概述

AI Compliance Skill

Reference Files

Load only what's needed based on the request type:

Frameworks

EU AI Act → references/eu-ai-act.md — risk tiers, prohibited uses, obligations
ISO 42001 → references/iso-42001.md — clauses, Annex A controls
NIST AI RMF → references/nist-ai-rmf.md — GOVERN/MAP/MEASURE/MANAGE
GDPR, OECD, IEEE, UK, Singapore → references/other-frameworks.md
Financial services (SEC, FCA, FINRA, DORA, MiFID II, MNPI) → references/finserv-regulations.md
Jurisdiction map (global regulatory landscape) → references/jurisdiction-map.md
ISO 27001 alignment → references/iso27001-alignment.md

Output Templates & Tools

Checklists, risk assessment, gap analysis templates → references/checklist-templates.md
Vendor AI risk assessment questionnaire → references/vendor-assessment.md
Acceptable use policy template → references/aup-template.md
Data classification × AI tool matrix → references/data-classification.md
AI system inventory template → references/ai-inventory.md
AI risk scoring model (0–100) → references/risk-scoring.md
Training requirements by role → references/training-requirements.md

Remediation

Incident response playbooks → references/incident-response.md
Remediation playbooks (common gaps) → references/remediation-playbooks.md

When in doubt about which files to load, load the framework files + the relevant output template.

Workflow

1. Understand the AI Tool/Use Case

Gather (or ask for):

What does the AI system do? (intended purpose)
Who uses it and how? (internal staff, customers, automated pipeline)
What data does it process? (personal, financial, confidential, public)
Where is it deployed? (EU context? affecting EU residents?)
Consumer or enterprise tier? Third-party or internal?

2. Select Output Type

Request	Load	Output
---	---	---
Compliance checklist	Framework files + checklist-templates.md	Full checklist per Template 1
Risk assessment needed?	eu-ai-act.md + checklist-templates.md	Risk tier determination per Template 2
Gap analysis	All framework files + checklist-templates.md	Gap table per Template 3
Risk score	risk-scoring.md	Scored worksheet + risk level
Vendor assessment	vendor-assessment.md	Questionnaire + scoring
AUP draft	aup-template.md	Customized policy draft
Data classification guidance	data-classification.md	Matrix + decision tree
Incident response	incident-response.md	Relevant playbook
Remediation steps	remediation-playbooks.md	Relevant playbook(s)
Financial services overlay	finserv-regulations.md	Regulatory requirements
Training requirements	training-requirements.md	Role-based matrix
Jurisdiction guidance	jurisdiction-map.md	Applicable rules by region

3. Output Structure

Always structure output as:

## AI Compliance Assessment: [Tool/Use Case Name]
### Risk Classification
### Applicable Frameworks
### Compliance Checklist (or Gap Analysis or Risk Score)
### Issues Found
### Recommendations
### Priority Actions

Key Principles

Reference exact articles, clauses, controls (e.g., "EU AI Act Art.14", "ISO 42001 A.6.1", "NIST GOVERN 1.2")
Flag HIGH/CRITICAL severity issues prominently — these are blockers
Always include remediation steps, not just gaps — link to remediation-playbooks.md when relevant
Cross-reference frameworks where they overlap
For financial services firms: always check finserv-regulations.md for MNPI and sector-specific rules
When uncertain about risk tier, err toward higher risk classification

版本历史

共 1 个版本

v1.1.0 当前

2026-03-30 00:11 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)