# Methodology & Bibliography — Compliance Glossary for Agentic Systems

> How this compliance glossary is built, what counts as a canonical citation, and how we keep entries fresh.

**Data last refreshed:** 2026-05-08. **Next scheduled refresh:** Q3 2026 (or sooner on regulator / vendor / standards-body trigger).

## What this site is — and isn't

This is a *compliance-domain* glossary for builders and operators of agentic AI in regulated workflows. It is not a general-vocabulary AI glossary — for that, see the sibling [Agentic Glossary — Quick Reference](https://agentic-glossary-quickref.roei-020.workers.dev/). This site overlaps deliberately on a small set of agentic-system risk terms (autonomy, human-in-the-loop, prompt injection, constitutional AI, sleeper agent, jailbreak) where compliance and engineering vocabularies meet — and defers to the deep [Agentic Glossary](https://agentic-glossary.roei-020.workers.dev/) on those flagship entries via a *Compare with deep glossary →* link.

## What counts as a "term"

The bar for inclusion in this v1 build:

1. It appears in a regulator publication, standards-body specification, primary supervisor guidance, or canonical industry-body statement that a compliance officer or auditor is expected to know.
2. At least one canonical primary source defines or operationalizes it directly — the source we'd cite in a control narrative or audit response.
3. It either (a) is binding on or being adopted by regulated firms running AI/ML workflows, or (b) is the dominant vocabulary anchor for a recognized compliance discipline (model risk, AML/CFT, audit, governance, AI safety).

## Sourcing rule

Every entry has at least one direct citation to a canonical primary source — meaning:

- The regulator's own publication (European Commission, NIST, FATF, FinCEN, FCA, OCC, FRB, PRA, MAS, ICO).
- The standards body's own document (ISO/IEC, AICPA Trust Services Criteria, OECD AI Principles).
- The industry body's own statement (Wolfsberg Group, IIA Three Lines Model, COSO ERM, OWASP LLM Top 10).
- The vendor's own published research (Anthropic safety papers; foundational arXiv papers).

Wikipedia, secondary blogs, content farms, and law-firm marketing posts are *never* the primary citation.

## Freshness flags

- **Foundational** — original peer-reviewed papers (Bai et al. 2022, Hubinger et al. 2024, Mitchell et al. 2019). Refreshed only on substantive revision.
- **In force** — currently-binding regulator text or in-effect standards. Includes the in-force date where applicable (EU AI Act high-risk Annex III, 2 August 2026, subject to Digital Omnibus deferral; PRA SS 1/23, 17 May 2024).
- **Emerging 2026** — terms that entered mainstream compliance discourse in 2026 (NIST AI Agent Interoperability Profile, Digital Omnibus, agent authorization, agent audit trail, tool poisoning). Quarterly review.
- **Contested** — entries with named, meaningful disagreement in the field. We carry both positions.

## Refresh cadence

| Trigger | Action |
|---|---|
| Quarterly | Full audit: every cited URL pinged, every primary source re-read for material changes |
| Regulator publication or in-force date change | Targeted refresh of affected entries within 7 days |
| Standards-body publication (ISO, AICPA, IIA, COSO, OWASP) | Same-week refresh of affected entries |
| Vendor canonical-source publication (Anthropic, OpenAI, Google research) | Targeted refresh of affected entries |
| URL 404 or vendor pivot | Immediate fix |

## Bibliography (v1 — 2026-05-08)

The full canonical-source list backing the v1 entry set.

1. NIST — *AI Risk Management Framework (AI 100-1)*. https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf — accessed 2026-05-08. **In force.** Source for AI RMF, Trustworthy AI, red-teaming, guardrail, drift.
2. NIST — *AI Risk Management Framework — Generative AI Profile (AI 600-1)*. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf — accessed 2026-05-08. **In force.** Source for hallucination/confabulation, training-data poisoning.
3. NIST — *AI Risk Management Framework hub* (AI Agent Standards Initiative announced February 2026). https://www.nist.gov/itl/ai-risk-management-framework — accessed 2026-05-08. Source for AI Agent Interoperability Profile, agent authorization.
4. European Commission — *EU AI Act Implementation Timeline*. https://ai-act-service-desk.ec.europa.eu/en/ai-act/timeline/timeline-implementation-eu-ai-act — accessed 2026-05-08. **In force 2 August 2026** (subject to Digital Omnibus deferral). Source for EU AI Act, high-risk AI, Annex III, GPAI, AI literacy, conformity assessment, FRIA.
5. European Commission — *Digital Omnibus*. https://digital-strategy.ec.europa.eu/en/policies/digital-omnibus — accessed 2026-05-08.
6. ISO/IEC — *42001:2023 — AI management system*. https://www.iso.org/standard/81230.html — accessed 2026-05-08. **In force.**
7. ISO/IEC — *23894:2023 — AI Guidance on risk management*. https://www.iso.org/standard/77304.html — accessed 2026-05-08.
8. ISO/IEC — *22989:2022 — AI Concepts and terminology*. https://www.iso.org/standard/74296.html — accessed 2026-05-08.
9. ISO/IEC — *38507:2022 — Governance implications of AI*. https://www.iso.org/standard/56641.html — accessed 2026-05-08.
10. ISO/IEC — *27001:2022 — Information security management systems*. https://www.iso.org/standard/82875.html — accessed 2026-05-08.
11. ISO/IEC — *27701:2019 — Privacy information management*. https://www.iso.org/standard/71670.html — accessed 2026-05-08.
12. AICPA — *SOC for service organizations & Trust Services Criteria*. https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc — accessed 2026-05-08. **In force.** Source for SOC 2, TSC, audit trail, privileged action, evidence retention, attestation.
13. Federal Reserve / OCC — *SR 11-7*. https://www.federalreserve.gov/supervisionreg/srletters/sr1107.pdf — accessed 2026-05-08. **In force.** Source for MRM, model validation, model inventory.
14. Bank of England (PRA) — *SS 1/23 — Model Risk Management Principles for Banks*. https://www.bankofengland.co.uk/prudential-regulation/publication/2023/may/model-risk-management-principles-for-banks-ss — accessed 2026-05-08. **In force 17 May 2024.**
15. FATF — *Recommendations*. https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html — accessed 2026-05-08. **In force.** Source for KYC, CDD, EDD, UBO, PEP, sanctions screening.
16. FATF — *Standards & guidance hub* (Nov 2025 AI/ML guidance). https://www.fatf-gafi.org/ — accessed 2026-05-08.
17. FinCEN — *Bank Secrecy Act resources*. https://www.fincen.gov/resources/statutes-regulations/bank-secrecy-act — accessed 2026-05-08.
18. Wolfsberg Group — *AI/ML Statement (2024)*. https://www.wolfsberg-principles.com/ — accessed 2026-05-08.
19. OWASP — *LLM Top 10 (2025 ed.)*. https://owasp.org/www-project-top-10-for-large-language-model-applications/ — accessed 2026-05-08.
20. OECD — *AI Principles*. https://oecd.ai/en/ai-principles — accessed 2026-05-08.
21. FCA — *AI Update*. https://www.fca.org.uk/publication/corporate/ai-update.pdf — accessed 2026-05-08. **In force.**
22. MAS — *FEAT Principles*. https://www.mas.gov.sg/-/media/MAS/News-and-Publications/Monographs-and-Information-Papers/FEAT-Principles-Updated-7-Feb-19.pdf — accessed 2026-05-08.
23. ICO — *Guidance on AI and data protection*. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ — accessed 2026-05-08.
24. GDPR — *Article 22*. https://gdpr-info.eu/art-22-gdpr/ — accessed 2026-05-08. **In force.**
25. The IIA — *Three Lines Model (2020)*. https://www.theiia.org/en/content/articles/global-knowledge-brief/2020/july/three-lines-model/ — accessed 2026-05-08.
26. COSO — *ERM Integrated Framework*. https://www.coso.org/enterprise-risk-management — accessed 2026-05-08.
27. Anthropic — *Measuring AI agent autonomy in practice*. https://www.anthropic.com/research/measuring-agent-autonomy — accessed 2026-05-08.
28. Anthropic — *Many-shot jailbreaking*. https://www.anthropic.com/research/many-shot-jailbreaking — accessed 2026-05-08.
29. Bai et al. (Anthropic) — *Constitutional AI*, arXiv:2212.08073, 2022. https://arxiv.org/abs/2212.08073 — accessed 2026-05-08. **Foundational.**
30. Hubinger et al. (Anthropic) — *Sleeper Agents*, arXiv:2401.05566, 2024. https://arxiv.org/abs/2401.05566 — accessed 2026-05-08. **Foundational.**
31. Mitchell et al. — *Model Cards for Model Reporting*, arXiv:1810.03993, 2019. https://arxiv.org/abs/1810.03993 — accessed 2026-05-08. **Foundational.**
32. EUR-Lex — *Regulation (EU) 2024/1689 — AI Act (consolidated text)*. https://eur-lex.europa.eu/eli/reg/2024/1689/oj — accessed 2026-05-08. **In force.**
33. NIST — *Cybersecurity Framework 2.0*. https://www.nist.gov/cyberframework — accessed 2026-05-08. **In force.**
34. ENISA — *Cybersecurity threat landscape for AI*. https://www.enisa.europa.eu/topics/cybersecurity-policy/artificial-intelligence — accessed 2026-05-08.
35. NIST — *SP 800-53 Rev. 5 — Security and Privacy Controls*. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final — accessed 2026-05-08. **In force.**
36. HKMA — *High-level Principles on AI (HLP-AI)*. https://www.hkma.gov.hk/eng/news-and-media/insight/2019/11/20191101/ — accessed 2026-05-08.
37. U.S. SEC — *Predictive Data Analytics by Investment Advisers and Broker-Dealers (2023 proposed rule)*. https://www.sec.gov/rules/proposed/2023/34-97990.pdf — accessed 2026-05-08.
38. Treasury OCC — *Heightened Standards (12 CFR Part 30 Appendix D)*. https://www.occ.gov/news-issuances/federal-register/2014/79fr54517.pdf — accessed 2026-05-08. **In force.**
39. BIS / Basel Committee — *Principles for the Sound Management of Operational Risk*. https://www.bis.org/bcbs/publ/d515.pdf — accessed 2026-05-08. **In force.**
40. Linux Foundation AI & Data — *Trusted AI program*. https://lfaidata.foundation/projects/trusted-ai/ — accessed 2026-05-08.

## Privacy & sourcing notes

This site cites only public, primary-source documents. No private-client, internal, or non-public information appears anywhere on this property — by deliberate operating policy.

## How to suggest a term or correction

Open an issue at https://github.com/roeiba/compliance-glossary with the proposed term, definition, and at least one canonical primary-source citation.

*Updated 2026-05-08 · 81 terms · 8 categories.*