AI Governance Frameworks
Overview
Multiple frameworks exist for governing AI risk. No single framework covers everything — most organizations need a composite approach.
Framework Comparison
| Framework | Scope | Mandatory? | Best For |
|---|---|---|---|
| NIST AI RMF | Comprehensive AI risk management | Voluntary (mandatory for US federal) | Enterprise risk programs |
| EU AI Act | Risk-based regulatory framework | Mandatory in EU (2024-2026 rollout) | Compliance for EU-facing orgs |
| ISO 42001 | AI management system standard | Voluntary (certification available) | Formal AIMS implementation |
| OWASP LLM Top 10 | Technical vulnerability taxonomy | Voluntary | Security engineering teams |
| MITRE ATLAS | Adversarial threat framework | Voluntary | Red teams, threat modeling |