Framework White Paper Assessment Services Regulatory About Contact Blog Request a Consultation
Services & Engagements

We wrote the standard —
and we're the people who can help you meet it.

The Presence Authority is the body behind DPIF. When you engage with us on deployment governance, you are working directly with the people who designed, published, and maintain the framework.

Request a Consultation Take the Free Assessment
The Challenge

The technology arrived
before the governance did.

Organisations are deploying AI avatars, voice clones, and digital twins at pace — with minimal governance, unclear accountability, and no framework for managing what happens when something goes wrong.

The EU AI Act is now in force, and the window to retrofit governance into active deployments is narrowing as enforcement activity increases. The risks below are live operational, legal, and reputational exposures — and they accumulate silently until something goes wrong.

Regulatory Exposure
EU AI Act obligations for AI systems representing real people are active and enforced. Under Article 99, non-compliance with requirements for high-risk AI systems carries fines of up to €30 million or 6% of global annual turnover — whichever is higher. AI systems that replicate a real person's identity, voice, or communicative presence in public-facing contexts may meet the threshold for high-risk classification, triggering mandatory conformity assessment obligations before deployment.
Identity and Consent Gaps
Most deployments lack documented consent, functional revocation mechanisms, and identity drift monitoring — leaving both the principal and the operator exposed.
Accountability Gaps
When a digital representation causes harm, responsibility is rarely documented. Without an audit trail and output traceability, accountability defaults to the operator.
No Lifecycle Governance
What governs a deployment when the principal becomes unavailable? Without succession provisions, active deployments become ungoverned and potentially unrevocable.
Engagement Pathway

Three stages.
One continuous path.

These are not discrete services to be selected from a menu. Each stage builds directly on the previous one. Most organisations follow the full sequence — assessment establishes your baseline, advisory closes the gaps, and the retainer maintains the standard as your deployment and the regulatory environment evolve.

01
Starting Point · Recommended First Engagement
DPIF Readiness Assessment
A structured review of your deployment against all 18 DPIF controls — producing a prioritised gap analysis, context risk classification, and written remediation roadmap.

What's Included

  • Full assessment against all 18 DPIF controls — 14 CPCs and 4 SPCs
  • Context Risk Classification: identifying your deployment's risk tier (Low / Moderate / High / Regulated)
  • Prioritised gap analysis with severity ratings (Critical / Moderate / Minor)
  • Written remediation roadmap with recommended actions, timelines, and ownership
  • SPC maturity infrastructure review against the Scoring Rubric
  • 90-minute debrief session with our team
  • Written assessment report suitable for internal governance, legal review, or regulatory disclosure

The Outcome

At the end of the Readiness Assessment, your team will know exactly where you stand against DPIF, which controls require remediation and in what order, and what a realistic path to certification looks like for your specific deployment context.

Typical Duration2–3 weeks
DeliverableWritten assessment report
Book this engagement
Follows Stage 01
02
Structured Remediation · Following Stage 01
Certification Advisory
Hands-on guidance through the remediation process — building the controls, documentation, and governance infrastructure required to achieve DPIF certification.

What's Included

  • Systematic gap closure — working through your remediation roadmap control by control
  • Template governance documentation: consent frameworks, audit trail specifications, incident response protocols
  • Fortnightly advisory sessions throughout the engagement
  • Review of draft governance documents and controls implementation
  • Pre-certification readiness check against all 18 DPIF controls
  • Regulatory alignment review: EU AI Act, NIST AI RMF, applicable jurisdiction-level requirements
  • Certification recommendation report on completion

The Outcome

At the conclusion of the Certification Advisory, your deployment will be certification-ready — with all controls implemented, documented, and reviewed by the team that authored the framework. The output is governance infrastructure that operates — not a document for filing.

Typical Duration6–10 weeks
DeliverableCert. recommendation + governance docs
Book this engagement
Following Certification
03
Ongoing · For Organisations With Active Certified Deployments
Governance Retainer
Continuous governance support — monitoring, re-assessment, regulatory updates, and direct access to our team as your deployment evolves and the regulatory landscape shifts.

What's Included

  • Monthly governance review and control monitoring check-in
  • Scheduled re-assessments aligned to your deployment's context risk tier requirements
  • Priority regulatory alerts: EU AI Act guidance updates, local legislation, enforcement actions
  • Direct access to our team for governance questions and incident triage
  • Framework version alignment — automatic conformance as DPIF evolves
  • Annual certification renewal support
  • Quarterly governance maturity report

The Outcome

Continuous governance confidence. Your deployment stays compliant as the framework evolves, the regulatory environment shifts, and your deployment scope changes — without requiring your team to maintain that expertise entirely in-house.

Minimum Term6 months
CadenceMonthly reviews + quarterly report
Discuss the retainer

Pricing on request. All engagements scoped individually — contact us to discuss your deployment context.

How It Works

From first contact
to certification

Most organisations complete the full journey from initial assessment to certification readiness in 10–14 weeks. The process is structured, not open-ended — each step has a defined input, output, and duration.

Free · 5 Minutes
Self-Assessment
Take the free DPIF Self-Assessment to receive your Governance Readiness Score and pillar-by-pillar breakdown. Establishes your baseline before any engagement begins.
Week 1
Discovery Call
A 30-minute call to review your assessment results, understand your deployment context, and confirm whether a Readiness Assessment is the right next step. No obligation.
Weeks 2–4
Readiness Assessment
Full assessment against all 18 DPIF controls. Produces a gap analysis, context risk classification, and written remediation roadmap — the document your team works from.
Weeks 5–14
Certification Advisory
Hands-on support closing identified gaps and building the governance infrastructure required for DPIF certification. Culminates in a certification recommendation.
Why The Presence Authority

We did not adopt the standard.
We wrote it.

There is a material difference between working with a consultancy that has read DPIF and working with the organisation that designed, published, and maintains it. The framework's architecture, its control classifications, its non-compensatory assessment logic — we built each of these deliberately, and we know exactly what they require in practice.

When your governance is reviewed by the framework authors, the output carries a different evidentiary weight — with your team, your legal counsel, and any regulator who asks.

01
Framework Authorship
We designed, published, and maintain DPIF under CC BY 4.0. Your assessment is conducted by the people who wrote the controls — not a third party interpreting them after the fact.
02
Regulatory Intelligence
We monitor the global regulatory environment for AI identity governance continuously. Clients get direct access to that intelligence as it develops, not retrospective updates.
03
Technology-Neutral
DPIF operates at the governance layer and does not prescribe implementation. We work with any platform, any vendor, any technology stack — the framework governs the deployment, not the tool.
04
Defensible Output
Every engagement produces documented, auditable governance artefacts. Every engagement produces documented, auditable governance artefacts — structured to support internal accountability, legal review, and regulatory disclosure.
Get Started

Not sure where to start?
The assessment will tell you.

The DPIF Self-Assessment takes five minutes and produces a Governance Readiness Score with a pillar-by-pillar breakdown. It costs nothing, requires no commitment, and gives you and your team a concrete baseline before any engagement begins.

Your results map directly to the 18 DPIF controls across five governance pillars — Identity, Authority, Consent, Disclosure, and Containment. Every score includes a pillar-level breakdown so you know exactly where the gaps are.

Free DPIF Self-Assessment
18 controls. Five pillars. Five minutes. Receive your Governance Readiness Score and a clear picture of where you stand against the framework.
Free · No sign-up · Instant results
Take the Assessment
Speak with our team

Tell us a little about your context first — it helps us make the call as useful as possible.

Takes 30 seconds. Not a pitch. If DPIF is not the right fit, we'll say so.