← All posts

Compliance & Regulation

143 posts on compliance & regulation.

EU AI Act Article 13: The Transparency Mandate for High-Risk Systems

Article 13 of the EU AI Act requires providers of high-risk AI systems to design them so deployers can interpret outputs, understand limitations, and exercise human oversight. The mandate takes effect August 2, 2026. Generic model cards fail the test.

eu-ai-actai-governancecompliancetransparencyai-securityregulation
Read post →

EU AI Act Annex III: The Eight Categories That Define High-Risk AI

Annex III of the EU AI Act lists the eight categories of AI systems classified as high-risk. Inclusion in Annex III triggers the full obligations of Articles 8 to 27 from August 2, 2026. Most enterprise teams are inside the scope without realizing it.

eu-ai-actai-governancecompliancehigh-riskclassificationregulation
Read post →

AI Model Governance: Controls That Operate on the Request Path

AI model governance fails when it sits at the model registry layer alone. Model cards and versioning catalog the asset. Per-request enforcement governs how the model is actually used. Article walks through the runtime layer most model governance programs leave out.

ai-governanceai-complianceauditeu-ai-actarchitecturecompliance
Read post →

AI Governance Training: What to Teach Which Role Inside the Enterprise

AI governance training fails when it gets delivered as a single all-hands course. Each role inside the enterprise needs different content. Article walks through the role-specific training tracks the regulators and auditors expect, and where the curriculum meets the runtime evidence requirement.

ai-governanceai-compliancecomplianceeu-ai-actauditshadow-ai
Read post →

AI Governance Stakeholders: Who Owns What Inside the Enterprise

AI governance fails when no single role owns the per-decision audit trail. The CISO, CRO, General Counsel, CTO, and platform engineering each hold a slice. Article walks through the seven stakeholder roles, what each owns, and where the handoffs break in practice.

ai-governanceai-compliancecomplianceeu-ai-actregulationaudit
Read post →

AI Governance Software: What to Look For Beyond the Policy Builder

AI governance software splits into policy-building, inventory, and runtime enforcement. Most products in the category cover policy and inventory and leave runtime evidence to whatever the engineering team builds. Article walks through the architectural layers and what to ask vendors before signing.

ai-governanceai-complianceai-securitycomplianceeu-ai-actpolicy-enforcement
Read post →

AI Governance Policy: What a Policy Has to Specify to Be Enforceable

Most AI governance policies are written for the auditor but cannot be evaluated at the request layer. A policy that lacks classification rules, identity definitions, and enforcement decision points is prose, not control. Article walks through what the policy has to specify to be enforceable.

ai-governanceai-compliancepolicy-enforcementeu-ai-actcomplianceaudit
Read post →

AI Governance Auditing: What an Auditor Actually Asks For

AI governance audits turn on per-decision evidence. The auditor asks who initiated each request, what data was involved, what policy applied, and what the outcome was. Application logs collapse under those questions. Article walks through what an audit actually examines and the architecture that survives it.

ai-governanceauditcomplianceeu-ai-actai-securityregulation
Read post →

AI Ethics and Governance: Where Principles Meet Per-Decision Records

AI ethics committees set principles. AI governance translates those principles into per-decision enforcement and audit records. Article walks through the seam between the two functions and what each one has to produce so a regulator can trace a principle to the decisions made under it.

ai-governanceai-complianceauditcomplianceeu-ai-actregulation
Read post →

AI Data Governance: Classifying What Enters and Leaves the Prompt

AI data governance fails when the classification engine runs on documents and not on prompts. The data lake is sorted, the AI request path is not. Article walks through the prompt-level classification, lineage, and disclosure architecture that satisfies the regulators asking new questions about model inputs.

ai-governanceai-compliancecomplianceeu-ai-actshadow-aiai-security
Read post →

AI Compliance Certification: What Customers Now Ask For in Procurement

AI compliance certification has shifted from a nice-to-have to a procurement gate. Customers ask vendors for ISO 42001 or NIST AI RMF alignment, SOC 2 with AI extensions, and per-decision audit evidence. Article walks through what to prepare, in what order, and where each certification meets the runtime evidence requirement.

ai-complianceai-governancecomplianceiso-42001auditregulation
Read post →