Topic

EU AI Act

The EU AI Act is the world's first comprehensive AI law. Adopted in 2024 and entering into effect in phases through 2027, it establishes binding requirements for AI systems deployed in the EU and for organizations outside Europe that serve EU residents.

Prohibited practices were banned as of February 2025. High-risk AI systems face conformity assessments, technical documentation, and human oversight requirements. General-purpose AI models face transparency and capability evaluation obligations still being finalized through delegated acts.

For compliance teams: determine whether your systems fall into high-risk categories, assess your GPAI providers' compliance, and begin building the documentation infrastructure the Act requires. This hub tracks enforcement guidance, implementing regulations, and the official interpretations that shape how the Act applies in practice.

20 items

ResearchUK2026-06-11

Holistic AI's Enterprise Governance Blueprint Maps Red Teaming and Human Oversight to NIST AI RMF and EU AI Act Requirements

TechUK has published a case study detailing how Holistic AI's governance platform operationalizes enterprise AI risk management by combining benchmarking, red teaming, fine tuning, human oversight, and assurance mapping to frameworks including the NIST AI RMF and the EU AI Act. The study provides a reference implementation for compliance teams building model evaluation gates, continuous monitoring programs, and multi-framework regulatory readiness processes. It is positioned as a practitioner blueprint for enterprises deploying or scaling large language models.

red-teaming LLM-risk NIST-AI-RMF EU-AI-Act model-evaluation

StandardsGlobal2026-05-30

EU AI Act High-Risk Obligations Enforceable by August 2026, with Global Fragmentation Compounding Compliance Burden

A report from the British Institute of International and Comparative Law documents accelerating fragmentation in AI governance across the EU, US, and Asia-Pacific, and identifies 2 August 2026 as the date the EU AI Act's most consequential high-risk AI obligations become enforceable. The report highlights specific enterprise requirements including conformity assessments, quality management systems, fundamental rights impact assessments, human oversight controls, and data retention obligations.

EU AI Act EU United States Asia-Pacific regulatory fragmentation high-risk AI conformity assessment human oversight fundamental rights impact assessment compliance

ResearchGlobal2026-05-11

12 Companies Published Frontier AI Safety Frameworks in 2025, International AI Safety Report Finds

The International AI Safety Report released its 2026 Report: Extended Summary for Policymakers on May 9, 2026, documenting that 12 companies published or updated Frontier AI Safety Frameworks in 2025 describing their risk management plans for building advanced AI systems. The report is tailored specifically for policymakers and provides an authoritative cross-jurisdictional overview of how leading AI developers are approaching frontier safety. It represents the most current international benchmark for assessing voluntary industry commitments on advanced AI risk management.

frontier AI safety frameworks risk management transparency international governance policymaker guidance voluntary commitments model evaluation EU United States

ResearchGlobal2026-05-10

Nine Strategies for Responsible AI Implementation Outlined in WEF AI Governance Alliance Playbook

The World Economic Forum AI Governance Alliance released a research-backed playbook outlining nine actionable strategies for implementing responsible AI across internal operations and broader ecosystem partnerships. The guidance addresses diverging national regulatory paths and the practical challenge of translating AI principles into operational compliance programs. It is intended for organizations seeking concrete methods to manage cross-border compliance obligations and build trust with stakeholders.

World Economic Forum responsible AI AI governance cross-border compliance risk management transparency accountability EU AI Act United States EU

ResearchISO/OECD/UN2026-05-10

Proactive, Adaptive AI Governance Frameworks Needed Globally, ITU Report Finds

The International Telecommunication Union (ITU) has released 'The Annual AI Governance Report 2025: Steering the Future of AI,' contributing to global discourse on how nations and institutions should structure AI oversight. The report emphasizes the need for proactive, inclusive, and adaptive governance approaches to address the rapid evolution and cross-border impact of AI systems. It is directed at policymakers, standards bodies, and international stakeholders seeking to align national and regional frameworks with global principles.

ITU international governance adaptive frameworks global coordination standards bodies cross-border compliance risk management transparency accountability EU AI Act

ResearchGlobal2026-05-10

EU-US AI governance gap set to widen through 2027, with enforcement surge expected, per BISI

The British Institute for Strategic Innovation has published 'Global Fragmentation of AI Governance and Regulation,' a high-significance analysis identifying fundamental incompatibilities between the EU AI Act's high-risk provisions and the US deregulatory approach. The report predicts the EU-US governance gap will widen through 2027, with first significant enforcement actions expected in employment and financial services. It also projects intensifying regulatory arbitrage and consolidation pressure on smaller AI providers.

EU AI Act EU United States regulatory divergence enforcement risk management financial services hiring cross-border compliance market consolidation

ResearchGlobal2026-05-06

AI Governance Requires Integrated Privacy, Cybersecurity, and Legal Functions, ISACA Article Argues

ISACA published "Collaboration and the New Triad of AI Governance," an industry article arguing that effective AI governance requires the formal integration of privacy, cybersecurity, and legal functions across the full AI life cycle. The article references the EU AI Act, the NIST AI Risk Management Framework, and recent U.S. executive orders as converging frameworks that make siloed governance approaches inadequate. It calls on organizations to establish cross-functional accountability structures to address overlapping AI risks.

AI governance EU AI Act NIST AI RMF United States EU risk management accountability cybersecurity privacy Executive Order 14110

ResearchGlobal2026-05-04

Three Pillars, Data Sourcing to Human Oversight, Define Enterprise AI Governance for 2026

The Data Governance Playbook, a practitioner-focused publication, has released analysis identifying three core pillars for enterprise AI governance programs in 2026: data sourcing requirements, documentation practices, and human-oversight checkpoints. The guidance is aimed at organizations working to operationalize AI governance amid growing implementation complexity across global regulatory environments. For compliance teams, the framework offers a structured approach to model risk management and auditability that can be mapped against existing regulatory obligations such as the EU AI Act and emerging U.S. state-level requirements. The emphasis on human-oversight checkpoints is directly relevant to organizations subject to high-risk AI provisions under multiple jurisdictions, where demonstrable human review of automated decisions is increasingly a formal compliance requirement. Documentation practices outlined in the analysis align with audit trail expectations appearing across frameworks from ISO 42001 to sector-specific guidance in financial services and healthcare. Compliance teams building or maturing AI governance programs may use this analysis as a practical reference for gap assessments against 2026 regulatory deadlines.

EU AI Act ISO 42001 United States risk management human oversight transparency auditing accountability financial services healthcare

Corporate PolicyGlobal2026-05-04

Claude Opus 4.7 ships with reduced cyber capabilities and new safety evaluations, Anthropic confirms

Anthropic has released Claude Opus 4.7, a general-availability model focused on advanced software engineering tasks including complex long-running workflows, precise instruction following, and self-verification. The release includes documented safety evaluations and a deliberate reduction in cyber capabilities compared to the earlier Mythos Preview model, with Anthropic stating those safeguards were tested on less capable models before deployment. Anthropic has publicly disclosed these capability constraints as part of its corporate safety policy, specifically targeting high-risk application areas such as cybersecurity. For enterprise compliance teams, the release is notable because it demonstrates a voluntary, documented model-level risk mitigation practice that aligns with emerging expectations under frameworks such as the EU AI Act and NIST AI RMF for transparency and pre-deployment safety assessment. Organizations deploying Claude Opus 4.7 in security-sensitive or software development contexts should review Anthropic's published safety evaluations to support their own internal risk documentation and vendor due diligence obligations.

Anthropic Claude EU AI Act NIST AI RMF cybersecurity model evaluation transparency risk management software engineering pre-deployment safety

ResearchGlobal2026-05-01

AI Governance Rules Are Forming Outside Transparent Processes, IAPP Warns

The International Association of Privacy Professionals (IAPP) published an op-ed on April 28, 2026, identifying three recent non-legislative events that are materially shaping global AI governance without transparent deliberation or meaningful input from affected governments and populations. The piece argues that geopolitical pressures and procurement decisions are driving de facto AI rules in ways that bypass formal regulatory channels, creating accountability gaps that compliance teams may not be tracking. The IAPP urges privacy and governance professionals to engage civil society organizations, secure sustainable funding for oversight initiatives, and build direct partnerships with regulators to fill these gaps. For enterprise compliance teams, the analysis flags a systemic risk: material AI governance obligations may emerge from informal or opaque processes rather than published legislation or regulation, making standard regulatory monitoring insufficient. Organizations operating across multiple jurisdictions should audit their governance tracking practices to account for non-legislative standard-setting activity. The finding is particularly relevant for teams assessing AI deployment risk in markets where procurement frameworks or bilateral agreements may function as de facto regulatory instruments.

IAPP United States EU accountability transparency procurement risk management informal standard-setting regulatory gaps compliance monitoring

Weekly RecapGlobal2026-04-25

AI Governance Weekly - April 25, 2026

US federal preemption accelerates, EU AI Act timelines soften, and voluntary corporate restraint fills the governance void. Plus new directory entries and this week's news.

weekly recap US EU EU AI Act federal preemption voluntary commitments enterprise compliance regulatory trends governance

ResearchUS2026-04-25

US AI Action Plan Shifts Governance Burden to Private Sector, Harvard Ethics Center Analysis Finds

The Harvard Ethics Center has published a high-significance analysis of America's AI Action Plan, concluding that the policy represents a deliberate shift toward deregulation that transfers primary responsibility for AI ethics and governance from federal regulators to private organizations. The analysis introduces a Boundaries of Tolerance Framework, a structured tool designed to help businesses identify and define acceptable levels of AI-related risk within their own operations. For enterprise compliance teams, the practical implication is that voluntary internal governance frameworks are likely to carry greater operational weight in the US market in the absence of binding federal mandates. Organizations operating across jurisdictions will need to reconcile this deregulatory US posture with more prescriptive regimes such as the EU AI Act, creating a more complex multi-framework compliance environment. Compliance and risk professionals should treat the Boundaries of Tolerance Framework as a reference methodology for internal AI risk assessments, particularly when external regulatory requirements remain limited.

United States EU AI Act EU risk management deregulation AI governance corporate responsibility compliance multi-jurisdiction transparency

ResearchGlobal2026-04-25

Multi-Jurisdictional AI Governance Gaps Threaten Enterprise Compliance, arXiv Study Finds

A research preprint published on arXiv analyzes overlapping and conflicting regulatory requirements across multiple jurisdictions in AI governance, identifying critical implementation gaps organizations encounter when translating legal obligations into operational practice. The study covers frameworks spanning regions including the United States, European Union, and Asia-Pacific, cataloging where requirements converge and where they create conflicting compliance burdens. The research does not carry binding legal force but offers practitioners a structured comparison of control requirements across major regulatory regimes. For enterprise compliance teams operating across borders, the analysis highlights the practical challenge of designing unified AI governance programs that satisfy divergent local mandates simultaneously. Organizations managing AI systems under frameworks such as the EU AI Act, NIST AI RMF, and various state-level or national regulations may find the gap analysis useful for prioritizing remediation efforts and assessing where existing controls fall short.

EU AI Act NIST AI RMF EU United States Asia-Pacific multi-jurisdictional compliance AI governance regulatory gap analysis risk management enterprise compliance

ResearchGlobal2026-04-22

AI Governance Rules Mapped Across Jurisdictions: Cyber Breaches Due in 5 Days, per arXiv Study

A December 2025 arXiv research paper by academic authors provides a structured overview of AI governance regulations across multiple jurisdictions, synthesizing binding requirements that signatories and regulated entities face under existing frameworks. The paper identifies specific mandatory incident reporting timelines: cybersecurity breaches must be reported within 5 days, operational disruptions within 2 days, and harms to health or the environment within 15 days. It also outlines requirements for risk management frameworks spanning the full AI model lifecycle, including policies, procedures, and methodologies for identifying and mitigating systemic risks. Although the paper is not itself a binding instrument, it serves as a practical reference for compliance teams seeking a consolidated view of obligations that span safety, security, and operational resilience. Enterprise teams operating across jurisdictions will find the incident reporting timelines particularly relevant as they align internal escalation protocols with divergent regulatory deadlines.

EU AI Act incident reporting risk management transparency accountability global compliance safety framework EU United States auditing

ResearchGlobal2026-04-19

Global AI Governance Needs Adaptive, Inclusive Frameworks, ITU Report 2025 Concludes

The International Telecommunication Union (ITU) published its Annual AI Governance Report 2025 on December 15, 2025, outlining principles and guidance for steering AI development responsibly at a global level. The report advocates for governance frameworks that are proactive, inclusive, and adaptive to the rapid pace of AI evolution and its cross-border impacts. While the report does not impose binding obligations, ITU publications carry weight as reference standards for national regulators, international bodies, and multinational enterprises shaping their compliance postures. For enterprise compliance teams operating across multiple jurisdictions, the report provides a consolidated view of emerging governance expectations that may inform future regulatory developments in markets where ITU guidance shapes policy. Compliance professionals should review the report's framework recommendations alongside existing regional instruments such as the EU AI Act and OECD AI Principles to identify alignment gaps or emerging obligations in their governance programs.

ITU global governance AI policy regulatory frameworks international standards compliance strategy EU AI Act OECD AI Principles risk management transparency

ResearchGlobal2026-04-19

Over 1,000 AI Policy Initiatives Tracked Across 69 Countries, Mind Foundry 2026 Update Finds

Research firm Mind Foundry published its 2026 update to its global AI regulations tracker on January 15, 2026, cataloguing more than 1,000 AI policy initiatives spanning 69 countries. The report highlights key inflection points including the revocation of US Executive Order 14110 in 2025, the evolution of the UK AI Safety Institute into the AI Security Institute following the Bletchley Summit, and China's AI Safety Governance Framework introducing mandatory watermarking requirements for AI-generated content. For enterprise compliance teams managing multi-jurisdictional AI programs, the tracker underscores the accelerating pace of regulatory divergence, particularly between the US federal posture of deregulation and more prescriptive frameworks emerging in the EU, UK, and China. Compliance professionals should note that the underlying instruments referenced in the report, including China's watermarking rules and the UK's institutional restructuring, carry direct operational obligations distinct from the tracker itself.

EU AI Act Executive Order 14110 United States EU UK China risk management transparency multi-jurisdictional compliance AI watermarking

ResearchUS2026-04-19

82% of Top 100 GenAI SaaS Tools Rated Medium to Critical Risk as Employees Routinely Enter Sensitive Data, Cyberhaven Labs Finds

Cyberhaven Labs released its 2026 AI Adoption and Risk Report on February 5, 2026, drawing on analysis of billions of real-world data movements across generative AI SaaS platforms, endpoint AI applications, and AI agents used in enterprise environments. The report finds that 82% of the top 100 GenAI SaaS tools are classified as medium to critical risk, and that employees are entering sensitive data into AI tools on average once every three days. A significant shadow IT dimension is documented: 32.3% of ChatGPT usage and 24.9% of Gemini usage occurs through personal accounts rather than corporate-managed accounts, placing that activity outside enterprise data governance controls. For compliance teams, the findings underscore a structural gap between the pace of AI adoption and the maturity of data loss prevention, acceptable use policies, and third-party risk management programs. Organizations lacking visibility into AI tool usage at the endpoint level may face exposure under data protection obligations in multiple jurisdictions, including the EU AI Act, various US state privacy laws, and sector-specific regulations governing sensitive data handling.

Cyberhaven ChatGPT Gemini OpenAI Google EU AI Act EU United States shadow IT data governance data loss prevention third-party risk management transparency enterprise AI risk

ResearchGlobal2026-04-19

General-Purpose AI Capabilities and Risks Assessed in 2026 International AI Safety Report

The International AI Safety Report 2026, published on April 10, 2026, provides a comprehensive global assessment of the capabilities, risks, and risk management strategies associated with general-purpose AI systems. The report is produced under the International AI Safety Report initiative, which draws on contributions from researchers and experts across multiple jurisdictions. It evaluates current AI system abilities alongside potential dangers, offering analysis intended to inform policymakers, standards bodies, and organizations deploying advanced AI. For enterprise compliance teams, the report serves as a significant reference document for understanding how general-purpose AI risks are being characterized at an international level, which can inform internal risk assessments, model governance frameworks, and board-level reporting. Organizations operating under the EU AI Act, which imposes specific obligations on general-purpose AI models, will find particular relevance in the report's framing of systemic and safety risks.

AI safety risk assessment general-purpose AI international governance model risk EU AI Act transparency risk management model evaluation EU

ResearchGlobal2026-04-19

AI Incidents Rising and Responsible AI Evals Still Rare Among Major Developers, Stanford HAI 2025 Index Finds

Stanford University's Human-Centered Artificial Intelligence institute published its 2025 AI Index Report on April 1, 2025, providing a global analysis of AI research, development, and governance trends. The report documents an increase in AI-related incidents and finds that standardized responsible AI evaluations remain rare among major industrial model developers, identifying a gap between organizational recognition of RAI risks and concrete action. New safety and factuality benchmarks including HELM Safety, AIR-Bench, and FACTS are highlighted as emerging tools for assessing model behavior, though adoption is limited. Governments across multiple jurisdictions accelerated regulatory output during the period covered, with frameworks from the OECD, EU, and United Nations emphasizing transparency and trustworthiness requirements. For enterprise compliance teams, the report reinforces pressure to formalize RAI evaluation processes and signals that regulators are moving from principle-setting toward enforceable standards. Organizations that have not yet aligned internal AI governance practices with emerging benchmarks and government frameworks face increasing exposure as scrutiny from regulators and auditors intensifies.

Stanford HAI responsible AI RAI evaluation AI incidents benchmarking model evaluation transparency EU AI Act OECD global governance

ResearchGlobal2026-04-19

Risk Assessment and Safety Infrastructure Top Enterprise AI Priorities, UN-Backed 2025 Report Finds

The Annual AI Governance Report 2025, produced with input from AI Governance Dialogue stakeholders including the United Nations, analyzes seven key themes shaping the global regulatory environment: autonomous agent deployment, verification systems, socioeconomic transformation, international coordination, technical standards, infrastructure requirements, and risk management. The report highlights institutionalized risk evaluation practices and shared safety infrastructure through national AI Safety Institutes as defining features of the current governance landscape. For enterprise compliance teams, the findings signal that structured risk assessment processes are increasingly expected as a baseline across jurisdictions, not merely a best practice. The emphasis on verification systems and technical standards also points toward growing pressure on organizations to demonstrate conformity through auditable mechanisms. The report does not carry binding authority but reflects emerging consensus positions among multi-stakeholder governance bodies that tend to inform regulatory design. Compliance teams operating across multiple jurisdictions should treat the report's thematic analysis as indicative of near-term regulatory direction.

risk management AI safety institutes verification systems technical standards auditing transparency accountability international coordination United Nations EU AI Act