AI Hacking
AI Security Resources

AI Security Standards & Regulations

Global frameworks and legal requirements for AI system security

🌐

Compliance Landscape

These standards form the basis for lawful and ethical AI security testing practices

NIST AI RMF

Global

Risk Management

Risk management framework for trustworthy AI

  • Governance, mapping, measurement, and management
  • Voluntary but widely adopted

Pentesting Implications:

  • Align tests with framework mappings
  • Document risk measurement approaches

EU AI Act

Europe

Regulation Enforcement: Aug 2, 2026

First comprehensive AI law - fines up to €35M

  • Risk-based classification (4 tiers)
  • High-risk AI obligations: August 2, 2026

Pentesting Implications:

  • Conformity assessments required
  • Technical documentation mandatory

ISO/IEC 23053

Global

Standard

Standard for ML engineering

  • Development and deployment processes
  • System documentation requirements

Pentesting Implications:

  • Verify development process compliance
  • Check documentation completeness

OWASP LLM Top 10

Global

Guidelines

Top LLM security risks

  • Prompt injection (#1 risk)
  • Training data poisoning

Pentesting Implications:

  • Prioritize testing for Top 10 vulnerabilities
  • Use provided mitigation guidance

Compliance Framework Mapping

Requirement NIST EU AI Act ISO 23053
Risk Assessment Core Required Recommended
Data Governance Core Required Required
Security Testing Core High-Risk Recommended
Documentation Core Required Required

EU AI Act: Enforcement Timeline 2026

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI legal framework.

February 2025

Prohibited AI practices banned

August 2025

GPAI obligations live

August 2, 2026

High-risk AI obligations enforceable

August 2027

Annex I HRAI systems deadline

Key Compliance Requirements

Fines

  • Up to €35M or 7% of global turnover
  • Documented compliance = mitigating factor

High-Risk AI Systems

  • Conformity assessments required
  • Technical documentation mandatory
  • Risk management systems

Source: EU AI Act Compliance Guide 2026

AI Security Training

Explore certifications and training programs to build your AI security skills.

View Certifications →

Legal Considerations

  • Jurisdictional requirements
  • Data protection laws
  • Intellectual property rights
  • Liability frameworks

Legal Considerations

  • Jurisdictional requirements
  • Data protection laws
  • Intellectual property rights
  • Liability frameworks

Related Articles

Related Resources