🇪🇺
EU AI Act
5 controls mapped
Art 9Art 10
Art 11Art 13
Art 14
Risk management system (Art 9) · Data governance (Art 10) ·
Technical documentation (Art 11) · Transparency (Art 13) ·
Human oversight (Art 14 — enforced 2026-08-02)
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🏛️
NIST AI RMF
4 controls mapped
MAPMEASURE
MANAGEGOVERN
MAP: threat taxonomy per verdict ·
MEASURE: 9-vendor confidence scores ·
MANAGE: ALLOW/REVIEW/BLOCK enforcement ·
GOVERN: audit chain + STIX 2.1 export
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🔒
ISO 42001
2 controls mapped
Clause 6Clause 8
Clause 6: AI risk treatment planning (INV-15 formal proof) ·
Clause 8: Operational AI governance (4-stage SOAR pipeline)
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
✅
SOC 2
1 control mapped
CC7
CC7 (System Operations): real-time anomaly detection via
9-vendor adversarial ensemble · HMAC-SHA256 verdict chain
provides tamper-evident audit trail
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🛡️
GDPR
1 control mapped
Art 22
Art 22: Automated individual decision-making —
CONSILIUM provides human-in-the-loop REVIEW verdicts
with explainable per-vendor reasoning for GDPR-covered
automated decisions
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
📋
NIST 800-53
1 control mapped
AU-4
AU-4 (Audit Log Storage Capacity): RFC 3161 TSA-timestamped
verdict chain stored as tamper-evident JSONL · 1312-byte
TimeStampToken per verdict · Freetsa.org + DigiCert fallback
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
Any verdict is independently verifiable via RFC 3161 TSA:
curl https://api.apohara.dev/v1/verdicts/{signed_hash}/verify-timestamp
# → {"valid": true, "authority": "freetsa.org",
# "timestamp": "2026-05-19T12:21:50+00:00"}
INV-15 formal safety invariant (Z3 SMT, UNSAT = safe):
python -m pytest tests/test_verdict_vault.py -v
# → 16 passed — tamper-detection on verdict chain verified
STIX 2.1 export for SIEM ingestion:
curl -X POST https://api.apohara.dev/v1/soar/judge/evaluate \
-H 'Content-Type: application/json' \
-d '{"prompt": "test prompt", "export_format": "stix21"}'