Singapore IMDA Model AI Governance Framework (v2) + GenAI Framework
Singapore's IMDA Model AI Governance Framework (v2, 2024) plus the accompanying Generative AI Governance Framework are Singapore's canonical AI governance guides. They cover internal governance, human involvement, operations management, stakeholder communication, and — for GenAI — accountability, incident reporting, and content provenance. Ledgix evidences each dimension.
Status: Full — every control resolves to an artifact Ledgix produces today following the Phase 2 incident module shipping.
Scope
The IMDA framework applies voluntarily to organisations designing, developing, or deploying AI in Singapore. The GenAI addendum covers foundation-model and GenAI deployers. Coverage spans internal governance, human-in-loop / human-out-of-loop / human-over-loop calibration, operations management, stakeholder communication, GenAI accountability, incident reporting, and content provenance.
Controls covered
| Field | Type | Required | Description |
|---|---|---|---|
| IMDA-MGF-INT-GOV-01 | policy_snapshots / events_jsonl | Internal Governance — Clear Structures and Policies | Versioned policy documents; each operational action bound to a specific policy version. |
| IMDA-MGF-HUM-DET-01 | events_jsonl | Human Involvement in AI Decision Making | Human-principal field and approval rationale document the applied human-involvement model per action. |
| IMDA-MGF-OPS-MGMT-01 | events_jsonl / checkpoint_chain | Operations Management — Data Quality and Decision Monitoring | Per-decision operational telemetry plus continuous integrity record. |
| IMDA-MGF-STAKEHOLDER-01 | events_jsonl | Stakeholder Interaction and Communication | Reason and citations suitable for stakeholder communication. |
| IMDA-MGF-GENAI-ACCT-01 | events_jsonl | Generative AI Addendum — Accountability | Cryptographic attribution and governance binding per GenAI action. |
| IMDA-MGF-GENAI-SEC-01 | events_jsonl | Generative AI Addendum — Incident Reporting | Signed incident records capture detection, root-cause, and corrective action; denials serve as supplementary signals. |
| IMDA-MGF-GENAI-PROV-01 | events_jsonl | Generative AI Addendum — Content Provenance | Per-action content-addressed provenance chain via event_hash, receipt_payload, policy_content_hash. |
Evidence types referenced
- policy_snapshots — versioned internal governance policies.
- events_jsonl — per-decision telemetry, reasoning, and content-addressed provenance.
- checkpoint_chain — continuous operational integrity record.
- incidents — signed structured incident records for the GenAI security dimension.
Known gaps (if any)
None — every control resolves to an artifact Ledgix produces today. The Phase 2 incident module provides structured incident records; tenants that have not enabled incident intake can still use denial-event queries as an initial proxy signal.
Audit pack workflow
Export an evidence ZIP for this framework from the admin console's Evidence Exports panel by selecting Singapore IMDA Model AI Governance Framework (v2) + Generative AI Governance Framework and a time window. Each control's evidence_locators[] in the included framework_mapping.json points to the corresponding file in the ZIP.
References
- Framework mapping JSON:
vault/internal/compliance/frameworks/singapore_imda_mgf.json - Canonical source: IMDA Model AI Governance Framework — imda.gov.sg