42
AI Gov Mapper
ISO × NIST × EU

About AI Governance Hub

// About

What this is

AI Gov Mapper is a free, brutalist, interactive atlas of three foundational AI governance documents. It lets you click any clause, control or article and instantly see what it maps to in the other two - so you can build one programme that satisfies all three.

The three frameworks

ISO/IEC 42001:2023

An auditable management-system standard (like ISO 27001 for security) that tells an organisation HOW to build, run, and continually improve an AI Management System. Clauses 4–10 are the system. Annex A is the control catalogue.

Open deep dive →
NIST AI Risk Management Framework 1.0

A voluntary US framework structured around four functions - GOVERN, MAP, MEASURE, MANAGE - that any organisation can use to identify and reduce risks of AI systems. Categories and sub-categories give concrete outcomes.

Open deep dive →
Regulation (EU) 2024/1689

Binding law across the EU. Risk-tiered: prohibits unacceptable uses, imposes heavy obligations on high-risk AI, transparency duties on limited-risk, and special rules for general-purpose AI models. Fines up to €35M / 7% turnover.

Open deep dive →

How to use it

  1. 01
    Explorer

    Three columns, click any item to see equivalents across the others. Filter by search or theme.

  2. 02
    Themes

    Cross-cutting topics (risk, data, oversight, monitoring, supply chain…) compared side by side.

  3. 03
    Guided

    Eight-step learning journey from governance to monitoring covering all three at once.

Coverage scope

// Curated subset, not exhaustive

We currently surface 64 ISO 42001 clauses/controls, 41 NIST AI RMF sub-categories and 26 EU AI Act articles. That is enough to learn the shape of all three and build a unified programme, but it is not the full text. Selection criteria:

  • We include clauses, sub-categories and articles that change what a real team does day-to-day.
  • We include all items referenced by the Guided tour and Themes pages so the three views stay consistent.
  • Annex A controls are sampled across all 9 ISO control groups, not exhaustively listed.
// Intentionally out of scope
  • NIST GOVERN 1.3 / 1.5 / 1.6 / 1.7 (sub-categories on legal review cadence, transparency policies, inventory and supply-chain mapping) - covered conceptually under GOVERN 1.1/1.4 and GOVERN 6.
  • EU Art.43 conformity assessment procedure, Art.47/48 declaration of conformity and CE marking - process-only steps that follow once Art.9–15 are met.
  • EU Art.49 registration in the EU database, Art.60 testing in real-world conditions - operational logistics rather than design substance.
  • NIST AI RMF Profiles - the four functions are mapped, but the optional profile concept is not item-level.
// Disclaimer

Educational reference only

Mappings are interpretive, not authoritative. We flag gaps explicitly with EU-ONLY / NO-ISO / NO-NIST badges in the Explorer, but the source texts always win. Use this as a learning aid and a starting point - always consult the source documents and qualified advisors for compliance decisions.