This record contains Version 3.1 of The Enterprise AI Governance Buyer’s Guide together with the companion document Enterprise AI Governance – Procurement Fast Path. The two documents are designed to be used jointly to support rigorous, evidence-based evaluation of AI governance claims in regulated and high-stakes enterprise environments. The Buyer’s Guide presents a vendor-neutral evaluation framework that distinguishes between three governance problems: Visibility (logging, monitoring, and observability), Alignment (model- and application-layer safety techniques such as RLHF, guardrails, and content filtering), and Authorization (pre-execution governance capable of producing replayable, independently verifiable evidence that a specific action was permitted). It formalizes the distinction between probabilistic governance (“likely compliant”) and deterministic governance (“provably compliant”), emphasizing fail-closed enforcement, non-delegable authorization, and post-incident verifiability. The guide introduces the Four Tests Standard (4TS)—Reproducibility, Verifiability, Completeness, and Boundedness—along with concrete due-diligence questions, failure-mode analysis, and an illustrative proof-carrying decision artifact mapped to common regulatory requirements (e.g., audit trails, electronic records, signature controls, and retention obligations). Version 3.1 adds a formal Doctrine (v1.0) statement that locks the enforcement boundary across the FERZ governance corpus: observability governs accounts of action; authorization governs permission to act; SDLC controls constrain deployment (not individual runtime decisions); signed artifacts protect history while signed authorizations govern the future; and authorization governance requires a non-bypassable runtime gate that fails closed when governance conditions fail or required evidence is missing. No other substantive changes were made. Version 3.0 extends the framework with semantic completeness: governed state is incomplete unless each decision is cryptographically bound to the immutable semantic definitions in effect at decision time (e.g., ontology terms, constraint sets, and inference regime). This prevents “definition laundering,” where semantic drift retroactively alters the compliance status of past decisions and breaks audit replay without visible failure. The Procurement Fast Path distills the framework into a short, operational checklist intended for real-world procurements. It establishes a baseline qualification gate requiring third-party offline replay of a historical governance decision from an exported Evidence Package, and applies additional anti-laundering tests (exportability, offline replay, state completeness, fail-closed behavior, and mutation/drift resistance) to rapidly disqualify marketing-only or trust-based governance claims before full scoring. Together, the documents are intended for use by procurement teams, risk officers, General Counsel, auditors, technical evaluators, regulators, and boards seeking evidentiary assurance that AI governance controls can be independently verified at the moment a specific AI decision was made. While developed by FERZ AI, the framework is architecture-agnostic and may be applied to any AI governance solution. The documents are conformant with the AI Governance Taxonomy v1.5 (DOI: 10.5281/zenodo.18275969) and are designed to support defensible governance evaluation in sectors such as healthcare, financial services, government, defense, and other regulated domains.
Inc. et al. (Mon,) studied this question.