GAICC AI Conference & Awards 2026 "Governing the Future – Building Responsible, Safe and Human-centric AI"

AI Governance Framework · v1 prototype

The framework for governing AI you can prove.

One navigable model — the Governance Framework — for any organisation, in any discipline, built to govern teams of people and AI agents as the technology changes.

Tool-neutral

Standards-based

Future-ready

IMPLEMENTATION ROADMAPImplement AI governance across your enterpriseAI GOVERNANCE OFFICECenter of ExcellenceThe hub that sets the rails for the spokes1Mobilize2Operating model5Embed4Policy & controls3Scope & baseline6Assure & certify7Adapt & extend42001Foundation27001FoundationCPAIG42001 LeadImplementer42001 SrLeadImplementer27001 LeadImplementerAI Law &ComplianceAI HRAI Cost &Control42001InternalAuditor42001 LeadAuditor42001 SrLeadAuditor27001 LeadAuditorWHY GOVERN NOWGenerative AIwent mainstreamTHE OUTCOMEA trusted,AI-native enterpriseAI GOVERNANCE OUTCOMESPROVE& IMPROVEFaster, safer adoptionFewer incidentsAudit-readyStakeholder trustThe journey is the implementation work. Certifications (above each phase) are the credentials that build each capability.

This is the implementation journey, from the trigger that made AI governance unavoidable to an organisation able to survive and thrive in the AI era. Start where you are: teams already certified to ISO/IEC 42001 can begin around Phase 4, while greenfield programmes start at Phase 1. Select a phase for the work it involves, the maturity stage it reaches, the artifact it produces and the credential that builds it.

The crosswalk · Rosetta Stone

Implement once. Demonstrate to many.

One obligation, mapped end to end across the regimes that matter — ISO/IEC 42001, the NIST AI RMF and the EU AI Act — to the GAICC credential that builds the skill and the evidence an auditor expects. Select any row.

EU Art. 9Risk management across the lifecycleThe duty to run a continuous risk-management system — on one ISO/NIST control set.Worked example

ISO/IEC 42001

cl. 6.1 (risk & opportunities) + Annex A risk controls

NIST AI RMF

MAP · MEASURE

EU AI Act

Article 9 — risk-management system

GAICC’s mapping. The ISO/IEC 42001 risk controls can serve as the evidence base for the Article 9 obligation — implement once, demonstrate to both regimes.

ISO/IEC 42001

Annex A — data for AI systems

NIST AI RMF

MAP · MEASURE

EU AI Act

Article 10 — data and data governance

The same data controls evidence ISO Annex A and the Article 10 data-governance duty.

ISO/IEC 42001

Annex A — responsible use; cl. 5 accountability

NIST AI RMF

GOVERN · MANAGE

EU AI Act

Article 14 — human oversight

For agentic systems this is where autonomy levels and human-on-the-loop controls are evidenced.

ISO/IEC 42001

Annex A — lifecycle & information for interested parties

NIST AI RMF

GOVERN ·

EU AI Act

Articles 12 & 13 — record-keeping and transparency

GAICC credential

ISO/IEC 42001 Lead Auditor

Logging and documentation produced for ISO conformity double as the Article 12/13 evidence trail.
This crosswalk is GAICC’s own mapping and synthesis, provided for orientation only. It does not reproduce normative standard text, is not legal advice, and is not a statement of conformity. ISO/IEC 42001 certification is not equivalent to EU AI Act compliance, and the NIST AI RMF is voluntary guidance. Confirm every clause, article and obligation against the primary sources — the Official Journal of the EU and NIST — before relying on it.
Toolkit · templates

Start with something you can use today.

Editable starter templates for the artifacts the roadmap produces — download, adapt and put to work. Each is tied to the phase that creates it.

AI Policy template

Board-ready policy: principles, scope, risk appetite, roles and red lines.

Phase 4

AI System Inventory register

Track every AI system, agent and workflow — owner, risk tier, autonomy and oversight.

Phase 3

Statement of Applicability starter

The nine control areas, ready to mark applicable, justify and assign.

Phase 4

AI Impact Assessment template

Assess a system’s impact on people and society, with mitigations and sign-off.

Phase 4

RACI / accountability map

Who is Responsible, Accountable, Consulted and Informed across governance.

Phase 2

Board reporting pack outline

A repeatable structure for reporting AI governance to the board.

Phase 1
Starter templates provided for orientation and adaptation to your context. They are not legal advice or a guarantee of conformity.