REGULATORY FRAMEWORKS

AI regulation is fragmented. The frameworks that decide compliance are not.

The 6 Pillars every AI-deploying organization needs to master, plus 14 supporting References covering standards, regulations and voluntary frameworks worldwide.

A single AI system deployed in the European market can trigger obligations under the EU AI Act, GDPR, ISO/IEC 42001, sectoral regulations (financial, medical, employment), and voluntary commitments like the EU AI Pact. In the US, add NIST AI RMF, state-level AI acts, and industry-specific FTC guidance.

The natural response is to treat each framework as a separate compliance stream. That is expensive, and it is wrong: 70% of the substantive obligations converge across frameworks, and the differences are in how you evidence them, not in what you have to do.

We organize the landscape into 6 Pillars — the frameworks whose obligations you cannot delegate to another — and References — the supporting standards and voluntary frameworks that shape how Pillars are interpreted.

FREQUENTLY ASKED QUESTIONS

Frequently asked questions

Do I need to comply with all 6 Pillars?

Not necessarily — jurisdictional and sectoral scope filters which apply to your organization. An EU-only SaaS company selling to enterprises is typically subject to 4 of the 6. A US medical device manufacturer selling globally is typically subject to all 6 plus 3-4 References. We scope this precisely in the readiness audit.

What is the difference between a Pillar and a Reference?

Pillars carry direct legal obligations you cannot delegate: fines, market access, contract enforceability. References are voluntary or interpretive frameworks (ISO/IEC standards, NIST guidance, industry codes) that shape how the Pillars are audited and enforced. Ignoring a Pillar means non-compliance. Ignoring a Reference usually means an audit finding.

How often does this list change?

The 6 Pillars are stable — they represent the core AI regulatory architecture. References evolve continuously as new standards are published and existing ones revised. We review the list quarterly and mark added or superseded entries explicitly.

ANAB-accredited · UKAS in process · ENAC in process · AIUC-1 European authorized auditor · EU AI Pact signatory

Regulation you understand is regulation you can turn into competitive advantage.

Not sure which framework applies to your organization? Talk to us.