DIAMC is not a framework in the consultancy sense. It is a habit. Every regulated AI use case worth deploying has been through these five steps, whether the team writing it called them that or not. The value of naming them is that you can see, in advance, where a use case will fail.
Discover.
What problem is the AI actually solving, for whom, and at what cost of getting it wrong? Most use cases that fail in production fail here. They were not problems the operator had; they were problems the technology made available.
Identify.
What data is needed, where it lives, what its lineage looks like, how it ages, who owns it, and whether the gaps would invalidate the model. Energy suppliers carry data debt the way large estates carry asbestos: it is everywhere, it has been there a long time, and it is mostly safe until someone disturbs it. AI disturbs it. Identify forces an honest answer before code is written.
Assess.
What could go wrong, for whom, and how serious would it be? This is the AIIA. It is not a risk register. It is a document the regulator can recognise. Done well, it makes the next three steps obvious. Done poorly, it makes them invisible.
Mitigate.
Where the assessment surfaces a credible failure mode, what is the operational mitigation? Human review at a defined threshold. Hard limits the model cannot cross. Monitoring that detects drift before a customer does. Mitigations live in the operating model, not in the model card.
Confirm.
After the use case is live, how is the supplier confirming that the assessment still holds? This is the step most often missed. A use case assessed in March and unchanged in March's evidence by November is a use case nobody is governing.
Why the pattern travels.
DIAMC is jurisdiction-agnostic. It works under Ofgem and the EU AI Act. It works under the CRU in Ireland. It works under UREGNI in Northern Ireland. It works against the supplier's own published Code of Practice. The vocabulary is the same; the regulatory surface it maps onto changes. That portability is the reason it earns its place in a corpus that has to address more than one regulator.