CIA+EFT Framework: AI Security Questions UK Boards Are Asking
What the CIA+EFT framework is, why traditional security controls leave gaps in AI systems, how it maps to ISO 42001 and the EU AI Act and how to apply it in practice. For UK boards, CISOs, DPOs and AI governance leads.
This FAQ answers the questions UK boards, CISOs, DPOs and AI governance leads bring to us about the CIA+EFT framework: what it is, why traditional security controls leave gaps in AI systems, how it maps to ISO 42001 and the EU AI Act and how to apply it in practice. If you’re working out whether your existing controls cover AI-specific failure modes, or who owns the seam between security and governance, start here.
What is the CIA+EFT framework for AI security and why does it matter?
CIA+EFT is an integrated AI security framework that combines the traditional CIA triad (Confidentiality, Integrity, Availability) with three AI-specific dimensions: Explainability, Fairness and Traceability. The combined framework gives boards a single coherent vocabulary covering both classical security risk and the failure modes unique to AI systems.
It matters because AI systems fail in ways traditional security cannot detect or prevent. A model can be perfectly confidential, have intact training data and remain highly available while producing biased outputs, unexplained decisions or silently drifting over time. None of those failures show up in a traditional security review. CIA+EFT closes that gap by giving technical and governance teams one framework to assess against, one set of controls to evidence and one risk language for the board. For UK organisations operating under ISO 42001 and EU AI Act obligations, that integration is no longer optional.
How does CIA+EFT extend the traditional CIA triad for AI systems?
The traditional CIA triad covers data and infrastructure: keeping information confidential, ensuring it isn’t tampered with and keeping systems available. Those concerns remain valid for AI, but they don’t address model behaviour.
CIA+EFT adds three dimensions that do. Explainability asks whether we can justify a model’s outputs to a regulator, a customer or an internal reviewer. Fairness asks whether outcomes are equitable across protected groups and use contexts. Traceability asks whether we can reconstruct what the model did, with which inputs, against which version and why. These three dimensions address the failure modes that are unique to AI: opaque reasoning, embedded bias and silent model drift across retraining cycles. Together with CIA, they give a complete picture. Without them, an organisation can pass a security audit and still be exposed to regulatory action, discrimination claims or reputational damage from AI behaviour it cannot explain.
What questions should UK boards ask about AI security frameworks?
Three integrated questions surface most of the gaps we see.
First, which AI systems are in scope and what is their risk classification? Many organisations cannot produce a complete inventory of AI use, including embedded third-party features. Without scope, no framework applies.
Second, how is each CIA+EFT dimension assured in production, with named controls? Asking about Explainability, Fairness and Traceability alongside Confidentiality, Integrity and Availability forces teams to expose where assurance is thin. Often the AI-specific dimensions have no named owner or named control.
Third, who owns the evidence when a regulator, customer or auditor requests it? This is the question that exposes the governance seam. Technical teams hold logs; governance teams hold policy; neither side holds the integrated record. CIA+EFT clarifies that ownership.
How does CIA+EFT map to ISO 42001 and the EU AI Act?
CIA+EFT is designed to map cleanly onto both. ISO 42001 requires an AI management system covering risk assessment, impact assessment, lifecycle controls and continuous monitoring. The CIA dimensions align with the technical and operational controls; Explainability, Fairness and Traceability align with the AI-specific clauses around transparency, bias management and lifecycle documentation.
For the EU AI Act, the mapping is similar but obligation-driven. High-risk AI systems must demonstrate transparency to users (Explainability), non-discrimination across affected groups (Fairness) and complete technical documentation plus logging of operation (Traceability). The CIA dimensions remain necessary for the cybersecurity obligations the Act imposes on high-risk systems.
The practical benefit is that one CIA+EFT assessment produces evidence usable for both regimes, rather than running parallel ISO and AI Act workstreams that collect overlapping data in incompatible formats.
What does explainability mean in the context of AI security?
Explainability means the organisation can justify a model’s outputs to the people who need to understand them: regulators, customers affected by a decision, internal reviewers and the board. It is not the same as making a model fully transparent at the algorithmic level. For most production systems, explainability is about documented reasoning at the decision level: what inputs drove this output, what the model’s confidence was, what alternatives it considered and what human review applied.
In security terms, explainability is a control. It protects against the failure mode where a model produces a harmful or contested output and the organisation cannot defend it. We treat explainability assurance as a named requirement with named owners, documented methods (such as feature attribution, counterfactual records or decision logs) and evidence retained for the period the regulator or contract requires.
How do you measure fairness in a production AI system?
Fairness measurement starts with defining the protected groups and outcomes relevant to the system’s purpose. A recruitment model and a credit decision model have different fairness contexts, and a single statistical metric will not cover both.
In practice we look at three layers. First, input fairness: is the training data representative and free of known proxies for protected characteristics? Second, output fairness: across the live decision population, are outcome rates and error rates equitable across the defined groups, within an acceptable tolerance? Third, process fairness: is there a documented route for affected individuals to challenge an outcome, and is that route used?
Measurement is continuous, not one-off. Models drift, populations change and fairness metrics that held at launch can degrade silently. CIA+EFT treats fairness monitoring as a production control with thresholds, alerts and owners, in the same way availability monitoring is treated for traditional systems.
What evidence does traceability require for regulatory audit?
Traceability evidence has to answer the question: can you reconstruct what this AI system did, when, why and against which version, to a standard a regulator will accept?
In practice that means model version records (including training data version and hyperparameters), input logs for production inference, output logs with confidence scores, the human review record where applicable, change logs covering retraining and configuration changes and a documented chain of approval for each version going to production. For EU AI Act high-risk systems, this extends to the full technical documentation set the Act requires.
The common gap we find is that organisations have logs but not a coherent record. Inference data sits in one platform, model registry in another, governance approvals in a third document store. Under audit pressure, reconstructing a single decision becomes a multi-week exercise. CIA+EFT traceability assurance addresses this by requiring the integrated record exists and is queryable before it’s needed.
Who owns CIA+EFT outcomes inside a UK organisation: CISO, DPO or board?
The board owns the risk. The CISO and DPO share operational ownership of the controls, but neither owns the whole framework alone and that is the point.
Classical CIA dimensions sit naturally with the CISO. Fairness and aspects of Explainability often sit with the DPO or a dedicated AI ethics or governance lead, particularly where protected characteristics and individual rights are involved. Traceability is typically split: technical logs sit with engineering, policy and approval records sit with governance.
What CIA+EFT does is make the split explicit and require a named integrator. In larger organisations this is often an AI governance committee chaired at executive level, with the CISO, DPO, Chief Data Officer and a business sponsor as standing members. In smaller organisations it can be a single named role with a clear mandate. The failure mode we see most often is no integrator at all, with each function owning its piece and no one owning the joins.
How does CIA+EFT apply to third-party AI tools like Microsoft Copilot or ChatGPT Enterprise?
It applies fully, but the assurance method changes. For third-party AI tools, the organisation cannot directly control the model. What it can control is the data flowing in, the use cases permitted, the human review layer and the records retained.
For Confidentiality, Integrity and Availability, vendor contracts and security assessments cover most of the ground. For Explainability, the question becomes: can we explain to a customer or regulator why a Copilot-assisted decision was made, including the human accountability layer? For Fairness, the question is whether the use case has been assessed for differential impact, given that the underlying model’s fairness properties are largely opaque to us. For Traceability, the organisation must retain its own record of which decisions used the tool, what inputs were provided and what was done with the output.
We treat third-party AI as in scope for the same CIA+EFT assessment as in-house systems. The controls differ, but the framework and the evidence requirements do not.
What are the most common CIA+EFT gaps found in initial assessments?
Three gaps come up repeatedly.
The first is incomplete scope. Organisations underestimate their AI footprint, particularly embedded AI features in SaaS tools and machine learning components inside business applications. Until scope is complete, the rest of the framework cannot apply.
The second is traceability fragmentation. Logs, model registries and approval records exist, but they are not joined. Reconstructing a single AI decision requires pulling data from multiple systems with no shared identifier, which means the organisation cannot respond to a regulator or affected individual within reasonable time.
The third is ownership of the AI-specific dimensions. Explainability, Fairness and Traceability often have no named owner in the operating model. The CISO assumes the DPO has them; the DPO assumes the AI engineering team has them; the engineering team assumes governance has them. CIA+EFT assessment surfaces this by asking for named controls and owners against each dimension, and the named gap is usually where remediation starts.
If you want to see how CIA+EFT maps against your current AI estate, book a 30-minute AI Security Gap Analysis call with our team. For background on the framework itself, read our pillar article on the CIA+EFT integrated AI security framework and our related guidance on ISO 42001 readiness and EU AI Act preparedness.
See how CIA+EFT maps against your AI estate
A 30-minute scoping call with a QL Security practitioner: current AI inventory, where the seams sit between security and governance, plus a sequenced view of CIA+EFT remediation for your risk profile.