AI compliance impact report↑

AQtive Guard AI-SPM (AI Security Posture Management) provides continuous visibility into the technical risk posture of your AI assets. AI-SPM maps detected technical issues to defined risks that are included in leading regulatory and standards frameworks. You can use this as an input into your organization’s assessment of compliance risk impact with specific framework categories.

As AI security and regulatory expectations evolve, posture reporting helps you:

• Understand overall AI risk posture – View AI security and governance technical issues and help map across supported frameworks in one place.
• Connect technical issues to frameworks – See which framework categories are affected by technical findings.
• Track a quantifiable score – Use technical risk scores to assist in overall risk assessment against your governance and reporting requirements.

Access posture reporting↑

To open the compliance view:

1. Expand AI in the main menu.
2. Select Compliance.

The Your compliance posture page lists available technical risk categories and flags which are known to map to AI frameworks.

Framework metrics and posture scores↑

The Compliance posture report shows how your AI assets map to defined technical risks, which are also included in leading standards and regulations:

• EU AI Act
• NIST AI Risk Management Framework
• OWASP TOP 10 for LLM Applications
• ETSI EN 304 223 – AI Security Principles

The report for each framework includes:

• Risk Posture score – the percentage of mapped technical risk categories with no Critical or High severity technical issues.
• Risk level breakdown – a distribution of flagged technical risk occurrences by severity, from Informational through Critical.
• Category results – framework categories that map to the technical risks (such as Secure design or Transparency) with counts of detected technical risks.

AI‑SPM maps technical findings to each framework using a curated configuration. This system links AI‑SPM rules to specific categories in leading frameworks to provide visibility into which areas of a framework are affected by technical risks. These mappings can be used by an organization as an input into its own determination of compliance with applicable legal and regulatory obligations.

For detailed information on how the system calculates mappings and scores, refer to AI-SPM framework mapping and scoring.

Dynamic updates↑

Because AQtive Guard continuously evaluates AI assets with AI-SPM rules, technical risk posture is updated automatically:

• New issues – When new Critical or High severity issues are detected in a category, that category is no longer healthy and the Framework progress score decreases.
• Remediation – When issues are remediated and AQtive Guard detects the update, the affected category will reflect the remediation.

Use↑

Use the Category results section to understand which technical risks may impact framework obligations and to prioritize remediation:

• View framework summaries – Select the framework header dropdown to expand the detailed view, including a short description and a Visit framework link to official documentation.
• Drill into categories – Expand a category (for example, Accountability or Technical robustness and safety) to review the underlying technical issues that affect that category.
• Review occurrences – View the occurrences value on each category row to see how many times a specific technical risk appears across your AI inventory.
• Apply remediation guidance – For deeper insight, open the Details panel for a Related AQG issue. Where a How to resolve section is available, review the suggested actions and consider whether they are appropriate for your environment. Use this guidance, together with your own security, compliance, and legal processes, to decide how to prioritize and address Critical and High severity risks.

For broader assumptions and your responsibilities when using AQtive Guard, see the Use conditions statement.