Logo
EN | FR

Regulatory Compliance Coverage

Our certification framework maps directly to the binding AI governance obligations of four major jurisdictions. One certification. Four regulatory frameworks covered.

European Union Canada United States UAE
Regulators are not waiting. The EU AI Act is already in force. Canada is rebuilding its federal AI legislation. The US NIST framework is the de facto national standard. The UAE has a binding AI Charter. Your clients in these jurisdictions face real obligations today. Our certification documents exactly how you meet them — principle by principle, category by category.
EU Regulation 2024/1689 — Full enforcement from August 2026

European Union AI Act

Regulatory anchor: Regulation (EU) 2024/1689, published Official Journal 13 June 2024

The EU AI Act is the world's first comprehensive binding AI law. It imposes conformity assessments, technical documentation requirements, human oversight obligations, and EU database registration for high-risk systems. Our framework covers all mandatory categories including Annex III high-risk use cases, plus conditional categories for public sector, law enforcement, and justice contexts.

25
Categories Covered
22
Mandatory
3
Conditional
Aug 2026
Full Enforcement
Sample assessment areas
Mandatory

Employment & Recruitment AI

AI used in hiring, CV screening, candidate scoring, and interview analysis. Annex III high-risk category requiring conformity assessment and human oversight documentation.

Mandatory

Credit & Insurance AI

AI in creditworthiness assessment, loan decisioning, and risk pricing for insurance products. Annex III high-risk category with strict transparency and explainability requirements.

Mandatory

AI Incident Reporting

Formal processes for identifying, escalating, and reporting serious AI-related incidents to competent authorities. Covers incident classification, internal escalation, and regulatory notification timelines.

Full EU AI Act Compliance Mapping Available on Request

Our complete framework covers all 25 EU AI Act categories including every Annex III high-risk use case. Request the full mapping to see exactly how your certification covers your regulatory exposure.

Request Full Mapping
Legal basis: Regulation (EU) 2024/1689 of the European Parliament and of the Council on Artificial Intelligence, published in the Official Journal of the European Union on 12 July 2024. Full compliance obligations apply from 2 August 2026. High-risk categories defined under Annex III require conformity assessment, technical documentation, human oversight, and EU database registration where required.
Canada PIPEDA & Federal AI Governance Framework

Canada

Regulatory anchors: PIPEDA, Directive on Automated Decision-Making, Canadian Human Rights Act, OECD AI Principles, OSFI Guideline E-23

Canada's Artificial Intelligence and Data Act (AIDA) died on the order paper in January 2025 when Parliament prorogued. Our framework is built on existing binding obligations and AIDA's stated intent — ensuring full readiness when federal AI legislation is reintroduced. Canadian organisations in finance, healthcare, and employment face real obligations today.

11
Categories Covered
8
Mandatory
3
Conditional
3
Regulated Sectors
Sample assessment areas
Mandatory

Automated Decision-Making

AI systems making or recommending administrative decisions affecting individuals without meaningful human review. Governed by the federal Directive on Automated Decision-Making and PIPEDA fairness principles.

Mandatory

AI Bias & Fairness Assessment

Identifying, measuring, and mitigating discriminatory outcomes in AI systems. Aligned with the Canadian Human Rights Act prohibition on discrimination based on protected grounds.

Mandatory

Third-Party AI Accountability

Governance of AI provided by vendors, partners, and subcontractors. Covers contractual obligations, due diligence requirements, and accountability for third-party AI outputs under PIPEDA.

Full Canadian AI Governance Mapping Available on Request

Our complete framework covers all 11 Canadian categories including sector-specific requirements for financial services under OSFI E-23, healthcare under provincial privacy laws, and employment under Ontario Bill 194.

Request Full Mapping
Legal basis: Personal Information Protection and Electronic Documents Act (PIPEDA) — S.C. 2000, c. 5. Treasury Board Directive on Automated Decision-Making (2019). CASL Canada’s Anti-Spam Legislation (2014). Conditional categories aligned with OSFI Guideline E-23 (financial services), Health Canada SaMD guidance (healthcare), and Canadian Human Rights Act (employment). Regulatory horizon: Bill C-27 — Digital Charter Implementation Act 2022, including the Artificial Intelligence and Data Act (AIDA), lapsed on the order paper in January 2025. Our framework is built for full readiness when federal AI legislation is reintroduced.
US NIST AI Risk Management Framework 1.0 — 2023

United States

Regulatory anchors: NIST AI RMF 1.0 (2023), NIST AI 600-1 Generative AI Profile (2024), FTC AI guidance, EEOC algorithmic discrimination guidance, Colorado AI Act, Illinois BIPA

The US has no federal AI law. Our framework is anchored to NIST AI RMF 1.0 as the de facto national standard, supplemented by sector-specific federal regulations and state-level AI legislation including Colorado, Illinois, and Texas. The framework is designed to adapt as federal AI legislation develops.

11
Categories Covered
7
Mandatory
4
Conditional
4
NIST Functions
Sample assessment areas
Mandatory

AI Risk Assessment & Documentation

Systematic identification, assessment, and documentation of AI risks across the system lifecycle. Aligned with NIST AI RMF MAP and MEASURE functions covering risk categorisation and impact assessment.

Mandatory

AI Bias & Fairness Testing

Detecting, measuring, and mitigating discriminatory outcomes. Aligned with EEOC algorithmic discrimination guidance, FTC unfair practice standards, and NIST AI RMF fairness characteristic.

Mandatory

Third-Party AI Risk Management

Governance of AI models and systems provided by vendors, cloud providers, or partners. Aligned with NIST AI RMF supply chain risk management and OCC guidance on third-party AI relationships.

Full US AI Governance Mapping Available on Request

Our complete framework covers all 11 US categories including sector-specific requirements for financial services under OCC SR 11-7, healthcare under FDA SaMD and HIPAA, employment under EEOC guidance, and biometric data under Illinois BIPA.

Request Full Mapping
Legal basis: NIST Artificial Intelligence Risk Management Framework 1.0 (NIST AI 100-1, January 2023) and Generative AI Profile (NIST AI 600-1, July 2024). Sector-specific anchors: SR 11-7 and SR 26-02 (Federal Reserve, financial services), HIPAA Security Rule — 45 CFR Part 164 (healthcare), FDA AI-Enabled Device Software Functions guidance (January 2025 and August 2025), FDA Clinical Decision Support Software guidance (January 2026). Employment AI: EEOC algorithmic discrimination guidance (Title VII) was withdrawn in January 2025 — a federal regulatory gap currently exists. Our framework anchors to Title VII and the ADA as the underlying binding statutes. Biometric Data AI: no federal law is currently in force — this category is state-law driven. Full mapping available upon request.
UAE UAE AI Charter 2024 & PDPL

UAE / Dubai

Regulatory anchors: UAE AI Charter 2024 (12 principles), Federal Decree-Law No. 45 of 2021 (PDPL), Dubai Ethical AI Toolkit, DIFC Data Protection Regulation 10, UAE National AI Strategy 2031

The UAE operates a layered governance model: federal law, emirate-level regulation, and free zone frameworks. Our framework addresses Dubai-specific obligations under the PDPL and the UAE AI Charter's 12 principles. Organisations in DIFC or ADGM free zones face additional requirements under their independent legal frameworks, which our conditional categories cover.

10
Categories Covered
7
Mandatory
3
Conditional
12
Charter Principles
Sample assessment areas
Mandatory

Personal Data Protection in AI

AI systems collecting, processing, or storing personal data of UAE residents. Covers lawful processing basis, data minimisation, purpose limitation, and individual rights under Federal Decree-Law No. 45 of 2021.

Mandatory

AI Accountability & Governance Framework

Formal governance structures, accountability mechanisms, and AI risk management policies. Aligned with the UAE AI Charter 2024 governance principle and Dubai Ethical AI Toolkit accountability requirements.

Mandatory

Human Oversight of AI Systems

Mechanisms ensuring meaningful human review and intervention capability for AI systems making consequential decisions. Aligned with UAE AI Charter 2024 human oversight principle.

Full UAE AI Governance Mapping Available on Request

Our complete framework covers all 10 UAE categories including sector-specific requirements for financial services under CBUAE and DFSA Enabling Technologies Guidelines, healthcare under Dubai Health Authority AI Policy, and government and smart city AI under Dubai AI Strategy.

Request Full Mapping
Legal basis: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), effective 2 January 2022. UAE Charter for the Development and Use of Artificial Intelligence (July 2024) — non-binding principles framework. Our mandatory categories map directly to the Charter's 12 ethical principles and PDPL compliance obligations. Free zone requirements (DIFC, ADGM): organisations operating within UAE free zones face additional obligations under their independent legal frameworks. Full free zone compliance mapping is available upon request.

Regulatory Source Documents

Our framework is built directly on primary legislative texts and official regulatory guidance. The documents below are the authoritative sources underpinning every assessment category.

EU European Union
  • Regulation (EU) 2024/1689 — Artificial Intelligence Act Official Journal, 12 July 2024
Canada Canada
  • Personal Information Protection and Electronic Documents Act (PIPEDA) — S.C. 2000, c. 5
  • Treasury Board Directive on Automated Decision-Making 2019
  • CASL - Canada’s Anti-Spam Legislation 2014
  • Bill C-27 — Digital Charter Implementation Act 2022 (includes AIDA) Regulatory Horizon — Lapsed 2025
US United States
  • NIST AI Risk Management Framework 1.0 NIST AI 100-1, January 2023
  • NIST Generative AI Profile NIST AI 600-1, July 2024
  • SR 11-7 — Supervisory Guidance on Model Risk Management Federal Reserve, April 2011
  • SR 26-02 — Revised Guidance on Model Risk Management Federal Reserve, April 2026
  • HIPAA Security Rule 45 CFR Part 164, HHS
  • FDA — AI-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations January 2025
  • FDA — Marketing Submission Recommendations for a Predetermined Change Control Plan for AI-Enabled Device Software Functions August 2025
  • FDA — Clinical Decision Support Software January 2026
  • EEOC — Assessing Adverse Impact in AI Used in Employment Selection Procedures (Title VII) Withdrawn January 2025 — Regulatory Gap
  • Biometric Data AI — No federal law currently in force State-Law Driven — Federal Gap
UAE United Arab Emirates
  • Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) Effective 2 January 2022
  • UAE Charter for the Development and Use of Artificial Intelligence July 2024 Non-Binding

Get Your Compliance Mapped. Get Certified.

Book a 30-minute discovery call. We will identify your jurisdiction exposure, show you exactly which categories apply, and outline the fastest path to certification.

Book Discovery Audit