The EU AI Act Meets NIST AI RMF: Unified AI Governance

Framework and white paper

Hi AI ethics enthusiasts,

I am thrilled to share my unified framework for AI governance!

The AI governance landscape can be overwhelming, with multiple standards and regulations to consider. That's why I've taken the two most comprehensive and influential standards - the EU AI Act and the NIST AI RMF - and combined them into a single, user-friendly framework. This is how it helps:

1. Simplified Compliance: By aligning with both EU and US standards, organizations can ensure they're meeting global best practices.

2. Comprehensive Coverage: The framework addresses all aspects of AI governance, from planning to deployment and monitoring.

3. Practical Application: The questionnaire format makes it easy for organizations to evaluate their AI systems or assess potential vendors.

This framework is based on my previous work, an accessible framework based on NIST AI RMF alone, pilots, and hackathons.

Today, I will walk you through the key points and why this matters for anyone involved in AI development, deployment, or procurement.

What's Included in the guide?

The guide includes the following:

1. An overview of both the EU AI Act and NIST AI RMF

2. A detailed questionnaire that maps each item to both standards

3. Guidance on how to use the framework for self-evaluation or vendor assessment

The Questionnaire

The questionnaire is composed of a list of statements. Each of these statements represents content from the NIST AI RMF, EU Act, or both, and they are all about the organization’s AI governance activities.

For example, one of the statements in the building stage is:

7.2 The org ensures this AI’s bias and fairness performance meet their standards

The statements are divided into nine topics, and the topics are organized into three stages of the development life-cycle: planning, building, and deploying.

Unifying the EU AI Act and NIST

The questionnaire unifies the NIST AI RMF and the EU AI Act through presenting a single list of statements for evaluation that represents content from both. You can see how in the three right-most columns:

• NIST - shows the relevant NIST items

• EU AI High Risk - shows the relevant articles that apply to High Risk systems

• EU AI Act GenAI - shows the relevant articles that relevant for GenAI: GPAI with or without systemic risk, and transparency obligations.

Getting Started

Download the full document and begin evaluating your AI governance practices. If you need additional support, we're offering individual consulting and workshops to help organizations make the most of this tool.