Loading...
Taking longer than expected.
Reload the pageTaking longer than expected.
Reload the page17 articles tagged with “Compliance”
A practitioner-focused brief on the FedRAMP 20x modernisation programme and what it changes for AI vendors selling to the US federal government in 2026. How 20x differs from legacy FedRAMP Moderate / High authorisations, where it intersects with OMB M-24-10 and M-24-18, what the new continuous-monitoring expectations look like, and what AI vendors need to start doing now.
A detailed 12-month roadmap to ISO/IEC 42001:2023 certification for AI Management Systems (AIMS). Four phases mapped to months 1-12 covering scope and gap analysis, policy and risk management, operations and monitoring, and audit preparation through Stage 1 and Stage 2. Comparison to ISO/IEC 27001 (overlap and differences), NIST AI RMF crosswalk, and a practical accreditation-body shortlist (ANSI/UL, BSI, DNV, SGS).
The Digital Operational Resilience Act (Regulation (EU) 2022/2554) has been in application since 17 January 2025. For financial entities now running generative AI in production, DORA quietly added a new set of obligations - around ICT third-party risk, incident reporting, resilience testing, and information sharing - that apply to every AI workload connected to a covered function. This deep dive maps how AI workloads sit inside DORA's five pillars, where the audit gaps emerge in practice, and how Areebi's audit trail and policy engine reduce the evidence burden.
The Privacy and Other Legislation Amendment Act 2024 passed Australian Parliament on 29 November 2024 and received Royal Assent on 10 December 2024. It is the largest revision of the Privacy Act 1988 in a decade. The children's privacy reforms commence 10 December 2026, the statutory tort of serious invasions of privacy was active from 10 June 2025, and the OAIC's 2026 enforcement priorities lean heavily on AI and automated decision-making. This is the CISO-facing 12-month compliance checklist.
A working compliance checklist for federal AI contractors under OMB Memorandum M-24-18 (October 2024). Covers scope, pre-award diligence, in-life monitoring, rights-impacting versus safety-impacting AI, the AI Use Case Inventory requirement, and cross-references to NIST AI RMF and Executive Order 14110. Authoritative sources: OMB M-24-18, OMB M-24-10, EO 14110, AI.gov, GSA AI guidance.
A practical implementation guide to Singapore's AI Verify framework, the AI Verify Foundation toolkit, and the Model AI Governance Framework. Crosswalks to NIST AI RMF, ISO/IEC 42001, the EU AI Act, and OECD AI Principles, with citations to IMDA, AI Verify Foundation, PDPC, and OECD AI Policy Observatory.
An actuarial-grade governance framework for AI in insurance underwriting and pricing. Covers the NAIC AI Model Bulletin, state DOI examinations, model risk overlap with Federal Reserve SR 11-7 and OCC 2011-12, plus Colorado DOI and NY DFS bulletins. Practical pattern for documentation, fairness testing, drift monitoring, and examiner audit trails.
A CISO-grade implementation playbook for EDPB Opinion 28/2024. Covers anonymity tests, legitimate interest assessments, Article 6 lawful bases, DPIAs, and the model-training vs deployment split for LLM systems.
An auditor-grade mapping of AICPA Trust Services Criteria to LLM systems. Covers CC6 logical access for inference endpoints, CC7 incident management for prompt injection and drift, A1 inference availability, PI1 output integrity, and P1-P8 privacy of training data.
A clinical-AI playbook covering PHI in retrieval-augmented generation, de-identification for embeddings, BAA requirements for LLM vendors, Section 1557 clinical decision support, and FDA SaMD classification for clinical LLMs.
A regulator-grounded comparison of fine-tuning, RAG, and prompt engineering across data residency, GDPR right to erasure, EU AI Act provider obligations, audit completeness, drift, and cost.
A comprehensive guide to every major AI regulation in effect or pending in 2026, including the EU AI Act, NIST AI RMF, Colorado AI Act, UK principles, Australia Privacy Act amendments, and Singapore's Agentic AI framework. Comparison tables, enforcement dates, and penalties included.
The Colorado AI Act (SB 24-205) enforcement begins June 30, 2026. Learn the requirements for high-risk AI systems, impact assessments, consumer disclosures, and the duty of care obligation. Practical compliance steps for enterprise teams.
Learn how an AI control plane automates compliance across the EU AI Act, HIPAA, SOC 2, GDPR, NIST AI RMF, and ISO 42001. Discover how compliance-as-code policies, continuous evidence generation, and automated audit readiness replace manual tracking and point-in-time audits.
Comprehensive guide to UK AI regulation in 2026, covering the five core principles, sector-specific regulators (FCA, ICO, Ofcom, CMA), the AI Safety Institute, and the expected AI bill. Practical compliance guidance for enterprises operating in the UK market.
Australia's 2026 Privacy Act amendments introduce mandatory transparency and contestability requirements for AI automated decision-making. Learn the new rules for notification, human review, explainability, and penalties up to AUD 50 million.
The EU AI Act creates binding obligations for AI systems in the European market. This guide covers risk tiers, compliance timelines, documentation requirements, and practical steps for mid-market companies.
Want to see how Areebi solves the challenges discussed in these articles?