Frameworks

One coherent path through overlapping rules

AI adoption rarely touches a single regime. Here is the governance landscape we work across — and how each piece intersects with AI.

What it is: The EU’s risk-based regulation of artificial intelligence, setting obligations by risk tier — from prohibited uses to high-risk systems and transparency duties.
Who it affects: Providers and deployers of AI systems offered or used in the EU.
How AI intersects: It directly classifies your AI use cases and assigns concrete obligations, documentation, and human-oversight requirements.
How we help: Use-case classification, readiness assessment, and a remediation roadmap.

What it is: The EU directive raising cybersecurity and incident-reporting requirements for essential and important entities.
Who it affects: Organizations in critical and important sectors across the EU, and much of their supply chain.
How AI intersects: AI systems become assets to secure and risks to manage under your cyber-risk regime.
How we help: Fold AI assets into your NIS2 risk management and governance controls.

What it is: EU rules imposing cybersecurity requirements on products with digital elements across their lifecycle.
Who it affects: Manufacturers and distributors of connected and software products in the EU.
How AI intersects: AI-enabled features are digital elements that must meet security-by-design and update obligations.
How we help: Align AI-enabled product features with CRA requirements and documentation.

What it is: The international standard for an information security management system (ISMS).
Who it affects: Any organization seeking a structured, certifiable approach to information security.
How AI intersects: AI tools and data flows become part of the assets, risks, and controls your ISMS governs.
How we help: Extend your ISMS to cover AI usage, data handling, and supplier risk.

What it is: The international standard for quality management systems.
Who it affects: Organizations committed to consistent quality and continual improvement.
How AI intersects: AI changes processes and outputs — quality controls must ensure validation isn’t bypassed.
How we help: Embed human validation of AI outputs into your quality processes.

What it is: The automotive industry’s assessment and exchange mechanism for information security.
Who it affects: Suppliers and partners in the automotive value chain.
How AI intersects: AI handling of sensitive or prototype data must satisfy TISAX information-security expectations.
How we help: Prepare AI-related practices for TISAX assessment readiness.

Which of these apply to you?

We’ll help you see the whole picture — and turn it into a single, manageable plan.