HomeStandards
EU AI NIST ISO 42001 SOC 2

Regulatory coverage

Stay current with every law
that governs your AI.

Colorado SB 205 enforcement begins June 2026. The EU AI Act phases in through 2027. Your AI runs in every jurisdiction you sell into. KoraSafe follows the law wherever your company operates, rewrites the policy pack when the law changes, and keeps your evidence aligned.

How the corpus is built See the matrix
Named
Every law tracked by name
Not a vendor spreadsheet
Global
US, EU, UK, Canada, APAC
Expansion follows signed law
Live
Corpus refreshes when law does
Last ingest: Colorado SB 205
Signed
Evidence packs by regulator
Preformatted, court-ready
EU AI ActNIST AI RMF 2.0ISO 42001Colorado SB 205Corpus diff: recent
EU AI ActGDPRNIST AI RMFISO 42001ISO 27001ISO 23894SR 11-7CO SB 205Utah AI Policy ActNYC Local Law 144IL BIPAUK ICO AI GuidanceSingapore MAIGJapan AI GuidelinesHIPAA · FDA SaMDEU AI ActGDPRNIST AI RMFISO 42001ISO 27001ISO 23894SR 11-7CO SB 205Utah AI Policy ActNYC Local Law 144IL BIPAUK ICO AI GuidanceSingapore MAIGJapan AI GuidelinesHIPAA · FDA SaMD

Framework coverage

One AI system, every framework it has to answer to.

Your AI does not get a separate matrix per regulator. Map your system once and answer the EU AI Act, Colorado SB 205, ISO 42001, and the rest from the same record.

Framework by control point

Registry
Policy
Enforcement
Evidence
EU AI Act
Core
Packs
Runtime
Pack
GDPR
Linked
Packs
Runtime
Pack
NIST AI RMF
Mapped
Packs
Partial
Pack
ISO 42001
Mapped
Packs
Partial
Pack
SR 11-7 (model risk)
Overlay
Partial
Partial
Pack
Colorado SB 205
Linked
Pack
Runtime
Pack
Utah AI Policy Act
Linked
Pack
Runtime
Pack

Jurisdictions

Covered where your company operates.

Regional coverage ready today. Expansion follows signed law, not press releases. If your company sells into a jurisdiction we do not yet track, tell us, and it enters the queue.

European Union

EU AI Act (Regulation 2024/1689) full text, Annex III high-risk categories, Articles 9-15 on risk management and transparency. GDPR Art. 22 automated decisions. Digital Services Act Art. 34-35. DORA where AI is scoped. Cross-linked to ENISA guidance.

United States (federal)

NIST AI RMF 2.0 with GOVERN, MAP, MEASURE, MANAGE function families. AI Bill of Rights. NIST SP 800-218 SSDF where AI code is scoped. EEOC technical assistance on AI in hiring. FTC Section 5 enforcement actions tracked as precedent.

US state AI laws

Colorado SB 205 (effective 2026-02-01), Utah AI Policy Act SB 149, Illinois BIPA + HB 3773, California SB 1047 precedent, Texas TRAIGA, NYC Local Law 144 on AEDTs with bias audit requirement. Expansion follows signed law, not press releases.

United Kingdom

ICO AI and data protection guidance including DPIA templates and DPIA trigger matrix. CDEI AI governance frameworks. Sector-specific statements from FCA, CMA, Ofcom. UK GDPR and DPA 2018.

Canada + APAC

AIDA (in progress, tracking Bill C-27 amendments). Singapore Model AI Governance Framework 2.0 with AI Verify toolkit. Japan AI Guidelines METI/MIC version 1.1. Australia AI Ethics Principles. China Interim Measures for Generative AI.

Financial services

SR 11-7 model risk management with SR 15-18 supplements. FRB SR 21-14 on operational resilience. OCC Bulletin 2021-39 on model risk. CFPB circulars on algorithmic underwriting. FINRA Notice 24-09 on AI oversight.

Healthcare

HIPAA Privacy and Security Rules. FDA SaMD guidance including PCCP (Predetermined Change Control Plan) framework. EU MDR Regulation 2017/745 where AI is the medical device. ONC HTI-1 on decision support interventions.

International standards

ISO 42001 AI management system with Annex A controls. ISO 23894 AI risk management. ISO/IEC 22989 concepts and terminology. IEEE 7000 series on ethics. NIST SP 800-53 Rev 5 where applicable to AI systems.

Internal policy libraries

Enterprise tenants ingest their own control catalogs, policy packs, or RACI matrices. Graph schema preserved; internal nodes cross-linked to public obligations. Diff job runs daily. Every ingest is signed and versioned.

What changed this month

The law moved. Your policy pack already did.

When a regulator publishes, the corpus ingests. The policy pack regenerates. Tenants see the diff before their next board meeting.

Apr 16
Colorado SB 205 enforcement window confirmed
June 2026 effective date. Policy pack regenerated; high-risk decision disclosures ready for Colorado tenants.
Apr 12
NIST AI RMF 2.0 crosswalk published
New policy pack available for NIST-aligned tenants.
Apr 09
ISO 42001 control mappings updated
Control set mapped to KoraSafe surfaces; evidence pack refreshed.
Apr 02
EU AI Act Annex III draft v1.2 ingested
High-risk system classifications updated in the registry.