The frameworks shaping enterprise AI
Plain-language explanations of the laws, regulations, and standards that govern AI today — grouped by jurisdiction, with guidance on how Clariantix helps you prepare.
Canada
Federal AI and privacy legislation governing Canadian organizations.
AIDA is Canada's proposed federal framework (under Bill C-27) governing the design, development, and deployment of high-impact AI systems. It establishes obligations for risk assessment, mitigation, transparency, monitoring, and record-keeping for organizations that build or use AI in commercial activity.
PIPEDA is Canada's federal private-sector privacy law. It governs how organizations collect, use, disclose, and safeguard personal information in the course of commercial activity, and gives individuals rights of access and correction.
United States
Risk frameworks and assurance standards shaping US AI governance.
The NIST AI Risk Management Framework is a voluntary, widely adopted framework for managing risks across the AI lifecycle. It is organized around four functions — Govern, Map, Measure, Manage — and is paired with the Generative AI Profile for foundation-model risks.
SOC 2 is an attestation standard governed by the AICPA covering controls relevant to security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are issued by independent auditors and are a baseline expectation for B2B SaaS and AI vendors.
European Union
Comprehensive AI and data protection regulation with extraterritorial reach.
GDPR is the EU's comprehensive data protection regulation. It governs the processing of personal data of individuals in the EU and EEA, with extraterritorial reach to any organization offering goods, services, or monitoring behavior in the bloc.
The EU AI Act is the world's first comprehensive horizontal AI regulation. It categorizes AI systems by risk (prohibited, high-risk, limited-risk, minimal-risk) and imposes obligations on providers, deployers, importers, and distributors operating in or selling into the EU.
International Standards
Global management-system standards used as the common language of AI trust.
ISO/IEC 42001 is the first international management-system standard for artificial intelligence. It defines requirements for establishing, implementing, maintaining, and continually improving an AI management system (AIMS), with certifiable controls across governance, risk, lifecycle, and operations.
