AI Sigil Logo
Contact Us
Back to all insights
A compass

Sections

Leveraging ISO 42001 and NIST AI RMF for EU AI Act Compliance

Utilizing ISO 42001 & NIST AI RMF for Compliance with the EU AI Act

The adoption of artificial intelligence (AI) technologies has dramatically increased in recent years. In 2019, 58% of organizations used AI for at least one business function; by 2024, that figure surged to 72%. Notably, the use of generative AI nearly doubled from 33% in 2023 to 65% in 2024.

Understanding the EU AI Act

The European Union Artificial Intelligence Act (AI Act), Regulation (EU) 2024/1689, establishes a comprehensive regulatory framework for AI within the EU. It came into effect on August 1, 2024 and applies to all AI types across various sectors, excluding systems used solely for military, national security, research, and non-professional purposes.

The landmark AI Act is designed to balance innovation and safety in the realm of AI. It provides guidelines for risk management, ongoing system monitoring, and human supervision, thereby establishing a foundation for trustworthy AI systems.

This act safeguards fundamental rights, such as privacy, and ensures that AI systems do not engage in unfair discrimination. Crucially, it offers AI developers and companies a unified regulatory framework, aiding them in innovating confidently while protecting consumer interests.

Who Will Be Affected?

Organizations that utilize AI and operate within the EU, as well as those outside the EU developing or using AI systems for business in the EU, will be impacted by the AI Act.

Who Will Not Be Affected?

It is essential to note that military and national security applications, whether developed by public or private entities, are excluded from the AI Act’s scope. Furthermore, AI systems dedicated purely to scientific research and development are exempt, allowing researchers the freedom to innovate without regulatory constraints. The Act only applies when AI systems are deployed or commercialized; during development, these rules remain inactive.

EU AI Act Fines

Organizations face significant penalties for non-compliance:

  • Fines up to EUR 35,000,000 or 7% of worldwide annual turnover for non-compliance with prohibited AI practices, whichever is higher.
  • Fines up to EUR 15,000,000 or 3% of worldwide annual turnover for non-compliance with high-risk AI system requirements, whichever is higher.
  • Fines up to EUR 7,500,000 or 1% of worldwide annual turnover for supplying incorrect, incomplete, or misleading information to authorities, whichever is higher.

Key Players Under the EU AI Act

The Act addresses various stakeholders in the AI ecosystem, ensuring all parties understand their responsibilities and compliance requirements.

EU AI Act Risk-Based Approach

The Act categorizes AI systems into four risk levels:

1. Unacceptable Risks:

AI systems that enable manipulation, exploitation, and social control practices are deemed unacceptable risks. Examples include:

  • Deploying subliminal or manipulative techniques.
  • Exploiting vulnerabilities related to age, disability, or socio-economic circumstances.
  • Social scoring and real-time remote biometric identification (RBI).

Such systems are prohibited in the EU market.

2. High Risks:

AI systems that negatively impact safety or fundamental rights are classified as high risk. Examples include:

  • Biometric systems.
  • Critical infrastructure applications, such as water supply management.
  • Law enforcement and judicial processes.

High-risk AI systems can only be deployed in the EU market after implementing adequate risk mitigation strategies.

3. Limited Risks:

Some AI systems, such as chatbots and deepfakes, may present risks of impersonation or deception but do not qualify as high risk. These systems are subject to lighter transparency obligations and must ensure that end-users are aware they are interacting with AI. They can be deployed with appropriate human oversight and monitoring activities.

4. Minimal Risks:

This category includes AI systems not classified elsewhere, such as AI-enabled video games or spam filters. These systems are unregulated in the EU market and can be deployed without restrictions.

Understanding NIST AI Risk Management Framework (RMF) & ISO/IEC 42001

The NIST AI Risk Management Framework (RMF) and ISO/IEC 42001 provide structured approaches to managing risks associated with AI technologies. These frameworks assure the responsible, ethical, and trustworthy development, deployment, and use of AI systems.

What is ISO/IEC 42001:2023?

ISO/IEC 42001 is an international standard that outlines requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is applicable to entities involved in developing or utilizing AI-based products or services across all industries, ensuring responsible development and usage.

Mapped Requirements

Organizations must adhere to the mapped requirements to ensure compliance with the AI Act and other relevant standards.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More