UK-Based AI Founder Publishes Three Open-Access Working Papers on the Operational Standard for AI Governance

Three papers: AOS-1 control plane, AOS-1 Verified certification scheme, GAIO Doctrine. Ahead of EU AI Act August 2026 enforcement.

Rami Mohammed Kheir, founder of mAIb Tech LLC and principal of AOS Trust, has published three open-access working papers setting out the operational standard for AI governance in regulated enterprises. The papers are released ahead of the EU AI Act’s high-risk-system enforcement window, which begins in August 2026.

AI governance documented on paper is not AI governance. Regulators are now asking for evidence of in-line enforcement. These papers set out the architecture for it.”

— Rami Mohammed Kheir, Founder, mAIb Tech LLC

The three papers:

1. The External Governance Layer: A reference architecture for AI decision control in regulated enterprises (AOS-1 Working Paper Series, AOS-1-WP-2026-01). Sets out a deployable reference architecture for an out-of-process control plane that intercepts AI agent actions, applies the operator’s policy in milliseconds, and writes a tamper-evident audit record. DOI: 10.5281/zenodo.20446525.

Also Read: AiThority Interview with Matej Bukovinski, Chief Technology Officer at Nutrient

2. AOS-1 Verified: A continuous-verification certification for AI management systems (AOS-1-WP-2026-02). Proposes a continuous-verification certification scheme as the replacement for annual AI certification, citing the inadequacy of point-in-time attestation for AI systems whose behaviour drifts within a single audit cycle. DOI: 10.5281/zenodo.20452961.

3. The GAIO Doctrine: Governance AI Optimization for non-AI-native enterprises (GAIO-WP-2026-01). Sets out the boundary between traditional governance, risk, and compliance work and agentic AI work, with a 90-day adoption roadmap for mid-tier audit firms and internal audit functions.
DOI: 10.5281/zenodo.20457628.

All three papers are open-access under the Creative Commons Attribution 4.0 International licence, archived on Zenodo with permanent DOIs, ORCID-linked (ORCID 0009-0009-6458-6606), and available in full at trust.aos-1.com/whitepapers and maib.io/whitepapers/gaio.

In the week of publication, Mohammed Kheir has also lodged named written submissions with three major standards and regulatory bodies: the United Kingdom AI Safety Institute (DSIT), the United States National Institute of Standards and Technology (NIST) on the AI Risk Management Framework and the AI 600-1 Generative AI Profile, and the European Commission’s AI Office on the General-Purpose AI Code of Practice consultation.

The papers consolidate the technical architecture, certification scheme, and operating model behind AOS-1 — an open standard for AI governance now in deployment at first-mover regulated enterprises in financial services, insurance, and audit. The AOS-1 Verified certification scheme is on a published path toward EU AI Act Article 43 notified-body designation via ISO/IEC 17065 accreditation.

“Most enterprise AI programmes in 2026 are operating two parallel governance regimes: a paper one — committee minutes, model registers, policy documents — and a real one — what the model actually did in production last Tuesday at 14:32 UTC,” said Rami Mohammed Kheir, founder of mAIb Tech LLC. “The gap between the two is the single largest unaddressed risk on the modern enterprise risk register. These papers set out the architecture that closes it.”

The AOS-1 standard maps to eight regulatory and industry frameworks: ISO/IEC 42001:2023, the EU AI Act (Regulation 2024/1689), the NIST AI Risk Management Framework 1.0 and the NIST AI 600-1 Generative AI Profile, ISO/IEC 27001:2022, SOC 2, the Colorado AI Act (SB24-205), and the Korean AI Framework Act. The cross-walk between AOS-1 controls and the eight frameworks is publicly maintained at trust.aos-1.com/crosswalk. The working papers have also been submitted to SSRN for indexing and abstract distribution.

Also Read: ​​AI systems – Interoperable AI systems: Connecting models across platforms

[To share your insights with us, please write to psen@itechseries.com]