ComplyHat ships nine framework templates. Each template encodes the bias tests a regulator requires, the protected classes it expects coverage for, the reporting cadence it mandates, and the document sections it expects to see. When your host callsDocumentation Index
Fetch the complete documentation index at: https://docs.complyhat.ai/llms.txt
Use this file to discover all available pages before exploring further.
reports with mode: "generate" for a given framework, ComplyHat renders the document section by section and returns audit-tagged citations ready for your host to stitch into the final deliverable.
Frameworks at a glance
EU AI Act
EU AI Act
Regulation (EU) 2024/1689 — Applies to providers and deployers of high-risk AI systems on the EU market.ComplyHat renders the Annex IV technical file sections required by Article 17: system description, risk management, data governance, human oversight, and accuracy and robustness evidence. The template also generates the bias-test artefacts (disparate impact, statistical parity, equal opportunity, predictive parity) at the quarterly cadence Article 9 expects.Key deadline: High-risk system providers must have a complete technical file ready for the relevant national authority by 2 August 2026.
SR 11-7
SR 11-7
Federal Reserve and OCC Supervisory Guidance on Model Risk Management (2011) — Applies to US banks and bank holding companies with models in scope for examiner review.ComplyHat renders the model documentation, validation evidence, and ongoing-monitoring sections that US bank examiners expect to see during a model-risk review. The bias test pair for SR 11-7 is disparate impact (Four-Fifths Rule) and statistical parity at quarterly cadence.Key requirement: An examiner can request model documentation at any time. ComplyHat reports carry the framework version and engine version so your model risk team can demonstrate currency.
NAIC Model Bulletin
NAIC Model Bulletin
NAIC Model Bulletin on the Use of AI by Insurers — Adopted or under consideration by state insurance regulators across the US.ComplyHat renders the governance, third-party AI oversight, testing, and consumer-protection sections state regulators have begun requiring of carriers using AI in underwriting, claims, and pricing. Protected-class coverage follows the NAIC template’s specified categories.Key requirement: State insurance departments are issuing examination guidance referencing this bulletin. Carriers should have documentation in place before an examination cycle begins.
NIST AI RMF
NIST AI RMF
NIST AI Risk Management Framework 1.0 (NIST AI 100-1) — Voluntary framework published by NIST; increasingly cited as a baseline by federal program managers and examiners.ComplyHat renders the Govern, Map, Measure, Manage attestations a US federal program manager expects when an AI system is in scope. The framework is voluntary, but federal procurement and state regulators are beginning to reference it as a documentation floor.Key requirement: No statutory deadline, but requests for documentation aligned to the AI RMF are appearing in federal contracting language and state AI legislation.
ISO/IEC 42001
ISO/IEC 42001
ISO/IEC 42001:2023 — AI Management System — International standard for organisations seeking third-party certification of their AI management practices.ComplyHat renders the Annex A control evidence and management-review artefacts an ISO 42001 auditor expects when certifying an organisation’s AI management system. The template maps each required control to the corresponding ComplyHat test or document section.Key requirement: Third-party certification audits require documentary evidence for each Annex A control. ComplyHat outputs are structured to map directly to auditor checklists.
NYC Local Law 144
NYC Local Law 144
NYC Local Law 144 (2023) — Automated Employment Decision Tools — Applies to New York City employers and employment agencies that use an AEDT in hiring or promotion decisions.ComplyHat renders the annual independent bias-audit report and the candidate notice a NYC employer must publish before using an AEDT. The required bias tests are disparate impact and statistical parity at annual cadence, scoped to the AEDT use case only.Key deadline: The audit report and summary must be published on the employer’s website before the AEDT is used. Annual re-audits are required.
Treasury FS AI RMF
Treasury FS AI RMF
US Treasury Financial Services Sector AI Risk Management Framework — Guidance for financial institutions running AI in core operations.ComplyHat renders the control-evidence mapping and risk-tier documentation Treasury expects from financial institutions. The framework aligns closely with NIST AI RMF but adds financial-sector-specific risk tiers and control families.Key requirement: Financial institutions should have documentation aligned to this framework in place ahead of examination cycles and in response to requests from prudential regulators.
Colorado SB 21-169 / SB 24-205
Colorado SB 21-169 / SB 24-205
Colorado SB 21-169 (Insurance) and the SB 24-205 AI Act successor regime — Applies to carriers using external consumer data and algorithms in insurance decisions, and to deployers of consequential AI decisions affecting Colorado residents.ComplyHat renders the risk assessment and consumer-impact disclosures the Colorado Division of Insurance and the state attorney general’s office expect. Coverage extends to both the insurance-specific obligations under SB 21-169 and the broader consequential-decision requirements under SB 24-205.Key deadline: SB 21-169 compliance obligations are active. SB 24-205 obligations are phased — monitor the Colorado AG’s implementation guidance for exact dates.
CMS-0057-F
CMS-0057-F
CMS-0057-F — Medicare and Medicaid AI Prior-Authorization Rule — Applies to health insurers using AI or algorithmic tools to make prior-authorization coverage decisions for Medicare Advantage and Medicaid managed care.ComplyHat renders the clinical-validation evidence, transparency disclosures, and bias-testing artefacts CMS expects from health insurers. The template covers both the technical documentation and the required notices to beneficiaries.Key deadline: CMS-0057-F compliance obligations are active for plan years in scope. Review the CMS final rule and your plan’s contract with CMS for the applicable effective dates.
Versioned templates
Every framework template is versioned. Reports carry the framework version they were rendered against, so when a regulator amends the underlying rule, your counsel can verify currency at a glance. Updated templates ship under a public 30-day SLA from the effective date of a material regulatory change. The exact bias-test list, threshold, protected-class set, and cadence per framework is encoded in the template and surfaced in every generated report — you do not need to read the regulation to know which tests ran.Bias-test coverage by framework
Frameworks differ on which tests they require and at what cadence:| Framework | Tests | Cadence |
|---|---|---|
| EU AI Act | Disparate impact, statistical parity, equal opportunity, predictive parity | Quarterly |
| SR 11-7 | Disparate impact, statistical parity | Quarterly |
| NAIC Model Bulletin | Disparate impact, statistical parity | Per examination request |
| NIST AI RMF | Disparate impact, statistical parity, equal opportunity | As needed |
| ISO/IEC 42001 | Disparate impact, statistical parity | Per audit cycle |
| NYC Local Law 144 | Disparate impact, statistical parity | Annual |
| Treasury FS AI RMF | Disparate impact, statistical parity | Quarterly |
| Colorado SB 21-169 / SB 24-205 | Disparate impact, statistical parity | Annual |
| CMS-0057-F | Disparate impact, statistical parity, equal opportunity | Annual |
Next steps
Methodology
The statistical methods behind each bias, drift, explainability, and adversarial test ComplyHat runs.
Generate a report
Step-by-step guide to generating your first compliance report for a registered model.