Methodology & Bibliography

How this compliance glossary is built, what counts as a canonical citation, and how we keep entries fresh.

Data last refreshed: 2026-05-08. Next scheduled refresh: Q3 2026 (or sooner on regulator / vendor / standards-body trigger).

What this site is — and isn't

This is a compliance-domain glossary for builders and operators of agentic AI in regulated workflows. It is not a general-vocabulary AI glossary — for that, see the sibling Agentic Glossary — Quick Reference. This site overlaps deliberately on a small set of agentic-system risk terms (autonomy, human-in-the-loop, prompt injection, constitutional AI, sleeper agent, jailbreak) where compliance and engineering vocabularies meet — and defers to the deep Agentic Glossary on those flagship entries via a Compare with deep glossary → link.

What counts as a "term"

The bar for inclusion in this v1 build:

1. It appears in a regulator publication, standards-body specification, primary supervisor guidance, or canonical industry-body statement that a compliance officer or auditor is expected to know.
2. At least one canonical primary source defines or operationalizes it directly — the source we'd cite in a control narrative or audit response.
3. It either (a) is binding on or being adopted by regulated firms running AI/ML workflows, or (b) is the dominant vocabulary anchor for a recognized compliance discipline (model risk, AML/CFT, audit, governance, AI safety).

Sourcing rule

Every entry has at least one direct citation to a canonical primary source — meaning:

• The regulator's own publication (European Commission, NIST, FATF, FinCEN, FCA, OCC, FRB, PRA, MAS, ICO).
• The standards body's own document (ISO/IEC, AICPA Trust Services Criteria, OECD AI Principles).
• The industry body's own statement (Wolfsberg Group, IIA Three Lines Model, COSO ERM, OWASP LLM Top 10).
• The vendor's own published research (Anthropic safety papers; foundational arXiv papers like Sleeper Agents, Constitutional AI, Model Cards).

Wikipedia, secondary blogs, content farms, and law-firm marketing posts are never the primary citation.

Freshness flags

Every entry that needs one carries a freshness flag:

• Foundational — original peer-reviewed papers (e.g., Bai et al. 2022 on Constitutional AI, Hubinger et al. 2024 on Sleeper Agents, Mitchell et al. 2019 on Model Cards). Considered evergreen — refreshed only on substantive revision.
• In force — current, binding regulator text or in-effect standards. Includes the in-force date where applicable (e.g., EU AI Act high-risk Annex III, 2 August 2026, subject to Digital Omnibus deferral; PRA SS 1/23, 17 May 2024).
• Emerging 2026 — terms that entered mainstream compliance discourse in 2026 (NIST AI Agent Interoperability Profile, Digital Omnibus, agent authorization, agent audit trail, tool poisoning). Quarterly review; monitored for promotion to In force.
• Contested — entries with named, meaningful disagreement in the field. We carry both positions where applicable.

Anything older than six months that does not carry one of the four flags is considered stale and gets retired or refreshed.

Refresh cadence

Bibliography (v1 — 2026-05-08)

The full canonical-source list backing the v1 entry set. Each line: source, URL, accessed date, role.

1. NIST, Artificial Intelligence Risk Management Framework (AI 100-1). nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf — accessed 2026-05-08. In force Voluntary U.S. AI risk-management framework. Source for AI RMF, Trustworthy AI, Govern/Map/Measure/Manage, red-teaming, guardrail, drift, model-risk references.
2. NIST, AI Risk Management Framework — Generative AI Profile (AI 600-1). nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf — accessed 2026-05-08. In force Source for hallucination/confabulation, training-data poisoning, the 12 risks of generative AI.
3. NIST, AI Risk Management Framework hub (AI Agent Standards Initiative announced February 2026 via CAISI; AI Agent Interoperability Profile planned Q4 2026). nist.gov/itl/ai-risk-management-framework — accessed 2026-05-08. Source for AI Agent Interoperability Profile, agent authorization.
4. European Commission, EU AI Act Implementation Timeline. ai-act-service-desk.ec.europa.eu/en/ai-act/timeline/timeline-implementation-eu-ai-act — accessed 2026-05-08. In force 2 August 2026 (subject to Digital Omnibus deferral). Source for EU AI Act, high-risk AI, Annex III, GPAI, systemic-risk GPAI, AI literacy, conformity assessment, FRIA.
5. European Commission, Digital Omnibus. digital-strategy.ec.europa.eu/en/policies/digital-omnibus — accessed 2026-05-08. November 2025 proposal to defer EU AI Act high-risk Annex III rules.
6. ISO/IEC, 42001:2023 — Information technology — Artificial intelligence — Management system. iso.org/standard/81230.html — accessed 2026-05-08. In force Source for AIMS framing.
7. ISO/IEC, 23894:2023 — AI — Guidance on risk management. iso.org/standard/77304.html — accessed 2026-05-08.
8. ISO/IEC, 22989:2022 — AI — Concepts and terminology. iso.org/standard/74296.html — accessed 2026-05-08.
9. ISO/IEC, 38507:2022 — Governance implications of the use of AI by organizations. iso.org/standard/56641.html — accessed 2026-05-08.
10. ISO/IEC, 27001:2022 — Information security management systems. iso.org/standard/82875.html — accessed 2026-05-08.
11. ISO/IEC, 27701:2019 — Privacy information management. iso.org/standard/71670.html — accessed 2026-05-08.
12. AICPA, SOC for service organizations & Trust Services Criteria. aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc — accessed 2026-05-08. In force Source for SOC 2, SOC 2 Type II, TSC, Common Criteria, audit trail, privileged action, evidence retention, attestation.
13. Federal Reserve / OCC, SR 11-7 Guidance on Model Risk Management. federalreserve.gov/supervisionreg/srletters/sr1107.pdf — accessed 2026-05-08. In force Source for MRM, model validation, model inventory, model monitoring, challenger model, drift, risk tier, OCC.
14. Bank of England (Prudential Regulation Authority), SS 1/23 — Model Risk Management Principles for Banks. bankofengland.co.uk/prudential-regulation/publication/2023/may/model-risk-management-principles-for-banks-ss — accessed 2026-05-08. In force 17 May 2024
15. FATF, The FATF Recommendations. fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html — accessed 2026-05-08. In force Source for KYC, CDD, EDD, UBO, PEP, sanctions screening, KYC record retention, AML, CFT.
16. FATF, Standards & guidance hub (incl. Nov 2025 AI/ML guidance). fatf-gafi.org — accessed 2026-05-08.
17. FinCEN, Bank Secrecy Act resources. fincen.gov/resources/statutes-regulations/bank-secrecy-act — accessed 2026-05-08. Source for SAR / Suspicious Activity Report.
18. Wolfsberg Group, Statement on the use of AI/ML in Financial Crime Compliance. wolfsberg-principles.com — accessed 2026-05-08.
19. OWASP Foundation, OWASP LLM Top 10 (2025 ed.). owasp.org/www-project-top-10-for-large-language-model-applications — accessed 2026-05-08. Source for prompt injection, tool poisoning, training-data poisoning, excessive agency, supply-chain risk, OWASP LLM Top 10.
20. OECD, AI Principles (2019, revised 2024). oecd.ai/en/ai-principles — accessed 2026-05-08. Source for the canonical AI-system definition imported by ISO and the EU AI Act.
21. Financial Conduct Authority (FCA), AI Update. fca.org.uk/publication/corporate/ai-update.pdf — accessed 2026-05-08. In force Source for FCA, Senior Managers Regime, Consumer Duty.
22. Monetary Authority of Singapore (MAS), FEAT Principles. mas.gov.sg/-/media/MAS/.../FEAT-Principles — accessed 2026-05-08.
23. Information Commissioner's Office (ICO), Guidance on AI and data protection. ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ — accessed 2026-05-08. Source for ICO AI framework, DPIA.
24. GDPR, Article 22 — Automated individual decision-making, including profiling. gdpr-info.eu/art-22-gdpr — accessed 2026-05-08. In force
25. The IIA, Three Lines Model (2020). theiia.org/.../three-lines-model — accessed 2026-05-08. Source for Three Lines, Internal Audit.
26. COSO, Enterprise Risk Management — Integrating with Strategy and Performance. coso.org/enterprise-risk-management — accessed 2026-05-08. Source for COSO ERM, risk appetite.
27. Anthropic, Measuring AI agent autonomy in practice. anthropic.com/research/measuring-agent-autonomy — accessed 2026-05-08. Source for autonomy, human-in-the-loop framing for agentic risk.
28. Anthropic, Many-shot jailbreaking. anthropic.com/research/many-shot-jailbreaking — accessed 2026-05-08. Source for jailbreak.
29. Bai et al. (Anthropic), Constitutional AI: Harmlessness from AI Feedback, arXiv:2212.08073, 2022. arxiv.org/abs/2212.08073 — accessed 2026-05-08. Foundational
30. Hubinger et al. (Anthropic), Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training, arXiv:2401.05566, 2024. arxiv.org/abs/2401.05566 — accessed 2026-05-08. Foundational
31. Mitchell et al., Model Cards for Model Reporting, arXiv:1810.03993, 2019. arxiv.org/abs/1810.03993 — accessed 2026-05-08. Foundational Source for model card.
32. EUR-Lex, Regulation (EU) 2024/1689 — AI Act (consolidated text). eur-lex.europa.eu/eli/reg/2024/1689/oj — accessed 2026-05-08. In force Official consolidated EU AI Act text; companion to the implementation timeline above.
33. NIST, Cybersecurity Framework 2.0. nist.gov/cyberframework — accessed 2026-05-08. In force The CSF 2.0 Govern function pairs with AI RMF for joint cybersecurity-and-AI risk programmes.
34. ENISA, Cybersecurity threat landscape for AI. enisa.europa.eu/topics/cybersecurity-policy/artificial-intelligence — accessed 2026-05-08. EU agency landscape doc dovetailing with OWASP LLM Top 10 for AI cybersecurity threat catalogues.
35. NIST, Special Publication 800-53 Rev. 5 — Security and Privacy Controls. csrc.nist.gov/publications/detail/sp/800-53/rev-5/final — accessed 2026-05-08. In force Underlying control catalogue most U.S. federal AI control mappings start from.
36. HKMA, High-level Principles on AI (HLP-AI). hkma.gov.hk — HLP-AI — accessed 2026-05-08. Hong Kong Monetary Authority companion to MAS FEAT.
37. U.S. SEC, Predictive Data Analytics by Investment Advisers and Broker-Dealers (2023 proposed rule). sec.gov/rules/proposed/2023/34-97990.pdf — accessed 2026-05-08. The U.S. SEC's flagged AI-conflicts proposal — final rule pending; informs SEC framing for advisers using AI.
38. Treasury OCC, Heightened Standards (12 CFR Part 30 Appendix D). occ.gov/news-issuances/federal-register/2014/79fr54517.pdf — accessed 2026-05-08. In force Foundational governance baseline OCC supervisors layer on top of SR 11-7.
39. BIS / Basel Committee, Principles for the Sound Management of Operational Risk. bis.org/bcbs/publ/d515.pdf — accessed 2026-05-08. In force The operational-risk framing inside which AI/ML risk gets aggregated for Basel-bank reporting.
40. Linux Foundation AI & Data, Trusted AI program. lfaidata.foundation/projects/trusted-ai — accessed 2026-05-08. Industry consortium driving open trusted-AI tooling that frequently feeds back into ISO and NIST processes.

Privacy & sourcing notes

This site cites only public, primary-source documents. No private-client, internal, or non-public information appears anywhere on this property — by deliberate operating policy.

How to suggest a term or correction

Open an issue at github.com/roeiba/compliance-glossary with the proposed term, definition, and at least one canonical primary-source citation. Wikipedia and secondary write-ups are not accepted as primary citations.