Empty fields create weak governance. A blank requirement looks the same as a reviewed non-applicability — until an auditor asks which one it is.
EAB separates missing information from documented non-applicability, so every governance state is explicit, reviewable, and defensible.
Non-applicability must be documented to be defensible. Silence in a compliance record is not evidence of review — it is evidence of nothing. EAB makes the distinction explicit.
Every obligation area, evidence requirement, and review item has one of four states: Applies, Does Not Apply, Unclear, or Pending. There is no blank — only an unset state that surfaces as an open governance item.
When an obligation does not apply, the decision is recorded — who made it, when, and why. A simple AI system can have high-risk obligations marked as non-applicable without appearing non-compliant or ignored.
Auditors can distinguish between reviewed non-applicability and unchecked absence. The governance record shows the applicability logic — not just the outcome. Every state is attributed and timestamped.
When applicability is genuinely uncertain, marking it as Unclear is a valid governance state — but it surfaces as an open item requiring resolution. Uncertainty is managed, not silently absorbed into the record.
Who set the applicability state, and when. Applicability decisions are not anonymous system states — they are attributed governance decisions, reviewable by supervisors and auditors.
Applicability documentation is not a separate process. It is embedded in the screening workflow, obligation tracking, and evidence readiness — so applicability decisions inform every downstream governance step.
Applicability documentation is the foundation of honest governance — the record that shows reviewers exactly what was assessed, what was decided, and what remains open.
AI Screening generates the applicable obligation set based on system risk profile, deployment context, and sector. Each obligation area is initialised with a Pending state — not blank, but explicitly unassessed.
The responsible role works through the obligation set — marking each area as Applies, Does Not Apply, or Unclear, with a documented reason. No item can remain implicitly ignored. Pending items surface in the governance gap view.
The supervisor reviews non-applicability decisions as part of the approval workflow. Applicability logic is visible — not just the final state. Disputed non-applicability decisions can be returned for revision.
At audit time, the applicability documentation record is exportable — showing every obligation area, its state, the person who set it, the date, and the reason. Non-applicability is no longer an assumption. It is a documented decision.
Blank fields are not governance. EAB makes every applicability decision explicit — so the record shows what was reviewed, what was decided, and what remains open.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
