Skip to main content

AI Governance & Compliance (EU AI Act, NIST AI RMF)

Introduction

L235 (Content Moderation & Responsible AI) gave us the values — fairness, transparency, accountability. This lesson is what makes them stick: governance and compliance turn responsible-AI principles into obligations that are mandatory (the law requires them) and auditable (you must be able to prove you met them). It's the difference between "we believe in fairness" and "here is the documented risk assessment, the conformity record, and the incident log that the regulator will inspect."

There are three pillars, and the single most useful thing in this lesson is keeping straight what each one is for:

  • The EU AI Act — the law (the what). A binding regulation that says, by risk tier, what you are required to do — or be fined for.
  • NIST AI RMF — the process (the how-to-manage). A voluntary framework for how to identify and manage AI risk in a structured way.
  • ISO/IEC 42001 — the management system (the how-to-run-and-prove). A certifiable standard for running and evidencing an AI governance program.

Said in one line: the Act tells you what you must achieve, NIST tells you how to manage the risk, and ISO 42001 tells you how to run and prove the program. They're complements, not competitors. And the practical key that the interactive drives home: everything starts with classification. There is no generic "AI compliance" — your obligations depend entirely on what your system does and how risky that is. Classify first; the tier dictates the duty.

Infographic titled 'AI Governance & Compliance (EU AI Act, NIST AI RMF)', the sixth lesson of the Guardrails, Safety, Reliability & Governance section. Left: the EU AI Act risk pyramid — apex to base — UNACCEPTABLE (banned outright), HIGH-RISK (the full conformity program), LIMITED (transparency, disclose it's AI), MINIMAL (no obligations, most AI); obligations and scrutiny rise with risk. A GPAI / foundation-model callout: own duties — documentation, copyright, training-data summary. Penalty up to 35 million euros or 7% of global turnover. Right: THREE FRAMEWORKS, THREE JOBS — EU AI Act = the LAW (what you must do, risk-tiered, binding, extraterritorial); NIST AI RMF = the PROCESS (how to manage risk — Govern, Map, Measure, Manage); ISO/IEC 42001 = the SYSTEM (how to run, evidence & certify the program, an AI management system on plan-do-check-act). Plus THE ENGINEER'S JOB checklist: inventory every AI system, classify each by risk tier, keep a risk register, document it (model cards, L237), human oversight + logging, report serious incidents. Three cards: EU AI Act the law (binding, extraterritorial like GDPR, high-risk needs full conformity, penalties up to 35M/7%); NIST AI RMF manage the risk (voluntary; Govern/Map/Measure/Manage; GenAI Profile adds 12 risk areas & 200+ actions); ISO 42001 + your program (first certifiable AI management system; inventory->classify->risk-register->document->oversee->report; bridge to model cards & audit L237). Section roadmap: input, output, hallucination, fallbacks, moderation & responsible AI, governance, model cards & audit, build a guardrail layer.

The EU AI Act — A Risk-Tiered Law

The EU AI Act (in force since 1 Aug 2024) is the world's first comprehensive AI law, and its core idea is elegant: regulate by risk. The more potential a system has to harm people, the more it must do. Two things to internalize before the tiers:

  • It's extraterritorial, like GDPR. It doesn't matter where your company is — if your AI's output is used in the EU, you're in scope. A US startup serving EU users is bound by it.
  • It's binding, with real teeth. Penalties reach €35M or 7% of global annual turnover for prohibited uses (€15M/3% for most other breaches) — GDPR-scale fines.

The four tiers (plus a special track for general-purpose models):

TierWhat it isWhat you must do
Unacceptablesocial scoring, manipulation, workplace/school emotion recognition, face-scraping, most live public biometric IDBanned. Off the market (since 2 Feb 2025)
High-riskgates jobs/credit/education/essential services; safety components; law enforcement, migration, justiceThe full conformity program (next section)
Limitedchatbots, generative/synthetic mediaTransparency: disclose it's AI; label deepfakes
Minimalspam filters, recommenders, most AINo obligations (voluntary codes)
GPAIgeneral-purpose / foundation modelsDocs, copyright policy, training-data summary (+ extras if systemic risk)

General-Purpose AI (GPAI) got its own rules (applicable 2 Aug 2025): any foundation-model provider must publish technical documentation, a copyright-compliance policy, and a summary of training data; models at systemic-risk scale (>10²⁵ FLOPs) additionally owe model evaluations, adversarial/red-team testing, serious-incident reporting, and cybersecurity.

On timing: it phases in. Prohibited practices have applied since Feb 2025, GPAI since Aug 2025, and high-risk obligations land around 2027 (the Annex III deadline was pushed to ~Dec 2027). Don't read "2027" as "later" — high-risk conformity takes months to build, so the work starts now. Use the classifier below to find your tier.

High-Risk — The Full Program

If your system lands in high-risk, the Act stops being a transparency footnote and becomes a compliance program you must complete before the system goes on the market. The obligations read like a checklist of everything this whole section has taught — now made legally required:

  • A risk-management system across the entire lifecycle (identify, evaluate, mitigate — continuously).
  • Data governance — training/validation/test data that's relevant, representative, and checked for bias (the fairness work from L235, now mandatory).
  • Technical documentation — enough for an authority to assess conformity (the model-card discipline of L237 — Model Cards, Audit & Incident Response).
  • Automatic logging — event records for traceability over the system's lifetime (the observability layer of L223 — The Monitoring & Observability Layer, as a legal duty).
  • Human oversight — designed so a person can understand, intervene, and override (the human-in-the-loop principle from L227 — Defensive UX: Designing for Uncertainty & Failure).
  • Accuracy, robustness & cybersecurity — appropriate, stated, and tested.
  • Conformity assessment → CE marking → EU-database registration — you formally demonstrate compliance, affix the CE mark, and register the system before launch.

Notice the through-line: the guardrails, monitoring, human oversight, and documentation you've been building for engineering reasons are exactly what high-risk compliance demands. Good AI engineering and AI compliance are largely the same work — governance just makes it non-optional and auditable.

# Governance starts with classification — the same logic the interactive runs.
from dataclasses import dataclass

@dataclass
class AISystem:
    name: str
    banned_practice: bool       # social scoring, manipulation, workplace emotion-recog, face-scraping...
    gates_essentials: bool      # jobs, credit, education, essential services (Annex III)
    safety_component: bool      # part of a regulated product (medical device, vehicle...)
    law_enforcement: bool
    interacts_with_people: bool # chatbot / generative content
    is_gpai: bool               # you PROVIDE a foundation model

def eu_ai_act_tier(s: AISystem) -> str:
    if s.banned_practice:                                   return "PROHIBITED"   # off the market
    if s.gates_essentials or s.safety_component or s.law_enforcement:
        return "HIGH_RISK"                                  # full conformity program before launch
    if s.is_gpai:                                           return "GPAI"          # provider duties
    if s.interacts_with_people:                             return "LIMITED"       # transparency only
    return "MINIMAL"                                        # no obligations

# The tier is your legal duty. Re-classify on EVERY material change — a feature that starts
# gating credit decisions silently promotes a "limited" chatbot into the high-risk program.

See It — The EU AI Act Risk Classifier

Stop reading about tiers and find yours. Pick a use-case or toggle the attributes, and watch the tier, the obligations, and the penalty resolve live:

**Describe your AI system and watch the EU AI Act classify it — live.** Pick a preset use-case (support chatbot, résumé screening, credit scoring, spam filter, medical device, social scoring, emotion recognition at work, a GPAI provider) or toggle its **attributes** directly — does it gate **jobs / credit / essential services**? Is it a **safety component**? Used by **law enforcement**? Does it use a **banned practice**? Is it a **chatbot**? Do you provide a **general-purpose model**? The lab resolves the tier — **PROHIBITED · HIGH-RISK · GPAI · LIMITED · MINIMAL** — and shows the exact **obligations** and **penalty exposure** that follow. The lesson lands fast: flip one attribute (a chatbot that suddenly *decides who gets a loan*) and the same product jumps from a one-line transparency notice to the **full high-risk conformity program**. There is no single “AI compliance” checklist — **you classify first, and the tier dictates the duty.**

The thing to feel here: one attribute changes everything. A friendly support chatbot is Limited risk — a one-line "you're talking to an AI" notice. Give that same chatbot the job of deciding who gets a loan, and it's instantly High-risk — risk-management system, data governance, documentation, human oversight, conformity assessment, the lot. Compliance isn't a property of being an AI; it's a property of what the AI decides. That's why the first governance task is always classification, re-run on every material change.

NIST AI RMF — How to Manage the Risk

The EU AI Act tells you what outcome is required, but not how to get there. That's where the NIST AI Risk Management Framework (AI RMF 1.0) comes in — a voluntary, US-origin but globally-adopted process for managing AI risk. (Voluntary doesn't mean optional in practice: it's become the lingua franca for demonstrating you took risk seriously.) Its backbone is four functions:

  • GOVERN — the always-on spine: a culture of risk management, clear accountability, policies, roles. It cuts across the other three (you can't map/measure/manage without someone owning it).
  • MAP — establish context and identify risks: what is this system, who does it affect, what could go wrong, in what setting?
  • MEASUREassess, analyze, and track the mapped risks with quantitative and qualitative methods (the TEVV and fairness-audit work from L235).
  • MANAGEprioritize and act: allocate resources, mitigate, monitor, and respond to the risks that matter most.

It's a loop, not a one-time checklist — you Govern continuously and cycle Map → Measure → Manage as the system and its context change. For generative AI specifically, NIST published the GenAI Profile (NIST AI 600-1, 2024): it names 12 GenAI risk areas — confabulation (hallucination), harmful bias, data privacy, information integrity, CBRN, IP, info-security, and more — and maps 200+ concrete suggested actions onto the four functions. It's the most operational artifact here: a menu of what to actually do.

Map the four functions onto this course and it clicks: Govern is this whole governance lesson; Map is threat-modeling your app; Measure is your evals and fairness audits (L235); Manage is the guardrails, monitoring (L223), and incident response (L237). NIST gives the vocabulary; you've been doing the work.

ISO/IEC 42001 — How to Run and Certify the Program

The third pillar answers a question the other two leave open: how do you run this as an ongoing program — and prove it to an auditor, a customer, or a regulator? ISO/IEC 42001:2023 is the answer — the world's first certifiable AI Management System (AIMS) standard. If you know ISO 27001 for security, it's the same idea for AI:

  • It follows Plan-Do-Check-Act (PDCA) — define scope and policies (plan), implement controls (do), monitor and audit (check), and continuously improve (act).
  • It specifies the management system: roles, an AI policy, risk and impact assessments, a set of controls (its Annex A), and the documentation that makes the whole thing auditable and certifiable by a third party.

Here's the clean way the three fit together — the mental model to leave this lesson with:

FrameworkRoleAnswers
EU AI Actthe lawWhat must I do? (binding, risk-tiered)
NIST AI RMFthe processHow do I identify & manage the risk?
ISO/IEC 42001the management systemHow do I run, evidence & certify the program?

They reinforce each other: the Act sets the obligations, the RMF gives you a structured way to meet them, and 42001 gives you the management system and the certificate that demonstrates — to anyone who asks — that you do. (Related: ISO 27001 for security and your existing GDPR program plug straight into the same machinery.)

The Engineer's Job — Turning Law Into Practice

Governance can sound like a lawyer's problem. It isn't — most of it lands on engineering, because the evidence regulators want is produced by the system you build. Your concrete responsibilities:

  • Inventory every AI system. You can't govern what you can't see. Maintain a live registry of every model, feature, and integration — including the shadow ones a team shipped quietly.
  • Classify each by risk tier. Run the classification (above) per system, and re-run it on every material change — scope creep silently promotes systems into higher tiers.
  • Keep a risk register. For each system: the risks (use the NIST GenAI areas), their severity, the mitigations, and the owner.
  • Document it — the technical documentation and model cards of L237 (Model Cards, Audit & Incident Response).
  • Build human oversight + logging in — override paths (L227) and traceable event logs (L223), because they're required, not nice-to-have.
  • Report serious incidents — high-risk and systemic-GPAI providers must report serious incidents to authorities; you need the detection and process to do it (L237).

The reassuring part: none of this is separate from good engineering. An inventory, risk register, documentation, oversight, logging, and incident response are what a well-run AI team does anyway. Governance just makes them mandatory, owned, and auditable — and the next lesson, L237, is where you build the two biggest artifacts: the model card and the incident-response runbook.

# An AI system registry entry — the atom of a governance program (and your audit evidence).
from dataclasses import dataclass, field

@dataclass
class RegistryEntry:
    system: str
    tier: str                                   # from eu_ai_act_tier() — re-evaluated on every change
    owner: str                                  # a NAMED accountable human (NIST: Govern)
    risks: list[str]                            # NIST GenAI areas: confabulation, harmful_bias, data_privacy...
    mitigations: list[str]                      # guardrails, evals, human oversight, monitoring
    model_card: str                             # link to the L237 documentation
    last_reviewed: str
    incidents: list[str] = field(default_factory=list)   # serious-incident log -> regulator reporting

# Governance = this table, kept current, for EVERY system. The Act says WHAT it must contain;
# NIST RMF says HOW to fill the risks/mitigations columns; ISO 42001 says how to RUN and audit the table.

🧪 Try It Yourself

Use the EU AI Act Risk Classifier and what you've learned:

  1. Load Support chatbot — what tier, and what's the single obligation?
  2. Now turn on "gates access to jobs, credit…" What tier is it now, and why did one attribute change so much?
  3. Load Govt social scoring. What's the verdict, and what's the penalty exposure?
  4. Load Foundation model (GPAI), then toggle systemic risk. What extra duties appear?
  5. Match each to its job: EU AI Act, NIST AI RMF, ISO 42001 — which is what, which is how-to-manage, which is how-to-run-and-prove?

(1) Limited risk — its only duty is transparency: tell users they're interacting with an AI. (2) It jumps to High-risk: gating jobs/credit is an Annex III use, triggering the full conformity program (risk management, data governance, documentation, human oversight, conformity assessment). Compliance tracks what the AI decides, not whether it's "an AI." (3) Prohibited — banned outright since Feb 2025, with exposure up to €35M or 7% of global turnover. (4) Base GPAI owes documentation, a copyright policy, and a training-data summary; flipping systemic risk adds model evaluations, adversarial/red-team testing, serious-incident reporting, and cybersecurity. (5) EU AI Act = the what (the binding law); NIST AI RMF = the how-to-manage (Govern/Map/Measure/Manage); ISO 42001 = the how-to-run-and-prove (the certifiable management system).

Mental-Model Corrections

  • “There's an 'AI compliance' checklist.” No — obligations are risk-tiered. You classify first; the tier dictates the duty (and a minimal-risk system has none).
  • “The EU AI Act only applies to EU companies.” It's extraterritorial — if your output is used in the EU, you're in scope, wherever you're based.
  • “2027 is far away, relax.” High-risk conformity takes months to build; prohibited & GPAI rules are already in force. The work starts now.
  • “NIST AI RMF and ISO 42001 are alternatives to the Act.” Different jobs: the Act = law (what), RMF = risk process (how-to-manage), 42001 = management system (how-to-run-and-prove). They stack.
  • “Governance is the legal team's problem.” Most of the evidence — inventory, risk register, docs, logs, oversight, incident reports — is produced by engineering.
  • “Compliance is extra work on top of the product.” Largely the same work as good AI engineering (guardrails, monitoring, oversight, docs) — governance makes it mandatory and auditable.
  • “Classify once at launch.” Re-classify on every material change — scope creep silently promotes a system into a higher-risk tier.

Key Takeaways

  • Governance makes responsible AI enforceable: the EU AI Act = the law (what), NIST AI RMF = the risk process (how to manage), ISO/IEC 42001 = the certifiable management system (how to run & prove). They stack.
  • The EU AI Act is risk-tiered & extraterritorial: Unacceptable (banned) · High-risk (full conformity program) · Limited (transparency) · Minimal (none) · GPAI (provider duties). Classify first — the tier dictates the duty; penalties reach €35M / 7%.
  • High-risk = the program you've been building: risk management, data governance, documentation, logging, human oversight, accuracy/robustness/security, conformity assessment — i.e. the guardrails, monitoring (L223), and oversight (L227) made legally required.
  • NIST AI RMF is the vocabulary: Govern · Map · Measure · Manage (a loop), plus the GenAI Profile (12 risk areas, 200+ actions) for what to actually do.
  • The engineer owns the evidence: inventory → classify → risk register → document → oversee → report incidents — good engineering made mandatory and auditable, and the bridge to the artifacts in L237 (Model Cards, Audit & Incident Response).