Guides & Updates

AI governance, made practical

Plain-language guides to the standards and rules that matter, plus what is changing now. Written to help teams govern AI without a compliance department.

Latest updates
29 Jun 2026

EU AI Act deadlines shift under the Digital Omnibus

The high-risk obligations are deferred to December 2027, but the August 2026 transparency duties and the wider architecture remain live. What it means, and why now is the time to inventory and govern.

15 May 2026

ISO 42001, and where to start

The first AI management system standard is voluntary and certifiable. A short readiness checklist to see where you stand.

Start here
Pillar guide

What Is AI Governance?

A plain-language guide to what AI governance is, why it matters now, what a program includes, and how a small team can start. The best place to begin.

Frameworks & standards
EU AI Act

The EU AI Act Compliance Checklist

What applies, when, and the steps to prepare, with an accurate post-Omnibus timeline.

ISO 42001

The ISO 42001 Readiness Checklist

See how ready you are for the first AI management system standard.

Comparison

ISO 42001 vs ISO 27001

How the two standards differ, where they overlap, and whether you need both.

NIST AI RMF

The NIST AI RMF, Explained

The four functions, and how the framework fits with ISO 42001 and the EU AI Act.

Policies & assessments
AI policy

How to Write an AI Acceptable Use Policy

What to include, and a template to start from.

AI risk

The AI Risk Assessment Template

When to run one, what to evaluate, and a free template.

Vendor risk

The AI Vendor Risk Assessment

What to check before you adopt a third-party AI tool.

When someone asks for it
Security questionnaire

How to Answer the AI Section of a Security Questionnaire

What buyers ask about your AI, and the documents that answer it fast.

Microsoft SSPA

Microsoft SSPA Section K: AI Requirements for Suppliers

When ISO 42001 is optional versus mandatory, and how to get ready.

EU AI Act

EU AI Act Serious Incident Reporting (Article 73)

Who must report, the 2, 10, and 15 day deadlines, and how to prepare.

Free tool

EU AI Act Risk Classifier

Answer a few questions to see whether the Act applies, and at what tier.

Readiness kits
Microsoft SSPA

SSPA Section K Readiness Kit

Map ISO 42001 evidence to Section K, run the v12 screening worksheet, and get to Green. $599.

Procurement

AI Security Questionnaire Response Kit

Defensible, adaptable answers to the AI section of a security questionnaire. $399.

Copilot rollout

Generative AI Rollout Governance Kit

Roll out Copilot or a similar assistant to staff without a data-leak incident. $499.

Inventory

AI System Inventory & Registry Kit

A defensible registry of every AI system you run, with a shadow-AI playbook. $399.

EU AI Act

EU AI Act High-Risk Provider Pack

The core artifacts for a high-risk provider, including the Article 73 runbook. $899.

The Governance Brief

One regulatory change that matters, one template to use, once a month. Free.