Governance Landscape

AI Governance Frameworks Compared: NIST, ISO 42001, EU AI Act, and CoreGuard

Q: What does ISO/IEC 42001 certify?

ISO/IEC 42001 (published November 2023) is a management system standard for artificial intelligence — the AI equivalent of ISO 27001 for information security. Certification to ISO 42001 means an accredited third-party auditor has verified that your organization has established, implemented, maintained, and is continually improving an AI management system that meets the standard's requirements. The standard covers risk assessment, impact assessment, leadership accountability, and operational controls. It does not prescribe specific technical enforcement mechanisms — that design space is left to the organization.

Organizations deploying AI in regulated industries face a landscape of overlapping frameworks, standards, and regulations — NIST AI RMF, ISO/IEC 42001, the EU AI Act, OECD Principles, SR 11-7, and others — each with different scope, binding force, and enforcement mechanisms. Understanding what each framework covers, what it does not cover, and how they interact is the prerequisite for building an AI governance program that is both complete and auditable. This article provides a framework-by-framework analysis, a comprehensive comparison table across eight criteria, and a plain-language explanation of the enforcement gap that all of these frameworks share — and how a deterministic enforcement engine like CoreGuard fills it.

The Major AI Governance Frameworks

Four categories of governance instrument shape the AI compliance landscape: voluntary frameworks published by standards bodies and government agencies, certifiable management system standards, binding regulations with legal enforcement mechanisms, and sector-specific regulatory guidance from financial and healthcare regulators. Most organizations operating in regulated industries face obligations and expectations from all four categories simultaneously.

NIST AI Risk Management Framework (AI RMF 1.0)

NIST AI RMF 1.0 Voluntary

Published by the US National Institute of Standards and Technology in January 2023, the AI RMF is a flexible, non-prescriptive framework organized around four core functions: GOVERN, MAP, MEASURE, and MANAGE. GOVERN establishes accountability structures and policies. MAP identifies AI risks in context. MEASURE analyzes and assesses risks using qualitative and quantitative methods. MANAGE prioritizes and treats identified risks. The framework is accompanied by an extensive Playbook of suggested practices organized by subcategory.

The RMF is designed to be industry-agnostic and outcome-oriented: it describes the risk management activities an organization should perform without dictating exactly how to perform them. This flexibility is a feature for organizations building governance programs — it means the RMF maps onto almost any organizational structure and any AI use case. It is also the source of the RMF's primary limitation in regulated contexts: flexible frameworks cannot produce consistent, comparable compliance evidence across organizations.

Enforcement gap: NIST AI RMF defines risk management activities but does not specify how policy rules are enforced at the point of AI decision-making. An organization can be fully aligned with the RMF — having completed all GOVERN, MAP, MEASURE, and MANAGE activities — while still having no technical control that prevents a non-compliant AI output from reaching a user.

ISO/IEC 42001 — AI Management System Standard

ISO/IEC 42001:2023 Certifiable

Published in November 2023, ISO/IEC 42001 is the first internationally recognized management system standard for AI — the direct parallel to ISO 27001 for information security management. It specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS). Like all ISO management system standards, it follows the Annex SL structure: context of the organization, leadership, planning, support, operation, performance evaluation, and improvement.

ISO 42001 certification requires an accredited third-party audit of the management system, not just self-declaration. The standard addresses AI-specific requirements including AI policy, AI risk assessment and treatment, impact assessments, and controls for responsible AI development and use. Annex A provides a catalog of objectives and controls that certified organizations should consider, covering data quality, model documentation, and human oversight.

Enforcement gap: ISO 42001 is a management system standard, not a technical specification. It requires that organizations have a process for managing AI risks — but the design of the technical controls that implement those processes is within the organization's discretion. Two organizations can both be ISO 42001 certified while implementing their policy enforcement mechanisms in radically different ways, with radically different levels of rigor.

EU AI Act

EU AI Act (Regulation (EU) 2024/1689) Binding Law

The EU AI Act entered into force on August 1, 2024, and is the world's first comprehensive binding regulation specifically for artificial intelligence. It applies a risk-based tiered approach: systems posing unacceptable risk are prohibited, high-risk AI systems are subject to extensive requirements, and lower-risk systems face lighter transparency obligations. High-risk systems include AI used in credit scoring, employment decisions, education access, essential services, and critical infrastructure.

The requirements for high-risk AI systems are substantive: risk management systems, data governance measures, technical documentation, record-keeping, transparency, human oversight, accuracy and robustness requirements, and conformity assessments before market placement. Penalties for violations reach €35 million or 7% of global annual turnover. The Act applies to any organization placing high-risk AI systems on the EU market or into service, regardless of where the provider is located.

Enforcement gap: The EU AI Act specifies outcomes — "appropriate risk management measures," "automatically generated logs," "accuracy and robustness" — but does not prescribe technical implementations. Article 9 requires a risk management system that identifies and analyzes known and foreseeable risks, but the specific technical architecture of that system is not defined. Organizations must translate the Act's requirements into technical controls on their own.

OECD AI Principles

OECD AI Principles (2019, updated 2024) Voluntary / Soft Law

The OECD Principles on Artificial Intelligence, adopted in May 2019 and updated in 2024, are the foundational international reference for AI governance. They have been endorsed by over 40 countries and form the conceptual backbone of numerous national AI strategies and regulations. The five principles are: inclusive growth and sustainable development, human-centred values and fairness, transparency and explainability, robustness and security, and accountability. The OECD also maintains a monitoring framework for tracking AI incidents and policy developments across member countries.

Enforcement gap: The OECD Principles are aspirational statements, not compliance requirements. They describe values and high-level behaviors. They have no enforcement mechanism, no audit process, and no legal liability. Their primary value is as a common language for AI governance discussion across jurisdictions — they are not a substitute for binding requirements or technical controls.

Federal Reserve SR 11-7 (Model Risk Management)

SR 11-7 / OCC 2011-12 Regulatory Guidance

SR 11-7 is the Federal Reserve's supervisory guidance on model risk management, issued in 2011 and explicitly extended to AI/ML systems in subsequent guidance. It requires that models used in material bank decision-making be conceptually sound, validated before use, and subject to ongoing monitoring and reporting. The OCC's parallel guidance (OCC 2011-12) establishes identical expectations for national banks. While framed as guidance rather than binding regulation, SR 11-7 compliance is examined as part of bank safety and soundness examinations — material deficiencies result in regulatory findings with tangible consequences.

AI systems used for credit decisions, fraud detection, capital modeling, and stress testing are squarely within SR 11-7's scope. The guidance requires model developers to document their development process, data sources, assumptions, and limitations. It requires independent model validation — not just by the team that built the model. And it requires ongoing performance monitoring with defined thresholds for escalation and remediation.

Enforcement gap: SR 11-7 requires that model governance be documented, validated, and monitored — but "validated" under SR 11-7 means that a qualified independent party has reviewed the model's conceptual soundness and empirical performance. It does not require that the model's output be evaluated at runtime against a policy specification before it reaches users. A model can pass SR 11-7 validation and still produce non-compliant outputs in production.

The Enforcement Gap: What Every Framework Leaves Unaddressed

Each of these frameworks addresses a different aspect of AI risk management — organizational governance, risk assessment, documentation, validation, monitoring. What none of them specifies is a technical mechanism that evaluates every AI decision against a policy specification, in real time, before the output reaches a user or downstream system. This is the enforcement gap.

The governance stack without a runtime enforcement layer looks like this:

Policy Documentation Responsible AI policies, governance frameworks, compliance programs — present

Risk Assessment NIST AI RMF MAP/MEASURE activities, ISO 42001 risk assessment — present

Model Validation SR 11-7 independent validation, technical documentation — present

Runtime Policy Enforcement Deterministic evaluation of every decision against policy rules — MISSING in most deployments

Post-Hoc Audit Log review, compliance investigations, regulatory examinations — present but reactive

The consequence: Without runtime enforcement, policy violations are discovered after the fact — during audit, during regulatory examination, or after a customer complaint. By that point, the non-compliant output has already been delivered to users, the harm has already occurred, and the audit trail may be incomplete. Runtime enforcement catches violations before delivery. Post-hoc audit catches them afterward.

Comprehensive Framework Comparison

The following table compares eight major frameworks across eight criteria that matter most for organizations building technical AI governance programs.

Framework	Binding?	Enforcement Mechanism	Audit Requirements	Real-Time Enforcement	Decision Certificates	Bias / Fairness Rules	Penalty Regime	AI-Specific?
NIST AI RMF	No	Self-assessment; referenced in federal procurement	Internal; no third-party requirement	Not specified	Not specified	Addressed in Playbook; not prescriptive	None	Yes
ISO/IEC 42001	Optional certification	Third-party certification audit; surveillance audits	Internal audits required; third-party for certification	Not specified	Not specified	Annex A controls address fairness; not prescriptive	Loss of certification	Yes
EU AI Act	Yes (for high-risk)	National market surveillance authorities; notified bodies for conformity assessment	Technical documentation required; conformity assessment; post-market monitoring logs	Required via "automatically generated logs" — implementation not specified	Not specified	Required for high-risk; disparate impact addressed	Up to €35M or 7% global turnover	Yes
OECD AI Principles	No	None — aspirational soft law	None required	Not addressed	Not addressed	Fairness principle included; not prescriptive	None	Yes
SR 11-7 / OCC 2011-12	Regulatory guidance; effectively mandatory for banks	Safety and soundness examinations; MRAs / enforcement actions	Independent model validation; ongoing performance monitoring	Not specified	Not specified	Addressed in model performance monitoring; ECOA handled separately	MRAs, civil money penalties, consent orders	Partially — designed for traditional models
ECOA / Reg B	Yes	CFPB / bank regulatory examination; private right of action	Adverse action notice requirements; HMDA data reporting	Not specified — outcome-based	Not specified	Core purpose — disparate impact and disparate treatment	Civil money penalties; private class action; consent orders	No — applies to any lending decision method
HIPAA Security Rule	Yes	HHS Office for Civil Rights; state attorneys general	Required risk analysis; documented policies and procedures	Not AI-specific; access controls and audit logs required	Not specified	Not addressed	Up to $2M per violation category per year	No — designed for PHI handling broadly
CoreGuard	Enforces binding rules at runtime	Deterministic policy evaluation engine — every decision evaluated before delivery	HMAC-signed audit certificate per decision; 7-year retention; hash-chain integrity	Yes — sub-millisecond enforcement on every call	Yes — signed, tamper-evident, replay-capable	lending_v1 policy pack implements ECOA / Reg B disparate impact rules	Enforcement layer — enables compliance with all above	Yes — AI-specific runtime enforcement

How CoreGuard Fits into Each Framework as the Enforcement Layer

CoreGuard is not an alternative to the frameworks above. It is the technical control that makes those frameworks operational at the point of every AI decision. The relationship works as follows:

NIST AI RMF: CoreGuard implements the MANAGE function — specifically the risk treatment controls identified in MAP and MEASURE. Each CoreGuard policy rule is a documented, versioned technical control that maps to specific risk categories in your AI RMF profile. The signed audit record for every decision is the monitoring artifact that MANAGE subcategory MG-2.2 requires.
ISO/IEC 42001: CoreGuard is a technical control under ISO 42001 Annex A, specifically addressing objectives in the areas of AI system operation, impact assessment documentation, and data and AI systems management. The CoreGuard audit trail provides the objective evidence that ISO 42001 auditors examine to verify that operational controls are functioning. CoreGuard's policy versioning satisfies the change management requirements in Section 8.4.
EU AI Act: CoreGuard's "automatically generated logs" — one signed certificate per decision — directly satisfy the Article 12 record-keeping requirements for high-risk AI systems. The deterministic evaluation engine provides the technical basis for demonstrating "appropriate and targeted risk management measures" under Article 9. The policy set model enables the "continuous iterative process" the Act requires for risk management updates.
SR 11-7: CoreGuard's deterministic, version-controlled policy evaluation is independently testable — you can write regression tests with mathematically guaranteed results. This satisfies the SR 11-7 requirement for ongoing performance monitoring with documented, repeatable validation methodology. The immutable audit trail provides the monitoring data required for quarterly and annual model performance reviews.
ECOA / Reg B: The lending_v1 policy pack implements the specific disparate impact detection rules that ECOA and Reg B require for AI lending decisions — proxy variable detection, protected class inference blocking, and adverse action notice enforcement. Every blocked decision generates an audit certificate that documents which Reg B rule triggered the block, providing the evidence chain required for CFPB examination responses.

Choosing the Right Framework for Your Industry

Financial Services

Primary obligations: ECOA / Reg B, SR 11-7 / OCC 2011-12, FCRA. Relevant standards: NIST AI RMF. Recommended: Start with SR 11-7 model validation documentation, then implement ECOA-specific enforcement via lending_v1 or a custom policy pack.

Healthcare

Primary obligations: HIPAA, FDA SaMD framework for AI/ML. Relevant standards: ISO 42001. Recommended: ISO 42001 management system as the governance backbone; CoreGuard healthcare_v1 for runtime clinical decision support enforcement.

EU Market (Any Industry)

Primary obligations: EU AI Act, GDPR. Relevant standards: ISO 42001, NIST AI RMF. Recommended: ISO 42001 certification provides the management system evidence for EU AI Act conformity assessments. CoreGuard provides the technical controls and audit logs the Act requires.

Enterprise (General)

Primary obligations: Sector-specific regulations vary. Relevant standards: NIST AI RMF, ISO 42001. Recommended: NIST AI RMF for the governance program structure; CoreGuard enterprise_v1 as the baseline enforcement layer; custom policy sets for sector-specific rules.

The practical priority order: If you are in a regulated industry and must choose where to start, start with the binding requirements that carry penalty exposure — ECOA, HIPAA, the EU AI Act for EU operations. Build the enforcement controls for those requirements first. Then layer the voluntary frameworks (NIST AI RMF, ISO 42001) on top as the governance structure that connects your enforcement controls to your organizational policies and accountability structures.

Frequently Asked Questions

Is NIST AI RMF mandatory for US companies?

The NIST AI Risk Management Framework (AI RMF 1.0) is voluntary for US private sector organizations. However, it is increasingly referenced in federal procurement requirements and regulatory guidance — the FTC's AI enforcement posture, FDA's AI/ML software framework for medical devices, and financial regulators' model risk expectations all align with AI RMF principles. In practice, organizations in regulated industries should treat alignment with AI RMF as a baseline expectation in any regulatory examination, even though it is not a statutory mandate.

What does ISO/IEC 42001 certify?

ISO/IEC 42001 certifies that your organization has established, implemented, maintained, and is continually improving an AI management system meeting the standard's requirements. Certification requires an accredited third-party audit — not self-declaration. The standard covers risk assessment, impact assessment, leadership accountability, and operational controls. It does not prescribe specific technical enforcement mechanisms. CoreGuard can serve as one of the operational controls that your ISO 42001 management system governs.

When does the EU AI Act take full effect?

The EU AI Act entered into force on August 1, 2024, with a phased timeline. Prohibitions on unacceptable-risk AI systems apply from February 2025. GPAI model obligations apply from August 2025. High-risk AI systems under Annex I (safety components in regulated products) face full requirements from August 2026. High-risk AI systems under Annex III (including credit scoring, employment, and education) face full requirements from August 2027. Non-EU organizations serving EU users are within scope if their systems affect individuals in the EU.

What is the 'enforcement gap' in AI governance frameworks?

Every major AI governance framework — NIST AI RMF, ISO 42001, EU AI Act, OECD Principles — defines what responsible AI behavior looks like and what processes organizations should follow. None of them specifies a technical mechanism to enforce those policies at runtime, at the point of every AI decision, before outputs reach users. CoreGuard closes this gap by providing a deterministic policy evaluation engine that sits between the AI system and its output, evaluating every decision against versioned policy rules before delivery and generating a signed audit certificate for every evaluation.

See the Enforcement Layer in Action

CoreGuard translates your governance framework requirements into runtime policy enforcement. See ALLOWED, BLOCKED, and MODIFIED decisions with signed audit certificates — live, in your browser.

CoreGuard Overview Try the Demo