ISO/IEC 42001 (first AI management standard), NIST AI RMF and EU AI Act converge on a common framework. 68% of companies without formal AI governance expose executive liability.
Inventory of all AI systems in use: provider, use case, data processed, EU AI Act risk classification, internal owner. Updated quarterly.
Define what employees can and cannot do with AI tools: authorised data, task types, prohibitions (named customer data, confidential R&D). Signed by teams.
For impactful decisions: formally define human intervention thresholds. Example: any AI-assisted HR decision must be validated by a manager before notification.
Model drift, algorithmic bias, security incidents. Quarterly report to the executive committee. Incident reporting process if mandatory.
Emerging role in 2026: 34% of Fortune 500 have designated a CAIO. Responsible for AI strategy, governance and compliance. In SMEs: often assumed by the CTO or CDO.
Validation body for high-risk AI projects. Recommended composition: legal representative, DPO, business, IT, HR. Monthly meetings.
One AI reference per department (finance, HR, commercial). First line of control over tools used in their perimeter. EU AI Act training mandatory.
GDPR × AI interface. In charge of DPIAs for AI projects, supplier contract compliance, and individual rights management.
Molderez Consult SRL assesses your EU AI Act and GDPR compliance.
Request my audit