Updated 12 May 2026 · AgenticRail
EU AI Act, NIST AI RMF, ISO 42001: Three Frameworks, One Enforcement Layer for Agentic AI
Three frameworks dominate AI governance in 2026: the EU AI Act (binding regulation, high-risk obligations from December 2027), NIST AI RMF 1.0 (voluntary US framework, widely adopted as enterprise baseline), and ISO/IEC 42001:2023 (international management system standard with certification path). Each specifies different obligations. All three converge on a requirement that agentic AI systems cannot satisfy with logging alone: evidence that oversight mechanisms were operational during deployment.
May 2026 — What's changed
→EU AI Act — high-risk enforcement December 2027. High-risk AI obligations apply from 2 December 2027, extended from 2 August 2026 by the Digital Omnibus on AI (May 2026). Agentic systems in Annex III sectors must satisfy Articles 9, 11, 12, and 14 or face penalties up to €35M.
→NIST — Critical Infrastructure Profile concept note (April 2026). NIST published a concept note for AI RMF Profile on Trustworthy AI in Critical Infrastructure, extending the core framework to energy, finance, healthcare, and transport operators. It follows the Generative AI Profile (NIST AI 600-1, July 2024). The direction is sector-specific, risk-tiered guidance — consistent with the EU AI Act's regulatory approach. The profile is in concept phase; a draft for public comment is expected later in 2026.
→ISO/IEC 42001 — Adoption accelerating. Certification bodies across the EU and UK report material upticks in ISO/IEC 42001 enquiries since Q1 2026, driven by organisations treating certification as evidence of conformity readiness ahead of the August EU AI Act deadline. ISO 42001 is not legally required, but certified organisations carry a stronger audit position.
Key takeaways
- EU AI Act is binding law — penalties up to €35M. High-risk AI deadline: 2 December 2027 (extended from 2 August 2026).
- NIST AI RMF is voluntary. No penalties, no deadline. Widely adopted as US enterprise baseline.
- ISO/IEC 42001 is voluntary with optional certification. Aligns with ISO 9001/27001 management system structures.
- All three require operational evidence of oversight — not just logs, but proof the controls ran before actions executed. This is why the deterministic vs probabilistic distinction matters at the regulatory level.
- Infrastructure-level enforcement (cryptographic receipt chain) satisfies all three simultaneously. Build once, map to all three.
The three frameworks at a glance
Binding regulation
EU AI Act
Regulation 2024/1689 · European Union
Risk-based regulation classifying AI systems from unacceptable risk (banned) to minimal risk. High-risk AI — including agentic systems in hiring, lending, healthcare, law enforcement, and critical infrastructure — faces mandatory conformity assessment, technical documentation, CE marking, EU database registration, human oversight, and logging. High-risk obligations apply from 2 December 2027 (extended from 2 August 2026, Digital Omnibus May 2026).
Full text →
Voluntary framework
NIST AI RMF 1.0
AI Risk Management Framework · NIST, USA
Voluntary framework organising AI risk management across four functions: Govern (policies, culture), Map (context, risk identification), Measure (analysis, assessment), Manage (prioritisation, treatment). Adopted as baseline by US federal agencies and widely used in enterprise risk programmes globally. No certification mechanism; no legal deadline.
NIST AI →
Certifiable standard
ISO/IEC 42001:2023
AI Management Systems · ISO/IEC JTC 1/SC 42
International standard for AI management systems, structured like ISO 9001 (quality) and ISO 27001 (information security). Specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. Certification available via accredited bodies. Annex A includes 38 controls covering AI system design, data, operations, and incident management.
ISO standard →
Side-by-side comparison
| Property |
EU AI Act |
NIST AI RMF 1.0 |
ISO/IEC 42001 |
| Legal force |
Binding regulation (EU) |
Voluntary guidance |
Voluntary; certification available |
| Deadline |
Dec 2027 (high-risk AI) |
None |
None (certification-led) |
| Scope |
All AI placed on EU market; risk-tiered |
Any organisation using or developing AI |
Any organisation developing or using AI |
| Penalties |
Up to €35M or 7% global turnover |
None |
None (loss of certification) |
| Human oversight required |
Yes — Article 14 (mandatory) |
Yes — Govern 1.2 (recommended) |
Yes — Clause 6.1 (required for certification) |
| Logging / traceability |
Yes — Article 12 (mandatory) |
Yes — Measure 2.5 (recommended) |
Yes — Annex A.6.1.6 (control) |
| Technical documentation |
Yes — Article 11 + Annex IV (mandatory) |
Recommended (Map 5) |
Yes — Clause 8.4 (required for certification) |
| Incident reporting |
Yes — Article 73 (serious incidents) |
Recommended (Manage 4) |
Yes — Clause 10.1 |
| Conformity assessment |
Yes — third-party for most Annex III |
No |
Yes — independent certification |
| Agentic AI specific guidance |
Implicit via risk classification |
AI RMF Playbook (emerging) |
Not explicitly addressed |
How sequence enforcement maps to each framework
Sequence enforcement — evaluating each agent action against a defined policy before execution, issuing a cryptographic receipt on every authorised pass — is not specific to any one framework. It satisfies the enforcement requirements that all three converge on: oversight that is operational during deployment, logging that is tamper-evident, and evidence that prerequisites were met before actions executed.
Framework requirement
Article 14: Human oversight measures — natural persons must be able to intervene or halt the system. Oversight must be effective (built into operation, not available as policy option).
How sequence enforcement satisfies it
The gate is the oversight mechanism. Every step requires gate authorisation before executing. Key revocation, policy change, or explicit HALT immediately stops execution — without relying on the model to comply.
Framework requirement
Article 12: Automatic log generation enabling post-market monitoring. Logs must be sufficient to determine the period of use, reference database used, and persons involved in verification.
How sequence enforcement satisfies it
Every gate decision produces an HMAC-signed receipt stored in immutable R2 storage, recording: step, sequence ID, decision, timestamp, nonce, action type, and pack ID. Receipts are chained; tampering breaks the chain. Pre-action record — not post-action log.
Framework requirement
Article 11: Technical documentation demonstrating system operates as intended, including design logic, testing results, and risk management measures.
How sequence enforcement satisfies it
The POST /report endpoint generates a verifiable compliance report for any sequence ID: receipt chain, HMAC proofs, chain linkage verification, and AI-generated compliance narrative — suitable for Article 11 technical documentation packages.
Framework requirement
Govern 1.2: Accountability structures include oversight of AI system behaviour by designated personnel with authority to intervene.
How sequence enforcement satisfies it
Gate access is controlled via API keys. Designated personnel can revoke keys, modify policy maps, or terminate sequences. The enforcement layer is separate from the model — human authority operates at the infrastructure level.
Framework requirement
Measure 2.5: AI system performance is monitored using methods appropriate to the risk level, with results used to inform risk treatment decisions.
How sequence enforcement satisfies it
Gate statistics (total evaluations, ALLOW/DENY rates, HALT events, sequence completions) are recorded in KV and exposed via the dashboard. The receipt chain enables retrospective analysis of exactly which steps were blocked and why.
See the May 2026 updates section at the top for the NIST Critical Infrastructure Profile concept note and EU AI Act enforcement timeline.
Framework requirement
Clause 9.1: Monitoring, measurement, analysis, and evaluation — the organisation shall determine what needs to be monitored and measured and the methods for valid results.
How sequence enforcement satisfies it
Gate decisions are the measurement points. Every ALLOW and DENY is recorded with full metadata. The receipt chain constitutes the continuous operational record that Clause 9.1 requires — produced automatically, not as a separate measurement exercise.
Framework requirement
Annex A, A.6.1.6: AI system operational logging — the organisation shall implement logging of AI system operations to an extent sufficient to enable the reconstruction of AI system behaviour.
How sequence enforcement satisfies it
The receipt chain enables complete reconstruction of agent sequence behaviour: which steps ran, in what order, what the gate decided, at what time. The HMAC signatures make the reconstruction tamper-evident — any alteration is detectable.
Which framework applies to your agentic AI system?
Most organisations building agentic AI in 2026 will need to address at least two of these frameworks simultaneously:
- →EU market + high-risk sector: EU AI Act is mandatory. ISO/IEC 42001 certification provides a structured conformity path. NIST AI RMF aligns US operations.
- →US federal or regulated enterprise: NIST AI RMF is baseline. ISO/IEC 42001 provides certification. EU AI Act applies if EU market activity exists.
- →Global enterprise, any sector: ISO/IEC 42001 provides the management system foundation. EU AI Act applies to EU-facing deployments. NIST AI RMF fills voluntary gaps.
- →Agentic AI in any regulated context: All three frameworks require operational evidence that oversight mechanisms functioned during deployment. Sequence enforcement produces this evidence — a gate receipt chain that satisfies the evidence requirements of all three simultaneously.
The enforcement layer is the same regardless of which framework you are complying with. The receipt chain that satisfies EU AI Act Article 12 is the same chain that satisfies ISO/IEC 42001 Annex A.6.1.6 and NIST AI RMF Measure 2.5. You build it once; it maps to all three.
Frequently asked questions
What is the difference between EU AI Act and NIST AI RMF?
The EU AI Act is binding EU law — mandatory for any AI placed on the EU market, with penalties up to €35M or 7% of global turnover and a compliance deadline of 2 December 2027 for high-risk AI (extended from 2 August 2026). NIST AI RMF 1.0 is a voluntary US framework with no penalties or legal deadlines. It organises risk management across four functions (Govern, Map, Measure, Manage) and is widely adopted as an enterprise baseline, particularly in US federal contexts.
Is ISO 42001 required for EU AI Act compliance?
No — ISO/IEC 42001 certification is not legally required for EU AI Act compliance. However, it provides a structured management system that can support the technical documentation and risk management evidence required under Articles 9 and 11. Many operators pursuing EU AI Act conformity assessment use ISO/IEC 42001 as a governance foundation alongside their notified body review.
What does EU AI Act Article 12 require for logging?
Article 12 requires that high-risk AI systems automatically generate logs enabling post-market monitoring. The logs must be sufficient to identify: the period of each use, the reference database against which output was verified, and the persons involved in the verification. Critically, the logs must be independent of the AI system being audited — logs generated by the same agent cannot satisfy this requirement.
When does the EU AI Act apply to agentic AI?
High-risk obligations apply from 2 December 2027 (extended from 2 August 2026, Digital Omnibus May 2026). Agentic AI systems operating in Annex III sectors — hiring, lending, healthcare triage, law enforcement, critical infrastructure — are classified as high-risk. These systems must satisfy Articles 9, 11, 12, and 14 by the deadline, including CE marking and EU database registration where required.
Can one approach satisfy EU AI Act, NIST, and ISO 42001 simultaneously?
Yes. All three frameworks require the same underlying capability: operational proof that oversight mechanisms functioned during deployment. Infrastructure-level sequence enforcement — gate-evaluating each agent action before execution and issuing a cryptographic receipt — produces a receipt chain that satisfies EU AI Act Article 12, ISO/IEC 42001 Annex A.6.1.6, and NIST AI RMF Measure 2.5 at once. The enforcement layer is framework-agnostic; the receipts map to all three.
See it working
One enforcement layer. Three frameworks satisfied.
The receipt chain that satisfies EU AI Act Article 12 is the same chain that satisfies ISO/IEC 42001 Annex A.6.1.6 and NIST Measure 2.5. Run a demo sequence and generate your own compliance report in 60 seconds — no signup required.
Stay ahead of the deadlines
Framework updates direct to your inbox
Enforcement guides, compliance deadline alerts, and framework changes as they're published. No pitch cadence.