OECD AI Principles, ISO/IEC 24028, AIGP

SOFT-LAW TIER · OECD · ISO 24028 · AIGP

Three non-binding references the binding regulators cite. Read together, they are the methodology stack a Chief AI Officer reaches for when the regulator shows up.

01 · THREE REFERENCES FOR ONE JOB

Three references for one job.

OECD AI Principles · ISO/IEC 24028:2020 · IAPP AIGP body of knowledge

Every AI compliance team has these three references on the bookshelf. None of them is binding by itself. The OECD AI Principles are a Council recommendation, OECD/LEGAL/0449. ISO/IEC 24028 is a Technical Report, the lowest deliverable rank in the ISO catalogue. The IAPP AIGP is a professional credential, awarded to individuals, not organisations. A defence counsel reading any one of them in isolation reads a non-binding text.

Read together, they are the methodology stack a Chief AI Officer reaches for when the regulator shows up. The OECD principles supply the values. ISO/IEC 24028 supplies the vocabulary that operationalises the values. The AIGP body of knowledge supplies the curriculum the human governing the system has internalised. The three references cover the same ground at three altitudes: principle, terminology, practice.

Coverage matters because all three appear by name in binding texts. Recital 7 of the EU AI Act, Regulation (EU) 2024/1689, cites the OECD Recommendation on Artificial Intelligence as the foundation the Union legal text builds on. The NIST AI Risk Management Framework references the OECD principles in its preface. US federal procurement guidance, in OMB M-24-10 and the successor M-25 series, references both the OECD principles and the NIST AI RMF as benchmarks for vendor evaluation. ISO/IEC 24028's vocabulary is what the certifiable management system standard, ISO/IEC 42001:2023, reuses in its Annex A controls. The AIGP curriculum is the only mainstream credential aligned to the cross-jurisdiction body of work spanning all of the above.

This entry reads each reference at the level of detail a compliance officer needs to map evidence to artefact. OECD principles supply the values. ISO 24028 supplies the threat taxonomy. AIGP supplies the practitioner.

02 · OECD AI PRINCIPLES · 5 PRINCIPLES

OECD AI Principles · the 5 principles.

OECD/LEGAL/0449 · adopted May 2019 · revised May 2024 · 46 adherents

The OECD AI Principles, at the values layer, are five sentences. Verbatim from OECD/LEGAL/0449:

"1. Inclusive growth, sustainable development and well-being. 2. Respect for human rights and democratic values, including fairness and privacy. 3. Transparency and explainability. 4. Robustness, security and safety. 5. Accountability." OECD AI Principles · OECD/LEGAL/0449 · § 1.1 · § 1.5

The five values were adopted by the OECD Council on 22 May 2019, the first intergovernmental standard for trustworthy AI. Forty-six jurisdictions have adhered to the recommendation as of the May 2024 revision: thirty-eight OECD members and eight partner economies including Argentina, Brazil, Egypt, Malta, Peru, Romania, Singapore and Ukraine. The G20 endorsed the same principles in its 2019 AI Principles, which gives the document reach into China, India, Indonesia, Russia, Saudi Arabia and South Africa as a soft-law floor.

Recital 7 of Regulation (EU) 2024/1689 cites the recommendation by name and states that the Union legal text builds on the OECD principles to define a coherent legal text at Union level. The NIST AI Risk Management Framework cites the principles in its preface as foundational to the Map, Measure, Manage and Govern functions. A regulator that opens with "your system shall be transparent and accountable" without further citation is, ninety percent of the time, citing OECD AI principle 3 and OECD AI principle 5 by reference.

Inclusive growth, sustainable development and well-beingVALUES LAYER · BENEFICIAL OUTCOMES

Respect for human rights, including human autonomy and democratic values, including fairness and privacyVALUES LAYER · RIGHTS-BASED CONSTRAINT

Transparency and explainabilityVALUES LAYER · DISCLOSURE OBLIGATION

Robustness, security and safetyVALUES LAYER · TECHNICAL ASSURANCE

AccountabilityVALUES LAYER · NAMED-OWNER REQUIREMENT

The values layer maps to a record. Principle 3 maps to a per-decision rationale. Principle 4 maps to an adversarial robustness eval per release. Principle 5 maps to a named-owner record per decision. Compliance is a question about the records that exist under each value, not about the values themselves.

03 · OECD AI PRINCIPLES · 5 RECOMMENDATIONS TO GOVERNMENTS

OECD recommendations · the 5 to governments.

OECD/LEGAL/0449 · § 2.1 to § 2.5 · applied recommendations

The principles bind values; the recommendations bind state action. The five recommendations to governments, verbatim:

"Governments should consider: (1) investing in AI research and development; (2) fostering an inclusive AI-enabling ecosystem; (3) shaping an enabling interoperable governance and policy environment for AI; (4) building human capacity and preparing for labour market transformation; (5) international co-operation for trustworthy AI." OECD AI Principles · OECD/LEGAL/0449 · § 2.1 to § 2.5

These recommendations are the soft-law signposts every domestic AI regulator cites when justifying its rules. The EU AI Act preamble references items 3 and 5 in its co-operation language. The UK AI Safety Institute mandate, in operation since November 2023, references items 1 and 5. India's AI Mission programme, IndiaAI, references items 1 and 4 in its compute-and-skills allocation. Singapore's Model AI Governance Framework, second edition for generative AI, references item 3 in its self-positioning as an interoperable governance text.

Item 4, "building human capacity and preparing for labour market transformation", is the recommendation that closes the loop with the AIGP credential. The AIGP curriculum is one literal answer to the recommendation: a human-capacity programme certifying individuals on the body of knowledge governments have endorsed. The recommendation does not name AIGP, but the credential is the most direct route to evidencing the recommendation in a covered organisation's training register.

04 · THE MAY 2024 UPDATE · GENERATIVE AI

The May 2024 update · generative AI.

OECD/LEGAL/0449 revision · adopted May 2024 · synthetic content · foundation models

The OECD's 2024 revision was a structural rewrite of the 2019 text to address generative and general-purpose AI. The five principles and five recommendations were retained verbatim. The supporting paragraphs were rewritten to add explicit attention to four areas the 2019 text predated.

The first is synthetic content provenance. The 2024 text adds language on disclosure of AI-generated content, content authenticity standards such as C2PA, and watermarking. The text does not mandate a specific provenance scheme but lifts the value into the principles' supporting commentary, which is the lever subsequent binding regulation pulls on. EU AI Act Article 50, on transparency obligations for providers and deployers of certain AI systems, is the binding instrument that operationalises this 2024 OECD addition.

The second is governance of foundation models. The 2024 revision adds language on systemic-risk assessment for general-purpose AI models and on cross-border co-operation in their evaluation. EU AI Act Articles 51 to 56 on general-purpose AI models, and the EU AI Office's General-Purpose AI Code of Practice (third draft published March 2025), are the binding and quasi-binding instruments that operationalise this 2024 OECD addition.

The third is the OECD definition of an AI system. The 2024 revision retains the November 2023 OECD definition, which was lifted into Article 3(1) of the EU AI Act and into NIST AI RMF: a machine-based system that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments. A team that aligns its system inventory to the OECD definition gets EU and US definitional alignment in one sentence.

The fourth is the relationship to digital identity, content authenticity, and democratic-process integrity. The 2024 revision is, in tone, the OECD acknowledging that the 2019 text underweighted the systemic-information risk that generative AI introduced. "OECD-aligned" now means "post-2024 OECD-aligned". A team that drafted its AI policy against the 2019 text has a refresh task on its register.

05 · ISO/IEC 24028:2020 · THE TRUSTWORTHINESS VOCABULARY

ISO/IEC 24028:2020 · the trustworthiness vocabulary.

ISO/IEC TR 24028:2020 · published 2020-05 · Technical Report · 49 pages

ISO/IEC TR 24028:2020 was published by the joint ISO/IEC subcommittee SC 42 in May 2020 and remains the conceptual baseline most other ISO/IEC AI standards build on. The "TR" prefix is meaningful: a Technical Report is the lowest deliverable rank in the ISO catalogue, intended to deliver information without normative requirements. The trade-off is that 24028 is not certifiable. The advantage is that 24028 can describe the field without prescribing a single methodology, which is what made it the working dictionary downstream standards reuse.

The document delivers four artefacts a Chief AI Officer needs:

Trustworthiness characteristics. Accuracy, availability, controllability, reliability, resilience, robustness, safety, security, transparency, privacy. Each is defined in clauses 5.1 to 5.10. These are the words ISO/IEC 42001's Annex A controls and ISO/IEC 23894's risk catalogue point at when they say "transparency" or "robustness".
Threats to trustworthiness. Data poisoning, model evasion, adversarial inputs, distribution shift, oracle attacks, model extraction, model inversion, membership inference, transfer attacks, backdoor attacks, availability attacks. The threats list is 24028 § 6, the most-cited section of the document.
Stakeholder roles. Developer, deployer, end user, regulator, third party. The roles align with EU AI Act Articles 25 to 27, which use the same divisions in different language.
Lifecycle phases. Inception, design, development, verification, deployment, operation, retirement. Seven phases, used as tags downstream standards apply to artefacts.

24028 is the vocabulary 42001's Annex A controls operationalise. ISO/IEC 23894:2023, the AI risk management guidance, reuses the 24028 threat taxonomy verbatim. ISO/IEC 5338:2023, the AI lifecycle process standard, reuses the 24028 lifecycle phases verbatim. Reading 42001 without 24028 is reading a checklist without the dictionary.

"Trustworthiness in artificial intelligence is a property of an AI system that meets stakeholders' expectations in a verifiable way. The objective of this document is to analyse the factors that can impact the trustworthiness of systems providing or using AI." ISO/IEC TR 24028:2020 · Introduction · § 0.2

The phrase "in a verifiable way" carries the load. Verifiability is the bridge from soft-law value to hard-law evidence. A regulator does not grade your trustworthiness; the regulator grades the records you produce that show, in the standard's terms, that the trustworthiness characteristics were tested, the threats were enumerated, and the lifecycle phases were tagged.

06 · THE THREATS LIST · WHAT A CHIEF AI OFFICER MUST ENUMERATE

The threats list · what a Chief AI Officer must enumerate.

ISO/IEC TR 24028:2020 · § 6 · threats to AI systems · evidence-of-mitigation

Section 6 of ISO/IEC 24028 catalogues the threat categories that an AI system must, at a minimum, have considered. The clause is not normative; the catalogue is widely treated as the lower bound for an organisational threat model. The categories, near-verbatim from § 6:

T1 · DATA POISONING

Adversarial training data

Manipulation of the training set such that the model learns the wrong distribution. Mitigation: provenance of training data, supply-chain controls, anomaly detection at training time.

T2 · ADVERSARIAL INPUT · EVASION

Inference-time perturbation

Crafted inputs that cross a decision boundary. Mitigation: adversarial training, input pre-processing, ensemble defence.

T3 · MODEL EXTRACTION

Stealing the model

Querying the deployed model to reconstruct an approximate copy. Mitigation: query-rate limits, output watermarking, differential privacy on outputs.

T4 · MODEL INVERSION

Reconstructing training inputs

Querying the model to reconstruct training-set members. Mitigation: differential-privacy training, output suppression on low-confidence regions.

T5 · MEMBERSHIP INFERENCE

Was X in the training set?

Inferring training-set membership from model output statistics. Mitigation: differential privacy, output regularisation.

T6 · TRANSFER ATTACKS

Cross-model adversarial transfer

An adversarial input crafted against model A that succeeds against model B. Mitigation: ensemble defence, defensive distillation.

T7 · BACKDOOR ATTACKS

Trojan triggers

Hidden trigger patterns inserted at training time that cause specified outputs at inference. Mitigation: training-data sanitisation, neural-network inspection.

T8 · ORACLE ATTACKS

Confidence-score leakage

Use of model confidence outputs to extract proprietary information. Mitigation: output rounding, confidence-score suppression.

T9 · DISTRIBUTION SHIFT

Operational drift

Production distribution diverges from the training distribution. Mitigation: drift monitoring, periodic re-evaluation, canary deployment.

T10 · AVAILABILITY ATTACKS

Denial of inference

Inputs crafted to consume disproportionate compute or memory. Mitigation: input length limits, rate limits, bounded-time inference.

For each of the ten categories, an organisation needs an evidence-of-mitigation record per AI system. The record can be short. A two-line entry stating the category, the mitigation, the test that produced the evidence, and the date of the test is sufficient for a baseline submission. The Warrant adversarial-robustness eval at /blog/regulator-grade-evals is the per-decision instance of this record: each attestable action carries a per-action threat-mitigation check pointing at the adversarial-evaluation suite that ran for the release the decision was served on.

PER-RELEASE EVIDENCE

"Was the adversarial robustness eval run for this release?"

Yes or no, with eval-suite reference, eval-suite version, eval-suite output. This is the release-gate question.

PER-DECISION EVIDENCE

"Did the threat-mitigation check fire on this specific action?"

The trace carries a per-action threat_mitigation_check field pointing at the eval-suite reference live at the time of the action. The auditor can re-run the suite against the historical artefact and reproduce the result.

07 · IAPP AIGP · BODY OF KNOWLEDGE · 7 DOMAINS

The IAPP AIGP body of knowledge · 7 domains.

IAPP · AIGP credential · launched March 2024 · iapp.org/certify/aigp

The International Association of Privacy Professionals launched the Artificial Intelligence Governance Professional credential in March 2024. The AIGP is the first professional certification for AI governance and is positioned as the AI-governance counterpart to the IAPP's CIPP for privacy. The credential examines a candidate against the AIGP body of knowledge, organised in seven domains. Domain titles, verbatim:

"I. Understanding the foundations of artificial intelligence. II. Understanding AI impacts on people and responsible AI principles. III. Understanding the AI life cycle and the development of risk management frameworks. IV. Implementing responsible AI governance and risk management. V. Contemplating ongoing issues and concerns. VI. Understanding existing and emerging AI laws and standards. VII. Understanding AI risk management." IAPP AIGP body of knowledge · 7 domains · iapp.org/certify/aigp

Understanding the foundations of artificial intelligenceBoK · DOMAIN I · AI FOUNDATIONS

Understanding AI impacts on people and responsible AI principlesBoK · DOMAIN II · ETHICS · OECD-ALIGNED

III

Understanding the AI life cycle and the development of risk management frameworksBoK · DOMAIN III · LIFECYCLE · ISO 24028 / 5338-ALIGNED

Implementing responsible AI governance and risk managementBoK · DOMAIN IV · GOVERNANCE PROGRAMME

Contemplating ongoing issues and concernsBoK · DOMAIN V · EMERGING RISKS

Understanding existing and emerging AI laws and standardsBoK · DOMAIN VI · REGULATORY LANDSCAPE

VII

Understanding AI risk managementBoK · DOMAIN VII · ENTERPRISE RISK · NIST AI RMF / ISO 23894-ALIGNED

The seven domains are what an AIGP holder must defend, in practice, on a real AI system. Domain II is OECD-aligned: principle 2 on human rights, principle 3 on transparency, and principle 5 on accountability appear in the AIGP exam outline by reference. Domain III is ISO 24028 and ISO 5338-aligned: lifecycle phases, stakeholder roles, threat enumeration. Domain VI is the cross-jurisdiction landscape: EU AI Act, NIST AI RMF, sector-specific US guidance, UK pro-innovation paper, China generative-AI rules, India DPDP, Brazil PL 21/20, OECD principles. Domain VII is the enterprise-risk overlay: NIST AI RMF Govern / Map / Measure / Manage and ISO/IEC 23894 risk treatment.

The credential is necessary, not sufficient. An audit reads evidence, not credentials. The AIGP holder is the person who assembles and defends the evidence: the system inventory under Domain I, the impact assessment under Domain II, the threat-mitigation record under Domain III, the governance programme documentation under Domain IV, the regulatory mapping under Domain VI, the enterprise-risk register under Domain VII. A team with AIGP holders and no underlying evidence pipeline fails an audit no faster than a team with evidence and no credentials.

08 · THE SYNTHESIS · THREE REFERENCES, ONE EVIDENCE SHAPE

Three references, one evidence shape.

OECD principle · ISO 24028 clause · AIGP domain · Warrant evidence field

The three references resolve, at the artefact layer, to a small set of evidence fields. The mapping table makes the resolution explicit:

Reference	What to evidence	Warrant field
OECD principle 3 · transparency	per-decision rationale + source attribution	trace.actions[].decision_rationale
OECD principle 4 · "Robustness, security and safety"	adversarial robustness eval per release	regulator_evidence.eval_suite_ref
OECD principle 5 · accountability	named-owner record per decision	metadata.accountable_owner_id
ISO 24028 § 6 threats	per-decision threat-mitigation check	trace.actions[].threat_mitigation_check
ISO 24028 lifecycle phase	phase tag per decision (operation vs. development)	metadata.lifecycle_phase
AIGP Domain III · lifecycle	full evidence-replay surface	regulator_evidence.audit_trail_pointer
AIGP Domain VI · laws + standards	regulator-mapping per decision	regulator_evidence.regimes_engaged

The mapping shows that three references, each with hundreds of pages of supporting commentary, resolve at the bottom of the stack to seven evidence fields per attestable action. A Warrant package carrying these seven fields, independently verifiable without contacting Warrant, satisfies the soft-law tier in one document. The same document carries the binding-tier mappings for EU AI Act Articles 12 and 13, NYDFS § 500.6, SR 11-7, FCA Consumer Duty Principle 12, RBI FREE-AI, SEBI Retail Algo, India DPDP, MAS FEAT.

json · evidence shape · per attestable action

{
  "action_id": "2026-06-12T14:23:11.482Z-7de8ce",
  "trace": {
    "actions": [
      {
        "actor": "underwriter-agent-v3.2.1",
        "decision_rationale": "applicant qualifies under SBA 7(a) ...",  // OECD P3
        "threat_mitigation_check": {                                // ISO 24028 § 6
          "eval_suite_ref": "eval-suite-9f1c...",
          "categories_passed": ["T1", "T2", "T9", "T10"]
        }
      }
    ]
  },
  "metadata": {
    "accountable_owner_id": "warrant-eu-prod-01-owner-0064",        // OECD P5
    "lifecycle_phase": "operation"                              // ISO 24028 § 5
  },
  "regulator_evidence": {
    "eval_suite_ref": "eval-suite-9f1c...",                      // OECD P4
    "audit_trail_pointer": "warrant://traces/7de8ce...",        // AIGP D-III
    "regimes_engaged": ["EU-AI-Act-Art-12", "SR-11-7"]         // AIGP D-VI
  }
}

The same record, independently verifiable without contacting Warrant, satisfies the OECD values layer, the ISO 24028 vocabulary layer, the AIGP curriculum layer, and the binding-regulator layer. The architectural detail of the four layers, and how each one verifies, lives at /blog/four-layer-evidence-stack.

09 · WHERE THE SOFT-LAW TIER SITS

Where the soft-law tier sits in the wider stack.

soft law · standards · binding regulation · the three tiers

The three references read in this entry are the soft-law tier of a three-tier stack. The other two tiers sit above and below.

                     ┌──────────────────────────────────┐
                     │  Tier 3 · Binding regulation      │  EU AI Act · NYDFS · SR 11-7
                     │                                  │  FCA Consumer Duty · RBI FREE-AI
                     │                                  │  SEBI Retail Algo · India DPDP
                     │                                  │  MAS FEAT · NDPR
                     ├──────────────────────────────────┤
                     │  Tier 2 · Standards               │  ISO/IEC 42001:2023 · 23894:2023
                     │                                  │  ISO/IEC 5338 · 5469 · 38507
                     │                                  │  CEN-CENELEC hENs (in progress)
                     ├──────────────────────────────────┤
                     │  Tier 1 · Soft law (this entry)   │  OECD AI Principles
                     │                                  │  ISO/IEC 24028 (TR · vocabulary)
                     │                                  │  NIST AI RMF (voluntary)
                     │                                  │  IAPP AIGP (credential)
                     └──────────────────────────────────┘

Tier 1 is non-binding by design. The OECD recommendation is a Council instrument with no treaty force. ISO/IEC 24028 is a Technical Report, not a certifiable standard. NIST AI RMF is a voluntary text. The AIGP is a professional credential. None of the four binds an organisation by force of law on its own.

Tier 2 is voluntary but certifiable. ISO/IEC 42001:2023 is the certifiable AI Management System standard. ISO/IEC 23894:2023 is the AI risk-management guidance, intended as a sector overlay on ISO 31000. ISO/IEC 5338:2023 is the AI lifecycle process standard. ISO/IEC 5469 (functional safety in AI), ISO/IEC 38507 (AI governance for boards), and the CEN-CENELEC harmonised European standards (hENs) currently in development for the EU AI Act sit in this tier. Tier 2 standards reuse Tier 1 vocabulary.

Tier 3 is binding. EU AI Act, NYDFS Part 500, Federal Reserve SR 11-7 (re-issued as SR 26-2), FCA Consumer Duty, RBI FREE-AI guidance, SEBI Retail Algo Framework, India DPDP, MAS FEAT principles, Nigerian NDPR. Tier 3 cites Tier 1 in recitals and reuses Tier 2 vocabulary in operative clauses.

The Warrant evidence package is engineered to satisfy all three tiers in one document, independently verifiable without contacting Warrant. The same record carries the OECD principle 3 and 5 fields, the ISO 24028 § 6 threat-mitigation field, the AIGP Domain III audit-trail pointer, and the EU AI Act Article 12 record-keeping fields. A regulator at any tier opens the same document.

10 · FOR THE AIGP CANDIDATE · THE PRACTICAL BOOKSHELF

For the AIGP candidate · the practical bookshelf.

the references an AIGP must engage with in practice · cross-jurisdictional

The AIGP exam outline lists primary references at a high level; in practice, the body of work an AIGP must engage with is bigger than the exam outline and varies by the candidate's regulatory exposure. The bookshelf, with the Warrant deep-dive entry where one exists:

OECD AI Principles · 2019 / 2024. The five principles, the five recommendations, the 2024 update on generative AI. This entry.
ISO/IEC 42001:2023 · AIMS. The certifiable AI Management System standard. Annex A controls. Sister entry at /blog/iso-iec-42001-ai-management-system.
ISO/IEC 23894:2023 · risk guidance. The AI risk-management guidance, sector overlay on ISO 31000. Reuses ISO 24028 threat taxonomy.
ISO/IEC 24028:2020 · trustworthiness vocabulary. The dictionary the other ISO AI standards reuse. This entry.
NIST AI RMF 1.0 · January 2023. The Govern / Map / Measure / Manage functions. Sister entry at /blog/nist-ai-rmf.
NIST AI RMF Generative AI Profile · July 2024. The generative-AI overlay on the 2023 voluntary text.
EU AI Act · Regulation (EU) 2024/1689 + Annex IV. Recital 7 cites OECD; Annex IV is the technical-documentation list. Per-article entries at /blog/eu-ai-act-article-12 and /blog/eu-ai-act-article-13.
GDPR · Regulation (EU) 2016/679. The data-protection foundation any AI-governance person reasons against. Article 22 on automated decision-making is the AI-relevant clause.
Sector-specific. NYDFS Part 500 (cyber and audit-trail · entry at /blog/nydfs-standard-logs), Federal Reserve SR 11-7 / SR 26-2 (model risk · entry at /blog/sr-11-7-model-risk), FCA Consumer Duty Principle 12 (UK retail conduct · entry at /blog/fca-consumer-duty-principle-12), RBI FREE-AI, SEBI Retail Algo, India DPDP, MAS FEAT, Hong Kong HKMA principles, Australia voluntary AI Safety Standard.

The bookshelf is what an AIGP holder reads against in practice. Of the seventeen items on the list, three are the soft-law tier covered in this entry, four are the standards tier, and ten are the binding-regulation tier across jurisdictions. The Warrant blog index at /blog carries a per-item entry for each of the binding instruments where one exists. The seventeenth, the OECD definition of an AI system, is the connective tissue that lets a system inventory be read against any of the tiers.

"the OECD principles supply the values, ISO 24028 supplies the vocabulary, AIGP supplies the practitioner. the binding regulator reads the records the practitioner produces, in the vocabulary the standards mandate, in service of the values the principles set." Synthesis · Warrant Compliance · 2026-05-09

11 · CLOSING · WHAT WARRANT EVIDENCES

Closing · what Warrant evidences.

soft-law tier coverage · per attestable action · in one document

Every Warrant evidence package, on every attestable action, carries the seven fields the synthesis table prescribes. The OECD principle 3 transparency record sits at trace.actions[].decision_rationale. The OECD principle 4 robustness record sits at regulator_evidence.eval_suite_ref. The OECD principle 5 accountability record sits at metadata.accountable_owner_id. The ISO 24028 § 6 threat-mitigation record sits at trace.actions[].threat_mitigation_check. The ISO 24028 lifecycle-phase tag sits at metadata.lifecycle_phase. The AIGP Domain III audit-trail pointer sits at regulator_evidence.audit_trail_pointer. The AIGP Domain VI regulator-mapping sits at regulator_evidence.regimes_engaged.

A compliance officer presenting the package in a regulator meeting can speak to each field by reference to its source instrument. The same officer at an internal AI ethics review can point at the same fields and read the OECD principles into the record. The same officer preparing for AIGP renewal can point at the same fields and read the body-of-knowledge domains into the record. One artefact, three readings.

The synthesis is not novel. Every mature AI compliance practice converges on a small set of evidence fields covering values, vocabulary, and curriculum. The novelty in the Warrant package is that each field becomes independently verifiable without contacting Warrant, so that, when the audit lands two years after the action, the evidence reads as it read on the day. The full attestation rationale and four-layer architecture are at /blog/four-layer-evidence-stack.

The soft-law tier does not bind. The records the soft-law tier prescribes do bind, the moment a binding regulator opens an inquiry. Read the three references on the bookshelf. Build the seven fields into the trace. Make the result independently verifiable without contacting Warrant. The audit, when it comes, reads the document and closes the file.

12 · FAQ

Questions a compliance officer asks first.

FAQ · sourced from inbound from compliance and risk teams Apr to May 2026

Are the OECD AI Principles binding?

No. The OECD AI Principles are a non-binding recommendation, OECD/LEGAL/0449, adopted by the OECD Council in May 2019 and revised in May 2024. The 46 jurisdictions that adhere to the recommendation are politically committed to implementing it but face no treaty obligation. The principles bind indirectly: the EU AI Act cites them in Recital 7, NIST AI RMF cites them in its preface, and US procurement guidance references them by name. A regulator citing the principles in support of a domestic rule turns the soft-law text into the justification for hard-law enforcement.

What is the difference between ISO/IEC 24028 and ISO/IEC 42001?

ISO/IEC 24028:2020 is a Technical Report. It defines the trustworthiness vocabulary, threat taxonomy, and lifecycle phases that downstream standards reuse. It is not certifiable. ISO/IEC 42001:2023 is a management system standard. It defines the requirements an organisation must meet to operate an AI Management System and is certifiable by accredited bodies. 24028 supplies the words; 42001 sets the requirements an organisation evidences against those words. An auditor reading a 42001 conformance file will reach for 24028 to interpret what an Annex A control on transparency or robustness actually means.

Does the AIGP credential satisfy any specific regulator?

No regulator requires AIGP. The AIGP is a professional certification, awarded to individuals, signalling fluency across the AI governance body of knowledge. It is the AI-governance counterpart to CIPP for privacy. A regulator examining a covered entity will not ask for AIGP holders by name, but the certified individual is the person most likely to assemble the documentation, threat enumeration, and lifecycle evidence the regulator does ask for. AIGP is a proxy for governance maturity, not a compliance shield.

How are the OECD AI Principles cited in the EU AI Act?

Recital 7 of Regulation (EU) 2024/1689 cites the OECD Recommendation on Artificial Intelligence by name and states that the EU AI Act builds on the principles to define a coherent legal text at Union level. The OECD definition of an AI system, revised in 2023 and carried into the 2024 OECD revision, is the basis for Article 3(1) of the EU AI Act. NIST AI RMF carries the same definition. A team that aligns its system inventory to the OECD definition gets EU and US definitional alignment in a single sentence.

Why does ISO/IEC 24028 exist if 42001 is the certifiable standard?

Vocabulary precedes requirements. 24028 was published in May 2020, three and a half years before 42001 was published in December 2023. The standards committee chose to land the trustworthiness terminology first so the management system standard could reuse it without redefinition. 24028 enumerates the threat categories, the trustworthiness characteristics, and the stakeholder roles that 42001's Annex A controls reference. Reading 42001 without 24028 is reading a checklist without the dictionary.

Will an AIGP-certified team be enough for a real audit?

AIGP-certified individuals are necessary, not sufficient. The audit reads evidence, not credentials. The credential signals that the team can produce the evidence the audit asks for: the system inventory, the impact assessment, the threat-mitigation record per system, the lifecycle phase tagging per release, the regulator-mapping per decision. A team with AIGP holders and no underlying evidence pipeline will fail an audit no faster than a team with evidence and no credentials. The credential is the prerequisite; the evidence is the artefact.

13 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Synthesis entry on the soft-law tier most binding regulators cite. Not legal advice; engage qualified counsel for jurisdiction-specific opinion.

OECD principles, ISO/IEC 24028, and the AIGP body of knowledge.