AI Risk and Compliance Content Pack

  • Release version: Australia
  • Updated May 19, 2026
  • 2 minutes to read
  • The ServiceNow AI Risk and Compliance Content Pack provides foundational content to help organizations manage AI-related risk and compliance.

    Content pack overview

    This application provides a centralized location to browse, search, and download AI regulations and frameworks to link to your internal control objectives or risk statements and run assessments against them.

    AI regulations and frameworks. For more information refer to the text that follows.

    Currently, the application offers the following:

    EU AI Act
    The EU AI Act is a regulatory framework that sets common rules for the use of artificial intelligence in the European Union. It follows a risk-based approach, classifying AI systems into unacceptable, high, limited, and minimal risk categories. Higher-risk AI systems are subject to stricter requirements such as risk management, transparency, human oversight, and ongoing monitoring. Authority documents and citations for the EU AI Act are available in the content pack. Pre-shipped control objective and risk statement mappings are not included for the EU AI Act. The EU AI Act content is structured into 13 chapters and contains 113 articles covering risk-based regulatory requirements for AI systems.
    NIST AI RMF
    The NIST AI Risk Management Framework (AI RMF) provides voluntary guidance for managing risks associated with AI systems throughout their lifecycle. It focuses on building trustworthy AI by addressing risks related to governance, fairness, reliability, security, privacy, and transparency. The framework is organized around four core functions: Govern, Map, Measure, and Manage.

    Preventive controls dominate in Govern, Map, and Manage, as these functions focus on policies, risk identification, and mitigation planning. Detective controls are concentrated in Measure and the monitoring aspects of Manage, focusing on ongoing assessments, audit trails, and reporting.

    AI-specific risk libraries address both common and AI-specific risks, such as algorithmic bias, model drift, data integrity, and cybersecurity threats.

    Transparency in Frontier Artificial Intelligence Act (SB 53)
    California Senate Bill 53 establishes transparency and safety requirements for developers of frontier AI systems. It requires developers to implement safety and security protocols and publicly disclose information about their AI systems and safety practices. Authority documents, agency mappings, and citations for SB 53 are available in the content pack.
    Colorado Artificial Intelligence Act (SB 205)
    The Colorado Artificial Intelligence Act establishes requirements for developers and deployers of high-risk AI systems, including risk assessments, impact evaluations, and disclosure obligations to consumers affected by AI-driven decisions. Authority documents, agency mappings, and citations for the Colorado AI Act are available in the content pack.

    Regulatory support statement