AI pillar · Module 5 of 6

AI governance: The rules are coming

Governments are scrambling to regulate AI. Companies are building governance programmes. This module helps you understand the landscape and what it means for your organisation.

← Back to AI Fundamentals Training

5.1 The regulatory landscape

The big moves you need to know about:

  • EU AI Act (2024). The most comprehensive AI law yet. Risk-based approach: minimal requirements for low-risk AI, strict rules for high-risk systems (hiring, healthcare, law enforcement), bans on certain uses (social scoring, real-time facial recognition in public). If you sell into the EU, this matters.
  • US approach. Sector-specific rather than comprehensive. Executive orders on AI safety, agency-specific guidance, state-level experiments (like California’s proposed rules). More fragmented but evolving fast.
  • China. Aggressive regulation of generative AI, algorithmic recommendations, and deepfakes. If you operate there, very different rules apply.
  • Everyone else. Many countries developing AI strategies. Often looking to the EU or US as models. The landscape is changing rapidly.

5.2 Governance frameworks

Standards and frameworks to guide AI governance:

International standards

  • ISO/IEC 42001: AI management system standard (think ISO 27001 for AI)
  • NIST AI RMF: Risk management framework from US standards body
  • IEEE standards: Various technical standards for AI systems

Organisational controls

  • AI ethics boards and review processes
  • Risk assessment for AI systems
  • Model documentation and transparency
  • Testing for bias and safety
  • Human oversight requirements
  • Incident response for AI failures

📋 What this means for you

Even if you’re not regulated yet, building AI governance now makes sense. It reduces risk, builds trust, and prepares you for regulations that are coming. Start with an inventory of your AI systems and assess their risks.

Free resources to go deeper