> ## Documentation Index
> Fetch the complete documentation index at: https://docs.openlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Learn about governance in Openlayer

As AI initiatives multiply across your organization, ensuring each one follows
responsible practices, whether internal standards or regulations like the **EU AI Act**,
**ISO 42001**, or **OSFI E-23**, quickly becomes unmanageable without a system.

Openlayer's **governance mode** gives you a unified way to define, track, and
enforce governance frameworks across every AI project in your workspace.

## How it works

<Steps>
  <Step title="Choose a framework">
    Openlayer provides pre-built frameworks for major governance standards — EU AI Act, ISO 42001, OSFI E-23, AIUC-1, TRAIGA, Brazil AI Act, and more. Each one comes pre-mapped to the standard's text, so you don't have to interpret requirements yourself.

    If none of the built-in frameworks fit, you can [build a custom one](/governance/build-custom-framework) from Openlayer's rule library.

    <img width="700" style={{ borderRadius: "0.5rem" }} src="https://mintcdn.com/openlayer-44/hqy5ZRaiSZXnkZzZ/images/governance/framework_list.png?fit=max&auto=format&n=hqy5ZRaiSZXnkZzZ&q=85&s=df2a32eb3b13b48e47273fd19702814c" alt="Frameworks list" data-path="images/governance/framework_list.png" />
  </Step>

  <Step title="Scope it to your projects">
    Activate a framework and assign it to the projects that should follow it — all projects, high-risk ones only, or any subset filtered by risk level, approval status, or task type.

    Each scoped project immediately receives a compliance checklist.
  </Step>

  <Step title="Complete the requirements">
    Frameworks contain two types of rules: **platform rules** and **evidence-based rules**.

    Platform rules are satisfied automatically as your team uses Openlayer. For example,
    capturing production traces, running tests, integrating with CI/CD. Evidence-based
    rules require uploading documents or providing links, such as model cards or security policies.

    Compliance becomes a byproduct of good engineering practices.
  </Step>

  <Step title="Track progress">
    Governance owners can monitor compliance status across the entire workspace, seeing
    which projects are on track, which are falling behind, and who is responsible for each rule.

    Project teams see their own checklist and can complete requirements without leaving the project.

    <img width="700" style={{ borderRadius: "0.5rem" }} src="https://mintcdn.com/openlayer-44/LKo3h7ODOhI8RWva/images/governance/project_governance.png?fit=max&auto=format&n=LKo3h7ODOhI8RWva&q=85&s=e32f2d0562d0edbaa03c06a4cdf90f81" alt="Project governance checklist" data-path="images/governance/project_governance.png" />
  </Step>
</Steps>

## Next steps

To get started, head to [Activate a built-in framework](/governance/activate-framework) to apply an existing standard to your projects. If you need to define custom requirements instead, see [Build a custom framework](/governance/build-custom-framework).

## FAQ

<AccordionGroup>
  <Accordion title="What's the difference between built-in and custom frameworks?">
    Built-in frameworks come pre-configured with rules already mapped to a specific standard (EU AI Act, ISO 42001, etc.). Activating one requires no setup beyond scoping it to your projects.

    Custom frameworks let you define your own rules from scratch using Openlayer's rule
    library. This is useful for internal policies or standards not yet covered by a built-in framework.
  </Accordion>

  <Accordion title="How do platform rules get completed?">
    Platform rules are satisfied automatically as your team uses Openlayer. For example, when you instrument your app and start capturing production traces, rules like "Capture production traces" and "Enable monitoring notifications" are marked complete. No separate governance action is needed.

    See [Platform rules](/governance/platform-rules) for the full list.
  </Accordion>

  <Accordion title="Do all projects need to comply with every rule?">
    No. When you activate a framework, you choose which projects it applies to using
    filters — risk level, approval status, or task type. Only the scoped projects
    receive the compliance checklist for that framework.
  </Accordion>

  <Accordion title="What evidence does Openlayer produce for auditors?">
    Openlayer captures compliance evidence as your teams work:

    * **Continuous test results** — every test run is recorded with a timestamp, pass/fail status, and the specific data points that triggered any failures
    * **Trace logs** — a full record of every production request, including inputs, outputs, latency, cost, and intermediate steps
    * **Development history** — test results tied to git commits, showing systematic evaluation of every system change before it reaches production
    * **Uploaded evidence documents** — model cards, security policies, and other artifacts stored against specific rules with upload timestamps

    You can export a governance summary from the [workspace dashboard](/governance/workspace-compliance) — a snapshot of compliance status across all frameworks and projects — for audits or regulatory submissions.
  </Accordion>
</AccordionGroup>