Current as of June 2026. Transportation AI rules moved in the last year: the automated-vehicle crash-reporting order was amended in 2025, aviation AI guidance is in active development, and a surface-transport cyber rule is in proposed form. Every date below reflects the most recent confirmed status, and uncertainty is flagged where it exists.

Transportation AI compliance covers two very different things, and conflating them is the most common mistake. One is the engineered AI that drives a vehicle or flies an aircraft, governed by deep, safety-critical regimes that exist precisely to validate autonomous machine behavior before it ships. The other is the everyday AI that runs the business around the vehicle: the assistants, copilots, and agents employees use across logistics, dispatch, maintenance, and back-office systems. The first is heavily regulated. The second is where the governance gap sits. The transport sector was among the most-targeted sectors in recent European threat data (ENISA Threat Landscape, 2024), and the enterprise AI layer is part of that exposure.

NIST AI RMF and ISO/IEC 42001 Are the Horizontal Backbone

Every transportation operator’s AI program should align to two horizontal instruments first: the NIST AI Risk Management Framework supplies the methodology, and ISO/IEC 42001 supplies the certifiable management system. NIST AI RMF organizes risk work into four functions, Govern, Map, Measure, and Manage (NIST, 2024). ISO/IEC 42001, published December 2023, is the first AI management system standard an external auditor can certify against (ISO, 2023).

These give a defensible structure that spans both AI problems. The safety-critical regimes below govern the vehicle, and they are rigorous, but none of them provides a single, certifiable management system for the general-purpose AI an operator’s workforce uses. The horizontal baseline is what ties governance of the driving system and governance of the back office into one program.

NHTSA Governs Automated Vehicle Safety on US Roads

Automated and assisted driving systems answer to NHTSA, whose Standing General Order requires manufacturers and operators to report certain crashes involving automated driving systems (ADS) and Level 2 advanced driver assistance systems (ADAS). The order was first issued in 2021 and most recently amended in 2025, with the third amended version taking effect June 16, 2025 (NHTSA, 2025). The Federal Motor Vehicle Safety Standards (FMVSS) remain the mandatory baseline every vehicle must meet.

In April 2025, the Department of Transportation introduced a new Automated Vehicle Framework that streamlines crash reporting and expands the FMVSS exemption pathway to domestically produced automated vehicles, with the stated goal of moving toward a single national standard. A proposed evaluation program, AV STEP, would create a voluntary national pathway for ADS oversight, but it remains in proposed form. The throughline is that NHTSA’s regime is built specifically to validate autonomous driving behavior, which is exactly why it does not address the separate AI agents an automaker or fleet operator runs across its corporate systems.

The FAA and EASA Set the Bar for AI in Aviation

Aviation AI is governed through safety-assurance roadmaps layered on top of established airworthiness standards. The FAA published its first Roadmap for Artificial Intelligence Safety Assurance in July 2024, setting out how AI safety should be assured across the aircraft lifecycle, including the harder case of adaptive “learning” AI (FAA, 2024). In Europe, EASA’s AI Roadmap and its Concept Paper on Level 1 and 2 machine learning applications give equivalent guidance tied to the EU AI Act (EASA, 2024).

Both build on the foundational airborne-assurance standards: DO-178C for software, DO-254 for hardware, and ARP4754A for system development. Those standards predate modern machine learning and do not fully cover it, which is why new industry standards are in development. As with NHTSA, this regime exists to assure the safety of the AI flying the aircraft. It says nothing about the AI an airline or maintenance organization uses to draft reports, summarize records, or automate scheduling, which is a separate exposure entirely.

TSA Cybersecurity Directives Reach Rail, Transit, and Pipelines

Higher-risk freight rail, passenger rail, and transit operators are bound by mandatory TSA cybersecurity Security Directives, issued after 2021, that require a cybersecurity implementation or assessment program, an incident response plan, and incident reporting to CISA (TSA, 2024). AI deployed in covered rail or transit operations has to fit within those cybersecurity measures, the same as any other system.

In November 2024, TSA published a proposed rule, Enhancing Surface Cyber Risk Management, that would convert the current directives into a permanent cyber-risk-management rule covering freight rail, passenger rail, and pipelines. As of this writing it remains a proposed rule, not final, so the existing Security Directives are the live requirement and operators should confirm the rule’s status before planning against it. The obligation to manage cyber risk across surface transportation is established, and AI use sits inside it.

The EU AI Act Splits Transport Into Two High-Risk Pathways

For operators touching Europe, the EU AI Act creates two separate high-risk pathways for transport. AI that is a safety component of a vehicle or aircraft is high-risk under Annex I, regulated through existing product-safety and type-approval law such as motor-vehicle regulation and the EASA framework, with those obligations applying from August 2027 (EU AI Act Article 6, 2024). AI used as a safety component in the management and operation of road traffic is high-risk under Annex III, with obligations applying from August 2026 (EU AI Act Annex III, 2024).

A second layer applies to cybersecurity. The NIS2 Directive names transport as an essential sector, imposing binding cybersecurity, incident-reporting, and accountability obligations on operators above the size threshold (NIS2 Directive, 2022). The Act is extraterritorial, so a non-EU operator whose AI affects EU transport or its users can be in scope. The vehicle pathway runs through product law; the traffic-management pathway runs through Annex III; NIS2 governs the cybersecurity around both.

How the Transportation AI Compliance Stack Lines Up

Each instrument governs a different slice of transportation AI, and they split cleanly along the line between the vehicle and the business. The table below maps what each one governs, whether it is mandatory, and how far it reaches the autonomous enterprise agents an operator runs off the vehicle. The pattern is the inverse of the usual one: the driving and flight systems are tightly governed, while the enterprise AI layer is barely addressed.

Read down the last column. The vehicle is covered. The fleet of AI agents running logistics, maintenance, and operations around it is not.

Two Different AI Problems: The System That Drives, and the Agents That Run the Business

The transportation safety frameworks govern the engineered AI inside the vehicle, validated and certified before deployment, and they do that job rigorously. The gap is the general-purpose AI an operator’s workforce uses off the vehicle, where AI agents acting through Model Context Protocol (MCP) tool calls take actions no person reviewed. MCP is the open standard that lets an agent connect to external tools, systems, and data sources and act through them.

This is the hinge, and it is specific here. No one is shipping an uncertified driving system; NHTSA and the FAA make sure of that. But an airline, a railroad, or a logistics company can stand up AI agents across scheduling, dispatch, maintenance records, and customer systems with none of that rigor, because no transportation framework governs that layer. Those agents read operational data, trigger actions, and chain tool calls across enterprise systems, and the action surface is a tool call that fires in milliseconds rather than a screen a person reads. Singapore’s Infocomm Media Development Authority launched the first governance framework written specifically for autonomous AI agents in January 2026, the first official signal that the enterprise agent layer is governed by nothing purpose-built. The control for that gap has to come from architecture.

You Cannot Comply With What You Cannot See

Aurascape catalogues more than 20,000 AI applications and ships production-ready connectors within 48 hours of a new tool appearing, which is the inventory layer a transportation operator needs for the enterprise AI side (Aurascape Product Brief, 2026). An ISO/IEC 42001 scope statement and a NIS2 program both assume an operator knows what AI is in use across the workforce. Most do not.

Discovery is where policy meets reality. A railroad or logistics company can have an AI policy and still be blind to the personal ChatGPT accounts dispatchers and engineers use, the AI features switched on inside an approved operations tool, and the copilots staff enabled without asking. Aurascape secures user activity across tens of thousands of AI apps with prompt and response decoding and automated remediation, governing the enterprise AI interaction layer that sits alongside, not in place of, the vehicle and OT safety regimes. You cannot govern, or document for an auditor, the enterprise AI you have not found.

Sensitive Data Controls Keep Operational and Customer Data Out of External AI

Aurascape’s real-time, multimodal data classification catches sensitive information at the prompt, before it reaches any external AI service, because the data at risk in transportation includes customer records, operational and route data, safety-case documentation, and proprietary scheduling logic. The AI Proxy inspects prompts, responses, file uploads, and multi-turn conversations, then enforces policy inline: allow, block, redact, or coach. The control fires at the moment of exposure, not after the data has left.

Sensitive Data Fingerprinting tags operational and regulated content so enforcement is context-aware rather than blunt. A dispatcher pasting customer manifests into a consumer chatbot, or a maintenance lead uploading a safety record to summarize it, is the kind of leak that turns routine work into a data-protection problem under NIS2 or privacy law. This is the AI-layer complement to the vehicle and cybersecurity regimes, not a replacement for them.

Audit Logging Is How You Prove It to a Regulator or Auditor

NIS2, the EU AI Act, and internal safety audits all treat traceable records as an evidence requirement, not a best practice. Aurascape generates audit-ready, conversation-level logs of every AI interaction: what was prompted, what was returned, what data was involved, and what policy decision fired. That is the record a NIS2 regulator, an EU AI Act assessment, or an internal auditor expects to see for the enterprise AI an operator uses.

This is the difference between asserting governance and demonstrating it. The safety regimes already demand exhaustive evidence for the vehicle; the enterprise AI layer rarely has any equivalent. Decoded interaction histories and policy-decision logs are that record for the AI an operator’s workforce uses. The platform does not make an operator compliant and does not replace legal counsel, vehicle-safety certification, or OT security controls. It produces the evidence compliance and security teams use to demonstrate the AI controls ran.

Copilot Readiness Helps Close the AI Privacy Gap

Microsoft 365 Copilot and similar AI Copilots surface everything a user can technically reach, which turns a tolerable permissions mess into a live exposure the moment someone runs a cross-department summary prompt. Aurascape’s Copilot Readiness module finds overshared permissions before a rollout, Copilot Oversight monitors live usage, and Copilot Unlearning removes sensitive data already ingested by the AI system.

In a transportation operator, an AI Copilot deployed across the corporate environment can summarize across operational records, customer data, and safety documentation in a single prompt. Finding the oversharing before go-live is the readiness step. Monitoring usage and removing exposed data afterward is the ongoing control. All three map to the data-protection expectations that sit across NIS2, privacy law, and the EU AI Act.

The Zero-Bypass MCP Gateway Is the Control the Enterprise AI Layer Is Missing

Only 31% of organizations say they are fully equipped to control and secure agentic AI systems, even as 83% plan to deploy them (Cisco AI Readiness Index, 2025), and in transportation that gap lives entirely on the enterprise side, where no safety framework reaches. Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, signs, and controls every Model Context Protocol tool call, API invocation, and data retrieval before an agent reaches any external system. Secure Agentic AI wraps the rest of the lifecycle: pre-build adversarial testing, Code Path and CVE Detection, and Safe Output Governance at runtime.

The Gateway treats the enterprise agent as a privileged user and inspects both legs of its behavior: the agent-to-model leg and the agent-to-tool leg. The control fires at the tool call itself, where an agent reaches a logistics, scheduling, or customer system, not at a network destination it already moved past. This is the rigor the vehicle already has, applied to the agents running the business.

Auri Gives Compliance Teams the Evidence Without the Console

Auri, Aurascape’s natural-language agent, gives compliance, risk, and security teams role-based access to AI activity records, summaries, and audit evidence through plain-language questions, with no dashboard login or query syntax required (Aurascape, 2026). The people who own a NIS2 or EU AI Act obligation are rarely the people who run the security tooling.

A compliance lead preparing for a NIS2 review, or a security manager assembling evidence for an EU AI Act assessment, needs to pull relevant interaction records and policy decisions on their own timeline. Self-service, role-bound access to that evidence lets compliance operate the program rather than filing a ticket and waiting on the security team for every request.

The Stack Holds for the Vehicle, Not for the Agents Running the Business

The transportation safety frameworks cover the vehicle well: NHTSA and FMVSS for road, the FAA and EASA with DO-178C for air, TSA for surface cybersecurity, and the EU AI Act and NIS2 in Europe. Those regimes are mature and demanding, and an operator that builds to them keeps the driving and flight systems under genuine control.

The gap is the enterprise AI layer. Only one in five companies has a mature model for governing autonomous AI agents, even as agentic AI use is set to rise sharply (Deloitte State of AI in the Enterprise, 2026). The same operator that certifies its driving system to the last detail may run unmonitored AI agents across dispatch, maintenance, and customer operations. Gartner predicts guardian agents will capture 10 to 15% of the agentic AI market by 2030, establishing AI-on-AI governance as a defined category (Gartner, 2025). Until governance of the enterprise agent layer catches up to governance of the vehicle, that control has to come from architecture that inspects the tool call directly.

Frequently Asked Questions

Does NHTSA regulate AI in self-driving cars?

Yes, through vehicle-safety authority rather than a single AI law. The Federal Motor Vehicle Safety Standards are mandatory, and NHTSA’s Standing General Order requires manufacturers and operators to report certain crashes involving automated driving systems and Level 2 driver assistance. The order was amended in 2025, and a April 2025 framework streamlined reporting and expanded exemptions. This governs the driving system, not a company’s back-office AI.

What rules govern AI in aviation?

Aviation AI is governed through safety-assurance guidance layered on airworthiness standards. The FAA published its first Roadmap for AI Safety Assurance in 2024, and EASA has an AI Roadmap and a Concept Paper on Level 1 and 2 machine learning. These build on DO-178C, DO-254, and ARP4754A, which predate machine learning, so new industry standards are in development to cover AI-specific assurance.

Are TSA cybersecurity rules mandatory for rail and transit?

Yes for covered higher-risk operators. TSA has issued mandatory cybersecurity Security Directives for freight rail, passenger rail, and transit since 2021, requiring a cybersecurity program, an incident response plan, and reporting to CISA. A November 2024 proposed rule would formalize these into a permanent surface cyber-risk-management rule, but it is not yet final, so the current directives are the live requirement.

How does the EU AI Act classify transport AI?

Through two pathways. AI that is a safety component of a vehicle or aircraft is high-risk under Annex I, regulated via existing product-safety and type-approval law, with obligations from August 2027. AI used as a safety component in road-traffic management is high-risk under Annex III, with obligations from August 2026. NIS2 separately imposes cybersecurity obligations on essential transport entities.

Why isn’t the AI my transportation company uses internally covered by these rules?

Because the transportation safety frameworks exist to validate the engineered AI that drives or flies the vehicle, not the general-purpose AI a workforce uses for scheduling, maintenance records, or customer service. That enterprise AI layer, including autonomous agents acting through tool calls, is governed only by horizontal frameworks and whatever controls the operator puts in place. It is the least-governed AI surface in the sector.

Does an ISO/IEC 42001 certificate satisfy transportation regulators?

No. ISO/IEC 42001 is a voluntary AI management system certification. NHTSA and FMVSS requirements, FAA and EASA airworthiness rules, TSA directives, and the EU AI Act each have their own obligations. A 42001 certificate strengthens AI governance evidence, especially for the enterprise AI layer, but it does not substitute for vehicle-safety certification or sector cybersecurity rules.

Can a security platform make my transportation company compliant?

No. A platform like Aurascape operationalizes and evidences AI compliance for the enterprise layer: it discovers AI use, enforces data controls at the prompt, governs agent tool calls, and produces audit-ready records. It complements, rather than replaces, vehicle-safety certification, airworthiness standards, and TSA controls. Compliance itself is a legal and regulatory determination that requires counsel and formal assessment.

How Aurascape Operationalizes Transportation AI Compliance Across Every AI Interaction

Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, and signs every agent tool call before it executes, closing the gap the transportation frameworks leave open: autonomous enterprise agents acting through Model Context Protocol connections that existing SSE, SASE, and DLP controls never see. The platform discovers every AI app and agent including shadow AI, Embedded AI, and AI Copilots, classifies and controls sensitive operational and customer data inline before it reaches an external tool, and produces the conversation-level audit records that NIS2 and the EU AI Act expect for the enterprise AI layer.

For the agentic surface specifically, Secure Agentic AI adds adversarial testing and runtime guardrails across the full agent lifecycle, from pre-build Code Path and CVE Detection through Safe Output Governance at runtime. The platform sits alongside an existing SSE, SASE, or DLP stack and the operator’s vehicle-safety and OT controls rather than replacing them, and Auri gives compliance teams self-service, natural-language access to the evidence. Aurascape does not make an operator compliant or replace legal counsel, vehicle-safety certification, or OT security. It operationalizes the enterprise AI controls and produces the proof that compliance and security teams use to demonstrate the program is real.

This page is one of a set. For the cross-industry version, see AI Compliance Frameworks, Standards, and Governance for Enterprise AI.

---

Aurascape is the AI-native control layer for the one place the transportation compliance stack still goes blind: the autonomous enterprise agents acting through tool calls your existing controls never see. Every deployment runs through a tailored demo with your security team.

See how Aurascape governs every AI interaction in the live path →