ROMEOADVANCED ACADEMY

Lesson 5 of 5 · AI Security Foundations

Lesson 5

The compliance and regulatory frame

Five frameworks, one practical map, and a one-page document you take to your next audit committee.

45 minutesOne write-upNo tools required

By the end of this lesson, you will:

  • Understand what the EU AI Act, NIS2, DORA, ISO 42001, and NIST AI RMF each cover and require.
  • Know which ones likely apply to your organisation and which do not.
  • Have drafted a one-page AI security posture document — the artefact your board, your auditor, and your customers will all eventually ask for.

The five frameworks, and what each does

EU AI Act

The first comprehensive law specifically regulating AI. Adopted by the EU in 2024, in force from August 2024, rolling out in stages through 2027. Applies to anyone placing AI systems on the EU market or whose AI's output is used in the EU — which means most major non-EU vendors are also in scope.

The Act classifies AI systems into four risk tiers. Prohibited uses (social scoring, mass biometric surveillance, certain manipulative systems) are banned outright. High-risk systems — which covers a lot of credit scoring, insurance, employment, education, critical-infrastructure, and law-enforcement AI — carry significant obligations: risk management, technical documentation, data governance, logging, human oversight, accuracy, robustness, and cybersecurity. Limited-risk systems (chatbots, deepfakes) carry transparency obligations. Minimal-risk systems (most AI in commercial use) have only voluntary codes of conduct.

General-purpose AI models — the foundation models — have their own obligations as of August 2025: technical documentation, copyright disclosure, and for the largest models, additional systemic-risk obligations.

What this means for security: If any of your AI is high-risk, the cybersecurity obligations are explicit in Article 15. Your AI security programme is no longer optional.

NIS2

The EU's Network and Information Security Directive, second iteration, which came into force across member states by October 2024. NIS2 raises cybersecurity requirements on "essential" and "important" entities across a wider set of sectors than the original NIS — including digital infrastructure, financial market infrastructure, healthcare, drinking water, and others.

NIS2 does not name AI specifically. But its requirements — risk management, incident reporting, supply-chain security, governance accountability — apply to any AI system that supports an in-scope service. If your AI is part of a regulated critical service, NIS2 is in scope.

What this means for security: AI-related security incidents at in-scope entities have to be reported under NIS2 timelines (early warning within 24 hours; intermediate report within 72 hours; final report within one month).

DORA

The Digital Operational Resilience Act, which entered application in EU financial services in January 2025. DORA addresses ICT risk in banks, insurers, investment firms, and crypto-asset service providers. It is the most prescriptive of these frameworks on third-party ICT risk — including AI vendors.

For AI specifically, DORA's most important provisions are the ICT third-party risk requirements: financial firms must inventory their critical ICT providers (including AI providers), conduct due diligence, embed specific contractual terms, and maintain exit plans. The European Supervisory Authorities have designated certain providers as "critical" — subject to direct oversight.

What this means for security: If you are a financial firm using third-party AI, you need a DORA-grade vendor governance file for each provider. If you are a vendor selling AI to financial firms, your customers will be asking you for that file.

ISO 42001

The international standard for AI management systems, published in December 2023. Modelled on ISO 27001 (information security management) and ISO 9001 (quality). Certifiable through accredited bodies.

ISO 42001 specifies a management system for AI — a structured way of governing AI development and deployment across an organisation. It covers policy, roles and responsibilities, risk assessment, lifecycle controls, impact assessment, monitoring, and continual improvement. Like all ISO management-system standards, the value is in the discipline of implementing it.

What this means for security: Many organisations are pursuing ISO 42001 certification in 2026 and 2027 to demonstrate AI governance maturity to regulators, customers, and partners. If you already hold ISO 27001, you have most of the structural work done; ISO 42001 builds on the same foundations.

NIST AI RMF

The Artificial Intelligence Risk Management Framework, published by the US National Institute of Standards and Technology in January 2023, with a Generative AI Profile added in July 2024. Voluntary; widely referenced by US regulators and increasingly cited as the de facto baseline for risk-based AI governance.

NIST AI RMF organises around four functions: Govern (organisation-level policies and culture), Map (context and intended use), Measure (assess risks), Manage (apply controls and monitor). It is risk-management language rather than threat-catalogue language, which makes it the best framework for board-level conversations.

What this means for security: NIST AI RMF gives you a vocabulary your CFO, general counsel, and audit committee will recognise. Use it as the language of your governance documentation.

How they overlap and where they differ

The five frameworks are not redundant. Each fills a different need.

EU AI Act and NIS2 are law: you comply or you face penalties. DORA is sectoral law: applies if you are in financial services. ISO 42001 is a certifiable standard: you implement it to demonstrate governance to others. NIST AI RMF is guidance: you use it as a framework for thinking and for documentation.

In practical terms, most organisations end up with a mapping document: one column for each framework, with rows for each of your AI systems indicating obligations and current status. The mapping is the artefact regulators and auditors ask for.

What probably applies to you

A rough sorting hat:

  • Operating in the EU or selling AI to the EU? EU AI Act applies. Determine your risk tier per system.
  • Operating critical infrastructure or digital services in the EU? NIS2 applies.
  • Financial services in the EU? DORA applies.
  • Selling to US federal customers, or operating in any regulated US sector? NIST AI RMF will be in your customer due-diligence packs.
  • Selling to enterprise customers globally? ISO 42001 certification will increasingly be a procurement requirement, the way ISO 27001 already is.

For most organisations, three or four of the five apply. The one with the sharpest enforcement teeth in 2026 is the EU AI Act for high-risk classifications; the one with the broadest commercial pressure is ISO 42001 (procurement-driven); the one that should be your governance spine is NIST AI RMF.

Building your one-page AI security posture

The artefact you should walk out of this course with is a one-page summary of where your organisation stands on AI security. It is the document you would hand to a new CISO, a new audit committee chair, or a new regulator who walks in tomorrow.

A good one-page posture document contains:

  1. The AI systems we operate. A short inventory: name, purpose, who uses it, what data it sees, which framework risk tier it falls in (EU AI Act category if applicable).
  2. The frameworks we operate under. Which of the five (or others) apply to us, and which we have adopted as our spine.
  3. The controls we have in place. Identity, input boundary, prompt configuration, tool gating, output handling, monitoring, red-teaming. Status per layer per system.
  4. The risks we accept. Things we have decided not to mitigate, with reason and approver.
  5. The next two quarters. What we are working on. What we have committed to. What we are not yet doing.

This is not a forty-page audit report. It is a one-pager that gives an honest snapshot. If you cannot fit it on a page, the document is doing the wrong work.

Hands-on time

Exercise 5.1 · 25 minutes

Draft your one-page AI security posture

Draft a one-page AI security posture for your own organisation, using the five-section structure above. Aim for one page (approximately 400 words). If you do not have a real organisation in mind, use the Knowledge Assistant from Lessons 2 and 3 as your subject.

The point is not to write a finished, audit-ready document. The point is to discover what you cannot answer. Where you cannot fill in a section, that is your remediation list.

Once drafted, save it. Bring it to your next quarterly review with the security team. Add to it. Treat it as a living document, the way you treat any other security artefact.

Tools required: a text document or a sheet of paper.

What you have learned

Over five lessons, you have moved from "AI security is a new domain" to a working position: you can name what is genuinely different, recognise the common vulnerabilities, threat-model with ATLAS, layer defences appropriately, and map your systems to the regulatory frame. You have done it without writing code, without buying a tool, and without leaving a browser.

This is enough to operate the AI security function at most mid-sized organisations as a competent, audit-ready security leader. It is not enough to design specific cryptographic protections of AI systems, to do deep adversarial ML research, or to operate AI security at the largest critical-infrastructure organisations. Those are the deeper specialties Path D of the Integrated AI Program covers.

Looking ahead

The wrap-up page lists exactly which Path D modules pick up where this course leaves off, and how to stay in touch.