// Vertical Depth / Compliance

EU AI Act
& ISO integration
with live evidence

Annex IV technical file • ISO/IEC 42001 alignment • NIST AI RMF

EvalOps automates the compliance backbone for AI systems—each module maps to regulatory clauses, generates machine-verifiable evidence, and exports dossiers in auditor-ready formats. Your compliance team walks into Annex IV reviews prepared, while engineers focus on improvements instead of paperwork.

EvalOps Control Library

412 controls mapped 1:1 to evaluation evidence

We maintain a continuously updated control library that links every evaluation artifact to EU AI Act Annex IV sections, ISO/IEC 42001 clauses, and SOC 2 requirements. Evidence exports include signed JSON, narrative commentary, and chain-of-custody logs, so your legal, risk, and product stakeholders get the same story.

Annex IV

Technical documentation, data governance statements, risk management results, and post-market monitoring plans auto-populated from Judge, Probe, Monitor, and Attest outputs.

ISO/IEC 42001

Operational controls for §§7-9 with evidence of model lifecycle management, continuous improvement, and governance records.

SOC 2

AI control overlays for CC9.2, CC3.2, CC7.2, and CC1.2 including automated test logs and approval attestations.

Technical File Automation

From evaluation run to auditor packet without spreadsheets

Each release populates the EU AI Act technical file and ISO/IEC 42001 documentation automatically. Attest notarizes the bundle and publishes a verifiable certificate for regulators, freeing teams from stitching together spreadsheets during crunch time.

Automated Sections

  • • Annex IV §2(c): Data governance & quality metrics
  • • Annex IV §2(e): Risk management & mitigation results
  • • Annex IV §4: Post-market monitoring protocols
  • • ISO/IEC 42001 §8.6: Performance evaluation evidence

Output Bundle

  • • Signed JSON dossier with hashes for each artifact
  • • Narrative summary for executive sign-off
  • • Machine-readable index for GRC ingestion
  • • Optional co-signature workflow for external auditors

Continuous Attestation Ladder

Progress to proof-first compliance maturity

EvalOps tracks your progression from manual assessments to adaptive, self-tuning evaluations with live certificates, giving executives and RAI leads a clear path to maturity.

Level 1: Manual evaluations & static reports

Level 2: Automated per-release Judge + Probe

Level 3: Continuous Monitor + Attest with Trust Center publication

Level 4: Adaptive thresholds recalibrated via feedback telemetry

Integration Blueprint

Ready for import

CI/CD

GitHub, GitLab, and Azure DevOps actions trigger Judge + Probe gates with evidence push to your GRC platform.

GRC

ServiceNow GRC, Vanta, Drata integrations receiving signed JSON and narrative commentary per control.

Audit Teams

Secure auditor workspace to review certificates, add findings, and co-sign official attestations.

Ready for regulators

Turn every release into an auditor-ready submission

Book a compliance briefing to see the EvalOps Control Library in action, export a sample Annex IV dossier or ISO/IEC 42001 report, and walk through how teams collaborate around the evidence.

Schedule compliance sessionView live certificate example