AI Governance & Regulation
Curated developments in AI governance, compliance, and regulation — filtered for relevance to practitioners navigating the emerging standards landscape.
The European Commission has confirmed the phased enforcement schedule for the EU AI Act. Providers of high-risk AI systems must demonstrate conformity assessments, maintain technical documentation, and implement human oversight measures from August 2026. General-purpose AI model obligations apply from mid-2025.
The National Institute of Standards and Technology has published an update to its AI Risk Management Framework, with new profiles specifically addressing generative AI systems. The update includes expanded guidance on transparency, data provenance, and third-party model risk — areas where organisations have consistently reported gaps.
Global certifications under ISO/IEC 42001, the international standard for AI management systems, have exceeded 500 organisations. Financial services and healthcare sectors lead adoption, driven by regulatory pressure and procurement requirements. The standard is increasingly being referenced in public sector tender criteria across the EU and UK.
The UK's AI Safety Institute has released its technical evaluation framework for frontier AI models, covering dangerous capability assessments, uplift potential, and autonomous behaviour. The framework will underpin mandatory evaluations for models above a defined compute threshold — a threshold expected to tighten with each annual review.
The G7 Hiroshima AI Process has moved from voluntary guidelines to a binding code of conduct for AI developers operating in member states. Key obligations include incident reporting, red-team testing before deployment, and public transparency reports. The code is expected to influence procurement criteria for government contracts across G7 nations.
The US Securities and Exchange Commission has finalised rules requiring listed companies to disclose material risks arising from AI use, including model failures, data integrity issues, and over-reliance on third-party AI providers. Disclosures are required in annual reports from Q1 2027, giving compliance teams a narrow window to assess and document exposure.