EU AI Act · Regulation 2024/1689 · CEE Executive Briefing

EU AI Act Compliance 2026

From AI innovation to AI governance — a practical reference for Compliance Officers, CIOs, CISOs, Internal Audit, SAP Security, IAM, and governance leaders preparing for EU AI Act enforcement in Central and Eastern Europe.

1 Aug 2024AI Act entered into force
2 Aug 2026Primary enforcement milestone
€35M / 7%Max penalty — prohibited practices
Executive message

AI is now regulated infrastructure, not just technology.

Deployers — companies using AI in business processes — carry direct obligations from August 2026.
SAP environments using AI-assisted access management, HR analytics, or automated decisioning require classification now.
The gap is governance, not technology: inventory, documentation, oversight, and evidence chains.
Regulatory timeline

Enforcement journey

The AI Act is phased. August 2026 is the primary enforcement pivot. The 2026 AI Omnibus extended certain high-risk categories to December 2027 and product-integrated systems to August 2028.

1 Aug 2024

AI Act entered into force

Official Journal publication of Regulation 2024/1689. Phased application cycle begins with the full text establishing the four-tier risk model, prohibited practices, and penalty framework.

2 Feb 2025

Prohibited practices & AI literacy

Article 5 bans on prohibited practices applicable. AI literacy obligations start — employers must ensure staff working with AI have the necessary competence and contextual understanding to interpret outputs.

2 Aug 2025

GPAI model obligations

Governance rules for general-purpose AI model providers applicable. Foundation model operators must publish training data copyright summaries and comply with transparency obligations.

⚡ 2 Aug 2026

Primary enforcement milestone — governance pivot

Majority of rules, transparency obligations, high-risk system requirements, market surveillance, and enforcement mechanisms apply. Deployers of existing high-risk systems must also be compliant. The date all organisations must be audit-ready against.

Dec 2027 / Aug 2028

Extended timelines — AI Omnibus

Following the 2026 AI Omnibus simplification agreement, certain Annex III high-risk categories shift to December 2027. AI systems embedded in regulated products shift to August 2028.

Risk framework

The four-tier risk model

Regulatory burden scales with risk to fundamental rights, safety, critical services, and consequential decisions. Classification determines all subsequent Art. 9–15 obligations.

Unacceptable risk — banned outright (Art. 5)
High risk — strict obligations (Art. 9–15, Annex III)
Limited / transparency risk — disclosure duties (Art. 50)
Minimal risk — no specific AI Act obligations
Unacceptable

Already illegal

Social scoring, manipulative exploitation, untargeted facial scraping, emotion recognition in workplaces and schools, real-time biometric surveillance in public (narrow law-enforcement exceptions only).

High risk

Strict obligations

Employment tools, critical infrastructure, credit scoring, essential services access, biometrics, migration, justice-related systems, education outcomes. All Annex III categories face Art. 9–15 compliance.

Transparency

Disclosure duties

Chatbots must disclose AI nature. AI-generated content must be labelled. Deep fakes require disclosure. Users must be able to recognise AI interaction or AI-generated material at all times.

Minimal

Low direct burden

Spam filters, AI-enabled games, most productivity AI. No specific AI Act duties — but documentation practice remains advisable for supply chain assurance and contractual protection.

Art. 9–15 obligations

What the law actually requires

For any high-risk AI system under Annex III, providers and deployers must meet eight mandatory requirement categories simultaneously and maintain documentary evidence of ongoing compliance.

ArticleObligationWhat it requires in practiceDeployer responsibility
Art. 9Risk management systemContinuous lifecycle process — not one-time assessment. Identify, analyse, estimate, evaluate, and mitigate foreseeable risks. Must be documented with defined review triggers.Implement and document risk management procedure with escalation paths and periodic review cadence.
Art. 10Data & data governanceTraining, validation, and testing data must meet quality criteria. Provenance documented. Bias evaluation performed. Data minimisation applied. Relevant demographic properties assessed.Obtain and retain data governance documentation from providers. Verify claims. Include in procurement contracts.
Art. 11Technical documentationFull system documentation before market placement: model card, system description, design specifications, training methodology, performance benchmarks, version history (Annex IV).Require Annex IV-compliant documentation in vendor contracts. Verify completeness before any deployment.
Art. 12Automatic loggingTamper-evident logs generated automatically. Minimum 6-month retention for deployers (Art. 26(6)). Logs must record operational period, reference database, input data, and decisions made.Configure logging before deployment. Establish log retention controls. Export capability mandatory for market surveillance authority requests.
Art. 13TransparencyUsers must receive instructions sufficient to interpret outputs and exercise oversight. Capabilities, limitations, intended purpose, foreseeable misuse scenarios, and accuracy levels all documented.Ensure user-facing documentation is accurate, current, and accessible to all affected parties including workers.
Art. 14Human oversightSystem designed to allow effective oversight. Named person(s) with competence, training, authority, and support to interpret outputs, override results, or halt the system when necessary.Assign named oversight person. Document competence. Configure technical override capability. Train. Record interventions.
Art. 15Accuracy, robustness, cybersecurityAppropriate accuracy level declared and documented. Resilience to errors, faults, and adversarial inputs designed in. Cybersecurity measures proportionate to the system’s risk profile.Obtain accuracy and robustness certifications. Include AI security testing in cybersecurity programme and vendor contracts.
Art. 73Serious incident reportingNotify market surveillance authority of serious incidents or malfunctions affecting safety or fundamental rights. Mandatory, time-bound, with documented investigation and remediation evidence.Build AI incident response procedure. Define serious incident threshold. Establish and test notification workflow before incidents occur.
SAP & IAM implications

Identity governance in scope

SAP environments using AI-assisted provisioning, SoD analytics, automated ReCertification, or HCM connectors may qualify as high-risk AI deployments under Annex III (employment and worker management).

AI-assisted provisioning
SoD analytics engine
Automated access review
Privileged access analytics
Audit log exports
High-risk trigger

HR and worker management AI

  • CV sorting, candidate ranking, and worker management are explicitly named high-risk (Annex III §4).
  • Automated access decisions affecting worker system privileges require governance review and oversight assignment.
  • SIVIS ReCertification workflows with AI scoring may trigger transparency or high-risk classification depending on decision weight and worker impact.
  • Any AI influencing hiring, termination, performance evaluation, or task allocation falls in scope.
Governance response

Control design for IAM teams

  • Document all AI-assisted decision flows in the corporate AI register with risk classification rationale.
  • Classify SIVIS/SAP automation against the four-tier model — provisioning influencing access to sensitive systems likely qualifies as high-risk.
  • Implement Art. 12-compliant logging, Art. 14 oversight checkpoints, and quarterly review cadence.
  • Ensure audit trails are tamper-evident and exportable for regulator, internal audit, and market surveillance use.
Action plan

AI Act governance roadmap

Four phases for building AI governance capability ahead of the August 2026 enforcement milestone — structured for Compliance Officers and CISOs leading internal programmes.

Phase 1

Inventory

Build a corporate AI register: every system, vendor-supplied and internal. Capture purpose, data inputs, decision outputs, business owner, and training data provenance.

Phase 2

Classify

Map each system to the four-tier risk model. Identify unacceptable, high-risk, and transparency-risk use cases. Document classification rationale with Annex III reference.

Phase 3

Control design

Design data governance, Art. 14 oversight assignments, Art. 12 logging architecture, Art. 13 transparency disclosures, and Art. 73 incident response procedures per risk level.

Phase 4

Audit readiness

Assemble audit evidence packages: Art. 11 technical file, Art. 12 logs, Art. 14 oversight records, Art. 73 incident log. Internal audit before regulator engagement.

NIS2 Directive · EU 2022/2555 · In force Jan 2023

NIS2 Compliance 2026

The NIS2 Directive mandates robust cybersecurity risk management, 24–72 hour incident reporting, direct management liability, and fines up to €10M for essential and important entities across 18 critical sectors in the EU.

Jan 2023NIS2 entered into force
Oct 2024National transposition deadline
€10M / 2%Max fine — essential entities
NIS2 key facts

22% of breaches start with a stolen credential — NIS2 closes that gap with liability.

18 critical sectors including energy, healthcare, finance, digital infrastructure, and public administration.
Executive liability: boards and CEOs can be personally fined and temporarily barred from management roles.
24h initial warning, 72h full incident report — workflows must exist before an incident occurs.
Scope

Essential & important entities

NIS2 classifies medium-to-large organisations into two tiers. Essential entities face proactive supervision and higher fines. Important entities face reactive supervision triggered by incidents or evidence of non-compliance.

EnergyEssential

Electricity, oil, gas, hydrogen production, distribution, and supply.

🚂

TransportEssential

Air, rail, water, and road transport operators and infrastructure managers.

🏦

Banking & FinanceEssential

Credit institutions, financial market infrastructure, and central banks.

🏥

HealthcareEssential

Hospitals, healthcare providers, EU reference laboratories, pharma R&D.

💧

WaterEssential

Drinking water suppliers, distributors, and wastewater operators.

Digital InfrastructureEssential

Cloud providers, data centers, DNS, TLD registries, internet exchange points.

🏛

Public AdministrationEssential

Central government and critical public bodies designated by member states.

🏭

ManufacturingImportant

Medical devices, automotive, machinery, electrical equipment manufacturers.

📮

Postal ServicesImportant

Postal and courier service operators across the EU.

🧪

ChemicalsImportant

Chemical manufacturing, production, and distribution entities.

🛒

Digital ProvidersImportant

Online marketplaces, search engines, social networking platforms.

🔬

ResearchImportant

Research organisations as designated under national implementation.

Article 21 mapping

Every measure — every control

Article 21 requires appropriate technical and organisational measures to manage cybersecurity risks. Each measure below includes the satisfying control, the audit evidence it generates, and IAM/SAP relevance.

Art. 21 MeasureRequirementSatisfying ControlAudit EvidenceIAM / SAP Relevance
Access controlRole-based access, least privilege, credential security policiesPassword manager with RBAC, SIVIS WebManager roles, regular access review cadenceRole assignment logs, access reports, recertification records✓ Core SIVIS function
Multi-factor authenticationMFA enforced for all privileged and remote accessMFA policy, SSO integration, privileged access workstations, exception registerMFA enforcement reports, login logs, exception register✓ SIVIS SSO / SAP Auth
Incident reporting24h initial warning, 72h full report, 1-month final reportSIEM, CSIRT notification workflow, incident response plan, tabletop exercisesIncident tickets, notification timestamps, communications log⚡ SAP audit log feeds
Supply chain securityAssess cybersecurity posture of vendors and suppliersVendor risk assessment framework, contract security clauses, third-party audit rightsSupplier questionnaires, risk register, contract register⚡ KUKA / Pointsharp chain
EncryptionEncryption of data at rest and in transit; cryptographic key managementAES-256, TLS 1.3 enforced, HSM key management, certificate inventoryEncryption policy, certificate inventory, key management procedure✓ SAP secure channels
Vulnerability managementIdentify, prioritise, and remediate vulnerabilities continuouslyRegular patching, CVE scanning, CVSS-scored remediation SLA, penetration testingPatch management logs, scan reports, remediation evidence⚡ SAP transport hygiene
Business continuityBackup management, disaster recovery, crisis managementTested BCP/DRP, off-site backup, RTO/RPO targets defined and testedBCP test records, backup logs, RTO/RPO test evidence✓ SENTINEL emergency access
Cyber hygiene & trainingBasic cyber hygiene practices and cybersecurity training for all staffAnnual security awareness training, phishing simulation, AI literacy programmeTraining completion records, phishing statistics, competence assessments✓ SIVIS training series
Cryptographic policiesPolicies on use of cryptography; algorithm governanceCryptographic standards policy, approved algorithm list, deprecated algorithm banPolicy document, algorithm inventory, review records⚡ SAP ABAP crypto review
HR securityBackground checks, security vetting, NDA; joiners/movers/leavers processHR security policy, onboarding/offboarding checklist, access revocation SLASigned NDAs, vetting records, access revocation evidence✓ SoD joiner/mover/leaver
30-day plan

5-phase deployment to audit readiness

Organisations with structured tooling can achieve NIS2 audit readiness within 30 days — deploy access control and audit logging first, then close each Article 21 gap systematically.

1

Assess

Gap analysis against Article 21. Map current controls to each measure. Identify critical deficiencies.

2

Audit

Run credential security audit. Review privileged access, shared accounts, and password policies.

3

Deploy

Deploy password manager with RBAC and audit logging. Enforce MFA. Document credential policies.

4

Configure

Configure RBAC, LDAP/AD mapping, SIEM integration, and incident notification workflow.

5

Monitor

Continuous monitoring, quarterly review cadence, and log export for evidence packages.

Incident reporting timeline
0 → 24 hours

Early warning

Submit initial early warning to national competent authority or CSIRT. Indicate whether unlawful/malicious acts suspected and whether cross-border impact exists.

24 → 72 hours

Incident notification

Update with initial assessment: severity, likely impact, indicators of compromise, affected systems. Include preliminary root cause where available.

1 month

Final report

Detailed description, threat type, applied and planned mitigating measures, cross-border impact assessment, any regulatory follow-up required.

Professional standards

AI Compliance Auditor Standards

The auditor’s role in AI governance has been formally defined by IIA IPPF 2024, ISACA AAIA 2025, AICPA/PCAOB AI guidance, and the EU AI Act itself. These converge on one requirement: a named human exercising professional judgment that no algorithm can replicate.

IIA Global Internal Audit Standards 2024

IPPF · Effective January 9, 2025 · Five domains · 15 guiding principles

Std 4.2Due Professional Care — apply diligence and skepticism to AI-generated outputs; not excused by computational confidence or statistical precision of the model.
Std 4.3Professional Skepticism (mandatory) — maintain inquisitive attitude, critically assess all information including algorithmic outputs; seek additional evidence before concluding.
Std 2.2Ethical Courage — communicate truthfully, disclose material facts, act under pressure. Applies when auditing AI systems that may embed or obscure existing biases.
Domain IIObjectivity — explicit coverage of cognitive and algorithmic bias including self-review bias, confirmation bias, and automation bias toward AI system outputs.
Std 2010AI Governance Assessment — evaluate whether AI governance reflects the organisation’s risk culture: transparency, candour, learning orientation, documented accountability.
Std 2330Documenting Information — AI system documentation is primary audit evidence; logs, model cards, and oversight records must be obtained and evaluated for sufficiency.

ISACA Advanced in AI Audit (AAIA) 2025

First AI audit-specific certification · Prerequisites: CISA, CIA, or CPA

Domain 1AI Governance & Risk — strategy, policy, accountability frameworks, risk appetite definition, board-level AI governance design and challenge.
Domain 2AI Operations — model lifecycle management, continuous monitoring, incident response, model drift detection, performance degradation controls.
Domain 3AI Auditing Tools & Techniques — using AI to audit AI; automation of evidence collection, anomaly detection in audit populations, continuous auditing.
PrereqActive CISA, CIA, or CPA required. Positions AI audit as a professional discipline requiring prior audit competence, not purely technical expertise.
ScopeCovers audit of AI systems and use of AI within the audit function — the only certification addressing both directions simultaneously.
ContextAI literacy ranked #1 of 15 fastest-growing enterprise skills (LinkedIn 2025). AAIA is the professional response to the documented AI governance audit skills gap.
Core auditor competencies for AI governance
01 · Judgment

Professional judgment

Defining materiality, acceptable risk, and ethically legitimate trade-offs. No algorithm encodes this — it is the irreplaceable contribution of the trained professional auditor operating under IIA IPPF 2024.

02 · Skepticism

Algorithmic skepticism

AI outputs carry the illusion of precision. Auditors must interrogate model logic, data lineage, and output assumptions — not accept numerical outputs because they appear authoritative or computationally confident.

03 · Context

Contextual intelligence

Interpreting power dynamics, business reality, and stakeholder consequences. Algorithms flag anomalies; only auditors determine whether an anomaly reflects a control failure, business change, or intentional override.

04 · Accountability

Personal accountability

Only people bear responsibility before regulators, boards, and courts. EU AI Act Art. 14 makes this structural: the oversight person must exist, be named, be trained, and be empowered to stop the system.

IAASB / ISA — Assurance standards for AI evidence
StandardScopeAI Audit ApplicationKey Evidence Requirement
ISA 315Risk identification & assessmentTechnology risk assessment including AI system controls. Auditors must understand AI processing flows, not just financial outputs. AI introduces a new category of IT-related control risk requiring specific assessment.AI system inventory, risk classification, control design documentation, system flow diagrams.
ISA 330Responding to assessed risksTests of controls over AI systems — operating effectiveness testing of human oversight, logging integrity, model version controls, and approval workflows. Tests proportionate to assessed risk level.Test of controls workpapers, operating effectiveness evidence, override log review results.
ISA 500Audit evidenceDefines sufficient, appropriate audit evidence. AI model cards, technical files, logging outputs, and oversight records are primary evidence. Verbal representations and policy documents alone are insufficient.Evidence completeness checklist; all Art. 9–15 artifacts obtained and evaluated for sufficiency.
ISA 540Auditing accounting estimatesAI-driven financial estimates require evaluation of model assumptions, data inputs, and sensitivity analysis. Auditors must test whether the AI model is appropriate for the accounting estimate it generates.Model documentation, assumption log, sensitivity test results, independent recalculation records.
ISAE 3000Assurance on non-financial subjectsFramework for assurance on AI governance and control effectiveness where no financial audit is involved — applicable to regulatory compliance attestations, AI ethics reports, and EU AI Act deployer statements.Assurance engagement documentation, evidence evaluation, conclusion rationale, independence declaration.
Big 4 auditor best practice

AI Audit Frameworks — PwC · EY · KPMG · Deloitte

The four largest audit and advisory firms have each developed structured AI audit methodologies aligned to the EU AI Act and international standards. These represent the market benchmark for what a professional AI governance review looks like in 2025–2026.

🟠 PwC — Responsible AI Framework

PwC’s Responsible AI framework organises governance across five dimensions: fairness, interpretability, robustness, transparency, and data governance. The EU AI Act has been mapped directly to this framework with Art. 9–15 obligations assigned to specific pillars.

  • AI Trust Index — maturity assessment against 47 governance indicators
  • AI System Inventory — structured classification against EU AI Act Annex III
  • Human-in-the-loop design review — tests Art. 14 oversight assignment completeness
  • AI Ethics Board governance design — board-level accountability architecture
  • Third-party AI risk assessment — vendor AI supply chain due diligence
🟡 EY — Trusted AI Framework

EY’s Trusted AI addresses governance across six principles: human agency, technical robustness, privacy, transparency, fairness, and societal wellbeing. Since 2024, EY has aligned explicitly to EU AI Act Art. 9–15 and ISO/IEC 42001.

  • AI compliance diagnostic — gaps against EU AI Act Annex IV technical file
  • DPIA/HRIA acceleration — AI-specific GDPR-aligned impact assessment
  • AI model risk review — independent technical and governance review
  • AI incident response design — Art. 73 reporting workflow architecture
  • Board AI literacy programme — executive education mapped to IIA IPPF 2024
🔵 KPMG — Trusted AI & Governance

KPMG’s AI governance practice combines regulatory compliance advisory with internal audit transformation. The EU AI Act readiness assessment is structured around the Art. 9–15 obligation matrix and ISO/IEC 42001 architecture.

  • AI Register methodology — inventory with risk classification template
  • ISO 42001 readiness assessment — gap analysis against all clauses
  • AI internal audit transformation — redesigning IA for AI-era assurance
  • NIST AI RMF implementation — GOVERN/MAP/MEASURE/MANAGE model
  • AI supply chain risk — third-party assessment for deployer obligations
🟢 Deloitte — TrustID & AI Audit

Deloitte’s Trustworthy AI™ maps governance controls to legal obligations, ethical principles, and operational effectiveness. EU AI Act deployer compliance playbooks published since Q4 2024.

  • EU AI Act Deployer Assessment — 120-question readiness review vs Art. 9–15
  • AI Model Risk Management — Three Lines of Defence for AI oversight
  • Bias and fairness audit — demographic impact testing methodology
  • AI incident management — Art. 73 workflow and SIEM integration design
  • Continuous AI auditing — automated evidence collection and monitoring
Where all four firms converge — universal requirements
Big 4 consensus · EU AI Act alignment · ISO 42001 mapping

Universal AI Audit Requirements — What Every Firm Demands

Governance documentation

Minimum baseline evidence — all four firms:

  • Named AI system inventory with risk classification
  • Written governance policy with board approval
  • Named accountability owners per AI system
  • Risk appetite statement for AI
  • Prohibited use case register (named)
  • Model card for every high-risk system
  • Technical file per Art. 11 / Annex IV
  • DPIA / HRIA completed and signed off

Operational controls

Evidence governance is operational, not just documented:

  • Art. 12-compliant tamper-evident logging
  • Human oversight records with override evidence
  • Model version control and change management
  • Continuous monitoring with defined thresholds
  • Bias and fairness testing results on record
  • Post-deployment monitoring logs current
  • Supplier / vendor AI documentation obtained
  • Art. 73 incident register and reporting evidence

Assurance & testing

Independent testing and evidence validation:

  • Internal audit programme over AI governance
  • Art. 14 human oversight effectiveness test
  • Accuracy and robustness validation records
  • Data lineage and provenance verification
  • Third-party AI vendor due diligence evidence
  • Board-level AI literacy attestation
  • Regulatory notification readiness drill results
  • Annual governance review and board report
Three Lines of Defence — AI governance model
First line

Business & Operations

AI system owners, product teams, data scientists, and IT operations. Own the risk and manage day-to-day AI operations.

  • AI register maintenance and currency
  • Art. 12 log management and retention
  • Art. 14 oversight execution and records
  • Incident detection and initial response
Second line

Risk, Compliance & Legal

CRO, CCO, DPO, and Legal. Design the AI governance framework, validate classifications, and monitor enterprise compliance.

  • Risk classification validation
  • DPIA / HRIA sign-off and review
  • Regulatory liaison and Art. 73 notifications
  • AI governance policy ownership and update
Third line

Internal Audit

Independent assurance over design and operating effectiveness. ISACA AAIA and IIA IPPF 2024 define this as a distinct discipline requiring dedicated competence.

  • AI governance audit programme
  • Art. 9–15 compliance testing
  • Oversight effectiveness review and testing
  • Board reporting on AI assurance
Controls & evidence

Documentation systems — eight required types

Eight document types constitute the minimum audit evidence package for any high-risk AI system. Each has a legal basis, mandatory content specification, and a defined audience. These are required by law or professional standard — not optional best practice.

Document TypeLegal / Standard BasisMandatory ContentPrimary AudiencePriority
Model CardEU AI Act Art.11,13 · ISO 42001 §6.1 · NIST AI RMF GOVERN 1.7Intended use, limitations, evaluation metrics, bias testing results, performance across demographic groups, version history, foreseeable misuse scenariosAuditors, Regulators, Deployers, Impacted IndividualsCRITICAL
DPIA / HRIAEU AI Act Art.27 · GDPR Art.35 · ISO 27701 §7.2Risk identification, rights impact assessment, mitigation measures, residual risk, DPO sign-off, review schedule, consultation recordsDPO, Legal, Risk, Supervisory AuthorityCRITICAL
Technical File (Annex IV)EU AI Act Art.11, Annex IV · ISO 42001 §8.4System description, design specs, training data provenance, testing methodology, performance benchmarks, version history, conformity assessment evidenceNotified Bodies, Market Surveillance, Internal AuditHIGH
System LogEU AI Act Art.12 · ISO 27001 A.8.15 · ISA 315 §A81Input/output records, decision logs, override events, anomaly flags — minimum 6-month tamper-evident retention; exportable on regulatory requestAuditors, Incident Response, Compliance, Market SurveillanceHIGH
Transparency ReportEU AI Act Art.13 · NIST AI RMF MAP 5.2 · ISO 42001 §9.3Capabilities and limitations, human oversight measures, safe use instructions, accuracy/robustness levels, foreseeable misuse scenariosUsers, Board, Public (where applicable)HIGH
Incident RegisterEU AI Act Art.73 · ISO 27001 A.5.24 · IIA IPPF Std.2400Incident description, severity, root cause, corrective action, closure evidence, regulatory notification timestamp, market surveillance communicationsCISO, Audit Committee, RegulatorHIGH
Governance PolicyEU AI Act Art.9 · ISO 42001 §5.2 · NIST AI RMF GOVERN 1.1Risk appetite, prohibited use cases (named), accountability assignments, review cycle, training requirements, enforcement mechanismBoard, Senior Leadership, All StaffHIGH
Audit Evidence PackageIIA Std.2330 · ISA 500 · ISO 42001 §9.2 · EU AI Act compositeAll above plus: test plans, test results, bias assessment, oversight evidence, approval chains, remediation proof, board attestationInternal/External Auditors, Regulators, Certification BodiesCRITICAL
Controls testing — test procedure — failure signals
Control AreaTest ProcedureEvidence RequiredFailure Signal
Model InventoryTrace deployed version to approved model package; reconcile registry against live deploymentsSigned model package, version log, change tickets, promotion approvalsProduction model differs from approved — version mismatch, no change record
Human Oversight (Art. 14)Sample AI decisions; test override/review capability; verify named oversight person trained and activeOverride logs, reviewer IDs, SOPs, training records, competence assessment, intervention evidenceNo mechanism to stop or escalate — oversight is nominal, not operational
Data Governance (Art. 10)Reperform sample data lineage from source to model; verify data quality controls in placeData dictionary, lineage maps, source approvals, preprocessing log, retention policyUnknown data origin, undocumented preprocessing, expired retention controls
Bias ControlsReview protected-attribute testing results; verify thresholds were set, monitored, and acted onFairness metrics, threshold rationale, demographic test data, remediation action logNo adverse impact monitoring — or testing performed but findings not acted on
Transparency (Art. 13)Compare user-facing notice to actual model behaviour and declared limitationsUser notices, FAQs, UI screenshots, model card, AI disclosure statementsUsers cannot identify AI involvement, understand decisions, or initiate challenge
Incident Response (Art. 73)Walk one live AI incident end-to-end through response process; test SLA complianceTicket trail, escalation SLA evidence, root-cause analysis, fix evidence, retest resultsDefect identified with no corrective action trail — or SLA breached with no rationale
AI audit evidence pyramid — four levels
LEVEL 4 — ASSURANCE
Independent Assurance
Internal audit, external audit, certification, independent review of design and operating effectiveness of AI controls
IIA Std.2330 · ISA 500 · ISO 42001 §9.2 · EU AI Act Art.9
LEVEL 3 — TECHNICAL
Technical Evidence
Logs, model cards, monitoring reports, test scripts, telemetry, configuration baselines, SIEM exports, SBOM, version records
EU AI Act Art.12 · ISO 27001 A.8.15 · ISA 315 §A81
LEVEL 2 — PROCESS
Process Documentation
Risk assessments, approval workflows, exception handling, vendor onboarding, escalation procedures, oversight assignments and training records
EU AI Act Art.9 · ISO 42001 §6.1 · NIST AI RMF MAP
LEVEL 1 — FOUNDATION
Policies & Governance
AI Governance Policy, Acceptable Use Policy, Responsible AI Policy, Secure Development Standard, Risk Appetite Statement with board approval
EU AI Act Art.9 · ISO 42001 §5.2 · NIST AI RMF GOVERN 1.1

“No evidence = No control. Organisations will not be judged by how much AI they deploy — they will be judged by how well they can prove control, transparency, security, and accountability.”

AI threat landscape — top risks auditors must assess
AI Threat Landscape

Top Risks Auditors Must Assess

Threat Description Business Impact Detection Method Audit Evidence
Prompt Injection Malicious input manipulates model instructions or retrieved context to bypass guardrails Unauthorized actions, data exfiltration, reputational damage Input validation logs, anomaly detection, red team tests Test scripts, findings register, guardrail config
Data Poisoning Malicious content inserted into training or RAG sources shifts model behaviour Biased decisions, compliance failures, systematic errors Data lineage audits, statistical drift monitoring Data governance records, source approval logs
Training Data Leakage Sensitive training content surfaces through model outputs or inversion attacks Privacy breach, regulatory fines, IP loss Output monitoring, DPIA review, membership inference tests DPIA, data minimisation policy, test results
Model Theft Attackers replicate model weights, prompts, or behaviour via API abuse IP loss, competitive harm, revenue impact API rate-limit alerts, access log analysis API access logs, rate-limit configs, IP controls
Supply Chain Attacks Compromised open-source models, plugins, or vector sources contaminate production Widespread compromise, undetected backdoors Software composition analysis, vendor attestations SCA reports, vendor due diligence, SBOM
Hallucination Risk False outputs drive bad approvals, misleading advice, or inaccurate control decisions Wrong business decisions, regulatory violations Output validation gates, human review sampling Validation logs, human oversight records, error reports
Unauth. Fine-Tuning Shadow model changes invalidate approved behaviour and control assumptions Control bypass, undocumented risk exposure Model versioning, change management controls Model registry, CAB records, change tickets
Privilege Escalation AI agents with tools or memory perform actions beyond intended authority Unauthorized transactions, data access, system changes Agent activity logs, permission boundary alerts IAM logs, agent scope policy, workflow approvals
AI governance RACI matrix
ActivityBusinessITSecurityAuditGovernance Note
AI Strategy & PolicyACCIBusiness owns AI strategy. Audit provides independent challenge.
System Inventory & ClassificationCACIIT owns system registry. Audit verifies completeness.
Risk Assessment (pre-deployment)CCAISecurity leads risk assessment. Audit reviews methodology.
Technical Documentation (Art. 11)IACIIT responsible. Audit verifies existence and completeness.
Named Human Oversight (Art. 14)ACIIBusiness assigns named oversight. IT configures override mechanism.
Continuous MonitoringIAACIT and Security jointly accountable. Audit consulted on design.
Incident Response (Art. 73)ICACSecurity owns incident response. Audit consulted on root cause.
Independent AssuranceIICAAudit is the only function independently accountable for assurance.
Annual Governance ReviewCCCAAudit accountable for annual review. Board receives report.
Dual regulation

AI Act + NIS2 + Audit Standards — Unified compliance

Most CEE enterprises subject to the EU AI Act are also NIS2 entities. The two frameworks share common control building blocks — IAM, audit logging, risk registers, incident reporting — making a unified programme more efficient than two parallel workstreams.

EU AI Act penalties (Art. 99)
€35M / 7%

Maximum for prohibited practices (Art. 5). €15M / 3% for GPAI and high-risk obligations. €7.5M / 1.5% for information failures to authorities. Whichever is higher — fixed amount or percentage of global annual turnover.

NIS2 penalties
€10M / 2%

Maximum for essential entities. €7M / 1.4% for important entities. Management can be personally fined and temporarily barred from management roles. Proactive supervision for essential; reactive for important entities.

Shared control building blocks — AI Act + NIS2 + Audit Standards
IAM & Access ControlAI Act: oversight assignment; NIS2 Art.21 access control; IIA: governance review evidence
Audit LoggingAI Act Art.12: decision traceability; NIS2: incident evidence; ISA 315: IT control evidence
Risk RegistersAI Act Art.9: AI risk management; NIS2: cybersecurity risk documentation; ISO 42001 §6.1
Incident ResponseAI Act Art.73: serious incident reporting; NIS2: 24/72h reporting; IIA Std.2400: audit findings
Training & LiteracyAI Act: AI literacy obligation; NIS2: cyber hygiene training; IIA IPPF: auditor competence
Supply ChainAI Act: provider/deployer chain; NIS2 Art.21: vendor security; Big 4: third-party AI risk
Management LiabilityAI Act Art.14: named oversight; NIS2: executive liability; IIA: board accountability reporting
Third-party GovernanceVendor AI and cloud providers appear in both regulatory scopes — unified due diligence required
Unified governance roadmap
Phase 1

Dual scope assessment

Determine NIS2 classification (essential/important). Inventory AI systems against the four-tier risk model. Create a single integrated compliance gap register covering both frameworks. Avoid two parallel gap registers — they produce contradictory remediation plans.

Phase 2

Unified control design

Design IAM controls, logging architecture, and risk management procedures satisfying both NIS2 Article 21 and AI Act Art. 9–15 simultaneously. ISO 42001 provides the integrating management system. NIST AI RMF provides the operational operating model.

Phase 3

Assurance & evidence

Build exportable audit evidence packages covering both frameworks. Train the board on dual executive liability. Establish quarterly review cadence feeding both the AI governance committee and the CISO’s NIS2 compliance dashboard.

ISO/IEC 42001 — the integrating management system
ISO 42001 ClauseRequirementEU AI Act AlignmentNIS2 AlignmentBig 4 / IIA Requirement
§4Context of organisationDefines scope for Art. 9 risk management systemOrganisation classification (essential/important)Mandatory starting point — all Big 4 frameworks
§5.2AI policySatisfies Art. 9 organisational risk management requirementGovernance policy for cybersecurity risk managementIIA IPPF Domain I: governance design
§6.1AI risk assessmentArt. 9 continuous risk management; Art. 10 data governanceNIS2 Art. 21 risk assessment requirementsKPMG / Deloitte: risk register methodology
§8.4AI system documentationArt. 11 technical file; Annex IV requirementsTechnical documentation for audit evidencePwC / EY: Annex IV compliance assessment
§9.2Internal auditArt. 9 governance oversight; Art. 73 assuranceIndependent verification of NIS2 controlsIIA IPPF Std.2330; ISA 500: evidence sufficiency
§9.3Management reviewArt. 13 transparency; board governanceBoard-level NIS2 oversight and liability managementAll Big 4: annual board AI governance report
§10ImprovementArt. 9 continuous lifecycle; post-market monitoringPost-incident improvement; NIS2 lessons learnedISACA AAIA Domain 2: model lifecycle management
Sources & references

Validated sources for executive and audit use

All references are primary regulatory sources, official professional standards, or authoritative firm publications. Primary Commission sources are the strongest citations for board, audit committee, and regulatory briefings.

EU AI Act — Official text (Regulation 2024/1689)

Full text including Annex III (high-risk categories), Annex IV (technical documentation), Art. 9–15 obligations, Art. 73 incident reporting, and Art. 99 penalties.

EUR-Lex ↗

European Commission — EU AI Act hub

Implementation timeline, AI Office resources, GPAI Code of Practice, and harmonised standards development updates including August 2026 milestone.

EC Digital ↗

AI Act Service Desk — Implementation timeline

Official phased roll-out: 2 Feb 2025, 2 Aug 2025, 2 Aug 2026, December 2027, August 2028 milestones with AI Omnibus updates.

Service Desk ↗

NIS2 Directive (EU 2022/2555) — Official text

Full directive including Article 21 measures, Article 23 incident reporting, management accountability provisions, and penalty framework.

EUR-Lex ↗

ENISA — NIS2 implementation guidance

Technical guidance, sector-specific implementation notes, and Art. 21 cybersecurity measures. Authoritative for CEE national implementations and sector-specific regulatory dialogue.

ENISA ↗

IIA — Global Internal Audit Standards 2024 (IPPF)

Effective January 9, 2025. Five domains, 15 guiding principles. Standards 4.2, 4.3, 2.2, 2010, 2330 directly applicable to AI governance audit work.

IIA ↗

ISACA — Advanced in AI Audit (AAIA) 2025

First AI audit-specific certification. Three domains: AI Governance & Risk, AI Operations, AI Auditing Tools & Techniques. Prerequisites: active CISA, CIA, or CPA.

ISACA ↗

ISO/IEC 42001 — AI Management System Standard

International AI management system standard. Integrates with ISO 27001, ISO 31000, and ISO 9001. Provides the governance operating system for unified AI Act and NIS2 compliance.

ISO ↗

NIST AI Risk Management Framework (AI RMF 1.0)

GOVERN · MAP · MEASURE · MANAGE. Endorsed by all Big 4 firms for AI risk management. Aligns to EU AI Act Art. 9 continuous risk management obligation.

NIST ↗

Article 99 penalties — AI Act reference

€35M/7% for Art. 5 prohibited practices · €15M/3% for Art. 10–15 and GPAI · €7.5M/1.5% for information failures.

AI Act Hub ↗

European Commission — NIS2 Directive overview

Scope, key obligations, incident reporting, management liability, and harmonization resources from the Commission’s digital policy directorate.

EC Digital ↗

Guardian Group Agency — AI Governance & SAP IAM Practice

SIVIS Pointsharp IAM, SAP SoD, EU AI Act advisory, NIS2, and AI-augmented documentation for multinational manufacturing and technology clients in CEE.

guardiangroup.agency ↗