Production AI Institute — vendor-neutral certification for AI practitioners
Verify a credentialFor organisationsContact
PAI-8 COMPLIANCE SERVICES

Know exactly where your AI
governance stands

Independent PAI-8 gap assessments delivered by certified AI auditors. Audit-ready evidence, board-level reporting, and a clear remediation roadmap — from $997.

Request an Assessment →Read the PAI-8 Standard
Conducted by CAIAUD-certified auditors
Board-ready deliverables
No system access required
Turnaround from 5 business days

The 8 controls every enterprise AI programme must address

The PAI-8 AI Safety Standard defines the minimum governance posture for organisations deploying AI in production. It is the framework regulators, boards, and insurers are converging on.

🏛️
C1
AI Governance
Board accountability, AI ethics policy, decision gates, use case registry
⚖️
C2
Risk Assessment
High-risk classification criteria, trigger-based reassessment, risk register
🗃️
C3
Data Stewardship
Training data provenance, consent, drift monitoring, retention
🔬
C4
Model Validation
Pre-deployment evaluation, benchmark suites, bias testing, approval gates
👁️
C5
Human Oversight
HITL checkpoints, override mechanisms, escalation paths, autonomy limits
🚨
C6
Incident Response
AI-specific incident classification, response runbooks, post-incident review
📋
C7
Audit Trail
Decision logging, model versioning, explainability artefacts, log retention
🔗
C8
Vendor & Supply Chain
Third-party model due diligence, API dependency mapping, SLA requirements
Read the full PAI-8 standard →

Assessment tiers

Choose based on your timeline, regulatory exposure, and how much depth you need.

Readiness Check
$997
Delivery: 5 business days
Best for: First-time assessment, pre-audit preparation
PAI-8 C1–C8 gap survey (structured questionnaire)
Maturity level scoring across all 8 controls (L0–L3)
Priority gap register with risk classification
Executive summary (2–4 pages, board-ready)
Recommended remediation sequence
Request Readiness Check →
Most popular
Full Assessment
$1,997
Delivery: 10 business days
Best for: Regulatory due diligence, governance committee reporting
Everything in Readiness Check
Document review (policies, procedures, logs, model cards)
Stakeholder interviews (CISO, CTO, Legal, Operations)
Evidence mapping — what you have, what is missing
Detailed findings report with per-control scoring narrative
30-minute debrief call with lead auditor
Request Full Assessment →
Assessment + Remediation
$2,997
Delivery: 30 days
Best for: Compliance deadline, board mandate, investor due diligence
Everything in Full Assessment
Control implementation planning for each gap
Template policies and procedures (C1, C2, C3, C6)
60-day remediation roadmap with owners and milestones
Two follow-up calls during remediation
Re-assessment memo after remediation completion
Request Full Programme →

Who commissions a PAI-8 assessment

Risk & Compliance Teams
Trigger: EU AI Act compliance deadline, internal audit cycle, or board mandate to evidence AI governance
What you get: A structured gap register with evidence mapping and a remediation roadmap that satisfies audit committee requirements.
CISOs and CTOs
Trigger: Preparing for a security review, due diligence process, or regulatory examination that now includes AI systems
What you get: An independent assessment with findings they did not write themselves — the credibility that matters for external stakeholders.
Boards and Investors
Trigger: AI risk is now a board-level topic. Boards need to know their exposure; investors need to know portfolio companies are governed.
What you get: A concise executive summary that maps the gap between current state and the PAI-8 standard in plain language.
Procurement and Vendor Teams
Trigger: Procurement teams requiring AI governance evidence from vendors, or vendors needing to demonstrate compliance to win enterprise contracts
What you get: A standardised assessment report that enterprise customers can use directly in their supplier AI governance questionnaires.

How it works

A structured process designed to minimise your time investment while maximising audit evidence quality.

01
Submit intake form
Complete the 10-minute intake form covering your AI use cases, existing governance artefacts, and assessment timeline. We confirm scope and issue an invoice within 24 hours.
02
Questionnaire and document upload
We send a structured PAI-8 questionnaire covering all 8 controls. For Full Assessments, we also request document samples (policies, model cards, incident logs). No system access required.
03
Stakeholder interviews (Full Assessment only)
60-minute structured interviews with 2–4 stakeholders (typically CISO/CTO, Legal, AI/ML team, Operations). We follow a fixed interview guide mapped to PAI-8 controls.
04
Analysis and scoring
We score each control L0–L3 against the PAI-8 maturity model, map available evidence, identify gaps, and classify risk. We produce the gap register and findings narrative.
05
Delivery and debrief
You receive the full assessment report. Full Assessment clients receive a 30-minute debrief call to walk through findings and answer questions. Assessment + Remediation clients receive a detailed remediation roadmap and implementation support.

Frequently asked questions

Who conducts the assessment?
All assessments are conducted by CAIAUD-certified AI auditors. Lead auditors have a minimum of 3 years production AI deployment experience plus the PAI-8 certification.
Is this the same as a regulatory audit?
No. A PAI-8 assessment is a structured gap analysis against the PAI-8 standard — it is advisory, not regulatory. It is designed to prepare you for regulatory scrutiny (EU AI Act, sector-specific requirements) and to demonstrate governance maturity to boards, investors, and procurement teams.
What does the deliverable look like?
You receive a scored gap register (each control rated L0–L3), a findings narrative with supporting evidence, and a prioritised remediation roadmap. The executive summary is designed to be presented directly to a board or risk committee.
How long does it take?
The Readiness Check takes 5 business days from receipt of completed questionnaire. The Full Assessment takes 10 business days from completion of stakeholder interviews. The full Assessment + Remediation programme runs 30 days end-to-end.
What access do you need from us?
The Readiness Check requires only a completed questionnaire — no system access. The Full Assessment requires document samples (policies, model cards, logs) and 60-minute interviews with 2–4 stakeholders. We do not require direct access to production systems.
Do you offer ongoing monitoring?
Retainer agreements for quarterly assessments and continuous control monitoring are available on request. Contact us after your initial assessment.

Ready to assess your AI safety posture?

Complete the intake form and we will confirm scope and timeline within 24 hours. Assessments start at $997.

Request an Assessment →Read the PAI-8 Standard

Looking to certify as an AI auditor? View the CAIAUD certification →