concept

GovSCH

Also known as: Governance Schema

Facts (68)

Sources

GovSCH: An Open-Source Schema for Transforming Governance ... newamerica.org New America Oct 28, 2025 68 facts

claimGovSCH functions as a foundation for harmonizing the translation of executive intent across diverse governance contexts, similar to academic proposals in AI governance like the unified control framework.

claimThe open-source nature of GovSCH allows it to evolve through community contributions, supporting emerging needs across various industries and jurisdictions.

referenceThe 'Regulation Schema' within GovSCH provides a machine-readable structure for capturing components of international data protection and privacy laws, including the General Data Protection Regulation (GDPR), the Lei Geral Proteção de Dados (LGPD) in Brazil, and the Personal Information Protection Law (PIPL) in China.

claimThe GovSCH schema design process prioritized clarity, flexibility, and interoperability when developing standardized schemas for executive orders, frameworks, and regulations.

referenceThe 'Executive Orders Schema' within GovSCH provides a standardized, machine-readable structure for capturing the essential elements of U.S. presidential executive orders, designed to accommodate varying formats and content.

claimGovSCH is an open-source schema designed for scalability and adoption across policy agencies, standards bodies, technology implementers, and the global open-source community.

procedureThe GovSCH document acquisition process involved downloading official PDF documents for U.S. executive orders, cybersecurity frameworks from NIST and DoD, and international regulatory frameworks directly from official governmental, regulatory, and standards-issuing websites to ensure authenticity and integrity.

procedureThe GovSCH computational analysis utilized GPT-4.5 and Gemini-Ultra large language models to confirm human-identified structural elements, reveal latent patterns, validate semantic consistency, and generate summaries to streamline schema definition.

claimGovSCH schemas employ hierarchical clarity by using nested structures (metadata, sections, and subsections) that mirror the original documents’ logical organization to facilitate readability and automation for teams implementing policy.

claimGovSCH is an open-source initiative that emphasizes transparency, collaborative improvement, and community engagement, with all documentation and technical specifications made freely accessible.

claimThe GovSCH project defined its schema using four key considerations: standardization of structure (uniform elements), flexibility for diversity (optional and extendable components), machine-readability (using JSON and YAML formats), and semantic clarity (meaningful naming conventions and metadata definitions).

procedureGovSCH schemas were validated using JSONlint and YAMLlint code quality validators to ensure machine-readability, aligning with practices used by compliance automation systems like OSCAL.

claimThe GovSCH project demonstrates three specific schemas: a U.S.-focused schema for executive orders, a U.S.-focused schema for frameworks, and an internationally focused schema for regulations.

claimGovSCH schemas are available in JSON and YAML formats to bridge the gap between automated compliance tools and human policy analysts, enabling integration across organizational functions.

claimThe GovSCH project's approach is centered on the principles of schema interoperability and automation.

claimGovSCH is an open-source schema designed to standardize the expression of complex governance documents to improve clarity, consistency, and interoperability across governance contexts.

claimGovSCH aims to foster a collective and shared commitment to improving global cybersecurity and AI governance through open-source collaboration.

claimGovSCH is an open-source JSON schema designed to transform governance by enabling policy documents to be structurally analyzable from their inception, rather than just during analysis.

claimGovSCH reduces the compliance burden by facilitating the automation of compliance processes, which reduces the overhead associated with manual interpretation and documentation of policy requirements.

claimGovSCH schemas are built on shared principles of clarity, semantic consistency, machine-readability, and adaptability to enable streamlined governance and compliance automation.

claimEngineering teams can use GovSCH input in compliance-as-code pipelines to accelerate compliance workflows and improve the traceability of controls, requirements, or objectives back to high-level policy rationale.

claimGovSCH aims to embody the attributes of schema openness, standardization, and industry-wide collaboration, similar to the Open Cybersecurity Schema Framework (OCSF).

claimThe GovSCH report includes international privacy and data protection regulations from the Americas, Europe, Africa, and Asia to ensure the schema reflects a broad range of legal and cultural approaches to governance.

claimThe authors of the GovSCH report selected executive orders for analysis because these orders set national priorities for cybersecurity and AI governance and emphasize machine-readable policy development.

claimGovSCH aims to reduce ambiguity and accelerate the operationalization of complex cybersecurity and AI policies by offering standardized, machine-readable structures for Executive Orders, frameworks, and regulations.

perspectiveThe authors of the GovSCH report argue that adopting structured, machine-readable governance will lead to a future characterized by greater transparency, accountability, agility, and resilience in cybersecurity and AI governance.

claimThe GovSCH project published its machine-readable schema structures, comprehensive documentation, example usage, and implementation guidelines on its GitHub repository.

claimGovSCH schemas utilize semantic consistency through clear definitions and standardized terminology to improve communication between policymakers, compliance professionals, and engineers.

claimPolicies authored in GovSCH support auditability and iterative collaboration because they can be tracked across versions and compared.

perspectiveThe GovSCH schema is a structural model for documenting and translating governance documents and is not intended to function as a compliance tool or a source of legal advice.

procedureThe GovSCH qualitative content analysis involved reading, annotating, and systematically identifying structural elements and recurring structural and semantic patterns across document types, while noting divergences to inform schema flexibility.

claimThe Governance Schema (GovSCH) project aims to address the difficulty of translating natural-language governance directives into actionable workflows by introducing a standardized, machine-readable schema for authoring cyber and AI governance documents.

claimGovSCH provides a consistent foundation for cross-domain mapping, automation, and compliance, while enabling global collaboration around governance structures, control taxonomies, and regulatory frameworks.

claimThe GovSCH schemas for executive orders, frameworks, and regulations share core design principles including structured metadata, clear hierarchies, defined roles and responsibilities, and explicit compliance mechanisms.

claimGovSCH promotes interdisciplinary collaboration by creating a common language between policy drafters, compliance specialists, and engineers, leading to reduced misunderstandings and greater organizational efficiency.

claimThe Governance Schema (GovSCH) project aims to bridge the gap between policymakers, regulatory framework authors, and engineering teams by creating an interoperable model for governance documents.

claimFuture development opportunities for GovSCH include extending the schemas into compliance automation platforms, integrating AI-assisted regulatory change management, and expanding the scope to additional governance instruments.

claimThe GovSCH report includes the National Institute of Standards and Technology (NIST) and Department of Defense (DoD) risk management frameworks because they provide a structured approach to system-level cybersecurity governance and are widely used in federal and defense contexts.

claimGovSCH enhances policy implementation by defining roles, tasks, and timelines, which enables the rapid translation of governance directives into actionable tasks and accelerates compliance cycles.

claimRealizing the full potential of GovSCH requires sustained effort, community engagement, practical validation, and continuous refinement by policymakers, regulatory authorities, and private and public sector entities.

claimThe GovSCH project hosts its schema documentation and examples on a GitHub repository.

claimGovSCH imposes a minimum, consistent authoring template for policy creation to ensure machine readability, reduce ambiguities, and avoid misinterpretations in policy language.

claimGovSCH promotes transparency and reuse by allowing policy authors to reuse, extend, and version GovSCH-compliant documents, which improves comparability across jurisdictions, accelerates onboarding, and enhances traceability.

claimThe Governance Schema (GovSCH) is an open-source, machine-readable schema designed to standardize the authoring and translation of cybersecurity and artificial intelligence (AI) governance documents.

claimGovSCH serves as a resource for policymakers, regulatory bodies, private sector enterprises, and compliance professionals by providing structured, machine-readable schemas that align governance practices with demands for clarity, interoperability, and automation.

claimGovSCH improves organizational accountability and auditability by enabling the systematic tracking, auditing, and validation of policy adherence.

procedureBy using GovSCH, engineering teams can parse Executive Orders into structured JSON/YAML formats, allowing automated compliance systems to flag deadlines, assign responsible entities, and map directives to technical tasks.

referenceThe 'Framework Schema' within GovSCH provides a standardized, machine-readable structure for capturing elements of cybersecurity and risk management frameworks, specifically citing the NIST Risk Management Framework (SP 800-37) and DoD RMF (DoDI 8510.01).

claimGovSCH bridges the gap between policy and engineering by allowing frameworks and engineering teams to read policy directly through structured data, functioning similarly to how the Open Security Controls Assessment Language (OSCAL) encodes control-level guidance.

claimGovSCH provides structured schemas for three specific types of governance documents: executive orders, frameworks, and regulations.

procedureThe GovSCH project methodology for developing and documenting schemas for U.S. executive orders, U.S.-centric cybersecurity frameworks, and international data protection regulations involves a systematic process of document acquisition, qualitative content analysis, computational analysis via LLMs, and transformation into machine-readable formats like JSON and YAML.

perspectiveGovSCH is primarily designed to simplify the authoring, interpretation, and implementation of governance documents rather than to function as a comprehensive enforcement tool.

claimFramework authors can programmatically ingest GovSCH documents to derive mappings to controls, similar to how documents from the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) are used.

claimLarge organizations managing many policies and jurisdictions can programmatically scale compliance pipelines by applying GovSCH schemas.

claimGovSCH aims to synthesize varied methodologies into comprehensive schemas tailored to executive orders, structured frameworks, and international regulations.

referenceGovSCH is a community-founded, open-source JSON schema designed for authoring cyber and AI governance documents, defining structural elements such as governance intent, policy objectives, dependencies, actors, timelines, controls, and rationale.

claimThe GovSCH open-source schema encourages participation from policymakers, regulatory authorities, industry experts, engineers, compliance professionals, and academia to ensure the continuous evolution, refinement, and practical relevance of the schemas.

claimGovSCH can be adopted by international standards organizations and regulatory bodies, such as the European Union's Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), to facilitate cross-jurisdictional coordination.

claimThe Akoma Ntoso, UKLS, and SBVR standards establish key practices for the structured encoding of formal policy and legal content, setting essential precedents for the GovSCH schema.

claimThe GovSCH report identifies the validation of the schema through live implementation or formal standardization as an area for future research and collaboration.

referenceThe Governance Schema (GovSCH) project documentation, structure, and examples are hosted on the GitHub repository at newamerica/GovSCH.

claimGovSCH addresses policy and regulatory implementation challenges such as ambiguity in policy interpretation, inconsistencies in compliance practices, and inefficiencies caused by manual processes.

claimGovSCH schemas incorporate practical flexibility through optional fields, extensible components, and flexible arrays to ensure the schemas can evolve alongside new policies, frameworks, and regulatory developments.

claimGovSCH supports rules-as-code pilots by providing a production-ready schema that aligns with mandates from agencies like NIST and CISA.

perspectiveThe views expressed in the GovSCH report are solely those of the author and do not reflect the views of New America, its staff, fellows, funders, or board of directors.

claimGovSCH is a standardized schema designed to structure and translate governance documents related to cybersecurity and artificial intelligence into machine-readable formats.

procedureThe Governance Schema (GovSCH) applies three distinct schemas, one each for executive orders, frameworks, and regulations.

claimGovSCH supports rules-as-code mandates that are scheduled to come into force by mid-2026.