AI Compliance Hub
AI compliance spans both horizontal regulations (privacy, security, AI-specific frameworks) and sector rules (healthcare, finance, transportation, energy, public sector).
Cross-Sector AI Regulations & Framework
These set overarching obligations or best practices for AI systems across industries.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| EU AI Act | EU | Risk tiers, obligations, conformity assessment | Primary horizontal AI law; high-risk requirements |
| NIST AI Risk Management Framework (AI RMF) | US (global use) | Voluntary framework for AI risk management | Foundational guidance for trustworthy AI programs |
| ISO/IEC 42001 (AI Management System) | Global | AI governance management system (AIMS) | Certifiable AI governance structure for enterprises |
| OECD AI Principles | OECD members | High-level principles for responsible AI | Policy baseline influencing national rules |
Data Protection & Privacy
Software tools help enterprises align AI systems with laws, standards, and internal governance frameworks.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| GDPR | EU/EEA | Personal data rights, lawful basis, DPIAs | Training data governance; automated decision provisions |
| CCPA/CPRA | California (US) | Consumer privacy, opt-out, data transparency | Dataset transparency and opt-out handling |
| LGPD / PIPEDA (examples) | Brazil / Canada | Comprehensive data protection regimes | Global datasets, cross-border processing controls |
Healthcare
Clinical AI must meet stringent safety, quality, and privacy requirements.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| HIPAA / HITECH | US | PHI privacy/security; breach rules | Medical AI data handling and safeguards |
| FDA SaMD (incl. AI/ML) | US | Software as a Medical Device pathways | AI diagnostic tools; change-control expectations |
| EU MDR / IVDR | EU | Medical/IVD device conformity | Clinical evaluation of AI-enabled devices |
Finance
Model risk and market integrity frameworks govern algorithmic decisions.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| SR 11-7 (Model Risk Management) | US (banking) | Model validation, governance | Covers ML models in credit, fraud, risk |
| SEC/FINRA Algo Trading Guidance | US | Market conduct, controls, surveillance | AI trading/monitoring obligations |
| EBA / ECB model governance | EU | Banking model oversight | Covers ML in credit scoring and AML |
Transportation (Vehicles, Drones, AV)
Safety, cybersecurity, and software updates are central to regulated autonomy.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| UNECE R155 / R156 | EU/UNECE | Vehicle cyber (CSMS) / software updates (SUMS) | Required for connected/automated vehicles |
| ISO 21434 | Global | Road-vehicle cybersecurity engineering | Threat modeling for AV/ADAS ML stacks |
| FAA Part 107 / EASA UAS rules | US / EU | Unmanned aircraft ops & certification | AI-assisted flight; BVLOS/automation constraints |
Energy & Utilities (OT/ICS)
Critical infrastructure guidance focuses on secure, reliable operation of industrial systems.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| NERC CIP | North America | Bulk electric system cybersecurity | AI-enabled grid ops and anomaly detection |
| IEC 62443 | Global | Industrial control system security | Securing AI in OT environments |
| ISO 55000 (Asset Mgmt) | Global | Lifecycle asset management | Predictive AI for critical assets |
Government & Public Sector
Procurement, cloud security, and ethics commitments are common anchors.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| NIST SP 800-53 / FedRAMP | US Federal | Security & cloud authorization baselines | Security controls for AI SaaS/PaaS |
| Government AI Principles | US/EU/UK (various) | Ethical use, transparency, accountability | Policy guardrails for agency AI use |
| Public Sector Procurement Rules | Regional | Vendor due diligence, bias testing | AI RFP criteria and audit readiness |
Employment & Automated Decision Systems
Hiring and workplace AI face fairness and transparency obligations.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| EEOC AI Hiring Guidance | US | Non-discrimination in employment decisions | Bias testing for hiring algorithms |
| NYC Local Law 144 (AEDT) | New York City | Bias audits & notices for hiring tools | Annual bias audits for automated assessments |
| EU AI Act (Employment High-Risk) | EU | High-risk hiring and worker management | Documentation, transparency, human oversight |
Content Integrity & Online Platforms
Rules emphasize transparency, safety, and provenance for AI-generated content.
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| EU Digital Services Act (DSA) | EU | Platform accountability, transparency | AI content labeling and risk mitigation |
| Watermarking / Provenance Standards | Global (industry) | Content authenticity signals | Identify AI-generated or modified media |
| Child/Consumer Protection (examples) | Various | Safety, deceptive practices controls | Guardrails for generative experiences |
Conformity Assessment & Supporting Standards
| Standard / Regulation | Jurisdiction | Scope | Relevance to AI |
|---|---|---|---|
| ISO/IEC 23894 (AI Risk Management) | Global | Processes for AI risk management | Complements NIST AI RMF; audit inputs |
| ISO/IEC 27001 / 27701 | Global | Information security / privacy extensions | Security & privacy baselines for AI systems |
| IEC 62304 / ISO 13485 (medical software/QMS) | Global | Software lifecycle / quality management | Applicable to regulated clinical AI |
Essential References
- EU AI Act – European Commission
- NIST AI Risk Management Framework
- ISO/IEC JTC 1 SC 42 – Artificial Intelligence Standards
- OECD AI Principles & Policy Observatory
- FTC AI Guidance – US Federal Trade Commission