Governance & Compliance

Built for the audit

VeriSwarm maps to 8 compliance frameworks out of the box, including the new wave of US state AI laws. Per-tenant reports via API — hand them to your auditor, not your engineering team.

OWASP Agentic AI Top 10

10 controls

The definitive security risk list for AI agent systems. VeriSwarm covers all 10 risks.

10/10 risks covered on Max plan
Cross-model verification for memory poisoning
Guard injection detection + PII tokenization
Vault immutable audit ledger

GET /v1/compliance/owasp-attestationFull coverage map →

EU AI Act

9 controls

EU regulation on artificial intelligence. Maps high-risk AI system requirements to VeriSwarm features.

Article 9: Risk management via Gate scoring
Article 12: Record-keeping via Vault ledger
Article 14: Human oversight via Workflows
Article 15: Robustness via Guard + circuit breakers
Article 50: AI content labeling via signed provenance manifests

GET /v1/compliance/eu-ai-actTake the EUcheck →

Colorado AI Act

Preview6 controls

First US state high-risk AI law with deployer obligations. Names NIST AI RMF and ISO 42001 as alignment anchors.

§6-1-1703: Risk management policy aligned to NIST AI RMF or ISO 42001
§6-1-1703(3): Impact assessments with 3-year retention via Vault
§6-1-1704: Consumer notification audit events
§6-1-1705: Annual review via human_review workflow

GET /v1/compliance/colorado-ai-actTake the Coloradocheck →

US State Conversational AI Laws

Preview6 controls

Consolidated coverage for the four state chatbot safety bills signed in March–April 2026. Disclosure, crisis intervention, and minor protections.

AI disclosure to users, persistent for minors
Self-harm detection + 988 / Youthline referrals
Sexually explicit content prevention for minors
Manipulative engagement prohibition for minors
Annual safety report (Oregon SB 1546)

GET /v1/compliance/us-state-conversational-aiEffective 2026-04-17

New York RAISE Act

Preview5 controls

New York's transparency and incident-reporting framework for large frontier-model developers. 72-hour and 24-hour critical-incident windows.

Published Frontier AI Framework (catastrophic risk management)
72-hour critical safety incident reporting
24-hour expedited reporting for imminent harm
Third-party catastrophic-risk evaluation
Pre-deployment mitigation review via human_review workflow

GET /v1/compliance/ny-raise-actEffective 2027-01-01

California Transparency in Frontier AI Act

Preview7 controls

First in force of the new wave. Annual framework, pre-deployment transparency reports, 15-day / 24-hour incident reporting, and whistleblower protections. Civil penalties up to $1M per violation.

Annual Frontier AI Framework (large developers)
Pre-deployment transparency reports for every frontier model
15-day critical incident reporting to CalOES
24-hour expedited reporting for imminent public threat
Alignment with NIST AI RMF or ISO 42001 cross-mapping

GET /v1/compliance/california-sb-53Effective 2026-01-01

NIST AI Risk Management Framework

4 controls

US federal framework for AI risk management. Four core functions: Govern, Map, Measure, Manage.

Govern: Policy engine + plan-gated governance
Map: OWASP attestation + 4-axis scoring
Measure: Error budgets + Guard finding tracking
Manage: Kill switch + circuit breakers

GET /v1/compliance/nist-ai-rmfEffective 2023-01-26

ISO/IEC 42001:2023

5 controls

International standard for AI management systems. Covers organizational context through continual improvement.

Operations: Cortex Workflows + Guard scanning
Performance: SLO tracking + cost analytics
Improvement: Vault audit trail for trend analysis

GET /v1/compliance/iso-42001Effective 2023-12-18

Compliance reports on demand

Every framework is available as a per-tenant API endpoint. Generate evidence packages with a single API call — no spreadsheets required.

Start Free OWASP Coverage

Governance & Compliance

Built for the audit

VeriSwarm maps to 8 compliance frameworks out of the box, including the new wave of US state AI laws. Per-tenant reports via API — hand them to your auditor, not your engineering team.

OWASP Agentic AI Top 10

10 controls

The definitive security risk list for AI agent systems. VeriSwarm covers all 10 risks.

10/10 risks covered on Max plan
Cross-model verification for memory poisoning
Guard injection detection + PII tokenization
Vault immutable audit ledger

GET /v1/compliance/owasp-attestationFull coverage map →

EU AI Act

9 controls

EU regulation on artificial intelligence. Maps high-risk AI system requirements to VeriSwarm features.

Article 9: Risk management via Gate scoring
Article 12: Record-keeping via Vault ledger
Article 14: Human oversight via Workflows
Article 15: Robustness via Guard + circuit breakers
Article 50: AI content labeling via signed provenance manifests

GET /v1/compliance/eu-ai-actTake the EUcheck →

Colorado AI Act

Preview6 controls

First US state high-risk AI law with deployer obligations. Names NIST AI RMF and ISO 42001 as alignment anchors.

§6-1-1703: Risk management policy aligned to NIST AI RMF or ISO 42001
§6-1-1703(3): Impact assessments with 3-year retention via Vault
§6-1-1704: Consumer notification audit events
§6-1-1705: Annual review via human_review workflow

GET /v1/compliance/colorado-ai-actTake the Coloradocheck →

US State Conversational AI Laws

Preview6 controls

Consolidated coverage for the four state chatbot safety bills signed in March–April 2026. Disclosure, crisis intervention, and minor protections.

AI disclosure to users, persistent for minors
Self-harm detection + 988 / Youthline referrals
Sexually explicit content prevention for minors
Manipulative engagement prohibition for minors
Annual safety report (Oregon SB 1546)

GET /v1/compliance/us-state-conversational-aiEffective 2026-04-17

New York RAISE Act

Preview5 controls

New York's transparency and incident-reporting framework for large frontier-model developers. 72-hour and 24-hour critical-incident windows.

Published Frontier AI Framework (catastrophic risk management)
72-hour critical safety incident reporting
24-hour expedited reporting for imminent harm
Third-party catastrophic-risk evaluation
Pre-deployment mitigation review via human_review workflow

GET /v1/compliance/ny-raise-actEffective 2027-01-01

California Transparency in Frontier AI Act

Preview7 controls

First in force of the new wave. Annual framework, pre-deployment transparency reports, 15-day / 24-hour incident reporting, and whistleblower protections. Civil penalties up to $1M per violation.

Annual Frontier AI Framework (large developers)
Pre-deployment transparency reports for every frontier model
15-day critical incident reporting to CalOES
24-hour expedited reporting for imminent public threat
Alignment with NIST AI RMF or ISO 42001 cross-mapping

GET /v1/compliance/california-sb-53Effective 2026-01-01

NIST AI Risk Management Framework

4 controls

US federal framework for AI risk management. Four core functions: Govern, Map, Measure, Manage.

Govern: Policy engine + plan-gated governance
Map: OWASP attestation + 4-axis scoring
Measure: Error budgets + Guard finding tracking
Manage: Kill switch + circuit breakers

GET /v1/compliance/nist-ai-rmfEffective 2023-01-26

ISO/IEC 42001:2023

5 controls

International standard for AI management systems. Covers organizational context through continual improvement.

Operations: Cortex Workflows + Guard scanning
Performance: SLO tracking + cost analytics
Improvement: Vault audit trail for trend analysis

GET /v1/compliance/iso-42001Effective 2023-12-18

Compliance reports on demand

Every framework is available as a per-tenant API endpoint. Generate evidence packages with a single API call — no spreadsheets required.

Start Free OWASP Coverage