Digital Information GovernanceDIG® · The Standard Reference
Home › Regulations
Regulatory context

AI Governance Regulations

Authored by Matthew Bertram · Updated June 2026 · DIG Framework v1.0

Four regimes now shape AI governance in regulated industries. Most of their obligations overlap, which means a single, well-built governance discipline can satisfy most of all four. DIG is built to be that binder.

The regimes

NIST AI RMF

The US voluntary framework: Govern, Map, Measure, Manage.

EU AI Act

Risk-tiered obligations for high-risk AI; logging, oversight, conformity.

TRAIGA (Texas)

The Texas Responsible AI Governance Act; documentation and disclosure.

ISO/IEC 42001

The international AI management-system standard; auditable controls.

Colorado AI Act

SB 24-205: reasonable care against algorithmic discrimination in high-risk decisions.

NYC Local Law 144

Mandatory bias audits for automated employment decision tools.

How DIG maps to the regimes

DIG pillarMaps to
Information ProvenanceNIST Map; EU AI Act data governance; ISO 42001 data quality.
Decision TraceabilityNIST Govern/Manage; EU AI Act record-keeping and human oversight.
Representation IntegrityConsumer-protection and disclosure duties; AI-output accuracy.
Audit ReadinessEU AI Act conformity/logging; ISO 42001 audit; TRAIGA documentation.

Frequently asked questions

Does DIG replace NIST, the EU AI Act, or ISO 42001?

No. DIG is a discipline that helps an organization meet the obligations those regimes define. It maps the four pillars to the controls each regime expects.

Why do the regulations overlap?

They target the same underlying risks, such as provenance, oversight, documentation, and auditability. Most obligations recur across regimes, so one governance program can address most of all four.

Put DIG to work in your organization.Governance Readiness Assessment →Book a keynote on DIG →

References

  1. NIST AI Risk Management Framework (AI RMF 1.0): Govern, Map, Measure, Manage. National Institute of Standards and Technology, 2023. View source ↗
  2. Information governance: the records and data lifecycle discipline (storage, retention, disposition), distinct from AI decision governance. ARMA International, Generally Accepted Recordkeeping Principles; AIIM. View source ↗
  3. EU AI Act, Regulation (EU) 2024/1689 (Official Journal of the European Union); ISO/IEC 42001:2023; Texas Responsible AI Governance Act (TRAIGA). View source ↗
  4. USPTO Trademark Reg. No. 99559923, Digital Information Governance / DIG, owner Matthew Bertram. View source ↗

Related

StatisticsThe frameworkAuditable AI decisions