AI Compliance
Readiness Checklist.
36 controls. 7 frameworks.
An interactive workbook that maps thirty-six controls across the EU AI Act, NIST AI RMF, ISO/IEC 42001, GDPR, SEC S-K Item 106, HIPAA, and SOC 2 — so your team knows exactly where you stand, and what to remediate before the auditor asks.
- 36 controls across 6 compliance domains
- Every control mapped to EU AI Act, NIST, ISO 42001, GDPR & SEC
- Built-in progress dashboard with live completion tracking
- Owner, target date, and evidence fields for each control
- Framework cross-reference map for multi-framework audits
Download the free checklist
Instant access to the interactive workbook. Used by compliance and risk teams preparing for EU AI Act and ISO 42001 audits.
The regulatory window is closing.
The EU AI Act compliance deadline for high-risk systems lands in August 2026. Organizations that suffered AI-related breaches in 2025 were disproportionately those without a formal AI governance policy in place at the time of incident.
Nearly half of public companies now disclose AI risk as a board oversight item — triple the prior-year rate. Procurement diligence is moving faster than regulation.
Organizations without a structured compliance program are no longer just facing regulatory exposure; they are quietly failing enterprise procurement reviews before deals reach legal.
Six domains. Thirty-six controls. One workbook.
Each control includes the specific action, the framework rationale, and fields for owner, target date, status, and evidence — ready to populate, ready to present to a board.
AI inventory & usage visibility
AI system inventory, third-party API cataloguing, shadow-AI detection, EU AI Act risk classification, technical documentation, and function-level usage tracking.
AI policy & governance
Formal AI usage policy, risk-ownership roles, ERM integration, board-level risk appetite, AI governance committee, and SEC board-oversight documentation.
Data privacy & compliance
DPIAs for personal-data AI, cross-border data-flow mapping, data minimization, human oversight for automated decisions, vendor DPAs, and audit-trail maintenance.
AI incident detection & response
Continuous AI-usage monitoring, AI-specific incident categories, IRP integration, sensitive-data logging, high-risk-usage alerting, and annual AI tabletop exercises.
Third-party & supply-chain risk
AI Bill of Materials, vendor governance due diligence, embedded SaaS-AI classification, contractual incident notification, open-source model risk, and real-time third-party monitoring.
Audit readiness & board reporting
Quarterly board AI risk register, annual maturity assessment, evidence portfolios for high-risk systems, sanctioned vs. unsanctioned usage reports, AI literacy tracking, and continuous improvement cycles.
Every control mapped to the frameworks that matter.
A single column per regulation — scope a multi-framework audit without rebuilding the spreadsheet for each one.
Built for the teams accountable for AI compliance.
For organizations operating in regulated or public-company environments — where “we are still scoping it” is no longer an acceptable answer to the auditor.
Compliance & risk teams
Use the checklist as your primary AI compliance workstream tracker. The built-in dashboard gives real-time visibility into domain-level completion for quarterly board reporting.
CISOs & security leaders
Align AI security controls with regulatory obligations. The framework map lets you demonstrate to auditors that your security program satisfies NIST AI RMF, ISO 42001, and the EU AI Act simultaneously.
Legal, DPO & general counsel
Use the GDPR, EU AI Act, and SEC columns to scope your legal exposure, identify DPA gaps, and build the evidence portfolio needed for regulatory inspections and M&A due diligence.
Know your AI compliance posture before your auditor does.
Free. Interactive. Covers every major framework. Download the workbook and start your assessment today.