", shortName: "CMMC 2.0", name: "Cybersecurity Maturity Model Certification", description: "Defense contractor cybersecurity", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "colorado_ai", shortName: "Colorado AI", name: "Colorado Artificial Intelligence Act", description: "AI governance for high-risk systems", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "nist_ai_rmf", shortName: "NIST AI", name: "NIST AI Risk Management Framework", description: "AI risk identification and mitigation", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "aiuc_1", shortName: "AIUC-1", name: "AI Agent Security Standard", description: "Security standard for AI agent systems", region: "US", auditorIds: ["lucid-llm-judge-auditor"] },
// EU
{ id: "gdpr", shortName: "GDPR", name: "General Data Protection Regulation", description: "EU data protection and privacy", region: "EU", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "eu_ai_act", shortName: "EU AI Act", name: "EU Artificial Intelligence Act", description: "AI system risk management and transparency", region: "EU", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "dora", shortName: "DORA", name: "Digital Operational Resilience Act", description: "Financial sector digital resilience", region: "EU", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "nis2", shortName: "NIS2", name: "Network and Information Security Directive 2", description: "Critical infrastructure cybersecurity", region: "EU", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "iso_27001", shortName: "ISO 27001", name: "ISO/IEC 27001", description: "Information security management", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "iso_42001", shortName: "ISO 42001", name: "ISO/IEC 42001", description: "AI management system standard", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "c5", shortName: "C5", name: "Cloud Computing Compliance Criteria Catalogue", description: "German cloud security standard", region: "EU", auditorIds: ["lucid-llm-judge-auditor"] },
// APAC
{ id: "dpdp", shortName: "DPDP Act", name: "Digital Personal Data Protection Act 2023", description: "India data protection law", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "rbi_free_ai", shortName: "RBI FREE-AI", name: "RBI Framework for AI in Financial Services", description: "AI governance for Indian financial sector", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "rbi_it", shortName: "RBI IT", name: "RBI IT Framework for Banks", description: "Banking IT security requirements", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "sebi_cscrf", shortName: "SEBI CSCRF", name: "Securities Cyber Security Framework", description: "Securities market cybersecurity", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "cert_in", shortName: "CERT-In", name: "CERT-In Directions", description: "Indian cyber incident reporting", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "irdai", shortName: "IRDAI", name: "Insurance Regulatory Cyber Security Guidelines", description: "Insurance sector cybersecurity", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "india_ai", shortName: "India AI", name: "India AI Governance Framework 2025", description: "National AI governance framework", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
// International
{ id: "lgpd", shortName: "LGPD", name: "Lei Geral de Prote\u00e7\u00e3o de Dados", description: "Brazil data protection law", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "pipl", shortName: "PIPL", name: "Personal Information Protection Law", description: "China personal information protection", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "appi", shortName: "APPI", name: "Act on Protection of Personal Information", description: "Japan data protection law", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "pdpa_sg", shortName: "PDPA SG", name: "Personal Data Protection Act (Singapore)", description: "Singapore data protection law", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "pdpa_th", shortName: "PDPA TH", name: "Personal Data Protection Act (Thailand)", description: "Thailand data protection law", region: "APAC", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "csa_star", shortName: "CSA STAR", name: "Cloud Security Alliance STAR", description: "Cloud security certification", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "hitrust", shortName: "HITRUST", name: "Health Information Trust Alliance Framework", description: "Healthcare security framework", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "cis_controls",shortName: "CIS Controls", name: "Center for Internet Security Controls", description: "Cyber defense best practices", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "cobit", shortName: "COBIT", name: "Control Objectives for IT", description: "IT governance framework", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
{ id: "oecd_ai", shortName: "OECD AI", name: "OECD AI Principles", description: "International AI ethics principles", region: "Global", auditorIds: ["lucid-llm-judge-auditor"] },
],
// ── Control Areas (12) ─────────────────────────────────────────
controlAreas: [
{ id: "pii_detection", name: "PII Detection & Protection", description: "Identifying and protecting personal data in inputs/outputs", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC6.7", sox:"\u00a7302", ccpa:"\u00a71798.100", hipaa:"\u00a7164.502", pci_dss:"Req 3", glba:"\u00a7501(b)", ferpa:"\u00a799.31", fedramp:"SI-12", cmmc:"3.8.3", gdpr:"Art.5(1)(c),9(1)", eu_ai_act:"Art.10", nis2:"Art.21(e)", iso_27001:"A.8.11", iso_42001:"6.3", c5:"C5-06", dpdp:"\u00a78(5)", rbi_free_ai:"\u00a74.1", rbi_it:"\u00a77.3", sebi_cscrf:"\u00a75.2", cert_in:"Dir.6", irdai:"\u00a74.1", india_ai:"\u00a73.2", lgpd:"Art.7", pipl:"Art.10", appi:"Art.20", pdpa_sg:"\u00a713", pdpa_th:"\u00a719", csa_star:"DSI-01", hitrust:"01.c", cis_controls:"CIS 3", cobit:"APO01", oecd_ai:"P1.1", aiuc_1:"DP-1" } },
{ id: "prompt_injection", name: "Prompt Injection Defense", description: "Preventing malicious prompt manipulation attacks", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC6.6", hipaa:"\u00a7164.308(a)(5)(ii)(B)", pci_dss:"Req 6.5", fedramp:"SI-10", cmmc:"3.14.2", nist_ai_rmf:"MEASURE 2.7", gdpr:"Art.32", eu_ai_act:"Art.15(5)", dora:"Art.9", nis2:"Art.21(e)", iso_27001:"A.8.26", iso_42001:"8.4", c5:"C5-08", rbi_free_ai:"\u00a75.2", rbi_it:"\u00a78.1", sebi_cscrf:"\u00a76.1", cert_in:"Dir.4", irdai:"\u00a75.2", india_ai:"\u00a74.1", lgpd:"Art.46", pipl:"Art.21", appi:"Art.23", pdpa_sg:"\u00a724", pdpa_th:"\u00a722", csa_star:"AIS-01", hitrust:"09.a", cis_controls:"CIS 16", cobit:"DSS05", oecd_ai:"P1.2", aiuc_1:"SEC-2" } },
{ id: "toxicity", name: "Toxicity & Harmful Content", description: "Detecting and filtering harmful, offensive, or inappropriate outputs", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"PI1.1", nist_ai_rmf:"MAP 3.4", eu_ai_act:"Art.5(a)", iso_42001:"9.3", dpdp:"\u00a78(8)", rbi_free_ai:"\u00a76.3", india_ai:"\u00a75.1", oecd_ai:"P1.4", aiuc_1:"SAF-1" } },
{ id: "model_security", name: "Model Integrity & Safety", description: "Ensuring models are not tampered with or contain malicious code", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC8.1", sox:"\u00a7404", hipaa:"\u00a7164.312(c)", pci_dss:"Req 11", fedramp:"SI-7", cmmc:"3.4.1", colorado_ai:"\u00a76-1-1702(2)(b)", nist_ai_rmf:"GOV 4.1", gdpr:"Art.5(1)(f)", eu_ai_act:"Art.15", dora:"Art.8", nis2:"Art.21(d)", iso_27001:"A.8.9", iso_42001:"8.2", c5:"C5-09", dpdp:"\u00a78(4)", rbi_free_ai:"\u00a75.1", rbi_it:"\u00a78.3", sebi_cscrf:"\u00a76.2", cert_in:"Dir.5", irdai:"\u00a75.3", india_ai:"\u00a74.2", lgpd:"Art.46", pipl:"Art.51", appi:"Art.23", pdpa_sg:"\u00a724", pdpa_th:"\u00a722", csa_star:"IAM-12", hitrust:"10.a", cis_controls:"CIS 2", cobit:"BAI10", oecd_ai:"P1.5", aiuc_1:"SEC-1" } },
{ id: "observability", name: "Audit Logging & Observability", description: "Comprehensive logging and monitoring of AI system activities", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC7.2", sox:"\u00a7802", hipaa:"\u00a7164.312(b)", pci_dss:"Req 10", glba:"\u00a7501(b)", fedramp:"AU-2", cmmc:"3.3.1", nist_ai_rmf:"MEA 1.1", gdpr:"Art.30", eu_ai_act:"Art.12", dora:"Art.10", nis2:"Art.23", iso_27001:"A.8.15", iso_42001:"9.1", c5:"C5-15", dpdp:"\u00a78(9)", rbi_free_ai:"\u00a77.1", rbi_it:"\u00a79.1", sebi_cscrf:"\u00a77.1", cert_in:"Dir.3", irdai:"\u00a76.1", india_ai:"\u00a76.1", lgpd:"Art.37", pipl:"Art.54", appi:"Art.26", pdpa_sg:"\u00a711", pdpa_th:"\u00a739", csa_star:"LOG-01", hitrust:"06.g", cis_controls:"CIS 8", cobit:"DSS02", oecd_ai:"P2.1", aiuc_1:"OBS-1" } },
{ id: "fairness", name: "Bias & Fairness", description: "Detecting and mitigating algorithmic bias in AI decisions", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { colorado_ai:"\u00a76-1-1702(1)", nist_ai_rmf:"MEASURE 2.11", gdpr:"Art.22", eu_ai_act:"Art.10(2)", iso_42001:"6.4", india_ai:"\u00a75.2", oecd_ai:"P1.3", aiuc_1:"FAI-1" } },
{ id: "secrets", name: "Credential & Secret Detection", description: "Detecting and preventing exposure of credentials and secrets", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC6.1", hipaa:"\u00a7164.312(d)", pci_dss:"Req 3.4", fedramp:"IA-5", cmmc:"3.5.10", nist_ai_rmf:"GOV 2.3", gdpr:"Art.32(1)(a)", dora:"Art.9", nis2:"Art.21(h)", iso_27001:"A.5.17", c5:"C5-07", rbi_it:"\u00a78.4", sebi_cscrf:"\u00a76.3", cert_in:"Dir.5", csa_star:"IAM-09", hitrust:"01.d", cis_controls:"CIS 16", cobit:"DSS05", aiuc_1:"SEC-3" } },
{ id: "rag_quality", name: "RAG Groundedness", description: "Ensuring RAG responses are grounded in retrieved context", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { nist_ai_rmf:"MAP 2.2", eu_ai_act:"Art.13", iso_42001:"8.3", india_ai:"\u00a74.3", oecd_ai:"P2.2", aiuc_1:"ACC-1" } },
{ id: "watermark", name: "AI Provenance & Watermarking", description: "Marking AI-generated content for authenticity and provenance", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { eu_ai_act:"Art.50", iso_42001:"7.3", nist_ai_rmf:"GOV 6.1", india_ai:"\u00a77.1", oecd_ai:"P3.1", aiuc_1:"PRV-1" } },
{ id: "red_team", name: "Adversarial Testing", description: "Red team evaluation for AI system vulnerabilities", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC4.2", cmmc:"3.11.2", nist_ai_rmf:"MEASURE 2.7", eu_ai_act:"Art.9(5)", iso_42001:"9.2", dora:"Art.26", aiuc_1:"SEC-4" } },
{ id: "policy_enforcement", name: "Policy Enforcement", description: "Runtime enforcement of organizational AI policies", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { soc2:"CC5.1", sox:"\u00a7302(a)", ccpa:"\u00a71798.150", hipaa:"\u00a7164.312(d)", pci_dss:"Req 7-8", glba:"\u00a7501(b)", ferpa:"\u00a799.31(a)", fedramp:"AC-2,3", cmmc:"3.1.1", nist_ai_rmf:"GOV 2.1", gdpr:"Art.25,32", eu_ai_act:"Art.13", dora:"Art.9", nis2:"Art.21", iso_27001:"A.5.15", iso_42001:"6.2", c5:"C5-03", dpdp:"\u00a78(1)", rbi_free_ai:"\u00a73.1", rbi_it:"\u00a75.1", sebi_cscrf:"\u00a74.1", irdai:"\u00a73.1", india_ai:"\u00a72.1", lgpd:"Art.46", pipl:"Art.51", csa_star:"GRM-01", hitrust:"00.a", cobit:"APO01", aiuc_1:"POL-1" } },
{ id: "data_sovereignty", name: "Data Sovereignty & Localization", description: "Ensuring data remains within approved geographic jurisdictions", auditorIds: ["lucid-llm-judge-auditor"], frameworkClauses: { gdpr:"Art.44-49", dpdp:"\u00a717", pipl:"Art.38-40", lgpd:"Art.33", fedramp:"SC-12", ccpa:"\u00a71798.145", appi:"Art.28", pdpa_sg:"\u00a726", pdpa_th:"\u00a728", csa_star:"DSI-03" } },
],
// ── Compliance Details (per-auditor) ───────────────────────────
complianceDetails: {
"lucid-llm-judge-auditor": { auditorName: "LLM Judge Auditor", controlArea: "PII, Compliance, Safety Evaluation & Fairness", details: [
// PII Detection & Protection
{ framework: "soc2", frameworkName: "SOC 2", clause: "CC6.1", originalText: "The entity implements logical access security to protect against threats from outside its system boundaries.", howWeComply: "Identifies personal data requiring protection, enabling appropriate access controls." },
{ framework: "soc2", frameworkName: "SOC 2", clause: "CC8.1", originalText: "The entity authorizes, designs, tests, approves, and implements changes to meet its objectives.", howWeComply: "Runs safety benchmarks before deployment ensuring AI models are tested and approved. Watermarking enables documented change control and tracking of AI-generated content." },
{ framework: "ccpa", frameworkName: "CCPA", clause: "\u00a71798.100", originalText: "A consumer has the right to request disclosure of what personal information a business collects.", howWeComply: "Detects and classifies personal information for accurate disclosure of data processing activities." },
{ framework: "hipaa", frameworkName: "HIPAA", clause: "\u00a7164.502", originalText: "A covered entity may not use or disclose protected health information except as permitted.", howWeComply: "PHI detection identifies health information, preventing unauthorized disclosure by blocking or redacting." },
{ framework: "gdpr", frameworkName: "GDPR", clause: "Art.5,32", originalText: "Personal data shall be processed lawfully with appropriate security measures.", howWeComply: "Ensures personal data is identified for GDPR-compliant processing with automatic redaction." },
{ framework: "gdpr", frameworkName: "GDPR", clause: "Art.22", originalText: "Data subjects have the right not to be subject to solely automated decisions that significantly affect them.", howWeComply: "Fairness evaluation ensures automated decisions don\u2019t disproportionately affect individuals." },
{ framework: "pci_dss", frameworkName: "PCI-DSS", clause: "Req 3", originalText: "Protect stored cardholder data with encryption, truncation, masking, and hashing.", howWeComply: "Detects cardholder data (card numbers, CVVs) and can automatically mask or block it." },
{ framework: "fedramp", frameworkName: "FedRAMP", clause: "SI-12", originalText: "The organization handles and retains information per applicable laws and policies.", howWeComply: "PII classification ensures AI systems handle personal information per federal requirements." },
{ framework: "ferpa", frameworkName: "FERPA", clause: "\u00a799.31", originalText: "Educational agencies may disclose PII only if the disclosure meets specified conditions.", howWeComply: "Detects student data including education records to ensure only authorized disclosures." },
// Safety Evaluation
{ framework: "eu_ai_act", frameworkName: "EU AI Act", clause: "Art.15", originalText: "High-risk AI systems shall achieve appropriate accuracy, robustness, and cybersecurity.", howWeComply: "Safety benchmarks verify accuracy and robustness; adversarial testing assesses cybersecurity." },
{ framework: "eu_ai_act", frameworkName: "EU AI Act", clause: "Art.50", originalText: "Providers of AI systems generating synthetic content shall ensure outputs are marked as artificially generated.", howWeComply: "AI provenance tracking and synthetic content marking via programmable guardrails." },
{ framework: "eu_ai_act", frameworkName: "EU AI Act", clause: "Art.10(2)", originalText: "Training data shall be examined for possible biases that may lead to discrimination.", howWeComply: "Bias detection examines AI outputs for discriminatory patterns." },
{ framework: "sox", frameworkName: "SOX", clause: "\u00a7404", originalText: "Management must establish adequate internal control structure and assess effectiveness.", howWeComply: "Model evaluation is an internal control verifying safety and performance requirements." },
{ framework: "nist_ai_rmf", frameworkName: "NIST AI RMF", clause: "GOV 4.1", originalText: "Organizational practices enable AI testing, incident identification, and provenance information sharing.", howWeComply: "Pre-deployment testing identifies safety issues before they become incidents." },
{ framework: "nist_ai_rmf", frameworkName: "NIST AI RMF", clause: "MAP 2.3", originalText: "AI system risks related to bias, fairness, and discrimination are assessed.", howWeComply: "Fairness metrics assess and document bias risks in AI outputs." },
{ framework: "colorado_ai", frameworkName: "Colorado AI Act", clause: "\u00a76-1-1703(2)", originalText: "Developers shall document the AI system\u2019s capabilities, limitations, and intended uses.", howWeComply: "Benchmark results document AI capabilities and limitations." },
{ framework: "colorado_ai", frameworkName: "Colorado AI Act", clause: "\u00a76-1-1704", originalText: "Deployers shall not deploy a high-risk AI system that results in algorithmic discrimination.", howWeComply: "Detects discriminatory patterns in AI outputs before they affect users." },
{ framework: "iso_42001", frameworkName: "ISO 42001", clause: "8.2", originalText: "Implement and maintain AI system development processes including testing and validation.", howWeComply: "Implements required testing and validation for AI systems before deployment." },
{ framework: "iso_42001", frameworkName: "ISO 42001", clause: "6.4", originalText: "The organization shall consider risks related to bias and fairness.", howWeComply: "Fairness evaluation addresses bias risks as part of the AI management system." },
{ framework: "iso_42001", frameworkName: "ISO 42001", clause: "8.3", originalText: "The organization shall implement controls for AI system outputs including provenance and traceability.", howWeComply: "Provenance tracking and watermarking establish traceability of AI outputs." },
{ framework: "dpdp", frameworkName: "DPDP Act", clause: "\u00a78", originalText: "The Data Fiduciary shall protect personal data by taking reasonable security safeguards.", howWeComply: "Identifies personal data requiring protection under Indian law, enabling appropriate safeguards." },
{ framework: "dpdp", frameworkName: "DPDP Act", clause: "\u00a78(6)", originalText: "The Data Fiduciary shall ensure automated decisions do not result in unfair discrimination.", howWeComply: "Bias detection prevents unfair discrimination in automated decisions." },
{ framework: "lgpd", frameworkName: "LGPD", clause: "Art.7", originalText: "Processing of personal data requires legal basis such as consent.", howWeComply: "Detects personal data to help ensure processing occurs only with proper legal basis." },
{ framework: "pipl", frameworkName: "PIPL", clause: "Art.10", originalText: "Sensitive personal information requires specific purpose and strict protective measures.", howWeComply: "Identifies sensitive categories (biometric, health, financial) requiring enhanced protection." },
{ framework: "rbi_free_ai", frameworkName: "RBI FREE-AI", clause: "\u00a75.1", originalText: "AI/ML models shall be validated before deployment to meet safety and performance requirements.", howWeComply: "Pre-deployment safety benchmarks fulfill validation requirements for financial sector AI." },
{ framework: "rbi_free_ai", frameworkName: "RBI FREE-AI", clause: "\u00a76.1", originalText: "AI systems shall be fair and not discriminate against any group.", howWeComply: "Ensures non-discriminatory AI outputs in financial services." },
{ framework: "india_ai", frameworkName: "India AI", clause: "\u00a74.2", originalText: "AI systems should undergo safety testing before deployment to identify potential harms.", howWeComply: "Safety benchmarks like WMDP and HarmBench identify potential harms before deployment." },
{ framework: "india_ai", frameworkName: "India AI", clause: "\u00a75.2", originalText: "AI systems should be designed to be fair and avoid discrimination.", howWeComply: "Identifies discriminatory patterns in AI outputs." },
{ framework: "cmmc", frameworkName: "CMMC 2.0", clause: "3.14.1", originalText: "Identify, report, and correct information system flaws in a timely manner.", howWeComply: "Model evaluation identifies flaws in AI systems before deployment." },
{ framework: "dora", frameworkName: "DORA", clause: "Art.26", originalText: "Financial entities shall carry out advanced testing by means of threat-led penetration testing.", howWeComply: "Red team and adversarial testing evaluates AI systems against realistic threats." },
{ framework: "oecd_ai", frameworkName: "OECD AI", clause: "P1.3", originalText: "AI actors should commit to transparency to ensure people can challenge AI-based outcomes.", howWeComply: "Provides transparency into AI decision patterns and potential biases." },
]},
}
};