Regulatory Coverage Matrix

How well do existing frameworks address the 133 risks in the Agentic AI Risk Catalog? This matrix maps every risk to 13 regulatory and industry frameworks.

Framework Coverage Summary

The table below shows how each of 13 regulatory and industry frameworks maps to the 133 agentic AI risks. "Addressed" means the framework contains specific provisions that directly govern the risk. "Partial" means the framework touches on the domain but does not address the agent-specific dimension. "Not Addressed" means the framework is silent on the risk entirely. The percentages are approximations based on systematic mapping of each framework's scope against the risk catalog.

Framework	Addressed	Partial	Not Addressed	Coverage Distribution

"The Berkeley Agentic Profile has the best coverage at ~14% addressed. Even it leaves ~58% of risks unaddressed. Traditional cybersecurity frameworks cover known threat categories but are blind to agent-specific attack surfaces. Model risk frameworks (SR 11-7) and operational resilience frameworks (DORA) each cover their domain well but cannot address the compound risk created when agents operate at the intersection of models, transactions, workflows, and data infrastructure simultaneously."

Coverage by Category

Full Regulatory Coverage Matrix

Addressed Partial Not Addressed

Category:

Show gaps only

Frameworks:

Close the Governance Gaps

No single framework covers more than 14% of agentic AI risks. Our advisory engagements help regulated financial institutions build governance architectures that address the gaps these frameworks leave behind.

Schedule a Briefing

Governance Framework Design Regulatory Landscape Back to Risk Catalog