AI Governance Frameworks
Primary-source-cited explainers for the AI governance frameworks that affect US law firms. Each entry covers what the framework requires, who must comply, when enforcement begins, and how firm-side documentation maps to the requirements. Sorted by soonest compliance deadline.
Companion content: state-bar guidance is on the state tracker. Court orders binding firms filing in specific federal districts and state courts are on the court orders tracker. ABA Formal Opinion 512, the national baseline ethics framework, has its own compliance guide. For the chronological view of when each framework took effect, see the AI legal regulation timeline.
NIST AI Risk Management Framework 1.0
Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1
Industry framework Effective: January 26, 2023
NIST released AI RMF 1.0 on January 26, 2023 as the federal government's first comprehensive AI risk-management standard. Voluntary but widely cited as the benchmark for AI governance, mapping, measurement, and management. Adoption is voluntary; relevance for law firms is as the …
ISO/IEC 42001
ISO/IEC 42001:2023, Information technology, Artificial intelligence, Management system
International standard Effective: December 18, 2023
ISO/IEC 42001:2023, published December 2023, is the first international management-system standard for artificial intelligence. It specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) wit…
USPTO AI Practitioner Guidance
Guidance on Use of Artificial Intelligence-Based Tools in Practice Before the United States Patent and Trademark Office, 89 Fed. Reg. 25609
Federal guidance Effective: April 11, 2024
USPTO published practitioner guidance on April 11, 2024 (89 Fed. Reg. 25609) on the use of AI tools in practice before the office. The guidance is interpretive (it applies existing 37 CFR Part 11, 1.4, 1.56, and 11.18 duties of candor, signature, and confidentiality to AI use) ra…
NIST Generative AI Profile
Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST AI 600-1
Industry framework Effective: July 26, 2024
NIST released the Generative AI Profile (NIST AI 600-1) on July 26, 2024 as a companion to AI RMF 1.0. It is the GenAI-specific overlay covering hallucination, data leakage, dual-use, intellectual property, and value-chain risks unique to generative AI. Developed pursuant to Exec…
California AB 2013, SB 942
California AB 2013 (Generative AI Training Data Transparency) and SB 942 (California AI Transparency Act)
State regulation Effective: January 1, 2026
California enacted two complementary generative AI transparency statutes in September 2024. AB 2013 (signed September 28, 2024) requires developers of generative AI systems made available to Californians to publish documentation about training data. SB 942 (signed September 19, 2…
Colorado AI Act
Colorado SB 24-205, Consumer Protections for Interactions with Artificial Intelligence Systems
State regulation Compliance: June 30, 2026
Colorado SB 24-205, the Consumer Protections for Interactions with Artificial Intelligence Systems Act, signed May 17, 2024, is the first comprehensive US state AI law of general application. It imposes duties on developers and deployers of high-risk AI systems to protect Colorad…
EU AI Act
Regulation (EU) 2024/1689 on Artificial Intelligence (Artificial Intelligence Act)
International regulation Compliance: August 2, 2026
Regulation (EU) 2024/1689, the Artificial Intelligence Act, was published in the Official Journal on July 12, 2024 and entered into force on August 1, 2024. It is the world's first comprehensive AI law of horizontal application, structured as a risk-tiered framework: unacceptable…
Spotted a missing framework? Email brian@desired-path.com. We add frameworks as they affect attorney work and as primary sources can be cited.