Ch 12 — AI Governance & Compliance — Under the Hood

EU AI Act, NIST AI RMF, ISO 42001, model cards, AI BOM, audit pipelines
Index← High Level
Under the Hood
-
Click play or press Space to begin. Click any node for deep-dive details...
Step- / 10
AEU AI Act: Risk Classification & PenaltiesFour risk tiers, phased enforcement through Aug 2027
1
category
Risk TiersProhibited, High
Limited, Minimal
schedule
TimelineFeb 2025 → Aug 2027
phased rollout
2
gavel
PenaltiesUp to 7% global
annual revenue
3
arrow_downward NIST AI RMF & GenAI profile alignment
BNIST AI RMF 1.0 & AI 600-1Govern, Map, Measure, Manage — GenAI profile Jul 2024
account_balance
AI RMF 1.0Four functions
voluntary framework
4
description
AI 600-1GenAI profile
13 risks, 400+ actions
science
ARIA ProgramPublic evaluation
methodology
5
arrow_downward ISO 42001 certification & model cards
CISO 42001 & Model DocumentationAI management system, model cards, AI BOM
verified
ISO 42001AIMS certification
Dec 2023 standard
6
badge
Model CardsMitchell et al. 2019
standardized docs
inventory_2
AI BOMBill of materials
supply chain tracking
7
arrow_downward Automated compliance & audit pipelines
DAutomated Compliance & Audit PipelinesContinuous monitoring, evidence collection, drift detection
monitoring
Continuous AuditAutomated evidence
collection pipeline
8
trending_down
Drift DetectionModel & data drift
compliance triggers
9
arrow_downward Complete governance architecture
EGovernance ArchitectureEnd-to-end compliance program
groups
AI BoardCross-functional
governance body
10
layers
Governance StackFull compliance
program