Risk
Inadequate Compliance Mapping
Description
Organization fails to identify or map all applicable AI regulations and requirements to policies and controls.
Example
Company misses EU AI Act requirements for high-risk AI systems, facing regulatory penalties.
Assets Affected
AI Policy
Compliance docs
Risk register
Mitigation
- Regulatory monitoring
- Compliance matrix
- Legal consultation
- Automated regulation tracking
- Periodic gap analysis
Standards Mapping
- ISO 42001: 4.1, 4.2
- NIST AI RMF: GOVERN 1.1, MAP 1.1
- DASF v2: PLATFORM 12.6