Use Cases

Six ways teams run Wahid AI.

The same platform, worked six ways from governing one initiative end to end, to answering a regulator from the record, to bringing shadow AI under control.

Use case 01 · Strategy to incident

The golden thread: one AI initiative, governed end to end.

A single use-case travels from board intent to a live incident with every step reading the same record never re-keying it. This is the exact line of sight regulators and boards ask for.

STEP 01
Declare

A business owner declares the use-case against the published strategy and guardrails.

STEP 02
Screen & route

Dual DTA + EU AI Act screening sets the tier and routes the approval.

STEP 03
Approve

One approval seeds a draft risk, opens obligations and creates the governed record.

STEP 04
Assure

The risk team ratifies, links controls and tests them; effectiveness flows back.

STEP 05
Monitor

An incident or degraded control reopens the risk and voids any reliant acceptance.

wahid · Strategy to incident
Incident register linked to risks
ZOOM IN
Use case 02 · Third-party AI

When the AI is someone else's model.

A vendor-supplied capability gets the same rigour as an in-house one. Declared at intake, the vendor is tiered on two axes dependency against exposure and the tier drives due-diligence depth, contract protections and monitoring intensity.

A material finding raises a linked risk into the main register connected both ways.
Sanctions, adverse-media, financial or cyber signals fire an automatic reassessment.
Concentration and fourth-party exposure surface early before the annual cycle.
wahid · Third-party AI
Third-party register with tiers
ZOOM IN
Use case 03 · Board assurance

One source of truth for the board.

Executives and the board don't work the register they read it. Six lenses turn the live data into oversight: Risk, Controls, Incidents, Appetite, Governance and Management. Appetite breaches, expiring acceptances and blocking obligations surface automatically.

wahid · Board assurance
Governance and board dashboard
ZOOM IN
Use case 04 · Regulator & audit response

When the regulator asks, answer from the record.

An information request lands which AI systems touch consumer decisions, what obligations apply, where's the evidence. Instead of a two-week scramble across spreadsheets, the answer is a filtered view of the register.

Every obligation carries its owner, status and citation Open through Met.
The append-only audit trail shows who decided what, when, on which version.
Framework claims say 'aligns to' never 'certified' unless it is.
wahid · Regulator & audit response
Compliance obligations with evidence states
ZOOM IN
Use case 05 · Maturity baseline

Start with an honest number.

Before the first policy is written, a baseline assessment scores governance maturity across ten domains on a 0–4 scale with ISO 42001 and EU AI Act add-ons. Gap severity is named per domain, so the remediation roadmap writes itself. Multiple units roll into one heatmap.

wahid · Maturity baseline
Maturity baseline assessment results
ZOOM IN
Use case 06 · Shadow AI

Bring the AI you didn't know about under governance.

Most organisations run more AI than their register admits copilots, embedded vendor features, a team's quiet experiment. The intake pathway is deliberately light at the front door, so declaring is easier than hiding.

Screening is instant low-risk uses get a fast lane, not a committee.
An unregistered system found in production is raised as an incident, linked to a risk.
Owner under-rating is flagged automatically when screening disagrees.
wahid · Shadow AI
AI inventory register
ZOOM IN

Which one is your Tuesday morning?

Bring your own use-cases to a guided walkthrough we'll run them through the thread live.