The framework currently maps controls to NIST GenAI Risk Domains. We should also provide mappings to EU AI Act risk categories to support organisations operating in or selling to the EU.
Scope
- Map each control to relevant EU AI Act articles
- Identify which controls are mandatory vs. recommended for each risk category (Unacceptable, High, Limited, Minimal)
- Note any gaps where the framework does not cover EU AI Act requirements
Context
The EU AI Act entered into force in 2024 with phased compliance deadlines through 2027. Many enterprises need to demonstrate alignment now.
The framework currently maps controls to NIST GenAI Risk Domains. We should also provide mappings to EU AI Act risk categories to support organisations operating in or selling to the EU.
Scope
Context
The EU AI Act entered into force in 2024 with phased compliance deadlines through 2027. Many enterprises need to demonstrate alignment now.