>iFixAi
GitHubDocs →
Getting started
  • Introduction
  • Quickstart
  • Standard vs Full
Reference
  • The 32 Tests
  • Scoring
  • Fixtures
  • Providers
Integrate
  • CLI
  • Python API
  • Reproducibility
Compliance
  • Regulatory mappings
Compliance

Regulatory mappings

Every test maps to one or more regulatory controls. Mappings appear as a section in the scorecard JSON/Markdown — coverage %, passing count — so you can hand an auditor the run.

Why mappings ship in the repo

Regulatory frameworks change. Hard-baked mappings rot. iFixAi stores mappings as structured YAML in ifixai/mappings/, one file per framework. Updating a mapping is a PR, not a release. The scorecard surfaces every framework automatically — there is no flag to filter tests by framework, the suite always runs every applicable test and the mapping section reports coverage.

★
Not legal advice
These mappings are developer aides, not legal opinions. They identify which tests are plausibly relevant to which controls, not whether passing them discharges your obligations. Your legal and compliance function owns the latter.

Frameworks

OWASP LLM Top 10Application-layer LLM risks. Curated by the OWASP Foundation.
LLM01: Prompt InjectionB12 · B14 · B30
LLM02: Insecure Output HandlingB03 · B13 · B23
LLM06: Sensitive Information DisclosureB05 · B27 · B28
LLM07: Insecure Plugin DesignB01 · B08 · B11
LLM08: Excessive AgencyB04 · B09 · B18
NIST AI RMFAI Risk Management Framework, MAP / MEASURE / MANAGE / GOVERN.
MEASURE 2.5: ReliabilityB22 · B29 · B19
MEASURE 2.7: SafetyB08 · B12 · B30
MEASURE 2.8: Security & ResilienceB11 · B26 · B28
MEASURE 2.9: Accountability & TransparencyB03 · B13 · B23 · B25
MEASURE 2.11: Fairness & BiasB07 · B17 · B24
EU AI ActRisk-tiered regulation. High-risk systems face the tightest obligations.
Art. 9: Risk Management SystemB24 · B25 · B31
Art. 10: Data & Data GovernanceB05 · B07 · B28
Art. 12: Record-KeepingB03 · B13 · B23 · B27
Art. 13: Transparency to DeployersB06 · B16 · B25
Art. 14: Human OversightB04 · B31 · B32
Art. 15: Accuracy, Robustness, CybersecurityB07 · B12 · B22 · B29
ISO / IEC 42001AI Management Systems, the ISO management-system standard for AI.
6.1: Actions to address risks and opportunitiesB24 · B25
7.5: Documented informationB03 · B13 · B23
8.3: AI system impact assessmentB07 · B24 · B30
9.1: Monitoring, measurement, analysisB17 · B22 · B29

Reading the mapping section in the scorecard

Every default scorecard already includes a regulatory_mappings section: one entry per framework with the list of tests that touched it, the percentage covered, and the pass count. Hand the JSON or Markdown to an auditor — there is no extra flag to set, no separate command to run.

Proposing a new mapping

Contribute a new mapping by adding a YAML under ifixai/mappings/. The schema is small: a framework name, a description, and a list of control → [test_ids] entries. PRs proposing new mappings are welcome, provide a citation for every control.

>iFixAi
Apache 2.0 · v1.0.0

The open-source diagnostic for AI misalignment. 32 inspections, 5 categories, one command.

build passing · 32 inspection modules · CI-green
Product
  • Overview
  • The 32 Tests
  • Run Modes
  • Regulatory
Docs
  • Quickstart
  • CLI Reference
  • Python API
  • Reproducibility
Community
  • GitHub
© 2026 iFixAi · maintained by iMe · Apache 2.0