Compliance overview
Understand available compliance frameworks and how to choose between them.
Overview
VerifyWise supports multiple compliance frameworks to help you meet regulatory requirements and demonstrate responsible AI governance. Each framework provides a structured approach to evaluating your AI systems against specific standards or regulations.
Rather than treating compliance as a one-time event, VerifyWise enables continuous assessment and improvement. You can track progress over time, identify gaps, and demonstrate to auditors exactly where you stand on each requirement.
Available frameworks
VerifyWise includes support for the following compliance frameworks:
EU AI Act
The European Union's comprehensive regulation governing AI systems with risk-based requirements.
ISO 42001
The international standard for AI management systems, enabling third-party certification.
ISO 27001
Information security management extended to cover AI-specific security concerns.
NIST AI RMF
Voluntary risk management framework with practical guidance for trustworthy AI.
Choosing a framework
The right framework depends on your regulatory obligations, business needs, and AI governance maturity:
- EU AI Act: Required if you deploy AI systems in the EU or affecting EU citizens. Start here if you need to comply with European AI regulation
- ISO 42001: Choose this if you want third-party certification to demonstrate AI governance maturity to customers and partners
- ISO 27001: Extend your existing information security management system to cover AI-specific security requirements
- NIST AI RMF: Ideal as a flexible starting point for AI risk management, especially for US organizations or government contractors
Framework comparison
Key differences between the frameworks:
| Framework | Type | Mandatory | Certifiable | Primary region |
|---|---|---|---|---|
| EU AI Act | Regulation | ✓ | — | European Union |
| ISO 42001 | Standard | — | ✓ | Global |
| ISO 27001 | Standard | — | ✓ | Global |
| NIST AI RMF | Framework | — | — | United States |
Getting started with compliance
To begin compliance tracking in VerifyWise:
- Create a use case for your AI system
- Select the compliance framework(s) you need to address
- VerifyWise creates an assessment with all applicable requirements
- Assign owners to controls and begin implementation
- Track progress and link evidence as you work
Common elements across frameworks
While each framework has its own structure and terminology, they share common elements in VerifyWise:
- Requirements: Controls, subclauses, or subcategories that define what you need to address
- Status tracking: Progress from not started through implementation to completion
- Assignments: Owner, reviewer, and approver roles for accountability
- Evidence linking: Attach documents from your Evidence Hub to demonstrate compliance
- Risk linking: Connect use case risks to show how controls address identified risks
- Progress metrics: Track completion, assignments, and overdue items
Continuous compliance
Compliance is not a one-time achievement. VerifyWise supports ongoing compliance management:
- Monitor controls to ensure they remain effective as your AI systems change
- Update implementation details when processes evolve
- Refresh evidence to reflect current practices
- Track regulatory updates and adjust controls accordingly
- Prepare for periodic audits with up-to-date documentation