Map ISO 42001,
NIST AI RMF & EU AI Act
in one calm view.
Three frameworks. One translucent atlas. Click any clause, control or article - instantly see what it maps to in the other two. Built for engineers, lawyers, GRC leads and the merely curious.
ISO/IEC 42001:2023
An auditable management-system standard (like ISO 27001 for security) that tells an organisation HOW to build, run, and continually improve an AI Management System. Clauses 4–10 are the system. Annex A is the control catalogue.
NIST AI Risk Management Framework 1.0
A voluntary US framework structured around four functions - GOVERN, MAP, MEASURE, MANAGE - that any organisation can use to identify and reduce risks of AI systems. Categories and sub-categories give concrete outcomes.
Regulation (EU) 2024/1689
Binding law across the EU. Risk-tiered: prohibits unacceptable uses, imposes heavy obligations on high-risk AI, transparency duties on limited-risk, and special rules for general-purpose AI models. Fines up to €35M / 7% turnover.
Pick your entry point
New here? We'll walk you through it.
A 8-step tour from governance to monitoring. See how all three frameworks line up at every stop. No prior knowledge required.
▸ Start the tour →Know the topic you care about?
12 cross-cutting topics - risk, data, oversight, monitoring. See how each framework handles the same concept side by side.
Browse themes →Know the exact clause?
Three-column mapper. Click any item; mapped equivalents light up across the other two frameworks. Deep-linkable, search-friendly.
Open explorer →What this is & how to use it
One atlas for three regimes
ISO 42001, NIST AI RMF and the EU AI Act are written in different languages, by different bodies, for different purposes. This tool translates between them - clause by clause - so you can build a single compliance programme instead of three silos.
Click, compare, follow
- 1. Pick a framework in the Explorer.
- 2. Click any clause - mappings auto-highlight.
- 3. Read the detail panel for rationale & evidence.
- 4. Jump to Themes or Guided for the bigger picture.
Interpretive, not legal gospel
Every mapping is an informed interpretation, not an official crosswalk. Expect gaps - some EU legal obligations have no NIST equivalent, and ISO management-system clauses don't always map to US risk categories. We flag those explicitly.
Pro tips
- Use search to find clauses by keyword.
- Filter by theme to trace a topic end-to-end.
- Check Evidence & Pitfalls for audit readiness.
- Share URLs - every selection is deep-linkable.
Engineers, lawyers, GRC leads & the merely curious
Whether you are drafting a System Quality Management Plan under ISO 42001, aligning NIST AI RMF profiles to product milestones, or conducting a gap assessment against EU AI Act high-risk obligations - this tool gives you a shared reference point. Use it in workshops, paste links into Jira tickets, or run it on a projector during compliance reviews.