7DEA

Chapter 26

Open the AppBack to Docs Home

Chapter 26: Lens Definitions

7DEA lenses are structured perspectives for reading an AI deployment, governance question, or deliverable. A lens helps organize the review: what baseline applies, what jurisdiction or standard may matter, what evidence is useful, and which limits should stay visible while people make decisions.

Lens output is product guidance and decision support. It is not legal advice, a compliance certification, or a substitute for qualified human review. The safest pattern is to begin with the Universal baseline, add standards or jurisdictional overlays only when the operating context justifies them, and keep the live Lens Catalog as the current product surface for availability and plan state.

How to Use This Chapter

Use this chapter when you need a plain-language definition of a lens before choosing it in the app. Use the live Lens Catalog when you need the current catalog version, status labels, plan badges, or signal-sync posture. If a lens is status-tracked or feed-based, treat it as monitored context that still requires human interpretation.

Related workflow shortcuts: start with Aegis onboarding on /start-here, browse the live Lens Catalog at /lens-catalog, create a governance record from /deliverables/new when your account state permits it, review plan-specific availability on /billing, and use enterprise audit support when the work involves higher-impact organizational review.

All 19 Lenses at a Glance

| Lens | ID | Family | Jurisdiction | Minimum plan | Status | | --- | --- | --- | --- | --- | --- | | Universal Governance Baseline | UNIVERSAL | core lens | GLOBAL | Pilot | stable | | ISO/IEC 42001 AIMS | ISO_42001 | standards-oriented lens | GLOBAL | Growth | stable | | ISO/IEC 23894 AI Risk Management Guidance | ISO_23894 | standards-oriented lens | GLOBAL | Growth | stable | | NIST AI RMF 1.0 | NIST_AI_RMF_1 | standards-oriented lens | US, GLOBAL | Growth | stable | | Council of Europe Framework Convention on AI | COE_AI_CONVENTION | status-tracked lens | EUROPE, GLOBAL | Growth | status-tracked | | OECD AI Principles | OECD_AI_PRINCIPLES | standards-oriented lens | GLOBAL | Growth | stable | | UNESCO Recommendation on the Ethics of AI | UNESCO_ETHICS_AI | standards-oriented lens | GLOBAL | Growth | stable | | UK Legislation Privacy Feed (Regulatory Updates) | UK_LEGISLATION_PRIVACY_FEED | status-tracked lens | UK | Enterprise | planned/status-tracked | | Australia Privacy Act Feed (Regulatory Updates) | AU_PRIVACY_ACT_FEED | status-tracked lens | AU | Enterprise | planned/status-tracked | | Korea AI Framework Feed (Regulatory Updates) | KR_AI_FRAMEWORK_FEED | status-tracked lens | KR | Enterprise | planned/status-tracked | | EU AI Act | EU_AI_ACT | jurisdictional overlay lens | EU | Growth | stable | | Texas Responsible AI Governance Act (TRAIGA) | US_TX_TRAIGA | jurisdictional overlay lens | US-TX | Growth | stable | | Texas Data Privacy and Security Act (TDPSA) | US_TX_TDPSA | jurisdictional overlay lens | US-TX | Growth | stable | | California SB 53 | US_CA_SB53 | jurisdictional overlay lens | US-CA | Growth | stable | | California Privacy (CCPA/CPRA) | US_CA_PRIVACY_CCPA_CPRA | jurisdictional overlay lens | US-CA | Growth | stable | | UAE Federal PDPL | UAE_PDPL | jurisdictional overlay lens | UAE | Growth | stable | | DIFC Data Protection | UAE_DIFC_DP | jurisdictional overlay lens | UAE-DIFC | Enterprise | stable | | ADGM Data Protection | UAE_ADGM_DP | status-tracked lens | UAE-ADGM | Enterprise | status-tracked | | Canada Bill C-27 (CPPA + AIDA) | CA_BILL_C27_CPPA_AIDA | status-tracked lens | CA | Enterprise | status-tracked |

Universal Governance Baseline (UNIVERSAL)

What it is: Cross-jurisdiction baseline for accountable AI governance and evidence-ready operations.

What it is best for: A first-pass governance baseline before deciding whether standards-oriented or jurisdiction-specific overlays are justified.

When to use it: Use it at the beginning of most workflows, especially when you need a stable baseline before adding more specific lenses.

What it helps surface: Governance ownership and decision accountability; Risk assessment and impact triage; Human oversight and escalation controls; Monitoring, incident response, and traceability.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Pilot. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

ISO/IEC 42001 AIMS (ISO_42001)

What it is: AI management system requirements standard for organizational governance and controls.

What it is best for: Teams that need a recognized governance, ethics, or risk-management vocabulary beyond the Universal baseline.

When to use it: Use it when the organization, buyer, reviewer, or internal control program expects this standard or principle family to shape the review.

What it helps surface: Context and leadership commitments; Operational planning and control; Performance evaluation and internal audit; Corrective action and continual improvement.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

ISO/IEC 23894 AI Risk Management Guidance (ISO_23894)

What it is: Risk management guidance focused on AI-specific harms and uncertainty.

What it is best for: Teams that need a recognized governance, ethics, or risk-management vocabulary beyond the Universal baseline.

When to use it: Use it when the organization, buyer, reviewer, or internal control program expects this standard or principle family to shape the review.

What it helps surface: Risk context and tolerance definition; Hazard identification and scenario analysis; Treatment options and residual risk acceptance; Continuous monitoring and risk communication.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

NIST AI RMF 1.0 (NIST_AI_RMF_1)

What it is: Voluntary framework for trustworthy AI governance and risk management.

What it is best for: Teams that need a recognized governance, ethics, or risk-management vocabulary beyond the Universal baseline.

When to use it: Use it when the organization, buyer, reviewer, or internal control program expects this standard or principle family to shape the review.

What it helps surface: Governance and accountability; Risk mapping and contextualization; Measurement and validation; Risk response and control operations.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: AVAILABLE_PR_PENDING.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Council of Europe Framework Convention on AI (COE_AI_CONVENTION)

What it is: Treaty framework for AI aligned with human rights, democracy, and rule of law.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: Human rights impact safeguards; Democratic accountability; Rule-of-law consistency; Remedy and oversight mechanisms.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: status-tracked. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

OECD AI Principles (OECD_AI_PRINCIPLES)

What it is: Policy principles for innovative, trustworthy, human-centered AI.

What it is best for: Teams that need a recognized governance, ethics, or risk-management vocabulary beyond the Universal baseline.

When to use it: Use it when the organization, buyer, reviewer, or internal control program expects this standard or principle family to shape the review.

What it helps surface: Human-centered values; Transparency and explainability; Robustness and security; Accountability and governance.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

UNESCO Recommendation on the Ethics of AI (UNESCO_ETHICS_AI)

What it is: Global ethics recommendation for rights, sustainability, and responsible AI governance.

What it is best for: Teams that need a recognized governance, ethics, or risk-management vocabulary beyond the Universal baseline.

When to use it: Use it when the organization, buyer, reviewer, or internal control program expects this standard or principle family to shape the review.

What it helps surface: Human rights and dignity; Fairness and non-discrimination; Environmental and social wellbeing; Governance and accountability mechanisms.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

UK Legislation Privacy Feed (Regulatory Updates) (UK_LEGISLATION_PRIVACY_FEED)

What it is: Regulatory update feed for UK privacy and AI-adjacent legislative monitoring.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: Regulatory update monitoring; Universal control mapping; Impact triage and remediation; Audit-ready evidence continuity.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: planned/status-tracked. Signal sync: WIRED.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Australia Privacy Act Feed (Regulatory Updates) (AU_PRIVACY_ACT_FEED)

What it is: Regulatory update feed for Australia Privacy Act monitoring.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: Regulatory update monitoring; Universal control mapping; Impact triage and remediation; Audit-ready evidence continuity.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: planned/status-tracked. Signal sync: WIRED.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Korea AI Framework Feed (Regulatory Updates) (KR_AI_FRAMEWORK_FEED)

What it is: Regulatory update feed for Korea AI framework monitoring.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: Regulatory update monitoring; Universal control mapping; Impact triage and remediation; Audit-ready evidence continuity.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: planned/status-tracked. Signal sync: WIRED.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

EU AI Act (EU_AI_ACT)

What it is: Risk-based EU AI regulation with obligations by risk class and provider/deployer role.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch EU.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes EU relevant.

What it helps surface: Risk classification and prohibited-use checks; Technical documentation and logging; Human oversight and post-market monitoring; Transparency and deployer/provider responsibilities.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Texas Responsible AI Governance Act (TRAIGA) (US_TX_TRAIGA)

What it is: Texas governance framework for AI systems with transparency and prohibited-practice obligations.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch US-TX.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes US-TX relevant.

What it helps surface: Consumer-facing transparency notices; Use limitation and prohibited-practice screening; State governance accountability; Complaint and remediation workflow.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Texas Data Privacy and Security Act (TDPSA) (US_TX_TDPSA)

What it is: Texas privacy/security law establishing controller and processor obligations.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch US-TX.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes US-TX relevant.

What it helps surface: Data inventory and purpose limitation; Consumer rights request handling; Sensitive data consent governance; Processor contract and security controls.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

California SB 53 (US_CA_SB53)

What it is: California transparency and safety expectations for advanced/frontier model deployments.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch US-CA.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes US-CA relevant.

What it helps surface: Frontier model transparency reporting; Safety testing and release governance; Incident disclosure readiness; Accountability and records retention.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

California Privacy (CCPA/CPRA) (US_CA_PRIVACY_CCPA_CPRA)

What it is: California privacy regime for consumer rights, notice, and high-risk data processing controls.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch US-CA.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes US-CA relevant.

What it helps surface: Privacy notice and disclosure requirements; Consumer rights workflows; Sensitive personal information controls; Service provider and contractor obligations.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

UAE Federal PDPL (UAE_PDPL)

What it is: UAE federal personal data protection regime for controllers/processors.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch UAE.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes UAE relevant.

What it helps surface: Legal basis and processing purpose controls; Data subject rights workflows; Cross-border transfer safeguards; Security and breach response obligations.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Growth. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

DIFC Data Protection (UAE_DIFC_DP)

What it is: DIFC-specific privacy framework aligned to international data protection practices.

What it is best for: Deployments, customers, reviewers, or data-processing contexts that touch UAE-DIFC.

When to use it: Use it when the deployment footprint, user population, customer requirement, or reviewer scope makes UAE-DIFC relevant.

What it helps surface: DIFC lawful processing governance; Rights request response controls; Transfer and processor safeguards; Compliance officer and governance records.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: stable. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

ADGM Data Protection (UAE_ADGM_DP)

What it is: ADGM-specific privacy and data transfer obligations for entities in ADGM.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: ADGM processing governance; Rights management and response SLAs; Transfer impact and safeguards; Regulatory accountability records.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: status-tracked. Signal sync: NOT_AVAILABLE.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Canada Bill C-27 (CPPA + AIDA) (CA_BILL_C27_CPPA_AIDA)

What it is: Canadian legislative package proposing CPPA reforms and the AIDA framework.

What it is best for: Situations where monitored regulatory or framework context matters, but the team still needs cautious human interpretation.

When to use it: Use it when the status or movement of the named regime is relevant to planning, monitoring, or review, while keeping the uncertainty visible.

What it helps surface: Proposed consumer privacy reforms; Proposed high-impact AI obligations; Governance and accountability expectations; Status monitoring and change management.

Limits / caution: 7DEA lens output is product guidance and decision support; it is not legal advice, compliance certification, or a substitute for qualified human review. Minimum plan: Enterprise. Current catalog status: status-tracked. Signal sync: WIRED.

Related workflow shortcut: open /lens-catalog to confirm current catalog and plan posture before running the lens, then use /deliverables/new only when your account state permits creation.

Safe Lens Selection Pattern

A good first run normally starts with Universal. Add a global standard when the organization needs that recognized governance vocabulary. Add a jurisdictional overlay when the deployment or customer footprint actually touches that place or regime. Add a status-tracked lens when monitored context is useful, while staying clear that monitored context still requires human interpretation and may not represent a settled obligation.

If you are unsure, ask Aegis which manual section or lens family is closest to the deployment description, then verify the live catalog entry and plan state before treating the lens as operationally available.