The AI Governance Library
25+ in-depth guides on the EU AI Act, NIST AI RMF, ISO 42001, HIPAA AI compliance, and more. Free reading for security, risk, legal, and clinical teams operating production AI under regulatory pressure.
Or jump to frameworks, high-risk use cases, or US state laws.
Regulation deep-dive
The world’s first comprehensive AI regulation. Master the requirements with our detailed guides — pillar guide, member-state implementation, and role-specific reading.
Risk classifications, compliance timelines, penalties, and implementation strategies.
READ →
Bundesnetzagentur oversight, KI-VO implementation, works council requirements.
READ →
CNIL coordination, sectoral regulators, French AI strategy alignment.
READ →
AESIA sandbox, early adopter status, regional considerations.
READ →
AgID coordination, Garante privacy integration, sectoral enforcement.
READ →
Autoriteit Persoonsgegevens role, algorithmic impact assessments.
READ →
EU institution proximity, federal structure, BIPT coordination.
READ →
IT outsourcing hub, cross-border compliance, UODO coordination.
READ →
Role-specific guides
Security requirements, Article 12 logging, cybersecurity integration, incident response.
READ →
Legal liability, contract requirements, due diligence, regulatory exposure.
READ →
Compliance program design, risk assessment, audit preparation, documentation.
READ →
Clinical AI governance, human oversight, diagnostic AI systems, ambient scribes.
READ →
Regional focus
The UK’s pro-innovation approach to AI governance, sector-specific oversight, and comparison with EU requirements.
Pro-innovation principles, sector regulators, AI Security Institute, upcoming legislation.
READ →
Regulatory divergence, dual compliance strategies, cross-border considerations.
READ →
MHRA AI-as-medical-device, CQC oversight, NHS AI Lab, clinical AI requirements.
READ →
FCA and PRA AI oversight, Consumer Duty, SM&CR accountability, model risk.
READ →
Regional focus
State-level AI regulation is expanding rapidly. Navigate the evolving patchwork of US AI laws.
Comprehensive survey of state-level AI regulation across the US, from Colorado to California and beyond.
READ →
AB 2013 training data transparency, employment AI rules, bot disclosure, political deepfakes.
READ →
NYC Local Law 144 hiring audits, RAISE Act frontier safety, LOADinG Act, NYDFS guidance.
READ →
Facial recognition regulation, My Health My Data Act, AI Task Force, pending HB 1168.
READ →
OCPA profiling opt-out, campaign deepfake disclosure, AG guidance, 2026 amendments.
READ →
SB 24-205, status of stay in xAI v. Weiser, replacement bill SB 26-189.
READ →
Automated Decision Tech regulations — what they cover and what they require.
READ →
Framework analysis
Understand how different AI governance frameworks align, overlap, and complement each other.
Control mapping, certification value, implementation synergies between the AI management standard and regulation.
READ →
US framework alignment with EU regulation, dual compliance for multinational organizations.
READ →
Healthcare AI compliance across jurisdictions, PHI handling with AI systems, dual compliance.
READ →
Complete framework guide — how to use it, who’s adopting it, how Glacis maps.
READ →
AI management system certification — controls, audit, evidence requirements.
READ →
Medical device oversight, PCCP, post-market surveillance, change control.
READ →
Model risk management for banks — effective challenge, validation, monitoring.
READ →
Risk classification
Detailed compliance guidance for specific AI applications classified as high-risk under the EU AI Act.
Clinical documentation AI, HIPAA intersection, consent requirements, Sharp lawsuit implications.
READ →
CDSS compliance, FDA oversight, medical device classification, clinical workflow integration.
READ →
Diagnostic AI systems, radiology AI, pathology AI, MDR compliance.
READ →
Creditworthiness assessment, ECOA/FCRA compliance, adverse action requirements, model validation.
READ →
Risk assessment AI, pricing algorithms, claims processing, actuarial model compliance.
READ →
Recruitment AI, resume screening, performance evaluation, worker monitoring compliance.
READ →
Facial recognition, emotion detection, biometric categorization, prohibited uses.
READ →
Transparency requirements, disclosure obligations, when chatbots become high-risk.
READ →
More reading
The healthcare AI landscape going into J.P. Morgan Healthcare 2026.
READ →
Why runtime attestation is replacing self-attested questionnaires for AI systems.
READ →
How runtime evidence reduces BAA scope and supports HIPAA security officer requirements.
READ →
Consent, retention, and runtime evidence for ambient clinical scribes.
READ →
OWASP LLM Top 10, prompt injection, tool misuse, exfiltration boundaries.
READ →
Direct, indirect, and tool-bound prompt injection — what works at runtime.
READ →
The questions to ask vendors about runtime controls, signed receipts, and evidence packs.
READ →
How to scope, score, and document AI risk — with evidence, not assertions.
READ →
Data lineage, training-data provenance, and runtime data-handling proofs.
READ →
Vendor AI in your stack — what to monitor, what to demand, how to attest.
READ →
Playbooks for AI-specific incidents — jailbreaks, exfiltration, hallucinations, drift.
READ →
Policy templates and governance frameworks for enterprise GenAI.
READ →
The library exists to give regulated AI teams a starting point. The Sprint exists to take you from reading to evidence pack in three weeks.
Or visit the blog →