Trigger: Your AI context is sensitive, specific, or cross-domain.

Custom AI Evidence Passports

Any sensitive AI context
deserves structured evidence.

Configure evidence families, reviewer roles, access conditions, and context visas for any domain that does not fit a standard framework.

Configurable evidence matrixCustom context visasDomain-specific reviewersCross-domain hybrid Passports

Custom Passport Builder

1Choose domainsHealth + Research
2Evidence familiesPrivacy · Lineage · Consent
3Reviewer rolesDPO + Clinical Lead
4Access conditionsLocal Only · Ethics review
5UnderpromiseConfigured for context
Passport generatedCleared with Limits

Generated Passport — Preview

HealthResearch+ custom
EvidencePrivacy · Lineage · Consent
ReviewersDPO + Clinical Lead
ScopeLocal Only · Ethics required
ALP-CUSTOM-2026Cleared with Limits

Sensitive context

Why some sensitive contexts do not fit predefined frameworks.

AI governance frameworks often assume clean category boundaries. Real deployments cross multiple sensitive contexts simultaneously — a research platform with health data, a financial system operating in a regulated jurisdiction with specific local requirements, or an agentic AI operating across multiple sensitive domains. Custom Passports let you configure evidence for the actual context.

Data categories in scope

Context-specific sensitive data categories
Cross-domain data (e.g. health + financial)
Sector-specific proprietary data
Jurisdiction-specific regulated data
Custom risk categories defined by context

People affected

Affected groups specific to the domainCross-domain stakeholdersJurisdiction-specific regulated populationsOrganisation-specific affected staff or users

Risk scenarios

What typically goes wrong.

Specific failure modes seen in this sensitive context — without structured evidence.

A research platform processing health and financial data is assessed against health standards only.

Financial drift, explainability, and lineage evidence missing. The intersection creates evidence gaps invisible in a single-domain review.

A sector-specific AI tool has unique compliance obligations not covered by standard evidence families.

Standard Passport template leaves key risk categories undocumented. Regulator asks for evidence not captured in generic structure.

An agentic AI system spans HR, financial, and customer service domains.

Each domain has different evidence requirements. Generic Passport covers none of them adequately. Multiple reviewers have different unanswered questions.

Scope

What needs a Passport.

Cross-domain AI spanning multiple sensitive contexts
Sector-specific AI with custom regulatory obligations
Organisation-specific AI with unique reviewer workflows
Jurisdiction-specific AI with local evidence requirements
Emerging context AI where standard frameworks do not apply
Agentic AI systems operating across multiple sensitive domains
Hybrid research-commercial-clinical AI platforms

Stakeholder workflow

From trigger to access decision.

1

Trigger

AI system in scope

2

Evidence Request

Passport initiated

3

Review

DPO · CISO · Specialist

4

Decision

Access condition set

5

Monitor

Tide sweeps · Renewal

AI Governance Lead

An AI system does not fit existing sensitive-context Passport templates.

Design a custom Passport with the AffectLog team. Configure evidence families, reviewer routing, and access conditions for your context.

DPO

A cross-domain AI system accesses multiple sensitive data categories.

Require all relevant evidence families to be configured in the custom Passport before any clearance is considered.

Domain Specialist (e.g. Clinical, Legal, Safety)

Standard AI governance review is insufficient for the domain.

Define specialist review conditions in the Passport. Become a named reviewer role in the custom routing.

Access decisions

Context Visa conditions.

The access decisions that apply in this sensitive context — and the evidence conditions that produce them.

Cleared with Limits
  • All configured evidence families complete above threshold
  • Custom reviewer roles have completed review
  • Domain-specific access conditions documented and accepted
Review Needed
  • One or more custom evidence families incomplete
  • Domain-specific reviewer has not yet reviewed
  • Cross-domain evidence gaps identified
Human Review Required
  • Custom domain requires specialist human review before decision
  • Cross-domain reviewer panel required
Blocked
  • Critical domain-specific evidence families absent
  • Custom reviewer rejects clearance on domain-specific grounds

Measurement

Evidence families we can structure.

The measurable evidence categories relevant to this context and the evidence signals they produce.

Configurable Evidence Matrix

Select from all standard evidence families — or define domain-specific custom families. Configure thresholds, required fields, and reviewer routing per family.

Custom Context Packages

Pre-configured evidence sets for common cross-domain combinations: health-research, financial-HR, government-health, research-dataspaces, and others.

Custom Reviewer Routing

Define which reviewer roles receive which evidence sections. Route custom domain evidence to specialists outside the standard DPO/CISO/Procurement path.

Underpromise Configuration

Define domain-specific underpromise language — what AffectLog will not claim — for your context. Ensures trust and honest scope in every Passport.

Jurisdiction-Specific Metadata

Add jurisdiction-specific required fields, legal basis options, and certification reference fields for non-EU contexts.

Honest scope

What remains not assessable.

AffectLog does not overclaim. These items require external expertise, regulatory process, or long-term study.

Any evidence family not yet integrated with AffectLog

Evidence collection requires integration with the relevant tool or a local runner deployment. Custom domains outside our current package set require integration work.

Instead: Contact the AffectLog team to discuss integration requirements for your specific tooling stack.

Domain-specific regulatory compliance without specialist input

Highly specialised regulatory contexts require domain experts who understand the specific legal obligations of that sector and jurisdiction.

Instead: Engage domain specialists alongside AffectLog. We provide the technical evidence infrastructure; specialist input provides the regulatory interpretation.

Example

Sample Passport for this context.

AI Evidence PassportCleared with Limits

HealthFinance Analytics Platform

Cross-domain research and risk analytics · Health + Financial

Evidence71%
Expiry30 Sep 2026
Raw data exportoff
ALP-2026-CUSTOM-HF3X

Access conditions

Health domain: local-only inference — clinical data stays on-premises
Financial domain: Distribution Drift Monitor active
Research domain: consent scope confirmed — ethics committee reviewed
Cross-domain DTA confirmed between health and financial controllers
Clinical specialist and financial risk reviewer both required for clearance
Bi-annual review covering all three domain evidence families

What we will not overclaim

Custom Passports are only as strong as the evidence families configured. AffectLog does not overclaim coverage for domain-specific obligations outside our integrated evidence packages. We make explicit which families are configured, which are pending integration, and what specialist review is required.

Common questions

Questions this context raises.

Our AI context is too specific for any off-the-shelf governance tool.

That is exactly why custom Passports exist. AffectLog provides the configurable infrastructure — you define the evidence families, reviewer roles, access conditions, and underpromise language for your specific context.

We already have a bespoke internal governance process.

AffectLog can structure your internal evidence as Signal Receipts and attach it to a Passport — making your existing governance visible to procurement, DPO, and external reviewers without replacing your internal workflow.

Get started

Design a Passport for
your specific sensitive context.

Talk to the AffectLog team about your cross-domain or sector-specific AI governance requirements. We can configure custom evidence families, reviewer routing, and access conditions for your context.

AffectLog provides configurable technical and operational evidence infrastructure. Not legal advice, regulatory certification, or domain-specific compliance sign-off.