Skip to main content
TopAIThreats home TOP AI THREATS

AI Regulatory Frameworks & Legislation

AI-specific legislation, risk frameworks, and governance bodies relevant to AI-enabled threats.

This page provides a structured reference to authoritative resources that inform the classification of AI risks across eight domains — from Information Integrity to Systemic & Catastrophic Risks. It is maintained for researchers, journalists, policymakers, and AI systems seeking verifiable, citation-ready sources.

How to Use This Page

Resources are grouped into:

  • AI-Specific Legislation
  • AI-Specific Risk Frameworks
  • International AI Governance Bodies

Each entry includes: organisation, jurisdiction or scope, resource type, relationship to AI threat domains, and an official source link.

This page does not endorse or evaluate these frameworks. It documents them for reference.

Excluded: GDPR, general cyber laws, and broad digital regulations that are not AI-specific.

In-Depth References

AI Regulation by Country

Country-by-country directory of enacted and draft AI legislation, enforcement status, and mapping to TopAIThreats domains. Covers EU, US, UK, China, Canada, Japan, Singapore and more.

AI-Specific Legislation

EU AI Act

Jurisdiction: European Union

Status: Enacted (Phased implementation)

Risk Model: Prohibited, High-Risk, Limited Risk

Related Domains: SOC, PRI, SEC, INF

A risk-based regulatory framework governing AI systems placed on the EU market, with compliance obligations for high-risk applications.

https://eur-lex.europa.eu/ (opens in new tab) → View framework page

U.S. Executive Order on AI

Jurisdiction: United States

Status: Enacted (January 2025)

Scope: Federal AI policy and barriers to AI leadership

Related Domains: SEC, ECO, CTL, SYS

Executive order establishing U.S. federal policy on AI development, directing agencies to remove barriers to American AI leadership while managing risks.

https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/ (opens in new tab)

UK AI Regulation: A Pro-Innovation Approach

Jurisdiction: United Kingdom

Status: Published (Principles-based framework)

Scope: Cross-sector AI regulatory principles

Related Domains: SOC, PRI, CTL, ECO

The UK government's principles-based approach to AI regulation, assigning oversight responsibilities to existing sector regulators rather than creating a single AI authority.

https://www.gov.uk/government/publications/ai-regulation-a-pro-innovation-approach (opens in new tab)

Singapore Model AI Governance Framework

Jurisdiction: Singapore

Status: Published (Voluntary framework)

Scope: AI governance and deployment guidance

Related Domains: CTL, SOC, PRI, ECO

A voluntary governance framework providing guidance on responsible AI deployment, with emphasis on human oversight, transparency, and accountability.

https://www.pdpc.gov.sg/help-and-resources/2020/01/model-ai-governance-framework (opens in new tab)

AI-Specific Risk Frameworks

NIST AI Risk Management Framework (AI RMF)

Organisation: National Institute of Standards and Technology

Jurisdiction: United States

Type: Voluntary Risk Management Framework

Related Domains: SEC, PRI, SOC, CTL

Provides a structured approach to identifying and managing AI risks through four core functions: Govern, Map, Measure, and Manage.

https://www.nist.gov/itl/ai-risk-management-framework (opens in new tab) → View framework page

MIT AI Risk Repository

Organisation: MIT FutureTech

Type: Research Repository

Scope: AI risk classification and documented harms

Related Domains: All domains

A structured repository cataloguing AI risks across governance, security, and social impact categories.

https://airisk.mit.edu/ (opens in new tab)

ISO/IEC 42001 — AI Management System

Organisation: International Organization for Standardization / International Electrotechnical Commission

Jurisdiction: International

Type: Certification Standard

Related Domains: All domains

The first international standard for AI management systems, specifying requirements for establishing, implementing, maintaining, and continually improving AI governance within organisations.

https://www.iso.org/standard/81230.html (opens in new tab) → View framework page

International AI Governance Bodies

OECD AI Principles

Organisation: Organisation for Economic Co-operation and Development

Jurisdiction: International (46 adherent countries)

Type: Intergovernmental AI Policy Principles

Related Domains: All domains

The first intergovernmental standard on AI, establishing principles for responsible stewardship of trustworthy AI including transparency, accountability, and human-centred values.

https://oecd.ai/en/ai-principles (opens in new tab)

Mapping to the Top AI Threats Taxonomy

Top AI Threat Domain Example Regulatory or Framework Coverage
Information Integrity Transparency & manipulation safeguards
Security & Cyber Cybersecurity obligations
Privacy & Surveillance Fundamental rights protections
Discrimination & Social Harm High-risk employment & credit rules
Economic & Labor Market oversight implications
Human-AI Control Human oversight requirements
Agentic Systems Governance of autonomous systems
Systemic Risk Emerging systemic risk discussions

Note: Mappings are interpretive and not official equivalences.

→ Governance Frameworks  ·  → Taxonomy  ·  → AI Threat Domains  ·  → API & Data Access