Content pack overview

This application provides a centralized location to browse, search, and download AI regulations and frameworks to link to your internal control objectives or risk statements and run assessments against them.

Currently, the application offers the following:

EU AI Act

The EU AI Act is a regulatory framework that sets common rules for the use of artificial intelligence in the European Union. It follows a risk-based approach, classifying AI systems into unacceptable, high, limited, and minimal risk categories. Higher-risk AI systems are subject to stricter requirements such as risk management, transparency, human oversight, and ongoing monitoring.

Structural Units

The content pack is structured into 13 chapters and contains 113 Articles covering risk based regulatory requirements for AI systems.

4 Core functions (Govern, Map, Measure, Manage) provide the backbone.

NIST AI RMF

The NIST AI Risk Management Framework (AI RMF) provides voluntary guidance for managing risks associated with AI systems throughout their lifecycle. It focuses on building trustworthy AI by addressing risks related to governance, fairness, reliability, security, privacy, and transparency.

Control Objectives

Preventive controls dominate in Govern, Map, and Manage, as these functions focus on policies, risk identification, and mitigation planning. Detective controls are concentrated in Measure and the monitoring aspects of Manage, focusing on ongoing assessments, audit trails, and reporting.

Risk Statements

AI-Specific Risk Libraries - What risks should be included in a risk library that addresses both common and AI-specific risks (for example, algorithmic bias, model drift, data integrity, cybersecurity threats)?