Operational framework

REGIA

Responsible AI adoption in Latin American public institutions

"The principles already exist. What is missing is the method to implement them."

REGIA — Strategic Path for Governance and Implementation of AI. Five pillars, operational instruments and 28 international frameworks integrated.

See the 5 pillars Download handbook

The problem

Frameworks say WHAT. REGIA says HOW.

A public institution opens the OECD, NIST, UNESCO or EU AI Act handbook and finds principles and policies. What it does not find is the procedure: who signs, what is measured, how it is documented. REGIA closes that gap.

WHAT

OECD, NIST, UNESCO, EU AI Act, ISO 42001 — define principles, expectations and risk categories. They are the compass, not the road.

HOW

REGIA translates those principles into operational instruments: scorecards, matrices, fact sheets, contractual clauses, approval gates, monitoring protocols.

FOR WHOM

Public institutions in Latin America that need to execute responsible AI adoption within their operational, legal and budgetary reality.

  • 28 international frameworks integrated
  • 5 operational pillars R-E-G-I-A
  • Entry and exit gates per pillar

The 5 pillars

R · E · G · I · A

Each pillar answers a concrete institutional question and delivers ready-to-use instruments. The sequence is the full adoption journey, with entry and exit gates that condition progress.

  1. R

    Recognize

    Where are we and how prepared are we for AI?

  2. E

    Structure

    How do we govern AI decisions in our institution?

  3. G

    Manage

    How do we classify risks and control the lifecycle of every AI project?

  4. I

    Implement

    How do we redesign processes and deploy AI with measurable results?

  5. A

    Assure

    How do we verify compliance and build sustainable capacities?

The REGIA cycle is iterative

After Assure, the institution returns to Recognize at a higher maturity level — refining governance, expanding use cases and deepening capacities.

Application

How REGIA adapts to your type of organization

Not all institutions traverse the 5 pillars in the same order. The route depends on the type of organization, its current maturity and its priority objective.

Large public institution

Route

R → E → G → I → A (full)

Recommended entry
Pillar R (Diagnostic)
Previous gate
None

Local government / municipality

Route

R → G → I → A

Recommended entry
Pillar R simplified for local government
Previous gate
None

Mid-sized private company

Route

R → E → I → A

Recommended entry
Pillar R + Pillar I
Previous gate
None

SMB (10-100 employees)

Route

R(express) → I → A(lite)

Recommended entry
Direct Pillar I
Previous gate
Express diagnostic

Legislative assembly

Route

A(Verify) → A(Empower)

Recommended entry
AI-assisted legislative audit demo
Previous gate
None

Sectoral regulator

Route

E → G → A(Verify)

Recommended entry
Pillar E
Previous gate
Existing regulatory framework

Author

Mario Pérez Edwards

REGIA is the methodology developed and tested by Mario Pérez Edwards from 15 years of experience in finance, project management and building digital products, combined with two years of intensive AI implementation in the Costa Rican public sector.

AI adoption and governance consultant · UnikPrompt

  • Master's in Project Management
  • Author of the Costa Rica AI Playbook for Government (14 chapters + 27 annexes)
  • Lead of ObservatorioIA Costa Rica (public catalog of AI projects in Costa Rica's public sector)
  • 15+ years in finance and project management; two years of intensive AI implementation in the Costa Rica public sector

Pillar detail

Each pillar, in detail

Question, instruments, gates and base frameworks for each pillar. What is published here is what an adoption team needs to understand how REGIA operates before contracting.

R

Pillar R

Recognize

Institutional question: Where are we and how prepared are we for AI?

Diagnostic of institutional maturity across 6 dimensions: infrastructure, data, talent, processes, governance and culture. Identifies opportunities, measures gaps and prioritizes by impact and feasibility.

Associated service → S1, AI Adoption Diagnostic

Instruments

  • Maturity scorecard (6 dimensions, 1-5 scale)
  • Prioritization matrix (impact vs feasibility vs risk)
  • Regional benchmark (ILIA, GTMI)
  • 12-month roadmap with 3 horizons

Entry gate

Executive sponsor appointed + signed scope agreement.

Exit gate

Portfolio of prioritized cases + maturity level documented + roadmap approved by executive sponsor.

Base frameworks

  • GTMI (World Bank)
  • ILIA 2025 (CEPAL/CENIA)
  • UNESCO RAM
  • Canada AIA
  • NIST AI RMF

Each framework is invoked as a normative reference inside the pillar instruments. The full traceability detail (which control of each framework feeds each instrument and which evidence it produces) is delivered as an annex within the consulting engagement.

E

Pillar E

Structure

Institutional question: How do we govern AI decisions in our institution?

Designs the institutional governance model: AI committee, roles and responsibilities (RACI), institutional AI policy, project approval mechanism, accountability framework.

Associated service → S2, AI Strategy and Governance

Instruments

  • Institutional AI policy (adaptable draft)
  • RACI structure by project type
  • Algorithmic impact assessment protocol
  • Institutional algorithmic registry
  • Transparency record (inspired by UK ATRS)

Entry gate

Maturity diagnostic completed (Pillar R) or equivalent institutional baseline.

Exit gate

Institutional policy approved + committee constituted + RACI assigned + decision mechanism documented.

Base frameworks

  • OECD AI Principles
  • ISO/IEC 42001
  • ISO/IEC 38507
  • NIST AI RMF (Govern)
  • Singapore Model AI Governance 2.0
  • UK AI Playbook

Each framework is invoked as a normative reference inside the pillar instruments. The full traceability detail (which control of each framework feeds each instrument and which evidence it produces) is delivered as an annex within the consulting engagement.

G

Pillar G

Manage

Institutional question: How do we classify risks and control the lifecycle of every AI project?

Defines a single risk taxonomy for the whole organization. Classifies each project by risk level (low/medium/high/unacceptable), defines proportional controls, sets approval gates, no-deployment criteria and procurement protocol. All other pillars inherit this classification: Implement (I) executes according to the risk level assigned here, and Assure (A) audits against the controls defined here.

Associated service → S4, AI Applied to the Public Sector and Regulation (transversal to all pillars)

Instruments

  • Risk classification in 4 levels, 8 criteria (proprietary matrix)
  • 6 causes of unacceptable risk
  • Algorithmic impact assessment (Canada AIA adaptation)
  • Fundamental rights impact analysis
  • Public AI procurement protocol (9 clause families)
  • Interactive toolkit (8 self-service modules)

Entry gate

Institutional governance defined (Pillar E) or existing AI policy.

Exit gate

Risk level assigned + controls defined + procurement (if applicable) with approved clauses + hierarchical approval documented.

Base frameworks

  • EU AI Act (risk-based classification)
  • Canada AIA + Directive on ADM
  • NIST AI RMF (Map/Measure/Manage)
  • UK Guidelines for AI Procurement
  • BS 8611

Each framework is invoked as a normative reference inside the pillar instruments. The full traceability detail (which control of each framework feeds each instrument and which evidence it produces) is delivered as an annex within the consulting engagement.

I

Pillar I

Implement

Institutional question: How do we redesign processes and deploy AI with measurable results?

Maps candidate processes, designs TO-BE solutions with AI integrated, runs scoped pilots, measures results against baseline, and defines the scaling plan.

Associated service → S3, AI Process Redesign and Automation

Instruments

  • Process mapping fact sheet (AS-IS)
  • TO-BE design with AI
  • Per-pilot business case
  • Testing and acceptance protocol
  • Results vs baseline report
  • Scaling plan

Entry gate

Risk level assigned and controls approved (Pillar G).

Exit gate

Functional pilot + metrics vs baseline documented + decision to scale/adjust/discard + approved scaling plan.

Base frameworks

  • UK AI Playbook (lifecycle)
  • IDB fAIr LAC
  • IDB Formulation Manual
  • ISO/IEC 23053 (data quality)
  • McKinsey State of AI 2025

Each framework is invoked as a normative reference inside the pillar instruments. The full traceability detail (which control of each framework feeds each instrument and which evidence it produces) is delivered as an annex within the consulting engagement.

A

Pillar A

Assure

Institutional question: How do we verify compliance and build sustainable capacities?

Assure integrates two complementary capacities that close the cycle. Verify: technical and legal audit of AI systems, post-deployment monitoring, periodic review of controls, and legislative audit. Empower: training programs by profile (executive, technical, legal, operational, legislative) and institutional change management.

Associated service → S5 (AI Legislative Audit) + S6 (AI Training and Education) + transversal components of S4

Pillar A combines two complementary capacities: A.1 Verify (technical and legal audit + post-deployment monitoring + AI-assisted legislative audit) and A.2 Empower (training by profile + change management).

A.1

Verify

Technical and legal audit of AI systems: regulatory compliance, post-deployment monitoring (drift, robustness, incidents), periodic review of controls and legislative audit of bills.

Instruments

  • Risk traffic-light per article (green/yellow/red, output of legislative audit)
  • Comparative matrix between bills
  • Regulatory impact table
  • Post-deployment monitoring protocol (incidents, drift, re-assessment)
  • Periodic control review checklist
  • Full traceability (source, citation, model, timestamp)

A.2

Empower

Training programs by profile (executive, technical, legal, operational, legislative). From 2-hour briefings to 6-week programs. Institutional change management.

Instruments

  • 4 training formats (executive briefing, technical workshop, 4-6 week program, legislative committees)
  • Pre/post knowledge assessment
  • Practical toolkit per role
  • Institutional action plan
  • Guide '10 questions every legislator should ask about AI'
  • Bill evaluation checklist

Entry gate

Pilot or system in operation (Pillar I completed) or bill to be audited (direct entry for legislatures).

Exit gate

Compliance audit approved + active post-deployment monitoring + training program executed + institutional action plan documented.

Base frameworks

  • EU AI Act
  • NIST AI RMF (audit)
  • Canada AIA
  • ISO/IEC 42001 (conformity)
  • Singapore AI Verify
  • BS 8611
  • UNESCO RAM
  • IDB fAIr LAC (MOOC)
  • UNITAR AI Programs

Each framework is invoked as a normative reference inside the pillar instruments. The full traceability detail (which control of each framework feeds each instrument and which evidence it produces) is delivered as an annex within the consulting engagement.

International alignment

REGIA integrates 28 international frameworks

REGIA does not replace multilateral frameworks. It complements them as an organizational execution layer. This section lists the 28 integrated frameworks, the mapping with the 10 OECD principles and the operational differentiators.

28 integrated frameworks, by category

Full catalog of the frameworks REGIA explicitly integrates, with their pillars of application. Total: 28.

Multilateral

10

  • #1

    OECD AI Principles

    OECD

    E G

    Principles and policy recommendations

  • #2

    OECD.AI Policy Observatory

    OECD

    R

    Benchmarking of 900+ policies

  • #3

    UNESCO Recommendation on AI Ethics

    UNESCO

    E

    Ethical principles and Policy Action Areas

  • #4

    UNESCO RAM

    UNESCO

    R A

    Institutional readiness assessment

  • #5

    fAIr LAC

    IDB

    I A

    Ethical and feasible LAC project design

  • #6

    IDB Formulation Manual

    IDB

    I

    Project design: problem → execution

  • #7

    IDB Data Science Manual

    IDB

    I

    Technical practices by lifecycle

  • #8

    GTMI

    World Bank

    R

    Digital maturity: 4 areas, 48 indicators

  • #9

    ILIA 2025

    CEPAL/CENIA

    R

    LAC index: 3 dimensions, 19 countries

  • #10

    eLAC2026

    CEPAL

    E

    Regional digital agenda, 38 objectives

Technical standards

6

  • #11

    NIST AI RMF 1.0

    NIST

    E G A

    Govern / Map / Measure / Manage

  • #12

    ISO/IEC 42001:2023

    ISO

    E A

    AI management system (PDCA)

  • #13

    ISO/IEC 23053:2022

    ISO

    I

    Data quality for ML

  • #14

    ISO/IEC 38507:2022

    ISO

    E

    AI governance at board level

  • #15

    BS 8611:2016/A1:2023

    BSI

    G A

    AI assurance and risk management

  • #16

    ITU AI Standards

    ITU

    I

    Technical interoperability

Regulatory frameworks

7

  • #17

    EU AI Act (2024/1689)

    EU

    G

    Risk-based classification (4 levels)

  • #18

    Singapore Model AI Governance 2.0

    IMDA

    E G

    Operational governance by blocks

  • #19

    AI Verify

    Singapore

    A

    Technical testing and assurance

  • #20

    UK AI Playbook

    GDS

    R E I

    10 principles + lifecycle for government

  • #21

    UK Guidelines for AI Procurement

    UK Gov

    G

    10 procurement criteria

  • #22

    UK ATRS

    UK Gov

    E A

    Algorithmic transparency record

  • #23

    UK AI Regulation White Paper

    UK Gov

    G

    Flexible sectoral regulation

Canada

2

  • #24

    Directive on ADM

    TBS Canada

    G A

    Mandatory requirements for automated decisions

  • #25

    Algorithmic Impact Assessment

    TBS Canada

    G

    Impact assessment: 65 risks + 41 mitigations

LAC national

2

  • #26

    Colombia ENIA

    MINCIENCIAS

    E

    Policy with public-sector focus

  • #27

    Panamá Marco Regulatorio IA

    SENACYT

    G

    Operational guide for government

Private research

1

  • #28

    McKinsey State of AI 2025

    McKinsey

    R I

    Global survey, 6 transformation dimensions

Mapping with the 10 OECD principles

5 value-based principles + 5 policy recommendations. REGIA covers 5 completely and 5 partially (the complete ones are the most operational).

  • #1 · Value

    Inclusive growth, sustainable development and well-being

    ◐ Partial

    R + I

    The diagnostic evaluates impact on citizens and public service. Implementation measures results against baseline (not only efficiency, but public value).

    (Diagnostic and measurement cover impact, but there is no explicit instrument for inclusion and sustainability.)

  • #2 · Value

    Respect for the rule of law, human rights, equity and privacy

    ● Complete

    G + A (Verify)

    Risk classification with fundamental rights impact analysis. Legislative audit verifies constitutional coherence. Chapter 5 of the Playbook covers data, privacy and Costa Rica Law 8968.

  • #3 · Value

    Transparency and explainability

    ◐ Partial

    E + A

    Algorithmic transparency record inspired by UK ATRS. Institutional algorithmic registry. Chapter 12 of the Playbook covers transparency, participation and citizen oversight.

    (The record and registry cover transparency; technical explainability has no explicit instrument yet.)

  • #4 · Value

    Robustness, security and safety

    ● Complete

    G + A (Verify)

    The 8 risk classification criteria include security exposure and damage reversibility. Post-deployment monitoring (drift, incidents, re-assessment). Chapter 8 of the Playbook covers the generative AI protocol.

  • #5 · Value

    Accountability

    ● Complete

    E + A

    Per-project RACI structure. Decision mechanism documented. Governance committee with roles and responsibilities. Exit gate: hierarchical approval documented.

  • #6 · Recommendation

    Investing in AI research and development

    ◐ Partial

    R

    The diagnostic identifies opportunities by impact and feasibility. The 12-month roadmap prioritizes investments by horizon: quick wins, strategic pilots and capacities.

    (REGIA identifies opportunities but does not manage R&D budget.)

  • #7 · Recommendation

    Fostering an inclusive enabling ecosystem

    ◐ Partial

    R + I

    Regional benchmark (ILIA, GTMI) positions the institution in context. Practical automation for SMBs available as a reduced scope.

    (SMB scope exists but is not the main focus.)

  • #8 · Recommendation

    Interoperable governance and policy

    ● Complete

    E + G

    Institutional policy aligned with ENIA and international frameworks. Public procurement protocol with 9 clause families (contractual interoperability).

  • #9 · Recommendation

    Human capacity and labor market

    ● Complete

    A (Empower)

    4 training formats by profile (executive, technical, legal, legislative). Institutional action plan. Change management.

  • #10 · Recommendation

    International cooperation

    ◐ Partial

    Transversal

    REGIA integrates 28 international frameworks. The Costa Rica Playbook is aligned with ENIA (which is aligned with OECD). ObservatorioIA monitors regional adoption.

    (Integrates and monitors, but has no operational bilateral cooperation mechanism.)

Differentiators from multilateral frameworks

OECD, NIST, ISO, UNESCO, EU AI Act are the conceptual reference. REGIA operates one level below, with ready-to-use instruments.

  • Level

    Multilateral frameworks
    Principles and policies
    REGIA
    Procedures, controls and instruments

  • Audience

    Multilateral frameworks
    National policy makers
    REGIA
    Institutions that implement

  • Deliverable

    Multilateral frameworks
    Reference document
    REGIA
    Ready-to-use operational instruments

  • Tools

    Multilateral frameworks
    None integrated
    REGIA
    Interactive toolkit (8 modules) + AI-assisted implementation and audit tooling

  • Context

    Multilateral frameworks
    Global
    REGIA
    Adapted to LATAM, with Costa Rica as pilot

  • Theoretical base

    Multilateral frameworks
    Self-contained framework
    REGIA
    Integrates 28 international frameworks with traceability

  • Execution

    Multilateral frameworks
    Manual, depends on each government
    REGIA
    AI-assisted (document generation, automated audit)

  • Verification

    Multilateral frameworks
    Government self-report
    REGIA
    Traceable audit with role separation

Consulting services

Six services aligned with the pillars

Each service activates one or more REGIA pillars. Scope, duration and deliverables are agreed per organization in the proposal. Prices are not published on this site.

Code

S1

Pillar

R

AI Adoption Diagnostic

Activates Pillar R. Institutional maturity diagnostic across 6 dimensions (infrastructure, data, talent, processes, governance, culture), regional benchmark with ILIA and GTMI, case prioritization matrix and 12-month roadmap with 3 horizons.

Deliverables

  • Maturity scorecard
  • Prioritization matrix (impact/feasibility/risk)
  • Portfolio of prioritized cases
  • 12-month roadmap (quick wins, strategic pilots, capacities)
Request a proposal

Code

S2

Pillar

E

AI Strategy and Governance

Activates Pillar E. Designs the institutional AI policy, governance committee, RACI by project type, approval protocol, algorithmic registry and transparency record inspired by UK ATRS.

Deliverables

  • Approved institutional AI policy
  • Governance committee installed
  • RACI assigned per project type
  • Decision mechanism documented
  • Operational algorithmic transparency record
Request a proposal

Code

S3

Pillar

I

AI Process Redesign and Automation

Activates Pillar I. AS-IS mapping of candidate processes, TO-BE design with AI, per-pilot business case, execution of scoped pilots, measurement against baseline and a sustainable scaling plan.

Deliverables

  • AS-IS process mapping
  • TO-BE design with AI
  • Per-pilot business case
  • Operational pilots with metrics vs baseline
  • Scaling plan
Request a proposal

Code

S4

Pillar

G (transversal to R-E-I-A)

AI Applied to the Public Sector and Regulation

Activates Pillar G and transversal components of the others. End-to-end accompaniment in AI adoption in the public sector: analysis of the regulatory framework applicable to the institution, per-project risk classification, procurement protocol with 9 clause families and support for in-flight initiatives.

Deliverables

  • Institutional legal and regulatory diagnostic
  • Per-project risk classification (4 levels, 8 criteria)
  • Approved institutional adoption protocol
  • Standard contract clauses (9 families)
  • Initiatives enabled through production
Request a proposal

Code

S5

Pillar

A (Verify)

AI Legislative Audit

Activates the Verify component of Pillar A for assemblies and committees. AI-assisted article-by-article analysis of bills: constitutional risks, conflicts with existing legislation, legal gaps and concrete proposals for drafting improvements.

Deliverables

  • Article-by-article audit of the bill under review
  • Report with identified constitutional risks and legal conflicts
  • Risk traffic-light per article (green/yellow/red)
  • Comparative matrix between bills
  • Drafting recommendations ready for substantive motions
Request a proposal

Code

S6

Pillar

A (Empower)

AI Training and Education

Activates the Empower component of Pillar A. Programs by profile, from 2-hour briefings to 6-week programs, including dedicated training for legislative committees. Materials and dynamics adapted to the sector.

Deliverables

  • Training program segmented by profile
  • Materials and toolkit by role
  • Follow-up institutional action plan
  • Pre/post knowledge assessment
Request a proposal

Resources

Public materials and tools

What REGIA offers openly. The full operational materials are delivered within the consulting engagement.

PDF

REGIA Handbook (PDF, Spanish)

Full public methodology in institutional whitepaper format. Pillars, gates, instruments, 28 frameworks, OECD mapping, differentiators. Without operational templates, without prices. English edition coming soon — for now this PDF is Spanish only.

Download PDF

Costa Rica AI Playbook Toolkit

Interactive 8-module self-service application for diagnostic, risk classification and governance. Open material based on REGIA Pillar G.

Visit →

ObservatorioIA Costa Rica

Public catalog of AI projects in Costa Rica's public sector, regional indicators (ILIA, GTMI) and analytical editorial line. Continuous input for Pillar R.

Visit →

UnikPrompt

Mario Pérez Edwards' institutional site. Consulting services, published cases and direct contact.

Visit →

LinkedIn — in/mario-perez-edwards

Posts and articles about AI adoption in the public sector. Main channel for professional discussion and references.

Visit →

Contact

Let's talk about your institution

Every REGIA implementation starts with a no-commitment conversation to understand the context, current maturity and objectives. Write to me by email or LinkedIn.

Quick form

Fill in the fields and your message goes straight to Mario.