EU AI Act and US AI order: what changes for AI governance?

TL;DR: The EU AI Act and the US Executive Order on AI both push organisations toward AI TRiSM, with disclosure, documentation, risk assessment, and stakeholder accountability becoming core compliance duties, according to Lasso Security. The practical shift is that AI governance now has to join legal, procurement, privacy, and security into one operating model rather than a series of disconnected reviews.

NHIMG editorial — based on content published by Lasso Security: Achieving Compliance with AI TRiSM, the EU AI Act and US Executive Order on AI

Questions worth separating out

Q: How should organisations govern AI systems under new regulation?

A: Treat AI governance as a cross-functional control process, not a model-only review.

Q: Why do AI regulations create identity governance work?

A: Because AI services are now governed assets that can touch data, users, and downstream systems.

Q: What do organisations get wrong about AI compliance programmes?

A: They often stop at policy statements, committee formation, or vendor questionnaires.

Practitioner guidance

• Create a governed AI inventory Record every AI service, model, and vendor relationship with an owner, business purpose, data scope, and review date.
• Align legal, procurement, and security approval paths Use one intake process for new AI use cases so risk, privacy, and access questions are assessed together.
• Require evidence for transparency and logging controls Document how users are informed they are interacting with AI, how model outputs are traced, and what logs are retained for review.

What's in the full article

Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:

• A closer breakdown of the EU AI Act risk categories and how they map to different deployment scenarios.
• The article's specific view of how AI TRiSM technologies support compliance workflows and policy enforcement.
• The vendor's recommendations for building cross-functional AI task forces across legal, procurement, privacy, and security.
• The article's discussion of how GDPR alignment can support AI governance efforts in practice.

👉 Read Lasso Security's analysis of AI TRiSM compliance under the EU AI Act and US AI order →

EU AI Act and US AI order: what changes for AI governance?

Explore further

View Full Forum →  |  NHI Foundation Course →