AI Governance Frameworks
Plain-language summaries of the major international AI governance frameworks. Download one-page PDF guides for each framework to support your compliance and governance planning.
EU Artificial Intelligence Act
European Union
The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, establishing binding obligations for AI systems based on their risk level. It classifies AI systems into four risk tiers β unacceptable, high, limited, and minimal β and imposes requirements proportionate to the potential harm each tier poses to individuals and society.
ISO/IEC 42001
International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)
ISO/IEC 42001 is the international standard for AI Management Systems (AIMS), providing organisations with a structured framework to govern the responsible development, deployment, and use of AI. It follows the familiar ISO management system structure (Plan-Do-Check-Act) and is designed to be integrated with existing standards such as ISO 27001 and ISO 9001.
NIST AI Risk Management Framework
National Institute of Standards and Technology (NIST), United States
The NIST AI Risk Management Framework provides a voluntary, flexible framework to help organisations identify, assess, and manage risks associated with AI systems throughout their lifecycle. It is structured around four core functions β Govern, Map, Measure, and Manage β and emphasises trustworthiness characteristics including reliability, safety, security, explainability, fairness, and privacy.
OECD Principles on Artificial Intelligence
Organisation for Economic Co-operation and Development (OECD)
The OECD AI Principles are the first intergovernmental standard on AI, adopted by OECD member countries and endorsed by the G20. They establish five value-based principles for responsible AI and five recommendations for governments on AI policy. The principles focus on ensuring AI is beneficial, robust, safe, fair, and accountable throughout its lifecycle.
UNESCO Recommendation on the Ethics of AI
United Nations Educational, Scientific and Cultural Organization (UNESCO)
The UNESCO Recommendation on the Ethics of AI is the first global normative instrument on AI ethics, adopted by all 193 UNESCO member states. It provides a comprehensive ethical framework covering the full AI lifecycle and emphasises human rights, dignity, and the protection of vulnerable groups. It is notable for its explicit attention to environmental sustainability, gender equality, and the rights of indigenous peoples.
General Data Protection Regulation
European Union
The GDPR is the EU's comprehensive data protection law, establishing rights for individuals over their personal data and obligations for organisations that process it. For AI systems, GDPR is particularly relevant where automated decision-making, profiling, or processing of special category data (including biometric, health, and genetic data) is involved. Article 22 grants individuals the right not to be subject to solely automated decisions with significant effects.
UK AI Principles
UK Government / AI Safety Institute
The UK AI Principles establish a pro-innovation, context-specific approach to AI governance, assigning responsibility to existing sector regulators rather than creating a single AI regulator. Five cross-sector principles guide regulators and organisations: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. The UK AI Safety Institute additionally focuses on frontier AI safety evaluation.
These summaries are plain-language guides intended to support AI governance planning and do not constitute legal advice. They are not the official legal text of each framework. Before making compliance decisions, consult the original framework documents and qualified legal counsel.