EEARF v1.0
A structured, scored methodology for measuring enterprise AI risk across five dimensions. Built for compliance teams, legal counsel, CISOs, and executives who need clear answers before auditors, regulators, or customers ask the questions.
Provisional Patent Pending #64/057,822 · Free to reference with attribution: "EEARF v1.0, Evolve Edge AI, 2026"
EEARF is a scoring framework that gives organizations a quantitative, defensible measure of their AI risk posture. Unlike abstract compliance checklists, EEARF produces a 0–100 Evolve Edge AI Risk Score — a single number executives, boards, and regulators can understand and act on.
Data, Model, Operational, Compliance, and Governance — covering the full AI risk surface.
5 questions per dimension, each scored 0–4 points. Transparent, auditable, repeatable.
Benchmarked against industry peers. Clear tier classification: Low / Moderate / Elevated / High.
Total score out of 100. Higher is better.
Strong governance posture. Minor gaps addressable with targeted improvements.
Meaningful gaps present. Action required before regulatory scrutiny or audit.
Significant exposure. Priority remediation plan recommended within 90 days.
Critical vulnerabilities. Immediate executive attention and remediation required.
Each dimension is scored 0–20 points. 20 questions per dimension, scored 0–4 each.
Evaluates whether the AI system uses data appropriately, lawfully, and without embedded bias that could harm decisions or expose the organization to liability.
Assesses the explainability, auditability, and reliability of the AI model itself — including whether decision logic can be explained to regulators and affected parties.
Examines the processes, controls, and human oversight mechanisms around AI deployment — including what happens when the AI makes a mistake.
Maps the AI system's activities against applicable laws, regulations, and standards — identifying gaps before regulators, auditors, or customers do.
Evaluates whether the organization has the policies, accountability structures, and oversight mechanisms needed to govern AI responsibly at scale.
| Score | Meaning | Evidence Required |
|---|---|---|
| 4 — Fully Met | Control is in place, documented, tested, and effective | Written policy + evidence of implementation + last review date |
| 3 — Substantially Met | Control exists and works but has minor gaps or documentation issues | Written policy + implementation evidence |
| 2 — Partially Met | Control is in progress or inconsistently applied | Draft policy or partial implementation |
| 1 — Minimally Met | Control is planned but not yet implemented | Documented plan with owner and timeline |
| 0 — Not Met | No control exists or awareness of requirement | No documentation |
EEARF dimensions map directly to major regulatory frameworks.
| EEARF Dimension | NIST AI RMF | EU AI Act | ISO 42001 | SOC 2 |
|---|---|---|---|---|
| Data Risk | MAP 1.1, MEASURE 2.5 | Art. 10 — Data Governance | Clause 6.1 | CC6.1, CC6.3 |
| Model Risk | MEASURE 2.2, MANAGE 2.2 | Art. 9 — Risk Management | Clause 8.4 | CC7.1, CC7.2 |
| Operational Risk | MANAGE 1.3, MANAGE 2.4 | Art. 14 — Human Oversight | Clause 9.1 | CC7.3, CC7.4 |
| Compliance Risk | GOVERN 1.1, GOVERN 6.2 | Art. 6–7 — Risk Classification | Clause 4.2 | CC2.1, CC2.2 |
| Governance Risk | GOVERN 1.2, GOVERN 2.2 | Art. 26 — Provider Obligations | Clause 5.1 | CC1.1, CC1.2 |
EEARF v1.0 is published by Evolve Edge AI and is free to reference and use in research, compliance documentation, and internal assessments. When citing this framework, please use:
Evolve Edge AI Risk Framework (EEARF) v1.0. Published by Evolve Edge AI, May 2026. evolveedgeai.com/eearf. Provisional Patent Pending #64/057,822.Commercial use in products or services requires a license. Contact us at k.green@evolveedgeai.com.
Get a professional EEARF-based assessment of your AI systems — delivered in 5–7 business days with a board-ready report and remediation roadmap.