NAIO Institute · Nurse-Led AI Oversight EDENA Framework v2.1 · FAQ
Research Library

The evidence behind EDENA.

EDENA is not a position paper. It is built on a formal research backbone — regulation, standards, and peer-reviewed literature current as of June 2026 — drawn from the authorities that have independently converged on the same mandate: classify by risk, gate at runtime, require named human accountability, and maintain auditable evidence.

Featured · Regulatory Timeline

The governance window EDENA was built for.

Across 2025 and 2026, a sequence of rules, standards, and studies arrived in close succession — each one tightening the requirement for runtime, action-level governance of AI that can act, not just answer.

DateEventEDENA relevance
Jan 1, 2025 ONC HTI-1 DSI / Predictive-DSI transparency criterion becomes part of the Base EHR (source attributes + Intervention Risk Management). Activates the Evidence Bundle Standard — transparency becomes a structured record.
Feb 2, 2025 EU AI Act prohibited practices discontinued; AI-literacy obligation in force for all staff working with AI. Grounds the literacy expectation across every EDENA tier.
Aug 18, 2025 FDA final guidance on Predetermined Change Control Plans (PCCPs) for AI-enabled medical devices. A lifecycle change-control obligation that EDENA operationalizes at runtime.
Sep 17, 2025 Joint Commission & CHAI release the first guidance on Responsible Use of AI in Healthcare (RUAIH) — seven foundational elements. EDENA aligns directly with all seven governance areas.
Dec 9, 2025 OWASP GenAI Security Project publishes the Top 10 for Agentic Applications (2026). The threat map EDENA-AS is built to answer (ASI01–ASI10).
Jan 22, 2026 Singapore IMDA launches the Model AI Governance Framework for Agentic AI (MGF) — the world's first, at the World Economic Forum. Independent international validation of EDENA's architecture.
Jan 2026 Nurses ranked the most honest and ethical profession for the 24th consecutive year (Gallup / ANA). Confirms the trust basis for nurse stewardship.
Jan 2, 2026 Stanford–Harvard "First, Do NoHARM" study: leading AI models produced severely harmful clinical recommendations in up to 22.2% of cases. The empirical anchor for action-gating.
Spring 2026 National Academy of Medicine launches "Patient Safety in the Era of AI," a two-year national initiative. Frames EDENA as patient safety, not only ethics.
Aug 2, 2026 EU AI Act high-risk obligations become operative (Articles 9–17 for providers; Article 26 for deployers; Articles 14–15 human oversight, accuracy, robustness). EDENA is the human-oversight interface that makes these concrete.
A note on the deadline

A proposed "Digital Omnibus" (provisional political agreement, May 2026) could defer certain use-case high-risk obligations, but it is not yet law. This library treats August 2, 2026 as the operative deadline. Statutory citations on this page reference public regulatory, standards, and peer-reviewed sources; consult primary texts and counsel for compliance decisions.

01 · Foundations

AI governance frameworks

The risk-management and management-system standards that establish AI governance as a lifecycle discipline — and that EDENA renders operational at runtime through its tier model, gate, and evidence record.

  1. NIST — AI Risk Management Framework · Organized around Govern, Map, Measure, and Manage, with a companion Generative AI Profile. EDENA maps these functions to human authority, action tiering, measurement, and gating/containment.
  2. ISO/IEC 42001 · The first AI management-system standard — a structured way to manage AI risks and opportunities while balancing innovation with governance.
  3. Singapore IMDA — Model AI Governance Framework for Agentic AI (Jan 2026) · The world's first framework built specifically for agentic AI: assess and bound risk upfront, make humans meaningfully accountable, implement technical controls across the lifecycle, enable end-user responsibility.
  4. Anthropic — Building Effective Agents · Describes the move from compositional workflows toward autonomous agents, motivating the need for guardrails and human review.
  5. OpenAI — Agents SDK guide · Centers orchestration, handoffs, guardrails, observability, and human review as agent workflows grow more complex.
02 · Regulation

Healthcare AI regulation

The binding and quasi-binding rules now shaping clinical AI — transparency, change control, responsible use, and the high-risk obligations that make human oversight a legal requirement.

  1. EU AI Act — Article 14, Human Oversight · High-risk systems must let assigned persons understand the system, detect anomalies, interpret outputs, decide not to use it, override outputs, and intervene via a "stop" button — with explicit awareness of automation bias. Operative Aug 2, 2026.
  2. EU AI Act — Article 15, Accuracy & Robustness · Requires appropriate accuracy, robustness, and cybersecurity across the lifecycle, with fallback to human review rather than a default output. Penalties reach up to €15M or 3% of global turnover.
  3. Joint Commission & CHAI — Responsible Use of AI in Healthcare (Sep 17, 2025) · Seven foundational elements: AI policies and governance; patient privacy and transparency; data security; ongoing quality monitoring; voluntary AI safety-event reporting; risk and bias assessment; education and training.
  4. Joint Commission — Responsible Use of AI in Healthcare certification · A voluntary certification for accredited organizations; it certifies responsible deployment practices, not individual AI products.
  5. FDA — AI/ML-enabled medical device guidance & PCCP · More than 1,200 AI-enabled devices authorized (258 in 2025); the final Predetermined Change Control Plan guidance issued Aug 18, 2025.
  6. ONC — HTI-1 Final Rule · Decision Support Intervention transparency (source attributes + Intervention Risk Management); the Base-EHR criterion took effect Jan 1, 2025.
  7. National Academy of Medicine — Patient Safety in the Era of AI · A two-year national initiative launching spring 2026, framing AI governance as patient safety.
03 · Oversight

Human oversight & automation bias

The science of meaningful review — why "human-in-the-loop" fails when the reviewer is overloaded, rushed, deskilled, or reduced to rubber-stamping, and what the law and the literature now require instead.

  1. EU AI Act — Article 14(4)(b) · Encodes automation bias as a legal risk category: deployers must remain aware of the tendency to over-rely on a high-risk system's output, especially for decisions taken by natural persons.
  2. Singapore IMDA — MGF, Dimension 2 · Requires defined human-approval checkpoints and regular audits of the effectiveness of human oversight — not merely its presence.
  3. Frontiers in Digital Health — AI in nursing integrative review (Mar 2025) · Across 18 studies, identifies erosion of clinical judgment due to overreliance as one of three persistent ethical challenges, alongside data-privacy risk and algorithmic bias.
  4. Anthropic — Building Effective Agents · Frames human review and guardrails as necessary controls as agent autonomy increases, supporting protected, non-symbolic oversight.

Connects to EDENA Principle 8 — Meaningful oversight must be protected — and the Human Oversight Standard.

04 · Stewardship

Nursing ethics & stewardship

The professional foundation for nurse-led stewardship: the 2025 ANA Code's explicit AI provisions, the sustained public-trust record, and the evidence on AI integration in nursing practice.

  1. ANA Code of Ethics for Nurses (2025) — Provision 4.2 · Nursing practice authority can be affected by AI when integrated without careful consideration of harms; nurses remain accountable for their practice.
  2. ANA Code of Ethics for Nurses (2025) — Provision 7.5 · Nurses must ensure the ethical, responsible use of ML/augmented-intelligence/AI by critically questioning underlying assumptions — and the provision explicitly references reversibility (the ability to withdraw data permissions).
  3. Gallup / ANA — nurses most trusted profession, 24th consecutive year (Jan 2026) · The institutional basis for positioning nurses as the appropriate stewardship class for clinical AI.
  4. Frontiers in Digital Health — AI in nursing integrative review (Mar 2025) · Calls for robust ethical frameworks and AI-literacy training as prerequisites for sustainable AI integration, with nurses as active shapers rather than passive users.
05 · Agentic Safety

Agentic AI safety

The empirical and architectural case for runtime governance of systems that plan, use tools, hold memory, and coordinate — including the clinical-harm evidence and the agent-design literature behind EDENA-AS.

  1. Stanford–Harvard — "First, Do NoHARM" (Jan 2, 2026) · 31 LLMs evaluated on 100 real primary-care cases; leading models produced severely harmful recommendations in up to 22.2% of cases, ~77% from omissions. The strongest empirical anchor for action-gating.
  2. OpenAI — Agents SDK guide · Orchestration, handoffs, guardrails, observability, and human review as first-class concerns in agent workflows.
  3. Anthropic — Building Effective Agents · Defines agentic systems as LLMs autonomously using tools in loops and spawning parallel agents — the capability class EDENA's Orange tier governs.
  4. MITRE ATLAS · A living knowledge base of adversary tactics and techniques against AI-enabled systems, informing EDENA's threat coverage.

Operationalized by the EDENA-AS Agentic Systems Standard.

06 · Security

Cybersecurity & excessive agency

The security taxonomies that name the failure modes of agentic systems — goal hijack, tool misuse, privilege abuse, memory poisoning, trust exploitation, and rogue agents — and the data-boundary obligations that govern PHI.

  1. OWASP GenAI Security Project — Top 10 for Agentic Applications (2026) · ASI01 Agent Goal Hijack through ASI10 Rogue Agents — a map of the scenarios EDENA's gate, escalation, and containment architecture is designed to prevent. ASI09 (Human–Agent Trust Exploitation) is automation bias weaponized as a vulnerability.
  2. MITRE ATLAS · Adversary tactics and techniques against AI systems, supporting EDENA-AS threat mapping and red-team evidence.
  3. HHS — HIPAA Security Rule · National standards protecting electronic PHI through administrative, physical, and technical safeguards; risk analysis is the first, ongoing step. EDENA treats PHI movement, memory, tool access, and agent-to-agent sharing as governance events.
07 · Emerging Area

Robotics & cyber-physical systems

EDENA extends its doctrine to AI that moves through the physical world. We flag this honestly as an emerging area: the 2025–2026 literature on robotic and cyber-physical governance in clinical settings is thinner than the agentic-software literature.

Research gap — stated plainly

Rather than pad this category with sources that do not exist, we name the gap. The governance principles for physical AI are established; the standards-grade, clinical-specific literature is still maturing. EDENA-RS therefore extends the same tier-and-gate doctrine — robots act within bounds, humans hold authority, nurses steward the whole — while we track surgical-robotics governance and FDA guidance on autonomous medical robots as they develop.

Foundational anchors today are the device-safety and change-control regime and the management-system baseline below; the dedicated robotics evidence base is an active research priority for the NAIO Institute.

  1. FDA — AI/ML-enabled medical device guidance & PCCP · The current device-safety and change-control regime under which autonomous and semi-autonomous medical devices are authorized.
  2. ISO/IEC 42001 · The AI management-system baseline that EDENA-RS builds on for registration, tiering, and conformance of cyber-physical systems.

See the EDENA-RS Robotic Systems Standard.

08 · Emerging Area

Environmental & justice impacts

EDENA's sustainability and equity dimensions — AI energy cost, environmental justice, and health equity in algorithmic systems — anchored in nursing's expanded environmental role. We flag this, too, as an emerging area with a thinner evidence base, currently grounded in professional and fairness obligations.

Research gap — stated plainly

The environmental and justice literature specific to clinical AI is not yet well developed. We frame this dimension honestly: the professional mandate exists, but the quantitative, healthcare-specific evidence base is still forming. WHO health-AI guidance and emerging environmental-health AI literature are tracked as priorities to strengthen this pillar, alongside the algorithmic-bias and equity findings in the nursing review below.

  1. ANA Code of Ethics for Nurses (2025) — Provision 7.5 (and new Provision 10) · Provision 10 highlights nursing's expanded role in promoting global health and environmental well-being — the professional anchor for EDENA's systems-level, sustainability-aware stewardship.
  2. Frontiers in Digital Health — AI in nursing integrative review (Mar 2025) · Identifies algorithmic bias as a persistent ethical challenge, connecting EDENA's stewardship doctrine to health-equity concerns.
From Evidence to Action

The authorities have converged. EDENA is the implementation.

Read how this evidence assembles into a single argument, then begin the adoption path — an action inventory, a tiering workshop, and the evidence bundle your auditors and regulators now require.

Read the full case Start the adoption path