| Area | Question | ✅ Positive Response | ❌ Negative Response |
| I. AI Governance and Oversight | Has your company designated an individual or a governance board responsible for developing, implementing, and monitoring the AI legal compliance and risk mitigation program? | Yes. A CAIO and AI Governance Committee oversee compliance and risk mitigation. | No. No individual or governance board has been formally assigned to AI oversight. |
| II. Data Confidentiality and Security | Do you have a security protocol that describes sufficient physical, technical, and organizational data security measures, such as database access controls and device encryption? | Yes. A multi-layered security framework, including encryption, access controls, and monitoring, is in place. | No. A dedicated AI-specific security protocol is missing, leaving vulnerabilities unaddressed. |
| III. Documentation and Continuous Monitoring | Have you prepared sufficiently detailed records of your AI compliance measures to answer questions from customers and internal users, demonstrate compliance and accountability, respond to authorities, satisfy due diligence requests in mergers and acquisitions, and defend against claims alleging AI law violations? | Yes. Comprehensive AI compliance documentation is maintained and regularly updated. | No. Documentation of AI compliance measures is incomplete or not systematically maintained. |
| IV. Human Oversight and Intervention | Are clear roles and responsibilities defined for human oversight of AI-driven decisions, especially in high-risk areas? | Yes. Human oversight roles are defined, with authority to review and override AI-driven decisions. | No. Oversight responsibilities are unclear, with limited ability to intervene in AI-driven decisions. |
