# AI compliance — EU AI Act, ISO 42001 and NIST AI RMF | BoardX

> Board-level AI governance: AI system register, AI risk assessments, AI incident management, policy and controls, oversight dashboard and EU AI Act readiness.

Canonical URL: https://www.boardx.io/for-compliance/ai-compliance

## The governance gap

Most organisations are caught between two pressures: "go faster" — adopt AI quickly, get to value, beat competitors — and "slow down" — fragmented oversight, no clear policy, no incident process, no auditable record. BoardX closes that gap by giving boards, audit committees and second-line teams one shared system to authorise AI, watch it in production and prove governance to regulators.

## What's included

- **AI system register** — every internal and third-party AI system with owner, purpose, risk classification, training-data lineage and deployment scope.
- **AI risk assessments** — structured risk assessments per use case, mapped to ISO 42001 and NIST AI RMF.
- **AI incident management** — log, investigate and report AI incidents, including bias, hallucinations, unsafe outputs and operational failures.
- **Policy and controls** — board-approved AI policies with employee attestation; controls linked to evidence in the platform.
- **Oversight dashboard** — board-level view of AI inventory, risk posture, incidents and outstanding actions.
- **Regulatory compliance** — EU AI Act readiness, ISO 42001 alignment, NIST AI RMF mapping and audit-ready evidence trails.

## Why this matters now

- **EU AI Act** — providers and deployers of high-risk AI must maintain a risk-management system, technical documentation, post-market monitoring and incident reporting.
- **ISO 42001** — an AI management system standard increasingly demanded in tenders.
- **NIST AI RMF** — voluntary but referenced by US regulators and contracting bodies.
- **DORA and NIS 2** — bring AI inside ICT risk management for financial services and essential entities.

## How it connects to the rest of BoardX

AI risk feeds the [risk register](https://www.boardx.io/risk-management). AI incidents trigger workflows in [compliance management](https://www.boardx.io/compliance-management). The board sees AI oversight in the same workspace they use for board packs and committee meetings, not in a parallel tool.