FRAMEWORKS LIBRARY

AI Governance Frameworks

Plain-language summaries of the major international AI governance frameworks. Download one-page PDF guides for each framework to support your compliance and governance planning.

7Frameworks Covered
2Legally Binding
3International Standards
2Voluntary Principles
πŸ‡ͺπŸ‡Ί
EU AI Act2024

EU Artificial Intelligence Act

European Union

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, establishing binding obligations for AI systems based on their risk level. It classifies AI systems into four risk tiers β€” unacceptable, high, limited, and minimal β€” and imposes requirements proportionate to the potential harm each tier poses to individuals and society.

Key Principles
Risk-based classification of AI systemsProhibition of unacceptable-risk AI (e.g. social scoring, real-time biometric surveillance in public)Mandatory conformity assessments for high-risk AITransparency obligations for limited-risk AI (e.g. chatbots)+2 more
πŸ›οΈ
ISO/IEC 420012023

ISO/IEC 42001

International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)

ISO/IEC 42001 is the international standard for AI Management Systems (AIMS), providing organisations with a structured framework to govern the responsible development, deployment, and use of AI. It follows the familiar ISO management system structure (Plan-Do-Check-Act) and is designed to be integrated with existing standards such as ISO 27001 and ISO 9001.

Key Principles
Accountability and governance for AI systemsRisk-based approach to AI managementTransparency and explainability of AI decisionsHuman oversight and control mechanisms+2 more
πŸ‡ΊπŸ‡Έ
NIST AI RMF2023

NIST AI Risk Management Framework

National Institute of Standards and Technology (NIST), United States

The NIST AI Risk Management Framework provides a voluntary, flexible framework to help organisations identify, assess, and manage risks associated with AI systems throughout their lifecycle. It is structured around four core functions β€” Govern, Map, Measure, and Manage β€” and emphasises trustworthiness characteristics including reliability, safety, security, explainability, fairness, and privacy.

Key Principles
Trustworthiness as the foundation of responsible AISociotechnical approach recognising AI risks extend beyond technical factorsIterative risk management across the full AI lifecycleAccountability and transparency at organisational and system levels+2 more
🌍
OECD AI Principles2019 (updated 2024)

OECD Principles on Artificial Intelligence

Organisation for Economic Co-operation and Development (OECD)

The OECD AI Principles are the first intergovernmental standard on AI, adopted by OECD member countries and endorsed by the G20. They establish five value-based principles for responsible AI and five recommendations for governments on AI policy. The principles focus on ensuring AI is beneficial, robust, safe, fair, and accountable throughout its lifecycle.

Key Principles
Inclusive growth, sustainable development, and well-beingHuman-centred values and fairnessTransparency and explainabilityRobustness, security, and safety+1 more
🌐
UNESCO AI Ethics2021

UNESCO Recommendation on the Ethics of AI

United Nations Educational, Scientific and Cultural Organization (UNESCO)

The UNESCO Recommendation on the Ethics of AI is the first global normative instrument on AI ethics, adopted by all 193 UNESCO member states. It provides a comprehensive ethical framework covering the full AI lifecycle and emphasises human rights, dignity, and the protection of vulnerable groups. It is notable for its explicit attention to environmental sustainability, gender equality, and the rights of indigenous peoples.

Key Principles
Human dignity and human rights as non-negotiable foundationsFairness and non-discriminationTransparency and explainabilitySafety and security+4 more
πŸ”’
GDPR2018

General Data Protection Regulation

European Union

The GDPR is the EU's comprehensive data protection law, establishing rights for individuals over their personal data and obligations for organisations that process it. For AI systems, GDPR is particularly relevant where automated decision-making, profiling, or processing of special category data (including biometric, health, and genetic data) is involved. Article 22 grants individuals the right not to be subject to solely automated decisions with significant effects.

Key Principles
Lawfulness, fairness, and transparency of processingPurpose limitation β€” data collected for specified, explicit purposesData minimisation β€” only collect what is necessaryAccuracy and data quality+3 more
πŸ‡¬πŸ‡§
UK AI Principles2023

UK AI Principles

UK Government / AI Safety Institute

The UK AI Principles establish a pro-innovation, context-specific approach to AI governance, assigning responsibility to existing sector regulators rather than creating a single AI regulator. Five cross-sector principles guide regulators and organisations: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. The UK AI Safety Institute additionally focuses on frontier AI safety evaluation.

Key Principles
Safety, security, and robustnessAppropriate transparency and explainabilityFairnessAccountability and governance+1 more
ℹ️

These summaries are plain-language guides intended to support AI governance planning and do not constitute legal advice. They are not the official legal text of each framework. Before making compliance decisions, consult the original framework documents and qualified legal counsel.