What is compliance maintenance?
Compliance maintenance is the ongoing governance work that begins after the initial compliance assessment: keeping evidence current, monitoring for regulatory and system changes, re-screening when triggered, updating obligation mapping when roles or classifications change, maintaining approval currency, and ensuring the governance record remains valid and audit-ready.
It is the operational counterpart to the initial assessment — the work that keeps compliance alive rather than letting it decay into a historical snapshot.
Key points
- Maintenance is not a project phase — it is the normal operating state of compliance governance after the initial assessment is complete.
- Evidence ages. Risk assessments, TOM profiles, vendor reviews, and human oversight assignments must be periodically validated.
- Legal changes trigger maintenance activities: re-screening, updated obligation mapping, revised evidence requirements.
- System changes trigger maintenance activities: new versions, changed use cases, new data sources, provider updates.
- Without maintenance, every compliance record drifts toward obsolescence. The governance state becomes an increasingly inaccurate historical artefact.
Why it matters
The initial compliance assessment is the most visible part of AI governance. Compliance maintenance is the least visible — and the most consequential. An organisation that screens all its AI systems once and then stops has a compliance state that degrades silently. Maintenance is what separates organisations that are compliant from organisations that were compliant.
How EAB approaches this
Continuous Compliance in EAB manages the maintenance state. Evidence Readiness tracks evidence currency. Re-Screening Queue triggers maintenance when changes occur. The Executive Cockpit shows which systems have current governance and which need attention.