By Sector / Foundation Models
Foundation Model Governance
General-purpose LLM platforms scored against cross-cutting US AI governance frameworks. Foundation models score lower than sector-vertical vendors because sector-specific obligations (Section 1557, SR 11-7, ABA Op 512) are downstream deployer responsibilities, scored N/A here.
Why this sector view
Foundation model selection is the most cross-cutting AI decision US enterprises make — the choice cascades through every downstream productivity, vertical, and custom application. The composite uses baseline (unamplified) weights since foundation models are general-purpose; the sector-specific scoring axes are scored N/A and excluded from the composite denominator.
Primary frameworks anchored
- NIST AI RMF 1.0 + GAI Profile (NIST AI 600-1)
- Colorado AI Act SB 24-205
- NYC Local Law 144, CA AB 2013, IL HB 3773, TN ELVIS Act, UT SB 149
- EO 14110 + OMB M-24-10 (federal procurement)
- ISO/IEC 42001 (international AI MS)
| # | Vendor | Score | Grade | BAA | Opt-out | US Res | SOC 2 | ISO 42001 | NIST AI | CO AI | §1557 | SR 11-7 | ABA 512 | Subproc | TC |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Anthropic Claude | 58 | C | Partial | Yes | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 2 | Google Gemini for Workspace | 58 | C | Partial | Partial | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 3 | OpenAI ChatGPT & API | 53 | D | Partial | Partial | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 4 | Meta Llama | 25 | F | No | Yes | Yes | No | No | No | No | N/A | N/A | N/A | No | 2/5 |
| 5 | Perplexity AI | 19 | F | No | Partial | No | Partial | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
Buyer's guide for this sector
For foundation model selection, the highest-leverage scoring axes are BAA tier coverage (enterprise vs consumer gap is the #1 shadow-AI source), training opt-out default, US data residency configuration, and trust-center maturity. Sector overlays are deployer responsibility — but the foundation vendor's posture on cross-cutting axes determines how much governance work the deploying organization inherits.
Operationalize the scoring
NIST AI RMF Implementation Guide
The Index tells you which vendors clear the bar. The companion resource tells you how to turn that selection into a deployable governance program with documented evidence.
NIST AI RMF Implementation Guide →Scoring as of 2026-05-13 from public information (vendor trust portals, BAAs, SOC report cover pages, model cards, vendor documentation). Posture changes frequently — re-verify with the vendor's trust center before contract. Methodology: read the full methodology.
Turn the scoring into a deployable program
The Index tells you the posture. These engagements turn the posture into operational evidence.