AI Regulation ReferenceModel AI Governance Framework
Obligations Covered
AI Governance and Human Oversight #
Requirements
| Requirement | Details |
|---|---|
| Human-in-the-loop | Appropriate level of human involvement based on risk and impact |
| Decision models | Three models: human-in-the-loop, human-on-the-loop, human-out-of-the-loop |
| Risk-proportionate | Level of oversight proportionate to risk of AI application |
| Agentic AI oversight | 2026 update adds guidance for autonomous agent monitoring and intervention |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Voluntary — no direct penalties; organizations legally accountable for AI actions under existing law |
Explainability and Transparency #
Requirements
| Requirement | Details |
|---|---|
| Explainable AI | Provide explanations of AI decisions appropriate to the audience |
| Transparency | Disclose use of AI in decision-making to affected individuals |
| Stakeholder communication | Proactive communication about AI use, capabilities, and limitations |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Voluntary — no direct penalties |
AI Risk Management and Third-Party Oversight #
Requirements
| Requirement | Details |
|---|---|
| Internal governance | Establish AI governance structures and accountability |
| Risk management | Lifecycle risk management from design through deployment and monitoring |
| Third-party oversight | Assess and manage risks from AI vendor and third-party systems |
| Agentic AI risks | 2026 update covers system design, deployment safeguards, monitoring, and end-user responsibility |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Voluntary — no direct penalties |