Regional Scheme Governance
This document defines a federated governance model for managing AEEF regional annexes and conformance profiles across multiple Middle East jurisdictions.
It governs framework evolution and annex publication. It does not, by itself, create a regulator-recognized or accredited certification scheme.
Scope and Legal Nature
This governance model applies to:
- regional profile design and maintenance
- national annex specification and publication
- sector overlay publication
- conformance assessment model evolution
- public issue resolution and change control
This governance model does not:
- supersede national law or regulator-issued controls
- grant certification authority
- imply regulator endorsement of any annex
Governance Principles
- National authority supremacy -- national laws and regulator controls always take precedence.
- Subsidiarity -- country-specific obligations should be handled in national annexes, not forced into core controls.
- Comparability -- annexes use a common schema so requirements and evidence expectations remain auditable.
- Transparency -- changes, objections, and rationale are documented and published.
- Conflict-of-interest control -- framework governance, conformance design, and future certification operations must remain structurally separated.
- Version discipline -- core, annexes, and sector overlays must have explicit versioning and assessment dates.
Governance Bodies
1. Core Secretariat
Primary responsibilities:
- maintain AEEF core governance architecture for regional annexing
- publish annex specification and coverage matrix
- coordinate release trains
- manage public comment and issue triage
- maintain terminology and claim boundaries
2. National Annex Councils
One council per country annex (when active).
Responsibilities:
- review and approve country annex content updates
- validate local source coverage and known gaps
- document regulator interpretation uncertainties
- track annex-specific change requests and objections
3. Sector Working Groups
Examples:
- banking and financial services
- telecom
- healthcare
- government/public sector
- energy / critical infrastructure
Responsibilities:
- publish sector overlays and evidence expectations
- resolve sector-specific control interpretation issues
- identify country annex dependencies
4. Regulator Liaison Forum (Non-Binding)
Purpose:
- structured dialogue channel for feedback from regulators, public-sector entities, and policy bodies
Boundary:
- feedback is advisory unless adopted through documented governance decisions
5. Appeals and Objections Panel
Responsibilities:
- review disputes on annex publication, claim wording, and conformance interpretation
- issue written decisions with rationale
Decision Rights Matrix
| Decision Type | Core Secretariat | National Annex Council | Sector WG | Appeals Panel |
|---|---|---|---|---|
| Core terminology/claim boundary updates | Approve | Consulted | Consulted | Appeal review only |
| National annex publication | Coordinate | Approve | Consulted | Appeal review |
| Sector overlay publication | Coordinate | Consulted | Approve | Appeal review |
| Coverage matrix status/confidence updates | Approve | Consulted | Consulted | Appeal review |
| Conformance model updates | Approve | Consulted | Consulted | Appeal review |
| Dispute on wording/claims | Respond | Respond | Respond | Final panel decision (framework-internal) |
Change Control and Release Train
Release Types
- Patch -- wording fixes, source updates, clarifications, broken links
- Minor -- new annex controls, new evidence requirements, non-breaking schema expansion
- Major -- annex schema changes, claim boundary changes, conformance model breaking changes
Release Cadence
- Core governance docs: quarterly target cadence
- National annexes: quarterly or ad hoc for regulatory updates
- Coverage matrix: update on each annex/profile release
- Emergency updates: allowed for major legal/regulatory changes
Public Comment Process
- Publish draft with scope statement and known assumptions.
- Accept comments for a defined period (recommended 14-30 days for substantive changes).
- Log comments with disposition (
accepted,partially accepted,rejected,deferred). - Publish final decision summary and rationale.
Voting and Quorum Rules (Framework Governance)
- Core governance changes require quorum of Core Secretariat + designated reviewers.
- National annex publication requires quorum of the relevant National Annex Council.
- Sector overlay publication requires quorum of the relevant Sector Working Group.
- When quorum cannot be reached, publish draft as
Assessment Draftand mark confidence accordingly in the coverage matrix.
Conflict Escalation
Escalation order:
- Editor/maintainer resolution
- Relevant council or sector WG review
- Core Secretariat decision
- Appeals and Objections Panel review
All escalations must produce a written resolution note.
Publication and Versioning Policy
All regional governance and annex documents SHOULD include:
- version
- assessment date
- status (
draft,active,superseded) - coverage limitations
- source scope
The Regional Coverage Matrix is the canonical inventory of what is currently published and how complete it is.
Relationship to Conformance and Certification
This document supports:
- annex governance
- claim boundaries
- conformance profile comparability
This document does not define:
- certification scheme rules
- assessor competence requirements
- accreditation arrangements
Use the Conformance Assessment Model for assessment terminology and levels.