This study addresses the challenge of evaluating artificial intelligence (AI) systems across heterogeneous regulatory frameworks. Although the NIST AI RMF, EU AI Act, and ISO/IEC 23894/42001 define important governance requirements, they do not provide a unified quantitative method. To bridge this gap, we propose the Cross-Assessment & Verification for Evaluation (CAVe) Framework, which maps shared regulatory requirements to four measurable indicators—accuracy, robustness, privacy, and fairness— and aggregates them into a Cross-Compliance Index (CCI) using normalization, thresholding, evidence penalties, and cross-framework weighting. Two validation scenarios demonstrate the applicability of the approach. The first scenario evaluates a Naïve Bayes-based spam classifier trained on the public UCI SMS Spam Collection dataset, representing a low-risk text-classification setting. The model achieved accuracy 0.9850, robustness 0.9945, fairness 0.9908, and privacy 0.9922, resulting in a CCI of 0.9741 (Pass). The second scenario examines a high-risk healthcare AI system using a CheXNet-style convolutional model evaluated on the MIMIC-CXR dataset. Diagnostic accuracy, distribution-shift robustness, group fairness (finding-specific group comparison), and privacy risk (membership-inference susceptibility) yielded 0.7680, 0.7974, 0.9070, and 0.7500 respectively. Under healthcare-oriented weighting and safety thresholds, the CCI was 0.5046 (Fail). These results show how identical evaluation principles produce different compliance outcomes depending on domain risk and regulatory priorities. Overall, CAVe provides a transparent, reproducible mechanism for aligning technical performance with regulatory expectations across diverse domains. Additional metric definitions and parameter settings are provided in the manuscript to support reproducibility, and future extensions will incorporate higher-level indicators such as transparency and human oversight.
Min et al. (Sat,) studied this question.