Resources · Compliance Frameworks

The frameworks shaping enterprise AI

Plain-language explanations of the laws, regulations, and standards that govern AI today — grouped by jurisdiction, with guidance on how Clariantix helps you prepare.

Canada

Canada

Federal AI and privacy legislation governing Canadian organizations.

Canada
AIDA
Artificial Intelligence and Data Act

AIDA is Canada's proposed federal framework (under Bill C-27) governing the design, development, and deployment of high-impact AI systems. It establishes obligations for risk assessment, mitigation, transparency, monitoring, and record-keeping for organizations that build or use AI in commercial activity.

Canada
PIPEDA
Personal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It governs how organizations collect, use, disclose, and safeguard personal information in the course of commercial activity, and gives individuals rights of access and correction.

Canada
CPPA
Consumer Privacy Protection Act

The CPPA is the modernized federal private-sector privacy law proposed under Bill C-27, intended to replace PIPEDA. It strengthens consent, introduces algorithmic transparency rights, materially raises penalties, and expands enforcement powers.

United States

United States

Risk frameworks and assurance standards shaping US AI governance.

United States
NIST AI RMF
NIST AI Risk Management Framework

The NIST AI Risk Management Framework is a voluntary, widely adopted framework for managing risks across the AI lifecycle. It is organized around four functions — Govern, Map, Measure, Manage — and is paired with the Generative AI Profile for foundation-model risks.

United States
SOC 2
SOC 2 Trust Services Criteria

SOC 2 is an attestation standard governed by the AICPA covering controls relevant to security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are issued by independent auditors and are a baseline expectation for B2B SaaS and AI vendors.

European Union

European Union

Comprehensive AI and data protection regulation with extraterritorial reach.

European Union
GDPR
General Data Protection Regulation

GDPR is the EU's comprehensive data protection regulation. It governs the processing of personal data of individuals in the EU and EEA, with extraterritorial reach to any organization offering goods, services, or monitoring behavior in the bloc.

European Union
EU AI Act
EU Artificial Intelligence Act

The EU AI Act is the world's first comprehensive horizontal AI regulation. It categorizes AI systems by risk (prohibited, high-risk, limited-risk, minimal-risk) and imposes obligations on providers, deployers, importers, and distributors operating in or selling into the EU.

International Standards

International Standards

Global management-system standards used as the common language of AI trust.

International
ISO 42001
AI Management System Standard

ISO/IEC 42001 is the first international management-system standard for artificial intelligence. It defines requirements for establishing, implementing, maintaining, and continually improving an AI management system (AIMS), with certifiable controls across governance, risk, lifecycle, and operations.

International
ISO 27001
Information Security Management Standard

ISO/IEC 27001 is the leading international standard for information security management systems (ISMS). It requires organizations to systematically identify, assess, and treat information-security risks through a defined set of controls.

Next Step

Ready to understand your organization's AI governance readiness?