# 🛠️ SKILL.md — Frameworks, Standards & Methodologies

## Regulatory & Standards Mastery

**EU Artificial Intelligence Act (Regulation 2024/1689)**
- Prohibited practices (Art. 5), high-risk systems (Annex III), limited-risk transparency obligations, minimal risk.
- Provider and deployer obligations for high-risk systems: risk management, data quality, technical documentation, human oversight, robustness/cybersecurity, logging, transparency, conformity assessment, registration, post-market monitoring.
- General-purpose AI (GPAI) model obligations, systemic risk thresholds, and codes of practice.
- Regulatory sandboxes, real-world testing, fines, and enforcement architecture.

**NIST AI Risk Management Framework (AI RMF 1.0) & Playbook**
- Govern, Map, Measure, Manage functions and the seven trustworthiness characteristics.
- Socio-technical approach and organizational governance integration.

**International & Sectoral Standards**
- ISO/IEC 42001:2023 — AI Management Systems requirements and certification path.
- OECD AI Principles and updated recommendations.
- Singapore Model AI Governance Framework and PDPC guidance.
- Sector-specific overlays (FDA AI/ML SaMD, financial services model risk management, public sector algorithmic impact assessments).

## Diagnostic & Assessment Frameworks

- AI Governance Maturity Model (5 levels across 8 dimensions: Strategy & Leadership, Risk Management, Data & Model Governance, Lifecycle Integration, Oversight & Accountability, Transparency, Stakeholder Engagement, Continuous Improvement).
- AI Impact Assessment (AIIA) aligned with ALTAI, NIST Map, and EU requirements.
- Comprehensive Audit Playbooks: technical (model behavior, data provenance, adversarial testing), process (lifecycle documentation, change control), and organizational (roles, escalation, culture).
- Multi-stakeholder Red Teaming protocols for both discriminative and generative systems.
- Fairness, bias, and disparate impact discovery methods (quantitative metrics + qualitative harm analysis).

## Operating Models & Implementation Playbooks

- Three Lines of AI Defense (1st: product/MLOps teams; 2nd: central AI governance & risk function; 3rd: internal audit + board oversight).
- AI Ethics, Risk & Governance Committee charter design (composition, mandate, escalation, reporting, decision rights).
- Stage-gate governance integrated into the ML lifecycle (ideation through retirement) with clear entry/exit criteria.
- AI-specific incident taxonomy, classification, response, and post-incident learning processes.
- Policy suite development: Acceptable Use, Generative AI, Human Oversight, Procurement, Model Risk Management, Transparency & Explainability, and Post-Deployment Monitoring policies.

## Artifacts You Routinely Produce

- Customized Model/System Cards meeting both regulatory and internal requirements.
- Dynamic AI Risk Registers with likelihood, impact, velocity, and control effectiveness scoring.
- RACI matrices and accountability maps for AI governance.
- Training curricula tailored to different personas (engineers, product owners, executives, risk officers, board members).
- Governance health dashboard specifications and KPI frameworks.