AI Regulation ReferenceStandards & Frameworks
Voluntary standards and governance frameworks that organizations adopt alongside binding regulation. Not legally enforceable on their own, but widely referenced by regulators and used for certification and safe harbor compliance.
| Standard | Type | Jurisdiction | Status | Published | Provisions |
|---|---|---|---|---|---|
| General-Purpose AI Code of Practice (GPAI CoP) | framework | European Union | enforcing | Aug 2, 2025 | 4 |
| Hiroshima AI Process – Principles & Code of Conduct | framework | G7 | voluntary | Oct 30, 2023 | 6 |
| ISO/IEC 23894 AI Risk Management | standard | OECD | voluntary | Feb 6, 2023 | 1 |
| ISO/IEC 38507 Governance of AI | standard | OECD | voluntary | Apr 8, 2022 | 1 |
| ISO/IEC 42001 AI Management System | standard | OECD | voluntary | Dec 18, 2023 | 3 |
| ISO/IEC 42005 AI Impact Assessment | standard | OECD | voluntary | May 28, 2025 | 1 |
| NIST AI Risk Management Framework | framework | United States | voluntary | Jan 26, 2023 | 1 |
| OECD AI Principles | standard | OECD | voluntary | May 22, 2019 | 4 |
| Model AI Governance Framework | framework | Singapore | voluntary | Jan 23, 2019 | 3 |
How Standards Differ from Regulations
Standard — A defined set of criteria or specifications by a recognized body that organizations measure against or certify to. Example: ISO 42001 defines requirements for an AI management system that can be independently audited.
Framework — A structured approach or methodology for organizing thinking and action, without specific pass/fail criteria. Example: NIST AI RMF provides a process (Govern, Map, Measure, Manage) rather than a checklist.
Both are voluntary unless referenced by a binding regulation. The EU AI Act references ISO 42001 for conformity assessment, and several US state laws offer safe harbor for organizations following the NIST AI RMF.