Scope

This report documents the application of Governance Schema (GovSCH), an open-source, machine-readable schema for authoring and translating cybersecurity and artificial intelligence (AI) governance documents, as a valuable resource for compliance officers, regulators, engineering teams, and tech policymakers. It applies three distinct schemas, one each for (1) executive orders, (2) frameworks, and (3) regulations.

These sources (presented in Table 1 below) were deliberately selected because they collectively represent governance instruments that are high-impact—based on the scope of their coverage at national and sector levels—and shape cybersecurity, AI, and privacy policy globally. The U.S. executive orders were chosen due to their role in setting national priorities for cybersecurity and AI governance and their explicit emphasis on machine-readable policy development. The National Institute of Standards and Technology (NIST) and Department of Defense (DoD) risk management frameworks were included for their structured approach to system-level cybersecurity governance and widespread use in federal and defense contexts. The international privacy and data protection regulations, spanning jurisdictions in the Americas, Europe, Africa, and Asia, were chosen for their regulatory diversity and global influence, ensuring that the schema reflects a broad range of legal and cultural approaches to governance. Together, these instruments provide a representative sample for demonstrating the three GovSCH schemas: a U.S.-focused schema for executive orders, a U.S.-focused schema for frameworks, and an internationally focused schema for regulations.

Limitations

This report adopts a focused scope to ensure depth and manageability. It does not include all cybersecurity, AI, or data governance documents. Regulations, frameworks, or executive directives outside the abovementioned instruments are excluded from analysis. Furthermore:

• The schema is not a compliance tool and does not provide legal advice or substitute for regulatory interpretation. Instead, it is a structural model for documenting and translating governance documents.
• The analysis prioritizes structural application of GovSCH rather than detailed interpretative analysis of each instrument’s substantive legal or policy content.
• While several regulations included are international in scope, the schema design remains primarily influenced by U.S. executive orders and NIST frameworks, which may shape its orientation.
• Validation of GovSCH through live implementation or formal standardization processes is outside the scope of this report and is identified as an area for future research and collaboration.

These boundaries intentionally focus on the primary objective: documenting and demonstrating the use of three GovSCH schemas in translating diverse governance instruments into a consistent, machine-readable format, with schema documentation and examples available on the project’s GitHub repository.