RAIGF™ governance frameworks deliver structured AI accountability — because AI governance cannot be binary.
Organizations evolve across distinct maturity stages depending on operational size, AI deployment complexity, regulatory exposure, and strategic dependency on AI systems.
RAIGF™ defines five proportional governance frameworks — each structured to deliver documented accountability, regulatory defensibility, and opposable documentation appropriate to the governance perimeter it addresses.
Three Levels of AI Maturity.
One Governance Architecture.
RAIGF™ is structured across three governance maturity tiers.
Each tier corresponds to a distinct organizational profile — defined by the role AI plays in operations, the complexity of the deployment environment, and the accountability obligations that arise from that profile.
RAIGF™ — Find Your Framework
Which governance framework fits your organization?
1 — How many people in your organization use AI tools?
Five RAIGF™ Governance Frameworks.
One Proportional Architecture.
Each RAIGF™ governance framework is a standalone architecture — defined by its applicability conditions, governance scope, and documentary outcomes.
The Frameworks do not necessarily represent successive stages.
RAIGF™ is a registered trademark — see the trademark notice for citation rules and protected use.
Applicable to small enterprises using AI operationally via SaaS tools, without internal AI development or infrastructure ownership. Governance establishes the accountability and documentary layer that proportional AI adoption requires.
- Executive-level accountability designation for all AI tool usage
- Structured visibility over every AI system, data flow, and external dependency
- Controlled data exposure — documented oversight of what AI tools process
- Supplier dependency identification before critical reliance accumulates
- Proportional regulatory awareness under GDPR and EU AI Act
- Leadership knows exactly where AI is used, what data it touches, and who is accountable
- Every AI-influenced decision has a designated responsible — documented and traceable
- AI outputs affecting clients, finances, or operations are subject to structured review
- External AI dependencies are mapped and assessed before they become critical
Applicable to organizations integrating AI into structured business processes without a prior formal governance layer. Governance is established from zero across five structural dimensions — proportional to operational size and regulatory exposure.
- Strategic alignment: AI formally tied to defined business objectives under executive oversight
- Ethical governance: EU AI Act risk classification and GDPR alignment structured and documented
- Operational control: AI systems run under validated change and incident response processes
- Risk and compliance: EU AI Act, GDPR and NIS2 obligations mapped to actual systems
- Sustainable operations: governance architecture that holds as AI deployment evolves
- Formal governance architecture operational from handover — not a documentation template
- Regulatory exposure is known, mapped to actual systems, and owned across the organization
- Every AI decision has a documented ownership structure and a defined validation path
- The organization can respond to regulatory or client due diligence requests with structured evidence
Applicable to organizations where AI is already operational and at least one informal governance element exists. Governance formalizes existing practices, scales accountability across departments, and produces a defensible regulatory documentation package.
- Formalization: existing governance practices assessed, documented, and made defensible
- Scaling: governance architecture extended across all departments and AI systems in scope
- Regulatory compliance: EU AI Act classification, GDPR data processing, NIS2 documentation — all structured and audit-ready
- Vendor governance: critical dependencies mapped with defined exit strategies before they become operational risks
- Shadow AI containment: unauthorized AI usage governed — detection protocol and authorization process active
- Governance is structured, scalable, and defensible — not just documented on paper
- Full regulatory documentation package: EU AI Act, GDPR, NIS2 — audit-ready before scrutiny arrives
- Enterprise client procurement requests for AI governance evidence can be satisfied with structured documentation
- Every vendor dependency has a mapped fallback — operational continuity is governed, not assumed
Applicable to organizations operating AI across multiple business units, where governance must be visible at board level, defensible to regulators, and verifiable by auditors. Entry is defined by AI environment complexity — not by employee count.
- Board visibility: AI governance committee constituted, board-ratified doctrine, consolidated risk reporting at executive level
- Legal defensibility: EU AI Act obligations documented across all systems and business units, GDPR and NIS2 mapped to actual environments
- Cross-unit coherence: governance applied consistently across all business units — no blind spots, no ungoverned systems
- Audit readiness: independent internal audit framework reporting directly to the governance committee
- Institutional resilience: vendor dependencies mapped enterprise-wide, exit strategies defined for every critical AI asset
- The board has a consolidated, structured view of AI risk exposure across the organization — for the first time
- Regulatory documentation is complete across all business units — defensible before a regulator arrives, not assembled under pressure
- Every AI system across every unit has a named owner, a governance layer, and an audit trail
- Client or regulator requests for formal AI governance evidence are satisfied with institutional-grade documentation
Applicable to organizations where AI is embedded in products or services delivered to clients — creating contractual and legal governance obligations that require continuous, monitored architecture rather than periodic documentation exercises.
- Continuous governance operations: incidents governed by protocol at every severity level — not by improvised response
- Client delivery governance: every AI system embedded in a client commitment operates under a formal SLA governance layer
- Multi-jurisdiction compliance: EU regulatory primacy maintained across all jurisdictions, with structured profiles per geography
- Governance arbitration: conflicts between operational urgency, client commitments, and regulatory constraints resolved by defined authority — not by whoever is available
- Governance as competitive architecture: documented, operational, verifiable governance that satisfies enterprise procurement requirements
- Governance operates between incidents — not only during them. Performance is monitored, drift is detected, changes are governed
- Client commitments are protected by a managed incident protocol — the client does not discover failures before the governance structure does
- A cross-jurisdiction regulatory investigation finds a governance architecture — not a documentation gap assembled under pressure
- Enterprise contracts requiring AI governance evidence are satisfied — governance becomes a commercial differentiator
Each RAIGF™ Framework is defined by applicability conditions — organizational size, AI deployment scope, existing governance maturity, and regulatory exposure. Three questions are sufficient to identify the appropriate starting point.
Governance Framework Comparison
| Framework | Applicable profile | Implementation | Primary outcome | Regulatory scope |
|---|---|---|---|---|
| RAIGF™ SESmall Enterprise | Fewer than 10 employees · AI via SaaS tools · no internal development | 4 weeks, fixed | Declaration of Responsible AI Use · executive accountability · data exposure control | GDPR awareness · EU AI Act proportional alignment |
| RAIGF™ SMB FoundationSMB Foundation | 10–500 employees · AI integrated into processes · no prior governance | From 4 weeks | Full governance architecture from zero · 5-dimension documentation package | EU AI Act risk classification · GDPR · NIS2 |
| RAIGF™ SMB AdvancedSMB Advanced | 10–250 employees · at least one informal governance element · AI scaling across departments | From 8 weeks | Audit-ready governance package · regulatory documentation complete · vendor dependencies mapped | EU AI Act full classification · GDPR complete · NIS2 full |
| RAIGF™ Enterprise FoundationEnterprise Foundation | Complex multi-unit AI environments · board accountability required · no employee threshold | Scope-determined | Board-visible governance · institutional committee · legally defensible · auditor-verifiable | EU AI Act enterprise obligations · GDPR at scale · NIS2 full |
| RAIGF™ Enterprise AdvancedEnterprise Advanced | AI embedded in client delivery · multi-jurisdiction · Enterprise Foundation in place | Scope-determined | Continuous governance operating system · client SLA governance · multi-jurisdiction compliance | EU AI Act continuous alignment · multi-jurisdiction regulatory architecture |
RAIGF™ governance frameworks are designed with explicit structural awareness of the three main European legal instruments that impose direct AI accountability obligations on organizations operating within or targeting the European Union:
RAIGF™ meets regulatory obligations. It provides the governance architecture layer that enables organizations to structure AI adoption in a manner consistent with European accountability expectations.
Common questions about RAIGF™ governance frameworks — their structure, applicability conditions, documentary outcomes, and implementation in Europe.
No. Each RAIGF™ governance framework is a complete and standalone system, defined by its own applicability conditions, governance scope, and required documentary outcomes. Organizations can select the RAIGF™ framework that best corresponds to their current size, risk profile, and operational complexity. RAIGF™ frameworks are designed to scale with the organization’s growth. The transition from one level to the next is fully integrated and progressive. Specifically, RAIGF™ Enterprise Advanced builds directly upon RAIGF™ Enterprise Foundation: the Foundation framework must be already in place or implemented concurrently before the Advanced framework can be activated.
Three criteria define the applicable framework: organizational size and AI deployment scope, existing governance maturity, and regulatory exposure. Framework selection is confirmed through a formal scoping or assessment phase before any governance work begins.
Yes. Each RAIGF™ governance framework produces a structured documentation package proportional to its governance scope — designed to be opposable in regulatory contexts, B2B due diligence processes, and client accountability requirements. The nature and depth of that documentation is proportional to the governance perimeter addressed.
No. RAIGF™ is a governance architecture framework. It does not function as a certification, an audit label, or a regulatory validation. It structures accountability, oversight, and risk management — producing formal governance documentation that is opposable in regulatory contexts. It does not attest. It structures.
No. RAIGF™ operates as a governance architecture layer. It does not replace legal or regulatory compliance obligations. It provides the internal governance structure that enables organizations to address European accountability expectations — without functioning as a compliance certification or a legal audit substitute.
No. RAIGF™ includes governance frameworks specifically designed for small enterprises (RAIGF™ SE), SMEs (SMB Foundation and SMB Advanced), and enterprise-scale organizations. The governance scope and documentation requirements are proportional to organizational size and AI complexity at each level.
For Europe, RAIGF™ is distributed and implemented exclusively through Virtualtek — the official European distributor. Virtualtek operates across the full AI lifecycle, from hardware architecture to governance implementation. Organizations seeking governance implementation may contact Virtualtek directly. Consultancies and integrators seeking distribution rights may request a formal qualification discussion.
For the complete list of questions and answers, visit the dedicated FAQ page.
Each RAIGF™ framework is defined by applicability conditions — organizational size, AI deployment scope, existing governance maturity, and regulatory exposure.
Request governance assessment Apply for DistributionRAIGF™ governance frameworks are implemented exclusively through Virtualtek — the official European distributor. Each engagement begins with a formal scoping or assessment phase before any governance work begins.
Each RAIGF™ framework produces documented, structured, and opposable governance — aligned with European regulatory expectations and proportional to the operational complexity it addresses.