4iGov Portfolio

Practitioner tooling, open source projects, and case studies

Built from doctoral research in AI governance for regulated industries. Each item is publicly verifiable and in active use or development.

v1.0 Available now
The Design-Time Contract
A Jira workflow template for AI governance in regulated environments

A structured Jira workflow that embeds the governance decisions that must exist before any AI agent build starts. PM, architect, and risk manager each answer specific questions at the point of ticket creation. The answers become the evidentiary record. No separate documentation process. No additional meetings. The record is a byproduct of the workflow your team is already running.

What is included in v1.0
Universal Workflow GuideSix-stage workflow from inception to ongoing monitoring. Jira admin setup instructions included.
Epic Field ReferenceEvery Epic-level custom field defined. Name, type, why it exists, what a good answer looks like.
Story Field ReferenceEvery Story, Task, and Bug-level field for maintaining the evidentiary trail through delivery.
OWASP Agentic Top 10 OverlayAdditional mandatory fields that activate when OWASP ASI risks apply to your agent.
Quick-Start CardOne page. Five fields that matter most before any build starts. Downloadable PDF.
Attribution-readyAll templates carry 4iGov URL and version. Provenance travels with the document.
Open framework
Compliance overlays OWASP Agentic Top 10 DORA EU AI Act | coming soon FCA | coming soon HIPAA | coming soon
MVP · USA Live
Regulatory Navigator
Maps AI use cases to applicable US regulations and surfaces governance gaps

A decision-tree tool that takes an AI use case and maps it to every applicable US regulation across the current knowledge base. Surfaces obligations where formal regulatory coverage exists and flags gaps where no safe harbour applies. Built on 56 regulations across Life Insurance, Health Insurance, Banking and Lending, and FinTech spanning federal and state jurisdictions.

What is covered in MVP
56 regulations mappedFederal and state coverage across NY, CA, TX, FL, and PA. Life Insurance, Health Insurance, Banking, and FinTech industries.
5 AI use case typesClassification and scoring, autonomous decisions, recommendation, detection and monitoring, and content generation.
Safe harbour gap detectionIdentifies AI deployments that sit outside formal regulatory scope where governance expectations remain but no prescribed framework applies.
Applicability scoringEach regulation returns an applicability level with the reasoning. Not just what applies, but why and to what degree.
Open Navigator
Jurisdiction coverage USA Federal New York California Texas EU coverage | planned
v0.1 | prototype In development
Compliance Scanner
Scan AI agent code and configurations against regulations and company policies

Scans AI agent codebases and configuration files against regulatory frameworks and documented organisational policies. Identifies gaps between what was designed and what was built. Generates audit-ready findings mapped to specific regulatory obligations.

Planned coverage EU AI Act DORA OWASP Agentic Top 10 CRA
MVP 1 Active development
India Data Rights Platform

This project builds an AI-assisted compliance evaluation system for Indian data protection compliance. The system checks whether a company’s policies and internal documents are correctly aligned with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025. The user uploads company policies and fills a company profile form. The system then determines which legal obligations are applicable, maps those obligations to evidence found in the uploaded documents, identifies missing or weak implementation, computes a compliance score, suggests remediations, and generates a structured report. This system is not intended to replace a lawyer or compliance officer. It is intended to act as a structured compliance analyst that performs document review, evidence extraction, obligation matching, and first-level risk scoring.

Control-first Hybrid RAG Deterministic scoring LLM reasoning DPDP Act 2023 DPDP Rules 2025
Repository: Private
YS
Yuvraj Singh
AI Engineering  ·  LinkedIn  ·  yuvraj.pvt333@gmail.com
Interview preparation
AI Governance & Ethics Expert (including Agentic AI)
Global consulting firm  ·  Hyderabad, India  ·  2026
Role summary

Senior governance role responsible for designing, operationalising, and enhancing enterprise-level governance for AI and Agentic AI systems. Requires deep understanding of responsible AI, AI risk management, agentic AI and LLM architectures, and enterprise governance frameworks. Specific focus on NIST AI RMF, EU AI Act, and ISO/IEC standards. Cross-functional accountability across technology, risk, and business functions. 8-10 years total experience, minimum 5 in AI governance.

About this bundle

The Apple Card failures of 2019 and 2024 occurred under US jurisdiction: CFPB, TILA, and NYDFS regulatory authority. The EU AI Act, DORA, and NIST AI RMF are applied prospectively throughout, as the analytical lens through which comparable deployments should be evaluated today. This bundle does not constitute a legal finding, a regulatory determination, or an audit of Apple or Goldman Sachs.

Publication note

Originally developed as a practitioner submission for an AI governance consulting role. Published here as a practitioner reference for governance professionals in regulated financial environments.

What was prepared
Artefact 1 | AI Governance Failure Analysis
Apple Card and Goldman Sachs. $89.8M CFPB case mapped against EU AI Act, NIST AI RMF, DORA, and CFPB. Four distinct governance failures analysed.
PDF →
Artefact 2 | Enterprise AI Governance Framework
Six-stage governance workflow for AI and automated systems in regulated financial environments. Controls mapped to EU AI Act, NIST AI RMF, and DORA.
PDF →
Artefact 3 | AI Agent Capability Mapping and Risk Assessment
Pass/fail assessment across seven governance capability dimensions. Covers automated, AI-assisted, and agentic AI systems.
PDF →
Artefact 4 | Third Party AI Vendor Risk Assessment
Template and worked example for governing third party AI and ICT providers. Aligned to DORA Article 28, EU AI Act, and NIST AI RMF.
PDF →