{
  "source": "AI Risk Atlas",
  "url": "https://airiskatlas.com",
  "license": "CC BY 4.0: quote or reuse with attribution to AI Risk Atlas.",
  "updated": "2026-06-26",
  "standards": [
    {
      "id": "iso-42001",
      "name": "ISO/IEC 42001",
      "fullName": "AI Management System (AIMS) Standard",
      "kind": "standard",
      "jurisdiction": "global",
      "maintainer": "ISO/IEC",
      "status": "published",
      "published": "2023-12",
      "sourceUrl": "https://www.iso.org/standard/42001",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "The first certifiable international AI governance standard. Specifies a management system for governing AI across its lifecycle. On a trajectory to become the SOC-2 of AI; certified organizations include IBM, Anthropic, Microsoft, KPMG, and Changi Airport. Accreditation scheme is ISO/IEC 42006:2025."
    },
    {
      "id": "nist-ai-rmf",
      "name": "NIST AI RMF",
      "fullName": "AI Risk Management Framework",
      "kind": "framework",
      "jurisdiction": "us",
      "maintainer": "NIST (US Department of Commerce)",
      "status": "active",
      "published": "2023-01",
      "sourceUrl": "https://www.nist.gov/itl/ai-risk-management-framework",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "The dominant voluntary framework in the United States and the shared vocabulary for AI risk. A Generative AI Profile was added in July 2024. Increasingly referenced in federal procurement and state-level rulemaking."
    },
    {
      "id": "eu-ai-act",
      "name": "EU AI Act",
      "fullName": "EU Artificial Intelligence Act",
      "kind": "regulation",
      "jurisdiction": "eu",
      "maintainer": "European Union",
      "status": "in force, key deadlines deferred (pending Official Journal publication)",
      "published": "2024-08",
      "sourceUrl": "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "The first binding, horizontal AI regulation. In force since August 2024; prohibited practices and AI literacy from February 2025; GPAI obligations from August 2025. The 2025 to 2026 Digital Omnibus deferred the major deadlines (agreed by Parliament 16 June 2026, awaiting Official Journal publication): Article 50 transparency to 2 December 2026, high-risk Annex III systems to 2 December 2027, and high-risk AI in regulated products to 2 August 2028."
    },
    {
      "id": "eu-ai-liability-directive",
      "name": "EU AI Liability Directive",
      "fullName": "EU AI Liability Directive (withdrawn)",
      "kind": "regulation",
      "jurisdiction": "eu",
      "maintainer": "European Commission",
      "status": "withdrawn",
      "published": "2025-10",
      "sourceUrl": "https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-ai-liability-directive",
      "summary": "A proposed directive that would have introduced a rebuttable presumption of causation for harm caused by high-risk AI, easing the burden of proof for claimants. The Commission withdrew the proposal (Official Journal notice C/2025/5423, 6 October 2025); no replacement has been tabled as of mid-2026.",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained"
    },
    {
      "id": "uk-ai-approach",
      "name": "UK AI approach",
      "fullName": "UK pro-innovation AI regulation approach",
      "kind": "guidance",
      "jurisdiction": "uk",
      "maintainer": "UK Government (DSIT)",
      "status": "active, non-statutory",
      "published": "2023-03",
      "sourceUrl": "https://www.gov.uk/government/publications/ai-regulation-a-pro-innovation-approach",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "A principles-led, regulator-by-regulator approach rather than a single binding AI law. No statutory AI Act is in force as of mid-2026; in October 2025 DSIT published a regulation \"Blueprint\" centred on an AI Growth Lab sandbox."
    },
    {
      "id": "singapore-ai-verify",
      "name": "AI Verify",
      "fullName": "Singapore AI Verify",
      "kind": "framework",
      "jurisdiction": "singapore",
      "maintainer": "IMDA / AI Verify Foundation",
      "status": "active, voluntary",
      "published": "2022-05",
      "sourceUrl": "https://aiverifyfoundation.sg/what-is-ai-verify/",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "A voluntary AI governance testing framework and open-source toolkit combining technical tests and process checks. Widely used by ASEAN-facing AI vendors; no statutory penalties."
    },
    {
      "id": "au-guidance-ai-adoption",
      "name": "Guidance for AI Adoption (AI6)",
      "fullName": "Australia's Guidance for AI Adoption",
      "kind": "guidance",
      "jurisdiction": "anz",
      "maintainer": "National AI Centre (Australia)",
      "status": "active, voluntary",
      "published": "2025-10",
      "sourceUrl": "https://www.industry.gov.au/publications/voluntary-ai-safety-standard",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "Released October 2025 with six essential practices (the 'AI6'), updating the earlier Voluntary AI Safety Standard. The 2024 mandatory-guardrails consultation was not legislated; the December 2025 National AI Plan relies on existing law plus voluntary guidance and a new AI Safety Institute."
    },
    {
      "id": "apra-cps-230",
      "name": "APRA CPS 230",
      "fullName": "APRA Prudential Standard CPS 230, Operational Risk Management",
      "kind": "regulation",
      "jurisdiction": "anz",
      "maintainer": "Australian Prudential Regulation Authority",
      "status": "effective 1 July 2025",
      "published": "2025-07",
      "sourceUrl": "https://www.apra.gov.au/standards/cps-230",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "Operational risk management standard for APRA-regulated entities, consolidating and replacing CPS 231 (outsourcing) and CPS 232 (business continuity). Technology-neutral: it does not single out AI, but AI exposures fall under it as operational risk and material service-provider arrangements. Drives internal demand for AI controls at Australian banks and insurers."
    },
    {
      "id": "nz-ai-strategy",
      "name": "NZ AI Strategy",
      "fullName": "New Zealand's Strategy for Artificial Intelligence: Investing with Confidence",
      "kind": "guidance",
      "jurisdiction": "anz",
      "maintainer": "MBIE (New Zealand)",
      "status": "active, non-prescriptive",
      "published": "2025-07",
      "sourceUrl": "https://www.mbie.govt.nz/",
      "atlasUrl": "https://airiskatlas.com/learn/the-standards-landscape-explained",
      "summary": "New Zealand's first national AI strategy (MBIE, 8 July 2025): adoption-focused and principles-based, with no new prescriptive regime. AI handling personal data remains governed by the Privacy Act 2020, alongside the voluntary Algorithm Charter for public-sector use."
    }
  ]
}