EU AI Act Compliance Timeline: Every Deadline from 2025 to 2027
Phased implementation dates, what each deadline triggers, prohibited practices (active Feb 2025), GPAI obligations (Aug 2025), and high-risk system requirements (Aug 2026).
AI Governance Guides
Practical compliance guidance for engineers, product managers, and compliance officers building AI systems that need to meet regulatory and standards requirements.
AI governance is moving from optional best practice to mandatory compliance. The EU AI Act is already in force, NIST AI RMF 1.0 has become the de facto US framework, and ISO/IEC 42001:2023 is the first certifiable AI management system standard. This section covers what these frameworks actually require—in the language of product teams, not law firms.
Everything here is grounded in the actual regulatory text (EU OJ 2024/1689, NIST AI RMF 1.0, ISO/IEC 42001:2023) translated into practical steps. We cover what you need to build, document, and audit—plus the governance platforms that can reduce the manual workload.
Topics
Three Areas of Coverage
Choose a topic area to see all guides in that category.
Legislation
EU AI Act compliance timelines, high-risk classification, Article 13 transparency requirements, and the EU vs UK regulatory divergence.
4 guidesStandards & Frameworks
NIST AI RMF GOVERN/MAP/MEASURE/MANAGE in practice, ISO/IEC 42001 certification checklists, and integrating 42001 with an existing ISO 27001 programme.
4 guidesPlatforms & Tools
Comparing Credo AI, Holistic AI, Arthur AI, and Fiddler AI. Setup guides and vendor AI risk assessment frameworks for third-party due diligence.
3 guides
Legislation
EU AI Act & UK Framework
The EU AI Act (OJ 2024/1689) is the world's first comprehensive AI law. Here is what product teams need to know.
Is Your AI System High-Risk? A Practical Classification Guide
The Annex III decision tree, the Article 6 dual test, safety component rules, and common misclassifications for HR tools, chatbots, and fraud detection.
Article 13 in Practice: What Transparency Documentation Actually Requires
Instructions for use, intended purpose, human oversight measures, accuracy metrics, and the difference between provider and deployer obligations under Article 26.
EU AI Act vs UK AI Framework: What Cross-Atlantic Products Must Do
UK's pro-innovation, principle-based approach vs EU hard law. What to build once for both, and where the regulatory requirements actually differ.
Standards
NIST AI RMF & ISO 42001
The two most widely adopted AI governance frameworks—translated from regulator-speak into sprint-team language.
NIST AI RMF in Practice: Running GOVERN, MAP, MEASURE, MANAGE in an Agile Team
Per-sprint integration of the four NIST AI RMF functions, practical artefacts, and tooling recommendations for teams who ship on two-week cycles.
What the NIST AI RMF MEASURE Function Actually Means
Concrete metrics for accuracy, fairness, robustness, and drift. Tools, thresholds, monitoring cadence, and the AI System Scorecard template.
ISO/IEC 42001 Certification Checklist: What Auditors Look for Clause by Clause
Complete clause-by-clause checklist for clauses 4 through 10, common audit findings, and the typical 6-12 month certification timeline.
ISO/IEC 42001 vs ISO 27001: What's Different and How to Integrate Both
What carries over from your 27001 programme, what's genuinely new in 42001, and how to run a combined ISMS+AIMS without duplicating everything.
Platforms
Governance Platforms & Tools
Purpose-built AI governance platforms, setup guides, and vendor risk assessment frameworks.
AI Governance Platforms Compared: Credo AI vs Holistic AI vs Arthur AI vs Fiddler AI
Feature comparison, pricing models, regulatory framework coverage, and a decision guide for choosing the right platform for your team size and exposure.
Credo AI Practical Setup Guide: Configuring Policy Packs for EU AI Act and NIST RMF
Step-by-step setup, SDK integration, policy pack configuration, and common mistakes teams make when treating assessment completion as compliance.
How to Assess AI Risk in Third-Party Vendors: A Practical Due Diligence Framework
EU AI Act Article 28 deployer obligations, a 5-step vendor assessment process, due diligence questionnaire template, and contract clauses that actually protect you.