• qa_deck_100#slide 94 · Standards and policy interoperability

One evidence pack can work across the EU AI Act, ISO/IEC 42001, and the NIST AI RMF because RAIDT treats interoperability as evidence translation rather than legal equivalence. In the policy pathways paper, the minimum run-level evidence pack records the concrete elements of one configured use: prompt or instruction, model and tool configuration, retrieved context where relevant, output, hashes or identifiers, checks, reviewer actions, and surrounding context. Those fields are then read through different governance lenses. For the EU AI Act, they help populate duties around risk management, technical documentation, transparency, human oversight, and post-market review. For ISO/IEC 42001, the same records become operational evidence for control design, management review, accountability allocation, and continual improvement. For NIST AI RMF, they support Map, Measure, Manage, and Govern by making risk characteristics and control performance inspectable at run level.

RAIDT adds discipline through a score profile built from the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), using anchors 1=missing / 3=partial / 5=audit-ready. The point is not that a score replaces law or judgement. The point is that the same evidential object can be checked repeatedly, with framework-specific interpretation layered on top. In practice, organisations map each evidence field to a named requirement or function in the target framework, retain the full pillar profile rather than only a composite, and update the crosswalk when the source instruments change. The evidence pack is therefore the shared substrate; the legal or standards reading is the overlay.

In a healthcare note-summarisation use case, a hospital captures a run-level evidence pack containing the prompt template ID, model deployment ID, decoding settings, retrieval snapshot hash, output text, output hash, safety check, and human oversight flag. That is one pack, not three.

The same pack can then serve different reviewers. An EU-facing compliance team can use it to evidence documentation, transparency, and oversight duties. An ISO/IEC 42001 team can use it in management review and control verification. A NIST-oriented risk team can use it to show how risk was mapped, measured, managed, and governed in that run. Because the evidence fields are stable, each reviewer starts from the same factual record even though their framework language differs.

• 10-RAIDT_Policy_Pathways_M_V50