Trigger: Your AI context is sensitive, specific, or cross-domain.

Custom AI Evidence Ripples

Any sensitive AI context
deserves structured evidence.

Configure evidence families, reviewer roles, access conditions, and context visas for any domain that does not fit a standard framework.

Configurable evidence matrixCustom context visasDomain-specific reviewersCross-domain hybrid Ripples

Custom Ripple Builder

1Regulatory routeArt. 6(1) · MDR Rule 11 · Class IIa
2Evidence familiesArt. 10 · Art. 12 · Art. 15 · Annex IV
3Named reviewersDPO · clinical safety officer
4Visa conditionsLocal only · re-scan on retrain
5Stated limitsLong-horizon outcomes: not assessable
Ripple generatedCleared with Limits

Generated Ripple — Preview

HealthResearch+ custom
EvidenceArt. 10 · Art. 12 · Art. 15 · Annex IV
ReviewersDPO · clinical safety officer
ScopeLocal only · ethics approval on file
ALP-CUSTOM-2026Cleared with Limits

Sensitive context

Why some sensitive contexts do not fit predefined frameworks.

AI governance frameworks often assume clean category boundaries. Real deployments cross multiple sensitive contexts simultaneously — a research platform with health data, a financial system operating in a regulated jurisdiction with specific local requirements, or an agentic AI operating across multiple sensitive domains. Custom Ripples let you configure evidence for the actual context.

Data categories in scope

Context-specific sensitive data categories
Cross-domain data (e.g. health + financial)
Sector-specific proprietary data
Jurisdiction-specific regulated data
Custom risk categories defined by context

People affected

Affected groups specific to the domainCross-domain stakeholdersJurisdiction-specific regulated populationsOrganisation-specific affected staff or users

Risk scenarios

What typically goes wrong.

Specific failure modes seen in this sensitive context — without structured evidence.

A research platform processing health and financial data is assessed against health standards only.

Financial drift, explainability, and lineage evidence missing. The intersection creates evidence gaps invisible in a single-domain review.

A sector-specific AI tool has unique compliance obligations not covered by standard evidence families.

Standard Ripple template leaves key risk categories undocumented. Regulator asks for evidence not captured in generic structure.

An agentic AI system spans HR, financial, and customer service domains.

Each domain has different evidence requirements. Generic Ripple covers none of them adequately. Multiple reviewers have different unanswered questions.

Border control, applied here

Scan the system. Issue the passport. Grant the visa.

What the scan finds in this context, what the passport records, and what conditions the visa attaches.

01

Currents

the scan

What AI is running, and what do we not know about it?

Currents opens the file against every context the system actually touches at once — not the one it was procured under. A platform spanning health and financial data is scanned against both, and the intersection is where the gaps are found.

02

Ripples

the passport

What is this system, and what is proven about it?

The Ripple carries the configured evidence families for each domain in a single record, with the reviewer routing each section requires — and marks explicitly which families are pending integration rather than reporting them as complete.

03

Droplets

the visa

May it operate HERE, on THIS data, under WHAT conditions?

The Droplet clears the system on the strictest condition set in scope, not the most convenient one: every domain reviewer must clear before the visa issues, and any single domain can revoke it.

Scope

What needs a Ripple.

Cross-domain AI spanning multiple sensitive contexts
Sector-specific AI with custom regulatory obligations
Organisation-specific AI with unique reviewer workflows
Jurisdiction-specific AI with local evidence requirements
Emerging context AI where standard frameworks do not apply
Agentic AI systems operating across multiple sensitive domains
Hybrid research-commercial-clinical AI platforms

Stakeholder workflow

From trigger to access decision.

1

Scan

Art. 6 route · Annex III test

2

Evidence call

Annex IV · Art. 10 bias file

3

Seal Review

DPO · CISO · Art. 14 owner

4

Droplet

Conditions bound · expiring

5

Re-scan

On retrain, drift or model swap

AI Governance Lead

An AI system does not fit existing sensitive-context Ripple templates.

Design a custom Ripple with the AffectLog team. Configure evidence families, reviewer routing, and access conditions for your context.

DPO

A cross-domain AI system accesses multiple sensitive data categories.

Require all relevant evidence families to be configured in the custom Ripple before any clearance is considered.

Domain Specialist (e.g. Clinical, Legal, Safety)

Standard AI governance review is insufficient for the domain.

Define specialist review conditions in the Ripple. Become a named reviewer role in the custom routing.

Access decisions

Context Droplet conditions.

The access decisions that apply in this sensitive context — and the evidence conditions that produce them.

Cleared with Limits
  • All configured evidence families complete above threshold
  • Custom reviewer roles have completed review
  • Domain-specific access conditions documented and accepted
Review Needed
  • One or more custom evidence families incomplete
  • Domain-specific reviewer has not yet reviewed
  • Cross-domain evidence gaps identified
Human Review Required
  • Custom domain requires specialist human review before decision
  • Cross-domain reviewer panel required
Blocked
  • Critical domain-specific evidence families absent
  • Custom reviewer rejects clearance on domain-specific grounds

Measurement

Evidence families we can structure.

The measurable evidence categories relevant to this context and the evidence signals they produce.

Configurable Evidence Matrix

Select from all standard evidence families — or define domain-specific custom families. Configure thresholds, required fields, and reviewer routing per family.

Custom Context Packages

Pre-configured evidence sets for common cross-domain combinations: health-research, financial-HR, government-health, research-dataspaces, and others.

Custom Reviewer Routing

Define which reviewer roles receive which evidence sections. Route custom domain evidence to specialists outside the standard DPO/CISO/Procurement path.

Underpromise Configuration

Define domain-specific underpromise language — what AffectLog will not claim — for your context. Ensures trust and honest scope in every Ripple.

Jurisdiction-Specific Metadata

Add jurisdiction-specific required fields, legal basis options, and certification reference fields for non-EU contexts.

Honest scope

What remains not assessable.

AffectLog does not overclaim. These items require external expertise, regulatory process, or long-term study.

Any evidence family not yet integrated with AffectLog

Evidence collection requires integration with the relevant tool or a local runner deployment. Custom domains outside our current package set require integration work.

Instead: Contact the AffectLog team to discuss integration requirements for your specific tooling stack.

Domain-specific regulatory compliance without specialist input

Highly specialised regulatory contexts require domain experts who understand the specific legal obligations of that sector and jurisdiction.

Instead: Engage domain specialists alongside AffectLog. We provide the technical evidence infrastructure; specialist input provides the regulatory interpretation.

Example

Sample Ripple for this context.

Ripple — evidence passportCleared with Limits

HealthFinance Analytics Platform

Cross-domain research and risk analytics · Health + Financial

Evidence71%
Expiry30 Sep 2026
Raw data exportoff
ALP-2026-CUSTOM-HF3X

Access conditions

Health domain: local-only inference — clinical data stays on-premises
Financial domain: Distribution Drift Monitor active
Research domain: consent scope confirmed — ethics committee reviewed
Cross-domain DTA confirmed between health and financial controllers
Clinical specialist and financial risk reviewer both required for clearance
Bi-annual review covering all three domain evidence families

What we will not overclaim

Custom Ripples are only as strong as the evidence families configured. AffectLog does not overclaim coverage for domain-specific obligations outside our integrated evidence packages. We make explicit which families are configured, which are pending integration, and what specialist review is required.

Common questions

Questions this context raises.

Our AI context is too specific for any off-the-shelf governance tool.

That is exactly why custom Ripples exist. AffectLog provides the configurable infrastructure — you define the evidence families, reviewer roles, access conditions, and underpromise language for your specific context.

We already have a bespoke internal governance process.

AffectLog can structure your internal evidence as evidence records and attach it to a Ripple — making your existing governance visible to procurement, DPO, and external reviewers without replacing your internal workflow.

Get started

Design a Ripple for
your specific sensitive context.

Talk to the AffectLog team about your cross-domain or sector-specific AI governance requirements. We can configure custom evidence families, reviewer routing, and access conditions for your context.

AffectLog provides configurable technical and operational evidence infrastructure. Not legal advice, regulatory certification, or domain-specific compliance sign-off.