AI Governance Glossary

Plain-language explainers for the frameworks and concepts behind AI governance.

• What is the EU AI Act?

  The EU AI Act is the European Union's regulation governing artificial intelligence. It classifies AI systems by risk — unacceptable, high, limited and minimal — and imposes binding obligations, with the strictest requirements on high-risk systems. It applies to providers and deployers placing AI on the EU market, regardless of where they are based.

• ISO/IEC 42001 explained

  ISO/IEC 42001 is the international standard for an Artificial Intelligence Management System (AIMS). Published in 2023, it gives organizations a certifiable framework to govern AI responsibly — covering risk assessment, controls, roles, and continual improvement — much like ISO 27001 does for information security.

• What is the NIST AI Risk Management Framework?

  The NIST AI Risk Management Framework (AI RMF) is a voluntary US framework for managing risks in AI systems. Released in 2023, it is organized around four functions — Govern, Map, Measure and Manage — that help organizations build trustworthy AI throughout its lifecycle.

• EU AI Act vs ISO/IEC 42001 vs NIST AI RMF: what's the difference?

  The EU AI Act is binding law that regulates AI by risk tier. ISO/IEC 42001 is a certifiable management-system standard for governing AI. The NIST AI RMF is a voluntary US framework for managing AI risk. The Act sets what you must do; ISO 42001 and NIST AI RMF help you build the processes to do it.

• AI risk classification tiers under the EU AI Act

  Under the EU AI Act, AI systems fall into four risk tiers: unacceptable risk (banned), high risk (heavily regulated), limited risk (transparency obligations) and minimal risk (no specific obligations). The tier determines which legal requirements apply to a given system.

• What is an AI governance gap analysis?

  An AI governance gap analysis is a structured assessment that compares your current AI practices against the requirements of frameworks like the EU AI Act, ISO/IEC 42001 and the NIST AI RMF. It identifies where you fall short, quantifies the gaps, and produces a prioritized roadmap to close them.