# Governance Profile

|                       |                                  |
| --------------------- | -------------------------------- |
| **Identifier**        | `urn:adl:profile:governance:1.0` |
| **Status**            | Draft                            |
| **ADL Compatibility** | 0.3.x                            |

note

This profile is in draft status. The specification is stable for early adoption, but minor changes may occur before 1.0.

## Overview[​](#overview "Direct link to Overview")

The Governance Profile extends ADL for regulated enterprise environments. It adds members for compliance frameworks, autonomy classification, AI governance, operational governance, and lifecycle process controls.

When this profile is declared in an ADL document's `profiles` array, the document **MUST** satisfy all requirements defined in this specification.

## Use Cases[​](#use-cases "Direct link to Use Cases")

* Regulatory compliance tracking
* AI governance and oversight
* Audit trail management
* Multi-framework compliance mapping

## Quick Start[​](#quick-start "Direct link to Quick Start")

Add the Governance Profile to your ADL document:

```
{

  "adl_spec": "0.3.0",

  "name": "Compliance Review Agent",

  "description": "Reviews documents for regulatory compliance.",

  "version": "1.0.0",

  "profiles": ["urn:adl:profile:governance:1.0"],

  "compliance_framework": {

    "primary_framework": "SOC2_TYPE_II",

    "control_mappings": [

      {

        "framework": "SOC2",

        "control_id": "CC6.1",

        "status": "implemented"

      }

    ]

  }

}
```

## Additional Members[​](#additional-members "Direct link to Additional Members")

The Governance Profile adds the following top-level members:

| Member                   | Required     | Description                                     |
| ------------------------ | ------------ | ----------------------------------------------- |
| `compliance_framework`   | **REQUIRED** | Compliance and regulatory framework information |
| `autonomy`               | **REQUIRED** | Autonomy tier classification (Tier 1, 2, or 3)  |
| `risk_classification`    | Optional     | AI risk level and assessment                    |
| `human_oversight`        | Tier 2+      | Human oversight configuration and triggers      |
| `incident_response`      | Tier 2+      | Incident escalation policy attestation          |
| `disclosure`             | Tier 2+      | User-facing transparency declarations           |
| `evaluation_attestation` | Tier 3       | Pre-deployment evaluation result                |
| `safety_reviews`         | Optional     | Safety review schedule and status               |
| `governance`             | Optional     | Operational governance information              |
| `governance_record_ref`  | Optional     | URI to governance record in registry            |

See the [full specification](/profiles/governance/specification.md) for detailed member definitions.

## Supported Compliance Frameworks[​](#supported-compliance-frameworks "Direct link to Supported Compliance Frameworks")

The profile supports the following compliance frameworks:

* `NIST_800_53` - NIST Special Publication 800-53
* `SOC2_TYPE_II` - SOC 2 Type II
* `ISO_27001` - ISO/IEC 27001 Information Security
* `ISO_42001` - ISO/IEC 42001 AI Management System
* `GDPR` - General Data Protection Regulation
* `HIPAA` - Health Insurance Portability and Accountability Act
* `PCI_DSS` - Payment Card Industry Data Security Standard
* `EU_AI_ACT` - EU Artificial Intelligence Act
