AI Risk and Compliance Content Pack

  • Release version: Australia
  • Updated May 19, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Risk and Compliance Content Pack

    The ServiceNow AI Risk and Compliance Content Pack delivers essential content to help organizations effectively manage AI-related risks and regulatory compliance. It centralizes access to key AI regulations and frameworks, enabling customers to browse, search, and download authoritative materials. This facilitates linking AI regulations to internal control objectives and risk statements, and supports running risk assessments against these controls.

    Show full answer Show less

    Key Features

    • EU AI Act: Covers 13 chapters and 113 articles with a risk-based approach categorizing AI systems by risk level. Provides authority documents and citations but does not include pre-mapped control objectives or risk statements. Focuses on strict requirements for high-risk AI systems such as risk management, transparency, and human oversight.
    • NIST AI Risk Management Framework (AI RMF): Offers voluntary guidance to manage AI risks throughout the AI lifecycle. Organized into four core functions—Govern, Map, Measure, and Manage—with preventive and detective controls addressing governance, fairness, reliability, security, privacy, and transparency. Includes AI-specific risk libraries covering algorithmic bias, model drift, data integrity, and cybersecurity threats.
    • Transparency in Frontier Artificial Intelligence Act (SB 53): Mandates transparency and safety protocols for frontier AI system developers, including public disclosure of AI system information and safety practices, with authority documents and mappings included.
    • Colorado Artificial Intelligence Act (SB 205): Establishes requirements for developers and deployers of high-risk AI systems, including risk assessments, impact evaluations, and consumer disclosure obligations. Provides authority documents and mappings.

    Regulatory Support and Updates

    ServiceNow Risk products assist customers in addressing AI regulatory requirements across jurisdictions but do not guarantee compliance, which remains the customer’s responsibility. The content pack supports updates for major regulations within 12 to 18 months of publication. Minor regulatory changes are typically updated within 12 months. ServiceNow distinguishes between content updates (which do not require software changes) and regulatory updates that require software enhancements.

    Next Steps

    • Install the AI Risk and Compliance Content Pack.
    • Activate or update frameworks including the NIST AI RMF, EU AI Act, Colorado AI Act, and Transparency in Frontier AI Act (SB 53) as applicable.

    The ServiceNow AI Risk and Compliance Content Pack provides foundational content to help organizations manage AI-related risk and compliance.

    Content pack overview

    This application provides a centralized location to browse, search, and download AI regulations and frameworks to link to your internal control objectives or risk statements and run assessments against them.

    AI regulations and frameworks. For more information refer to the text that follows.

    Currently, the application offers the following:

    EU AI Act
    The EU AI Act is a regulatory framework that sets common rules for the use of artificial intelligence in the European Union. It follows a risk-based approach, classifying AI systems into unacceptable, high, limited, and minimal risk categories. Higher-risk AI systems are subject to stricter requirements such as risk management, transparency, human oversight, and ongoing monitoring. Authority documents and citations for the EU AI Act are available in the content pack. Pre-shipped control objective and risk statement mappings are not included for the EU AI Act. The EU AI Act content is structured into 13 chapters and contains 113 articles covering risk-based regulatory requirements for AI systems.
    NIST AI RMF
    The NIST AI Risk Management Framework (AI RMF) provides voluntary guidance for managing risks associated with AI systems throughout their lifecycle. It focuses on building trustworthy AI by addressing risks related to governance, fairness, reliability, security, privacy, and transparency. The framework is organized around four core functions: Govern, Map, Measure, and Manage.

    Preventive controls dominate in Govern, Map, and Manage, as these functions focus on policies, risk identification, and mitigation planning. Detective controls are concentrated in Measure and the monitoring aspects of Manage, focusing on ongoing assessments, audit trails, and reporting.

    AI-specific risk libraries address both common and AI-specific risks, such as algorithmic bias, model drift, data integrity, and cybersecurity threats.

    Transparency in Frontier Artificial Intelligence Act (SB 53)
    California Senate Bill 53 establishes transparency and safety requirements for developers of frontier AI systems. It requires developers to implement safety and security protocols and publicly disclose information about their AI systems and safety practices. Authority documents, agency mappings, and citations for SB 53 are available in the content pack.
    Colorado Artificial Intelligence Act (SB 205)
    The Colorado Artificial Intelligence Act establishes requirements for developers and deployers of high-risk AI systems, including risk assessments, impact evaluations, and disclosure obligations to consumers affected by AI-driven decisions. Authority documents, agency mappings, and citations for the Colorado AI Act are available in the content pack.

    Regulatory support statement

    Note:

    The ServiceNow Risk products help customers address regulatory requirements under various jurisdictions. However, we do not guarantee compliance and customers are ultimately responsible for their own compliance with applicable regulations.

    ServiceNow aims to provide software updates for new or updated major regulations and requirements within twelve to eighteen months of the regulation's publication. For regulations for which ServiceNow provides a level of support in the base system, ServiceNow aims to provide software updates for minor regulatory changes within 12 months and for major regulatory changes within up to 18 months depending on scope and impact. We differentiate between typical regulatory content updates, which do not require software updates or enhancements, and regulatory updates, which do require software updates or enhancements. Content updates are generally delivered on a shorter cadence than if software update or enhancement is required for the regulatory update or change.