PixelSync · AI Governance Framework · aigf.uk

Your AI is
operating.
Is it governed?

Most organisations are deploying AI with ad-hoc processes and zero enforcement architecture. AIGF is the governance infrastructure that changes this. Five enforced gates. Deterministic output. Immutable audit trail. Human authority structural, not optional.

AIGF is not a framework document. It is enforcement architecture. The difference is what your system can refuse to do.

Request a Readiness Assessment How It Works
ACT
All gates passed
WAIT
Hold. Do not proceed
REFRESH
Re-evaluate
EU AI Act | In Force GDPR Article 22 | Automated Decision Rights FCA Model Risk Guidance | Developing Up to €35M Penalty Exposure Five Enforced Gates Immutable Audit Trail Human Authority | Structural ACT · WAIT · REFRESH EU AI Act | In Force GDPR Article 22 | Automated Decision Rights FCA Model Risk Guidance | Developing Up to €35M Penalty Exposure Five Enforced Gates Immutable Audit Trail Human Authority | Structural ACT · WAIT · REFRESH
The Problem

The gap between capability and oversight

AI capability moves fast. Governance moves slow. In most organisations today, AI outputs are reviewed informally if at all. No standard scoring. No required human checkpoint. No auditable record of why a decision was made. When something fails, there is no trail.

The market is producing governance documents, maturity models, and policy frameworks at pace. Most tell you where you are. None change what your AI system is permitted to do. Assessment without enforcement is just a better document.

This is not a technology problem. It is a process problem and a liability problem that lands on the desk of your General Counsel, Chief Risk Officer, and COO.

35M
Maximum EU AI Act penalty for prohibited AI practices, or 7% of global turnover. For high-risk AI non-compliance, the tier most regulated firms face, up to €15M or 3% of turnover. Article 99, Regulation EU 2024/1689.
£17.5M
Maximum ICO penalty under UK GDPR for Article 22 violations. Automated decisions without adequate human oversight. A separate regime running alongside EU AI Act exposure.
3%
The EU AI Act penalty tier for high-risk AI non-compliance. On a £50m revenue firm that is £1.5 million before GDPR exposure, FCA action, or legal defence costs are added.
The Framework

Five gates.
No exceptions.

Every AI-influenced decision passes through five sequential gates before it is acted on. No gate can be skipped. If a gate fails, the process stops and returns a governed output, not an ungoverned result. WAIT and REFRESH are the framework functioning correctly.

01
Signal Extraction (MSE)
Is this input real, measurable, and relevant?
Raw signal scored across Signal Strength, Relevance, and Timeliness before anything else proceeds. Below threshold the process stops. Reason code: SIGNAL_INSUFFICIENT.
Deterministic
02
Contextual Alignment (CIE)
Does this align with values, positioning, and risk tolerance?
Value Alignment, Risk Tolerance, and Contextual Fit scored independently. Misalignment stops the process. Reason codes: ALIGNMENT_FAIL / CONTEXT_TIMING.
Deterministic
03
Risk Scoring (Quality Firewall)
Is composite risk within acceptable limits?
Reputational, Operational, and Contextual risk scored independently and as a composite. Both individual dimensions and composite must pass. This gate cannot be overridden programmatically. Reason code: RISK_THRESHOLD_EXCEEDED.
Hard Stop. No Override
04
Human Review (Human Intelligence Layer)
Has a qualified human confirmed this output?
Explicit human confirmation, logged with reviewer identity and timestamp. This gate cannot be automated away or skipped. REVIEWER_OVERRIDE is correct function. Human authority exercised, not a system failure.
Mandatory. Non-Skippable
05
Decision Record
Has the decision been fully documented?
Final decision, gate scores, reason codes, reviewer identity, and timestamps written to an immutable record. If the record cannot be completed, the decision is withheld, not released ungoverned. Reason code: RECORD_INCOMPLETE.
Immutable Record
Architecture

Five pillars of governed AI

The AIGF governance architecture is built on five enforced pillars. Together they move an organisation from ungoverned exposure to certified, auditable governance.

CIL
Contract Integrity Layer
In practice: every output is contract-bound before release
Governance contracts enforced at the inference layer. Every output is contract-bound before release. Behavioural scope, output format, confidence floors, and rejection protocols all defined and enforced.
OQG
Output Quality Governance
In practice: ungoverned outputs are blocked, not flagged
A Quality Firewall scores every output against a deterministic rubric. Below threshold it is rejected. Completeness, coherence, scope, and prohibited content validated before release.
DAS
Decision Auditability Standard
In practice: every decision is fully reconstructible under scrutiny
Every AI-influenced decision is fully reconstructible from an immutable audit trail. SHA-256 record hash. Gate scores, reviewer identity, and timestamps all preserved and unalterable.
HOI
Human Oversight Integration
In practice: human authority is structural, not advisory
The 5-Gate Protocol defines where human intelligence is structurally required, not optional. AI generates. A qualified human governs. The record proves it happened.
VCC
Versioned Change Control
In practice: no silent updates, full lineage on every decision
Models, prompts, contracts, and schemas are all version-controlled with rollback capability. Every change is logged. No silent updates. Full lineage from any decision back to the contract version active at the time.
Origin

Built from
lived experience

AIGF was not designed as a product. It was built inside a live AI platform because no existing framework addressed the decision governance problem that needed solving. The platform was accelerating high-stakes decisions. There was nothing governing whether those decisions were sound before they were acted on.

No existing framework fit. So the governance layer was built from scratch, inside the product, under real operational pressure. It had to work because the platform depended on it. It was stress-tested against 500 structured decision scenarios before being considered robust.

When the framework proved solid enough to stand independently, it became a product in its own right. This is governance that survived contact with reality before it was ever packaged. Built by Tom, founder of PixelSync, from direct operational experience that no workshop or research paper can replicate.

Maturity Model

Where does your organisation sit?

The AIGF Maturity Index scores your organisation across all five pillars against 40 indicators. The Readiness Assessment establishes your baseline in 2 to 3 days.

Most maturity models tell you where you are. The AMI is the entry point to the infrastructure that changes where you are. Assessment without enforcement is just a better document.

Level 0
UngovernedAd-hoc processes. No scoring. No audit trail. Full regulatory exposure.
Level 1
AwareGovernance acknowledged. Policies exist on paper. No enforcement architecture.
Level 2
DefinedContracts and rubrics defined. Inconsistently applied. Human review informal.
Level 3
GovernedAll five gates enforced. Immutable records. Human review documented. AIGF Certified.
Level 4
OptimisedContinuous calibration. Drift monitoring. Partner-level governance capability.
The cost-benefit case for a £50m firm
EU AI Act: high-risk non-compliance (3% of turnover)
£1,500,000
GDPR Article 22: ICO maximum penalty
£17,500,000
Legal defence costs (estimate)
£300,000
FCA enforcement plus licence risk
Unlimited
Combined realistic exposure
£19,300,000+
AIGF Readiness Assessment
£5,000
Full implementation
Scoped on engagement
Based on a £50m revenue firm. EU AI Act: Article 99, Regulation EU 2024/1689, high-risk AI non-compliance tier (3% or €15M, whichever is higher). GDPR: ICO maximum under UK GDPR (£17.5M or 4% global turnover). FCA enforcement is discretionary and uncapped. All figures are maximum thresholds. Actual penalties depend on severity, intent, and demonstrated mitigation. This is not legal advice.
How We Work

From assessment to certification

Every engagement begins with a Readiness Assessment. From there, the path to Level 3 governance is structured, time-bounded, and fully supported.

Start Here
Readiness Assessment
A 2 to 3 day audit producing your AMI score across all five pillars, a critical risk register, and a prioritised 90-day remediation roadmap. Valuable as a standalone. The foundation for everything that follows.
£5,000
2 to 3 working days · 50% on signature, 50% on delivery
Core Engagement
Framework Blueprint
Organisation-specific governance architecture. Contracts, quality rubrics, audit schema, gate procedures, and operator guides. The complete IP transfer. By the end, your team runs AIGF independently.
Scoped on engagement
Follows Readiness Assessment
Accelerated
2-Day Governance Sprint
Facilitated on-site workshop. Live AMI assessment, contract design, 5-Gate Protocol implementation, and a committed 90-day plan. For organisations that need to move fast.
Scoped on engagement
2 days on-site plus preparation
Ongoing
Governance Retainer
Quarterly AMI reviews, contract recalibration as your AI systems evolve, drift monitoring, and advisory support. Your governance stays current. Your certification stays valid.
Scoped on engagement
12-month minimum recommended
Get Started

Begin with a
Readiness Assessment

Establish your AMI baseline in 2 to 3 days. Understand your exposure. Build the case internally. No commitment beyond the Assessment required.

We respond within one business day. No sales calls without your consent. Contact: hello@aigf.uk