Cross-cutting themes

// Cross-cutting

Compare by theme

Each theme groups related obligations across the three frameworks. Click any tile to see them side by side.

governance

Governance & Accountability

Who owns AI risk, policies, roles, leadership commitment.

ISO 42001 · 24NIST AI RMF · 7EU AI Act · 7

risk-management

Risk Management

Identifying, assessing, treating and monitoring AI risks across the lifecycle.

ISO 42001 · 7NIST AI RMF · 7EU AI Act · 5

data-governance

Data Governance

Training/validation/test data quality, bias, provenance, representativeness.

ISO 42001 · 6NIST AI RMF · 3EU AI Act · 1

transparency

Transparency & Information

Disclosure to users, deployers, regulators; AI-generated content labelling.

ISO 42001 · 5NIST AI RMF · 4EU AI Act · 2

human-oversight

Human Oversight

Meaningful human control and ability to intervene or override.

ISO 42001 · 3NIST AI RMF · 4EU AI Act · 2

accuracy-robustness

Accuracy, Robustness & Security

Performance, resilience to errors and adversarial inputs, cybersecurity.

ISO 42001 · 3NIST AI RMF · 6EU AI Act · 2

documentation

Documentation & Records

Technical documentation, logs, evidence and traceability.

ISO 42001 · 8NIST AI RMF · 4EU AI Act · 4

lifecycle

Lifecycle & Change

Design, development, deployment, decommissioning, change management.

ISO 42001 · 11NIST AI RMF · 3EU AI Act · 1

monitoring

Post-market Monitoring & Incidents

Operating phase: drift, incidents, corrective action, reporting.

ISO 42001 · 7NIST AI RMF · 8EU AI Act · 5

impact-assessment

Impact & Fundamental Rights

Assessing impact on people, fundamental rights, fairness.

ISO 42001 · 8NIST AI RMF · 4EU AI Act · 2

third-party

Third Parties & Supply Chain

Suppliers, providers, deployers, GPAI model providers.