Docs

Appearance

AI Governance Framework Updates

The AI governance landscape is moving fast. This page tracks the dates, amendments, and revisions that actually affect compliance programs, grouped by framework. For the full framework guides, see the frameworks overview.

How we use this page

Entries are written as dated, load-bearing facts that change how you should run your program. If an update just adds a new sample document or reference, we do not track it here — we update the framework guide directly.

EU AI Act

  • 2024-07-12 — EU AI Act published in the Official Journal of the European Union.
  • 2024-08-01 — Regulation entered into force; the phased application timeline begins.
  • 2025-02-02 — Prohibited AI practices (Article 5) and AI literacy (Article 4) apply.
  • 2025-08-02 — General-purpose AI (GPAI) obligations begin to apply for new models.
  • 2026-08-02 — Most high-risk AI system obligations begin to apply.
  • 2027-08-02 — High-risk obligations tied to product regulation in Annex I apply in full.

See the EU AI Act guide and the How to comply with the EU AI Act step-by-step.

ISO/IEC 42001

  • 2023-12 — ISO/IEC 42001:2023 published — first certifiable international management system standard for AI.
  • 2024 onwards — early accredited certification bodies begin offering ISO 42001 audits under IAF signatory schemes.
  • ISO/IEC 42006 (requirements for bodies providing audit and certification of AIMS) is in development and will govern ISO 42001 accreditation.

See the ISO 42001 guide and the How to comply with ISO 42001 step-by-step.

NIST AI RMF

  • 2023-01-26 — AI Risk Management Framework 1.0 (NIST.AI.100-1) published.
  • 2023 — AI RMF Playbook published with categories and subcategories.
  • 2024-07 — NIST AI 600-1 Generative AI Profile published as the first cross-sectoral companion to AI RMF 1.0.

See the NIST AI RMF guide and the How to comply with NIST AI RMF step-by-step.

OWASP Top 10 for LLM / Agentic

  • 2023-08 — OWASP Top 10 for LLM Applications v1.0 published.
  • 2024-11-18 — OWASP Top 10 for LLM Applications 2025 (v2.0) released by the OWASP GenAI Security project.
  • 2025 onwards — OWASP Top 10 for Agentic Applications work published and iterated.

See the OWASP for AI hub, the OWASP Top 10 for LLM, and the OWASP Top 10 for Agentic.

GDPR and EU data-protection guidance on AI

  • 2018-05-25 — GDPR enters into application.
  • 2023–2025 — EDPB and national DPAs publish opinions on AI and training data; AI systems processing personal data must comply with GDPR in parallel with the EU AI Act. See EU AI Act vs GDPR.

NIS2

  • 2023-01-16 — NIS2 Directive (EU) 2022/2555 entered into force.
  • 2024-10-17 — Member State transposition deadline. National laws now apply to essential and important entities.

See the NIS2 guide.

DORA

  • 2023-01-16 — DORA (Regulation (EU) 2022/2554) entered into force.
  • 2025-01-17 — DORA applies to financial entities in the EU.

See the DORA guide.

How to track framework changes in Modulos

Modulos tracks framework versions and notifies projects when regulatory updates affect them, so you can assess impact before deadlines.

Disclaimer

This page is for general informational purposes and does not constitute legal advice. Confirm dates and obligations with official sources and qualified counsel.