Current as of June 2026. Regulatory dates, framework versions, and fine amounts shift; every date below reflects the most recent confirmed status, and uncertainty is flagged where it exists.

AI compliance reads like a single problem until you try to buy or build for it. Then it splinters into four distinct things: a methodology for managing risk, an auditable management system you can certify, a binding law with extraterritorial reach, and a thickening patchwork of US state statutes. They are not competing options you pick between. They are layers of one stack, and the published crosswalks between them let an organization satisfy several at once. The harder problem sits underneath all of them: none were designed for AI agents that take real actions through tool calls, and that is where most enterprises are now exposed.

NIST AI RMF Supplies the Methodology, Not the Mandate

NIST AI RMF’s Generative AI Profile, published as NIST-AI-600-1 on July 26, 2024, adds roughly 12 generative-AI-specific risk categories and more than 400 suggested management actions on top of a core four-function framework: Govern, Map, Measure, and Manage. The framework is officially voluntary, but it functions as the common vocabulary US regulators and state laws point back to.

The framework’s pull comes from being cited rather than enforced. Texas wrote substantial compliance with NIST AI RMF directly into its AI law as an affirmative defense, which means a methodology with no statutory teeth of its own becomes the thing a court looks at when assigning liability. The four functions are deliberately not a checklist. Govern is continuous and wraps the other three: it is where policy, roles, and accountability live, and it is the function most enterprises underbuild because it is the least technical and the hardest to evidence after the fact.

What NIST AI RMF does not give you is a certificate. There is no accredited body that audits you against it and issues a pass. That gap is exactly what the next layer fills.

ISO/IEC 42001 Is the Only Standard You Can Actually Certify Against

ISO/IEC 42001, published in December 2023, is the first certifiable AI management system standard, and 76% of organizations say they plan to pursue it (CSA, 2025).

88% of organizations report regular AI use in at least one business function, up from 78% a year earlier, and 71% regularly use generative AI (McKinsey State of AI, 2025). It carries 38 controls across 9 control objectives, runs on a three-year certification cycle through accredited third-party bodies, and produces a Statement of Applicability as the audited artifact.

The distinction from NIST AI RMF is not academic. NIST tells you how to manage AI risk; ISO/IEC 42001 lets you prove you did, to an auditor and to a customer’s procurement team. The Statement of Applicability is the document that travels: it records which controls apply, which you implemented, and why you excluded the rest. A companion standard, ISO/IEC 42006:2025, governs the certification bodies themselves, which is what makes a 42001 certificate mean the same thing across vendors instead of degrading into a self-attestation.

The two frameworks are built to be used together, and most multi-jurisdictional programs cite them as a pair. NIST supplies the risk methodology; ISO supplies the management system and the external audit. There is no NIST-published crosswalk document mapping one to the other yet, which is a real gap, but the practical pairing is well established: build to NIST, certify to ISO.

The EU AI Act Is the Binding Law, and It Reaches You in the US

Fines under the EU AI Act reach €35 million or 7% of global annual turnover for prohibited practices, and the law is extraterritorial: any organization whose AI output touches people in the EU is subject to it, regardless of where the company sits. The Act sorts AI systems into four tiers, unacceptable, high, limited, and minimal risk, and attaches obligations to each.

The penalty structure mirrors the risk tiers. The €35 million / 7% ceiling applies to prohibited practices. GPAI model obligations top out at €15 million or 3% of global turnover, and supplying false information to regulators caps at €7.5 million or 1%. These are balance-sheet numbers, not line-item fines, which is why the Act moved AI governance out of the IT budget and into the audit committee.

The timeline requires care, because it has shifted. Prohibited-practice and AI-literacy obligations are already in force. GPAI model obligations took effect August 2, 2025 for new models, with Commission enforcement powers activating August 2, 2026 and pre-existing models given until August 2, 2027 to comply. High-risk obligations shifted under the Digital Omnibus simplification package: a provisional agreement reached May 7, 2026 defers standalone high-risk obligations to December 2, 2027 and product-embedded high-risk AI to August 2, 2028. Formal adoption is expected but not yet published as of this writing, so treat the high-risk dates as provisional and confirm before planning against them.

One point that gets lost: the EU AI Act does not replace GDPR. Both apply concurrently. An AI system can be fully compliant with the Act’s risk-tier obligations and still breach GDPR on the personal data flowing through it. The two regimes stack; they do not substitute.

The US Has No Federal AI Law, So You Face a Multi-State Problem

Texas, California, and Colorado each enacted AI legislation in 2025 and 2026 with different triggers, different liability theories, and different effective dates, and none of them align with one another. With no federal AI statute in force, US enterprises are navigating a patchwork with no single rule to comply with.

Texas moved first and most concretely. The Texas Responsible Artificial Intelligence Governance Act (TRAIGA) was signed June 22, 2025 and took effect January 1, 2026. It uses intent-based liability rather than the impact-based standard most other proposals reach for, carries penalties from $10,000 to $200,000 per violation (or $2,000 to $40,000 per day for continuing violations), and names substantial compliance with NIST AI RMF as an affirmative defense. Enforcement is attorney-general-only, with a 60-day cure period, and the law preempts local AI ordinances.

California took a different angle with SB 53, signed September 29, 2025 and effective January 1, 2026. It targets only frontier developers: companies above $500 million in revenue training models above 10²⁶ FLOPs. Those firms must publish a safety framework, file quarterly confidential risk summaries with the state’s Office of Emergency Services, report critical safety incidents, and maintain an anonymous whistleblower channel. The catastrophic-risk threshold it is built around is severe by design: more than 50 deaths or more than $1 billion in damage from a single incident.

Colorado is the cautionary tale, and the status is the news. The original Colorado AI Act (SB 24-205) is effectively dead: a federal court stayed enforcement on April 27, 2026, and Governor Polis signed a replacement, SB 26-189, on May 14, 2026. The replacement drops the original’s risk-management-program requirement, annual impact assessments, and algorithmic-discrimination duties, swapping them for a narrower notice-and-transparency framework effective January 1, 2027. If your compliance plan was built against the old Colorado law, it needs a rebuild.

The only durable strategy for a US enterprise is to build to the strongest common methodology. That loops back to NIST AI RMF and ISO/IEC 42001 as the connective tissue across every state framework currently in force.

GDPR, HIPAA, and PCI DSS Are Where Daily AI Risk Actually Lands

GDPR, HIPAA, CCPA/CPRA, and PCI DSS attach to sensitive data the moment an employee pastes it into a prompt, making pre-AI privacy and sector regulations the layer where most day-to-day AI compliance risk actually lands. These frameworks govern the data, not the tool, so the channel is new but the violation is not.

An employee dropping a customer list into a consumer chatbot is a GDPR and CCPA exposure through a new channel.

Only 17% of organizations have technical controls capable of preventing employees from uploading confidential data to public AI tools, and 86% reported being blind to AI data flows inside their environment (IBM Cost of a Data Breach Report, 2025). A clinician pasting notes into an AI summarizer is a HIPAA question. A developer pushing cardholder data through a coding assistant is a PCI DSS question. None of these require a new AI law to be a violation, and they account for the bulk of real incidents because the data was already regulated and the AI tool simply became a new way for it to leave.

The compliance work here is concrete: know what sensitive data exists, detect it in real time as it moves toward an AI tool, and stop or redact it before it crosses a boundary GDPR or HIPAA cares about. That is a visibility and enforcement problem, and it is the problem most enterprises are least equipped to see.

Every Framework Assumes a Human at the Keyboard, and Agents Broke That Assumption

Singapore’s Infocomm Media Development Authority launched the first governance framework written specifically for autonomous AI agents on January 22, 2026 at Davos, and it exists because every major framework before it was built for AI systems a person operates. NIST AI RMF, ISO/IEC 42001, and the EU AI Act all quietly assume a human in the loop. Model Context Protocol (MCP), the open standard that lets an agent connect to external tools, APIs, and data sources and act through them, removes that human from the chain entirely.

This is the hinge. NIST’s Govern function assumes accountable humans making decisions. The EU AI Act’s transparency and human-oversight obligations assume a person to inform and a person to oversee. ISO/IEC 42001’s management-system controls assume processes humans run. An agent chaining tool calls across systems satisfies none of those assumptions cleanly, because the action surface moved from a screen a person reads to a tool call that fires in milliseconds. Traditional controls that govern URLs and network destinations lose visibility entirely at the point where the agent decides what to do.

Singapore’s framework is voluntary and explicitly a living document, structured around risk bounding, human accountability, technical controls, and end-user responsibility. It is the first official acknowledgment that the existing stack does not reach agents. Everyone else is still catching up, which means the control for this gap has to come from the architecture, not the framework.

How the Compliance Stack Lines Up Across Three Dimensions

Every major AI framework rates “limited” or “minimal” on agentic AI coverage. The table below shows why: NIST AI RMF, ISO/IEC 42001, and the EU AI Act were each built around human operators, not autonomous tool calls, and that gap is the central problem this article addresses.

The three frameworks also diverge on obligation and proof. The EU AI Act binds any organization whose AI touches people in the EU. NIST and ISO/IEC 42001 are voluntary, though NIST carries real weight as an affirmative defense under Texas TRAIGA. Only ISO/IEC 42001 produces a third-party certification artifact.

You Cannot Comply With What You Cannot See

Aurascape catalogues more than 2,200 AI applications and ships production-ready connectors within 48 hours of a new tool appearing, which is the inventory layer every major framework assumes you already have. Without it, the Govern function of NIST AI RMF, the scope definition in an ISO/IEC 42001 Statement of Applicability, and the system register the EU AI Act expects are all built on a guess.

Discovery is where the gap between policy and reality shows up. A security team can have a written AI policy and still be blind to the personal ChatGPT accounts, the AI features switched on inside an approved SaaS tool, and the copilots employees enabled without asking. Practitioners surveying the agentic-AI security space consistently describe Aurascape as securing user activity across large numbers of AI apps with prompt and response decoding and automated remediation: the inventory-plus-enforcement combination the frameworks assume you already have. You cannot write a Statement of Applicability for tools you have not found.

Sensitive Data Controls Operationalize GDPR, HIPAA, and CCPA at the Prompt

Aurascape’s real-time, multimodal data classification catches regulated data at the prompt, before it reaches any external AI service, because GDPR, HIPAA, and CCPA attach liability the moment sensitive data moves toward an AI tool. The platform inspects prompts, responses, file uploads, and multi-turn conversations across text, code, and images, then enforces policy inline: allow, block, redact, or coach.

Sensitive Data Fingerprinting tags cardholder data, protected health information, and other regulated content so enforcement decisions are context-aware rather than blunt. In the Police Credit Union deployment, conversation-level guardrails operating in the live path cut AI risk by 83% and delivered NCUA compliance readiness, for an organization that had seriously considered banning generative AI entirely.

Audit Logging Is How You Prove It to an Examiner

The EU AI Act and the NIST AI RMF Govern function treat logging as an evidence requirement, not a best practice: records must be producible on demand. Aurascape generates audit-ready, conversation-level logs of every AI interaction, including the decoded record of what was prompted, what was returned, what data was involved, and what policy decision fired. The Police Credit Union deployment produced exactly that: examiner-ready interaction logs an NCUA examiner could review directly.

This is the difference between asserting governance and demonstrating it. An ISO/IEC 42001 auditor, an EU AI Act conformity assessment, or a state attorney general invoking an affirmative-defense clause all want the same thing: a traceable record that your stated controls actually ran. Decoded interaction histories and policy-decision logs are that record. The platform does not make an organization compliant, and it does not replace legal counsel; it produces the evidence that lets compliance and legal teams demonstrate the controls were in place and enforced.

Copilot Readiness Closes the Embedded-AI Privacy Gap

Microsoft 365 Copilot and similar embedded AI tools surface everything a user can technically reach, which turns a tolerable permissions mess into a live compliance exposure the moment someone runs a cross-tenant summary prompt. Aurascape’s Copilot Readiness module finds overshared permissions before a rollout begins, Copilot Oversight monitors live usage, and Copilot Unlearning removes sensitive data already ingested by the AI system.

A permissions structure that humans navigated one click at a time becomes a GDPR, HIPAA, or EU AI Act problem when a copilot can summarize across all of it in a single prompt. Finding the oversharing before the rollout is the readiness step; monitoring usage and removing exposed data afterward is the ongoing control. All three capabilities map directly to the record-keeping and privacy obligations those regulations impose on the specific channel copilots opened.

The Zero-Bypass MCP Gateway Is the Control the Frameworks Are Missing

Only 31% of organizations say they are fully equipped to control and secure agentic AI systems (Cisco AI Readiness Index, 2025), and the gap is structural: NIST AI RMF, ISO/IEC 42001, and the EU AI Act all assume a human oversees the action. Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, signs, and controls every Model Context Protocol tool call, API invocation, and data retrieval before an agent reaches any external system. Secure Agentic AI wraps the rest of the lifecycle: pre-build adversarial testing, Code Path and CVE Detection, and Safe Output Governance at runtime.

Where the frameworks assume a human in the loop, the Gateway treats the agent as a privileged user and inspects both legs of its behavior: the agent-to-model leg and the agent-to-tool leg. The control fires at the tool call itself, not at a URL or a network destination the agent already moved past.

Auri Gives Compliance Teams the Evidence Without the Console

Auri, Aurascape’s natural-language agent, gives Legal and Compliance teams role-based access to AI activity records, summaries, and audit evidence through plain-language questions, with no dashboard login or query syntax required. Compliance and legal professionals need that evidence directly; they do not live in a security console and should not have to.

This matters because the people who own the compliance obligation are rarely the people who run the security tooling. A GRC officer preparing for an ISO/IEC 42001 surveillance audit or an EU AI Act assessment needs to pull relevant interaction records and policy decisions on their own timeline. Self-service, role-bound access to that evidence is what lets compliance operate the program rather than filing a ticket and waiting on the security team for every audit request.

The Stack Holds, but Only If Something Watches the Agents

Only 31% of organizations say they are fully equipped to control and secure agentic AI systems, even as 83% plan to deploy them (Cisco AI Readiness Index, 2025).

The AI Incident Database recorded 233 AI-related incidents in 2024, a 56.4% year-over-year increase and a record high, spanning unauthorized training-data access, synthetic-identity fraud, and model-inversion attacks (Stanford HAI AI Index Report, 2025). NIST AI RMF gives you the methodology, ISO/IEC 42001 gives you the certifiable management system, the EU AI Act gives you the binding law, and the US state patchwork fills the space between. Built together, with NIST as the common methodology and ISO as the external proof, they cover the human-operated AI surface well. The crosswalks are real, and an organization that builds to the strongest common denominator can satisfy several layers without duplicating the work.

The stack’s one structural gap is the agent. Every framework assumes a person at the keyboard, and autonomous tool calls through Model Context Protocol removed that person from the loop faster than the frameworks could adapt. Singapore’s January 2026 agentic framework is the first to name the gap; the rest of the stack is still catching up.

Only one in five companies has a mature model for governance of autonomous AI agents, even as agentic AI usage is poised to rise sharply over the next two years (Deloitte State of AI in the Enterprise, 2026). Until it does, the control for autonomous AI has to come from architecture that inspects the tool call directly, because a framework that assumes human oversight cannot govern an action no human sees.

Where Aurascape Sits Against the AI Security Field

Aurascape covers 20,000+ catalogued AI apps with a 48-hour connector SLA and enforces policy at the conversation level before any agent tool call executes, a pairing no other vendor in this comparison delivers on both dimensions. The table below maps how each platform addresses the live-path control problem across AI app coverage, the agentic-AI control mechanism, and embedded-AI reach.

The compliance differentiator is that pairing: conversation-level inspection across a large app catalog plus a tool-call control that fires before the agent acts.

Gartner predicts guardian agents will capture 10 to 15% of the agentic AI market by 2030, establishing AI-on-AI governance as a defined market category (Gartner, 2025). That combination is what lets a single platform produce evidence for the human-operated layers and enforce a control on the agentic layer the frameworks have not yet reached.

Frequently Asked Questions

Does an ISO/IEC 42001 certificate satisfy the EU AI Act?

No. ISO/IEC 42001 is a voluntary management-system certification, and the EU AI Act is a binding law with its own conformity-assessment requirements for high-risk systems. A 42001 certificate strengthens your governance evidence and can streamline parts of an AI Act assessment, but it does not substitute for the Act’s specific obligations.

Which framework should an enterprise start with?

Most start with NIST AI RMF because it is the common methodology the other instruments reference, then certify to ISO/IEC 42001 to prove it externally. Texas TRAIGA names substantial NIST AI RMF compliance as an affirmative defense, which makes the methodology a practical legal anchor even though it is voluntary.

Is the EU AI Act’s high-risk deadline still August 2, 2026?

Not as currently agreed. A Digital Omnibus provisional agreement reached May 7, 2026 defers the main standalone high-risk obligations to December 2, 2027 and product-embedded high-risk AI to August 2, 2028. Formal adoption is pending as of June 2026, so confirm the status before planning against either date.

Does the EU AI Act apply to a US company with no EU office?

Yes, if your AI system’s output is used by or affects people in the EU. The Act is extraterritorial, so physical presence in the EU is not the trigger; the reach of your AI output is.

What happened to the Colorado AI Act?

The original Colorado AI Act (SB 24-205) was effectively replaced. A federal court stayed enforcement on April 27, 2026, and Governor Polis signed a narrower replacement, SB 26-189, on May 14, 2026, effective January 1, 2027, dropping the original risk-management and impact-assessment duties.

Why do AI agents create a compliance gap the frameworks do not cover?

The major frameworks assume a human operates and oversees the AI system, and agents acting through Model Context Protocol tool calls remove that human from the decision loop. Oversight, transparency, and accountability obligations written for human-operated systems do not map cleanly onto autonomous tool calls that fire without a person reviewing them.

Do GDPR and the EU AI Act both apply to the same AI system?

Yes, concurrently. The EU AI Act governs the AI system’s risk tier and obligations; GDPR governs the personal data flowing through it. A system can meet the AI Act’s requirements and still breach GDPR on its data handling, so both regimes have to be satisfied independently.

Can a security platform make my organization compliant?

No. A platform like Aurascape operationalizes and evidences compliance: it discovers AI use, enforces data controls, and produces audit-ready records. Compliance itself is a legal and organizational determination that requires counsel and formal assessment; tooling supports and demonstrates it but does not replace either.

Where does sensitive-data risk actually concentrate in AI use?

In the pre-existing data regimes, GDPR, HIPAA, CCPA, and PCI DSS, because regulated data becomes exposed the moment it moves into an AI tool. Most real incidents are not exotic agentic attacks; they are regulated data leaving through a new channel, which is why real-time detection at the prompt matters more than any single AI-specific statute.

How Aurascape Operationalizes the Compliance Stack Across Every AI Interaction

Aurascape’s Zero Bypass MCP Gateway inspects, verifies, and signs every agent tool call before it executes, closing the one gap every major compliance framework leaves open: autonomous agents acting through Model Context Protocol connections that existing SSE, SASE, and DLP controls never see. The platform discovers every AI app and agent including shadow and embedded AI, classifies and controls sensitive data inline before it reaches an external tool, and produces the conversation-level audit records that NIST AI RMF’s Govern function and the EU AI Act’s logging obligations require.

For the agentic surface specifically, Secure Agentic AI adds adversarial testing and runtime guardrails across the full agent lifecycle, from pre-build Code Path and CVE Detection through Safe Output Governance at runtime. The platform sits alongside an existing SSE, SASE, or DLP stack rather than replacing it, and Auri gives compliance teams self-service, natural-language access to the evidence. Aurascape does not make an organization compliant or replace legal counsel; it operationalizes the controls and produces the proof that compliance and legal teams use to demonstrate the program is real.

---

Aurascape is the AI-native control layer for the one place the compliance stack still goes blind: autonomous agents acting through tool calls your existing controls never see. Every deployment runs through a tailored demo with your security team.

See how Aurascape governs every AI interaction in the live path →