AI & Governance

AI Governance
Frameworks Compared

EU AI Act regulates risk. NIST manages it. Both focus on how to deploy AI safely—but not who decides what AI should do. Semantic governance addresses this gap.

Three Approaches

EU AI Act

European Union

Approach: Risk-based regulation

Focus: AI systems categorized by risk level (unacceptable, high, limited, minimal)

Governs: How AI systems are deployed and what safeguards they must have

Limitation: Focuses on systems, not on who decides what goals the systems should pursue

NIST AI RMF

United States (voluntary)

Approach: Risk management

Focus: Managing AI risks across lifecycle (Map, Measure, Manage, Govern)

Governs: How organizations identify and manage AI-related risks

Limitation: Assumes goals are given; focuses on managing risks to achieving them

Semantic Governance

Framework (not jurisdiction-specific)

Approach: Intent specification

Focus: Making explicit whose values are embedded and with what authority

Governs: Who has authority to specify what AI should do—and on what basis

Limitation: Theoretical framework; requires implementation through other mechanisms

Quick Comparison

Dimension	EU AI Act	NIST AI RMF	Semantic Governance
Primary question	What risks does this system pose?	How do we manage this system's risks?	Who decided this system's purpose?
Assumes	We know what harms to prevent	We know what goals to pursue	Nothing—makes authority explicit
Binding?	Yes (law in EU)	No (voluntary framework)	Framework for any binding mechanism
Accountability	Deployer/provider compliance	Organizational risk management	Authority chains to decision-makers

The Governance Gap

Both major frameworks govern the "how" of AI deployment:

→EU AI Act: How to deploy AI systems safely (compliance requirements)
→NIST: How to manage AI risks (process framework)

What's missing: Neither addresses who has authority to decide what goals the AI should pursue. A perfectly compliant, well-risk-managed system can still serve purposes that no one explicitly authorized.

Frequently Asked Questions

What is the EU AI Act?

The EU AI Act is the world's first comprehensive AI law, categorizing AI systems by risk level (unacceptable, high, limited, minimal) and imposing requirements accordingly. High-risk systems require conformity assessments, documentation, and human oversight. It focuses on what safeguards systems must have, not who decides what they should do.

What is the NIST AI Risk Management Framework?

The NIST AI RMF is a voluntary framework helping organizations manage AI-related risks through four functions: Map (understand context), Measure (assess risks), Manage (address risks), and Govern (create accountability). It focuses on how organizations handle AI risks, assuming goals are already determined.

How does semantic governance differ from these frameworks?

Both EU AI Act and NIST assume we know what AI should do—they govern how to do it safely. Semantic governance addresses the prior question: who has authority to decide what AI should do? It makes intent specification explicit rather than implicit in system design.

Can these frameworks work together?

Yes. EU AI Act provides legal compliance requirements. NIST provides risk management processes. Semantic governance provides the authority layer—who decides what goals the compliant, risk-managed system should pursue. They address different aspects of AI governance.

Learn About Semantic Governance See More Comparisons

Stay updated

Get notified when we publish new research. No spam, unsubscribe anytime.

Three Approaches

EU AI Act

European Union

Approach: Risk-based regulation

Focus: AI systems categorized by risk level (unacceptable, high, limited, minimal)

Governs: How AI systems are deployed and what safeguards they must have

Limitation: Focuses on systems, not on who decides what goals the systems should pursue

NIST AI RMF

United States (voluntary)

Approach: Risk management

Focus: Managing AI risks across lifecycle (Map, Measure, Manage, Govern)

Governs: How organizations identify and manage AI-related risks

Limitation: Assumes goals are given; focuses on managing risks to achieving them

Semantic Governance

Framework (not jurisdiction-specific)

Approach: Intent specification

Focus: Making explicit whose values are embedded and with what authority

Governs: Who has authority to specify what AI should do—and on what basis

Limitation: Theoretical framework; requires implementation through other mechanisms

Quick Comparison

Dimension	EU AI Act	NIST AI RMF	Semantic Governance
Primary question	What risks does this system pose?	How do we manage this system's risks?	Who decided this system's purpose?
Assumes	We know what harms to prevent	We know what goals to pursue	Nothing—makes authority explicit
Binding?	Yes (law in EU)	No (voluntary framework)	Framework for any binding mechanism
Accountability	Deployer/provider compliance	Organizational risk management	Authority chains to decision-makers

The Governance Gap

Both major frameworks govern the "how" of AI deployment:

→EU AI Act: How to deploy AI systems safely (compliance requirements)
→NIST: How to manage AI risks (process framework)

Frequently Asked Questions

AI GovernanceFrameworks Compared

Three Approaches

EU AI Act

NIST AI RMF

Semantic Governance

Quick Comparison

The Governance Gap

Frequently Asked Questions

What is the EU AI Act?

What is the NIST AI Risk Management Framework?

How does semantic governance differ from these frameworks?

Can these frameworks work together?

Stay updated

AI GovernanceFrameworks Compared

Three Approaches

EU AI Act

NIST AI RMF

Semantic Governance

Quick Comparison

The Governance Gap

Frequently Asked Questions

What is the EU AI Act?

What is the NIST AI Risk Management Framework?

How does semantic governance differ from these frameworks?

Can these frameworks work together?

Stay updated

AI Governance
Frameworks Compared

AI Governance
Frameworks Compared