What's shipped — and what's coming.

NIST AI RMF 1.0 framework coverage

Full GOVERN / MAP / MEASURE / MANAGE function coverage with 23 controls. AI workflow now maps findings to specific NIST AI RMF control codes. Onboarding selector and framework catalog updated.

ISO 42001:2023 AI Management System

ISO 42001 added as a full framework with 7 clauses and 20 controls. International AI governance certification pathway now available. Appears in onboarding, AI analysis, and report compliance mapping.

NIST SP 800-171 Rev 3 for federal contractors

CUI protection framework with 6 control families — Access Control, Audit, Configuration, Identification, Risk Assessment, System Integrity. Unlocks the federal contractor and DoD supply chain segment.

Governance Maturity Score in every report

Reports now include a circular maturity score badge (0–100), level label (Initial → Optimizing), gradient progress bar, and per-finding maturity drivers.

AI Systems Inventory section

Every report now includes a structured AI inventory section listing the tools, platforms, and frameworks the organization uses, tagged by industry and org size.

EU AI Act countdown on dashboard

Dashboard banner shows dynamically calculated days remaining until EU AI Act enforcement (August 2, 2026), color-coded green → amber → red as the deadline approaches.

Evidence Basis and Notable Strengths in reports

Each finding now lists the specific evidence items supporting it. Reports also surface a Notable Strengths section (green checkmarks) to balance risk findings with positive signals.

Management Response placeholder

Every report includes a dashed-border Management Response section with a 14-business-day response window — matches enterprise and board audit expectations.

AI framework mapper now covers all 9 frameworks

The AI workflow framework-mapper node now explicitly evaluates NIST AI RMF, ISO 42001, NIST 800-171, EU AI Act, SOC 2, HIPAA, GDPR, NIST CSF, and PCI DSS — with exact catalog codes, not just names.

Board Brief route

One-page printable board packet at /api/reports/{id}/board-brief — maturity score, top 3 risks, peer benchmark, and immediate actions formatted for trustee or board presentation.

Peer Industry Benchmark

Every report now shows how your organization compares to the industry median (61/100) with percentile ranking and interpretation.

Governance Domain Heatmap

Dashboard now visualizes risk coverage across all governance domains — color-coded green/amber/red so compliance leaders see gaps at a glance.

Assurance Letter in every report

Every exported report opens with a formal Attestation & Assurance section including date, organization name, patent pending notice, and Evolve Edge advisory signature.

AI Governance Maturity Score

0–100 governance maturity score across 5 weighted components: governance structure, data governance, vendor risk, control readiness, and evidence readiness. Five maturity levels: Initial → Optimized.

Critical severity finding tier

Added Critical above High in the finding severity model — for findings with immediate regulatory or operational consequences.

Scope & Methodology section in reports

Every report now includes a formal Scope and Methodology section describing the assessment approach, frameworks evaluated, and pipeline architecture.

Print-ready report export

Report HTML exports now include full @media print CSS — letter portrait layout, page break controls, clean typography for browser Print → Save as PDF.

Quarterly reassessment reminder

Dashboard shows an amber banner when the last report is more than 75 days old — prompting Scale plan customers to start their next assessment cycle.

Remediation owner badges

Roadmap items now show color-coded priority, owner role, and effort level badges for scannable at-a-glance triage.

Welcome email on signup

New accounts now receive a welcome email immediately after account creation with dashboard link and next-step guidance.

Shadow AI as first-class governance concept

Shadow AI is now tracked as a named intake concern, risk flag, AI analysis dimension, and finding tag throughout the platform.

AES-256-GCM field encryption

Sensitive intake fields are now encrypted at rest using AES-256-GCM field-level encryption with FIELD_ENCRYPTION_KEY.

Vendor risk register (TrustLedger AI)

Scale plan customers can maintain a living registry of every AI tool and vendor — scored, governed, and auditable.

EU AI Act compliance module

Tracks Article 9–14 gap posture with live August 2026 deadline countdown. High-risk AI classification built in.

Provisional patent filed

U.S. Patent Application No. 64/057,822 filed May 5, 2026. Six-node LangGraph AI scoring pipeline is Patent Pending.

Full security audit — all 33 API routes protected

Comprehensive security audit completed. All routes enforce authentication and organization scoping. Audit log export, typed audit events, and vendor register all deployed.

Anthropic Claude provider abstraction

AI provider abstraction layer allows switching between OpenAI and Anthropic Claude via AI_PROVIDER env var with no code changes.

LangGraph 6-node AI scoring pipeline

End-to-end LangGraph pipeline: intake normalization → risk analysis → compliance mapping → finding generation → roadmap synthesis → report writeback. Confirmed working in production.

n8n AI dispatch workflow

Production n8n workflow for AI analysis dispatch confirmed end-to-end with full report writeback.

Management response workflow

Management must formally respond to every finding before a report enters review — consistent with professional audit practice.

Audit trail export (CSV/JSON)

Customer-facing audit trail export for every report. PII masked. Satisfies customer right-to-inspect in compliance engagements.

Blog system — 3 SEO posts live

Blog launched with initial posts targeting law firm, fintech, and healthtech compliance buyer keywords.

Google Search Console verified — sitemap submitted

16-page sitemap submitted. Google Search Console ownership verified.