Answer box
Most enterprises now report into all three: NIST AI RMF (the de facto US framework), ISO/IEC 42001 (the certifiable management-system standard), and the EU AI Act (binding law in the EU). They use different language, different structures, and different scopes — but they converge on the same underlying control objectives. This guide is the unified crosswalk: each major NIST function and category, each ISO 42001 Annex A control, and each operative EU AI Act article, mapped to the others and to the specific AI security controls each cell actually requires. Use it to maintain one program, not three.
Why this crosswalk matters
Most AI governance programs we audit have three problems: a NIST AI RMF binder, an ISO 42001 binder, and an EU AI Act binder — each maintained separately, by different people, with overlapping evidence collected three times. By the second audit cycle, the binders disagree.
The frameworks don't disagree. They are deliberately interoperable. NIST's profile-based design encourages mapping onto ISO and regulatory regimes. ISO 42001 explicitly references NIST AI RMF as a normative reference. The EU AI Act's Article 40 lets harmonised standards (likely including ISO 42001) presumptively satisfy compliance.
If you maintain a unified control library — one set of controls, mapped to all three frameworks — you collect evidence once, satisfy audits three times, and avoid the binder-divergence problem that consumes most of an AI-governance team's effort.
This guide is the starting point for that library.
A note on EU AI Act timing. Per the May 2026 Digital Omnibus, the Annex III high-risk system obligations originally due August 2, 2026 have been deferred. GPAI enforcement powers activate August 2, 2026. Article 5 prohibitions are already in force (February 2, 2026 anniversary). High-risk Annex III obligations now expected December 2, 2027. Penalty regime substantially in force. The crosswalk below is current as of June 2026; reverify timing before any date-specific compliance commitment.
The three frameworks in one paragraph each
NIST AI RMF (2023, revised 2025-2026). Voluntary US framework organized around four functions — Govern, Map, Measure, Manage — each with categories and sub-categories. Pairs with the NIST Generative AI Profile (NIST AI 600-1) for GenAI specifics. Designed to be customized into a profile per use case.
ISO/IEC 42001 (2023). International standard for AI Management Systems. Certifiable (UKAS-accredited certifications now live as of January 2026). Structured as a management-system standard: clauses 4-10 plus Annex A controls (A.5 through A.10 specifically for AI). Lifecycle-oriented; certifiable by accredited bodies.
EU AI Act (2024, phased enforcement 2025-2027). Binding EU regulation. Risk-tiered (prohibited, high-risk, limited-risk, minimal-risk). Imposes specific obligations on providers and deployers. Phased deadlines: Article 5 prohibitions (Feb 2025), GPAI obligations (Aug 2025), penalty regime (Aug 2025), high-risk Annex III (deferred to Dec 2027 per Digital Omnibus). Article 9 risk-management requirements are the operative anchor for most enterprise controls.
The high-level mapping
A four-function NIST view, with the most relevant ISO 42001 Annex A controls and EU AI Act articles per function:
| NIST AI RMF Function | Primary categories | Closest ISO 42001 controls | Closest EU AI Act articles |
|---|---|---|---|
| GOVERN | Org policy, accountability, risk tolerance | Clause 5 (Leadership), Clause 6 (Planning), A.5 (Policies) | Art. 9 (Risk mgmt system), Art. 17 (Quality mgmt system) |
| MAP | Context, AI inventory, impact | Clause 4 (Context), A.6 (Internal org), A.7 (Resources) | Art. 11 (Technical documentation), Art. 12 (Record-keeping) |
| MEASURE | Testing, performance, trustworthy characteristics | A.8 (Lifecycle), A.9 (Data/info), A.10 (Operations) | Art. 9, Art. 13 (Transparency), Art. 15 (Accuracy, robustness, cybersecurity) |
| MANAGE | Risk treatment, incident response, monitoring | A.8.24 (Use of AI systems), Clause 10 (Improvement) | Art. 14 (Human oversight), Art. 26 (Deployer obligations) |
The rest of this guide expands each function into specific cells.
GOVERN — Policy, accountability, and risk tolerance
The "tone at the top" function. Establishes the AI governance program itself.
GOVERN-1: Policies, processes, procedures, and practices
| Aspect | NIST AI RMF | ISO 42001 | EU AI Act |
|---|---|---|---|
| AI policy in writing | GOVERN-1.1 | Clause 5.2 (Policy) | Art. 17(1)(a) (Quality mgmt system) |
| Risk tolerance defined | GOVERN-1.3 | Clause 6.1.2 (Risk planning) | Art. 9(2)(a) (Risk identification) |
| Workforce competence | GOVERN-2.2 | Clause 7.2 (Competence) | Art. 4 (AI literacy) |
| Accountability mapping | GOVERN-2.1 | Clause 5.3 (Roles & responsibilities) | Art. 17(1)(g) |
Controls a real program runs to satisfy this cell: 1. Written AI Acceptable Use Policy applicable to all employees and to autonomous agent identities. 2. Named owner for every AI system in production. Owners are individuals, not teams. 3. Risk tolerance statement that defines acceptable AI risk by data class, agent privilege, and use case. 4. AI literacy program — quarterly training tied to role. Article 4 of the EU AI Act now requires this.
GOVERN-2: Roles, responsibilities, and authorities
NIST's accountability mapping aligns directly with ISO 42001 §5.3 and EU AI Act Article 17(1)(g). The practical artifact is a RACI matrix covering every AI system, every agent identity, every model, every dataset.
GOVERN-3 / GOVERN-4: Diversity and oversight
NIST emphasizes diverse perspectives in governance. ISO 42001 Clause 5.1 (Leadership commitment) and the EU AI Act Article 14 (Human oversight) impose specific structural requirements: human review must be capable of overriding the AI, and humans must be selected and trained for the role.
The control: a named AI Governance Committee with members from security, GRC, legal, AI engineering, and a business owner. Quarterly meetings minimum. Documented decisions.
MAP — Context and AI inventory
The "what do we have, in what context" function. The single largest source of audit findings in 2026.
MAP-1: Context established
| Aspect | NIST | ISO 42001 | EU AI Act |
|---|---|---|---|
| Stakeholder identification | MAP-1.1 | Clause 4.2 | Art. 9(2)(a) |
| AI system inventory | MAP-1.2 | A.6.2.4, A.6.2.5 | Art. 11, Art. 12 |
| Categorization (risk) | MAP-1.5 | A.6.2.6 | Art. 6, Annex III |
| Intended use defined | MAP-1.6 | A.6.2.7 | Art. 13 |
Controls: 1. AI inventory. Every AI system, agent, model, MCP server, dataset, and plugin — discovered, classified, scored. This is where AI-SPM and the MCP inventory playbook cash in for compliance. 2. AI Bill of Materials (AIBOM). Versioned manifest of every component of every AI system. Required directly by Article 11 (technical documentation) and ISO 42001 A.8.24 evidence. 3. Risk classification. Every AI system mapped to a tier — for EU AI Act, this is Art. 6 / Annex III. For NIST and ISO, internal risk scoring suffices.
MAP-2 / MAP-3: AI capability and impacts
The deeper-context categories cover what the AI does and what it could affect. Article 9(2) of the EU AI Act demands risk identification specifically for "known and reasonably foreseeable risks" — broader than NIST's MEASURE function and requiring proactive imagination, not just observation.
MAP-4 / MAP-5: Third-party risks and benefits
Maps to the supply-chain dimension. ISO 42001 A.10 (third-party suppliers) and EU AI Act recital 86 / Article 25 (responsibility allocation between providers and deployers) demand contractual evidence. The control: AI vendor disclosure requirements, AIBOM-from-suppliers clauses in procurement contracts.
MEASURE — Testing, evaluation, and trustworthy characteristics
The "is the AI doing what we said it would" function. Where most testing programs are still immature.
MEASURE-1: Identified metrics and methodologies
| Aspect | NIST | ISO 42001 | EU AI Act |
|---|---|---|---|
| Metrics defined | MEASURE-1.1 | A.8.2 | Art. 15(1) |
| Methods documented | MEASURE-1.2 | A.8.2 | Art. 15(2) |
| Tools selected | MEASURE-1.3 | A.8.3 | Art. 15(3) |
The Article 15 obligation — appropriate level of accuracy, robustness, and cybersecurity — is the operational hook. It requires technical documentation of test methods, datasets, and acceptance criteria.
MEASURE-2: Trustworthy AI characteristics evaluated
NIST's trustworthy characteristics — valid, reliable, safe, secure, accountable, transparent, explainable, privacy-enhanced, fair — map cell by cell to ISO 42001 A.8 lifecycle controls and to EU AI Act Articles 13 (transparency), 14 (oversight), 15 (accuracy), and Title III Chapter 2 obligations.
Controls that produce evidence here: 1. Inline inspection logs. Every prompt and response inspected for PII, prompt injection, secret leakage. Detection rates and false-positive rates measured. This satisfies "secure" and "cybersecurity" under all three frameworks simultaneously. 2. Adversarial testing. AI red-teaming against the OWASP Top 10 for Agentic Applications. Required directly by EU AI Act Art. 15(3) for high-risk systems. 3. Bias / fairness evaluation. Documented test methodology and results. Required by NIST MEASURE-2.11, ISO 42001 A.8.4, EU AI Act Art. 10 (data governance). 4. Performance baselining. Latency, accuracy, drift. Measured continuously, not annually.
MEASURE-3: Mechanisms for tracking identified risks
Continuous monitoring is the difference between a compliance program that passes audits and one that fails them. Provenance logging of every AI interaction is the operational anchor. Without it, evidence is reconstructed; with it, evidence is exported.
MEASURE-4: Feedback from end users
Required by Article 14 (human oversight) and ISO 42001 A.8.16. The control: a documented mechanism for users to flag concerning AI outputs, with SLAs for review and incorporation.
MANAGE — Risk treatment and operational closure
The function most directly tested when an incident happens.
MANAGE-1: Resources allocated; risks prioritized
| Aspect | NIST | ISO 42001 | EU AI Act |
|---|---|---|---|
| Risk treatment plan | MANAGE-1.1 | Clause 6.1.3 | Art. 9(4) |
| Resources allocated | MANAGE-1.4 | Clause 7.1 | Art. 17 |
MANAGE-2: Strategies developed; AI risks managed
This is where the operational controls land:
- Tool allowlisting and capability tokens (see MCP Field Guide v2) satisfy MANAGE-2.1, ISO 42001 A.8.24, and EU AI Act Art. 9(4)(a) on risk mitigation.
- Inline content inspection satisfies MEASURE-2 and MANAGE-2 on cybersecurity and data leak prevention.
- Kill switches satisfy MANAGE-4 and EU AI Act Art. 14 on human oversight requirements.
MANAGE-3: Third-party risks managed
ISO 42001 A.10 and EU AI Act Article 25 (provider/deployer responsibility allocation) require contractual treatment of AI supply chain. The control: AIBOM clauses in procurement; vendor disclosure requirements; periodic vendor review.
MANAGE-4: Mechanisms for incident response and continuous improvement
Incident response specific to AI: - Detection signals from inline inspection. - Per-system and per-tool kill switches. - Forensic snapshot on incident. - Post-incident review feeding back to risk treatment. - Regulator notification within the EU AI Act timelines (Art. 73 — serious incidents within 15 days for high-risk systems, immediately for prohibited-AI violations).
The control library: 20 controls that cover the most cells
If you map most enterprise AI governance programs against the three frameworks, twenty operational controls cover ~80% of cells. The list:
| # | Control | NIST | ISO 42001 | EU AI Act |
|---|---|---|---|---|
| 1 | Written AI Acceptable Use Policy | GOVERN-1.1 | Clause 5.2 | Art. 17(1)(a) |
| 2 | Named AI Governance Committee | GOVERN-2 | Clause 5.3 | Art. 17(1)(g) |
| 3 | AI literacy program | GOVERN-2.2 | Clause 7.2 | Art. 4 |
| 4 | AI inventory (continuous) | MAP-1.2 | A.6.2.4 | Art. 11, Art. 12 |
| 5 | AI Bill of Materials (AIBOM) | MAP-4.1 | A.10.2 | Art. 11(1)(d) |
| 6 | Risk classification per system | MAP-1.5 | A.6.2.6 | Art. 6 |
| 7 | Inline prompt inspection | MEASURE-2 | A.8.24 | Art. 15(3) |
| 8 | Inline response inspection | MEASURE-2 | A.8.24 | Art. 15(3) |
| 9 | Tool allowlisting | MANAGE-2.1 | A.8.24 | Art. 9(4)(a) |
| 10 | Capability-scoped tokens | MANAGE-2.1 | A.5.10 | Art. 9(4)(a) |
| 11 | Provenance logging (every interaction) | MEASURE-2.4 | A.8.24, A.5.10 | Art. 12 |
| 12 | A2A signing + message inspection | MEASURE-2 | A.8.24 | Art. 9(4), Art. 15 |
| 13 | Kill switches (per system, per tool) | MANAGE-4 | Clause 10 | Art. 14(4)(e) |
| 14 | AI incident response runbook | MANAGE-4 | Clause 10 | Art. 73 |
| 15 | Adversarial testing (red-team) | MEASURE-2.8 | A.8.4 | Art. 15(3) |
| 16 | Bias/fairness evaluation | MEASURE-2.11 | A.8.4 | Art. 10 |
| 17 | Data governance (training + operational) | MEASURE-2.10 | A.7.4 | Art. 10 |
| 18 | Transparency / disclosure to users | GOVERN-4 | A.8.5 | Art. 13, Art. 50 |
| 19 | Human oversight design | MANAGE-2 | A.8.16 | Art. 14 |
| 20 | Continuous monitoring + post-market surveillance | MEASURE-3 | Clause 9.1 | Art. 17(1)(i), Art. 72 |
Build these twenty. Collect the evidence each produces. Map the evidence to all three frameworks using the table. One program, three certifications-worth of audit posture.
How AccuroAI sits in the crosswalk
Our platform implements controls 4, 5, 7, 8, 9, 10, 11, 12, 13, and 14 directly. Controls 1, 2, 3, 18, 19 are organizational and live in your policy and training programs. Controls 15, 16, 17, 20 are partially automatable through AccuroAI (continuous monitoring, evidence) but require the organization to define the test plan and standards.
When the AccuroAI compliance pack is generated, it produces evidence packs mapped against the cells in the table above — ISO 42001 A.8.24, NIST AI RMF MEASURE-2 and MANAGE-2, EU AI Act Articles 9, 11, 12, 15. The unified mapping is what makes "one program, three audits" operational instead of aspirational.
If you would like the compliance pack run against your environment, book a demo. We'll generate the gap report whether or not you become a customer.
Common questions auditors ask under each framework, mapped
The auditor in front of you will phrase questions differently depending on which framework they were trained against. The underlying questions are the same.
| Auditor question (in their language) | What they're really asking | Cell in the crosswalk |
|---|---|---|
| "Show me your AI risk register." (ISO) | What AI systems exist and how are they ranked? | MAP-1.5, A.6.2.6, Art. 6 |
| "Show me your AI inventory." (NIST) | Same question. | Same row. |
| "Show me your technical documentation." (EU AI Act, Art. 11) | Same question + Article 11 specifics. | Same row. |
| "How do you prevent unauthorized data exposure to AI systems?" | Inline prompt inspection in place? | MEASURE-2, A.8.24, Art. 15(3) |
| "How do you ensure human oversight?" | Kill switches + escalation thresholds? | MANAGE-2, A.8.16, Art. 14 |
| "How do you handle AI incidents?" | Runbook + provenance logs + notification? | MANAGE-4, Clause 10, Art. 73 |
If you cannot answer the underlying question, the auditor will eventually find a clause to fail you on, regardless of which framework's vocabulary they used to ask.
What to do this quarter
- Build the control library. Use the 20 controls above as a starting point. Each control gets a named owner and an evidence-collection mechanism.
- Map your existing evidence. For every cell in the crosswalk, mark whether evidence is collected today, collected manually, or absent. The absent cells are the next 90 days of work.
- Adopt one canonical artifact. AIBOM. AI inventory. RACI. Pick one and make it canonical across all three frameworks. Then expand.
- Brief your auditors. Walk your ISO auditor through the NIST mapping; your NIST advisor through the ISO mapping. They will appreciate the alignment and reduce duplicate evidence asks.
- Schedule the EU AI Act check-in. Even with high-risk Annex III deferred to Dec 2027, the August 2026 GPAI enforcement powers and the existing prohibitions still apply. Verify your posture against each operative article.
FAQ
Are NIST AI RMF, ISO 42001, and EU AI Act fully compatible? Substantially. They use different vocabulary and structures, but the underlying control objectives align. A unified control library can satisfy all three with shared evidence. Some cells require framework-specific evidence (e.g., EU AI Act Article 11 technical documentation has format requirements ISO does not), but the underlying controls are common.
Do I have to certify against ISO 42001? No. Certification is optional and increasingly requested by procurement and partners but not strictly required by NIST or the EU AI Act. NIST AI RMF alignment can be self-attested. EU AI Act compliance is mandatory if you fall within scope; ISO 42001 certification can presumptively demonstrate compliance with parts of the AI Act under Article 40.
What is the difference between a "provider" and "deployer" under the EU AI Act? Provider: the entity that develops or has developed the AI system and places it on the market. Deployer: the entity using the AI system. Most enterprises are deployers; some are also providers for internal or downstream-sold AI systems. The crosswalk above applies to both, with provider-specific cells under Articles 11, 16, 17, 50.
Does the August 2, 2026 EU AI Act deadline still apply? GPAI enforcement powers activate August 2, 2026. The original high-risk Annex III obligations have been deferred to December 2, 2027 per the May 2026 Digital Omnibus provisional agreement. Article 5 prohibitions and the GPAI obligations are already in force.
Where can I see the source frameworks? - NIST AI RMF: NIST AI 100-1 and the Generative AI Profile NIST AI 600-1, available on NIST's site. - ISO/IEC 42001:2023: purchased from ISO directly or a national standards body. - EU AI Act: Regulation (EU) 2024/1689, available on EUR-Lex.
Sources: NIST AI Risk Management Framework · ISO/IEC 42001:2023 · EU AI Act on EUR-Lex (Regulation 2024/1689) · EU AI Act Implementation Timeline · Inside Global Tech — Digital Omnibus AI Act Update (May 2026) · ispartnersllc — NIST AI RMF 2025–2026 Updates.
Related: The EU AI Act August 2, 2026 Deadline: What Becomes Enforceable in Ten Weeks · EU AI Act Compliance Checklist: CISO Action Plan for 2026 · How to Evaluate an AI Governance Platform in 2026 · The OWASP Top 10 for Agentic Applications 2026, Annotated for Enterprises.