Crosswalk Library/NIST AI RMF ↔ EU AI Act
ELDR Institute · Governance Crosswalk

Map NIST AI RMF 1.0 functions to EU AI Act 2024/1689 compliance requirements, enabling organizations with AI systems in both US and EU contexts to build a unified AI governance documentation architecture.

Scope & Applicability

NIST AI RMF 1.0 (GOVERN, MAP, MEASURE, MANAGE) mapped to EU AI Act requirements for high-risk AI systems including technical documentation (Article 11), risk management (Article 9), data governance (Article 10), human oversight (Article 14), and accuracy/robustness (Article 15).

Crosswalk Overview

NIST AI RMF and EU AI Act address the same governance problem from different angles. NIST AI RMF is voluntary and defines how organizations should govern AI risk. EU AI Act is binding regulation defining what documentation high-risk AI systems must have. For organizations subject to both: NIST AI RMF provides the governance architecture; EU AI Act specifies the mandatory documentation artifacts that architecture must produce.

Areas of Overlap
NIST AI RMF EU AI Act
NIST AI RMF GOVERNEU AI Act Arts. 9, 17, 26, 28
NIST AI RMF MAPEU AI Act Arts. 9, 10
NIST AI RMF MEASUREEU AI Act Arts. 9, 15, 72
NIST AI RMF MANAGEEU AI Act Arts. 9, 26, 72
Key Differences
Voluntary vs. Mandatory
NIST AI RMF is entirely voluntary. EU AI Act is binding law with penalties up to €35M or 7% of global annual turnover.
Risk Classification
NIST AI RMF does not classify AI systems by risk level. EU AI Act creates four tiers: prohibited, high-risk, limited risk, and minimal risk.
Technical Documentation
NIST AI RMF recommends documentation practices. EU AI Act Article 11 and Annex IV specify mandatory technical documentation content for high-risk systems.
Conformity Assessment
NIST AI RMF has no conformity assessment. EU AI Act high-risk systems require conformity assessment before market placement.
Geographic Scope
NIST AI RMF applies where adopted. EU AI Act applies to AI placed on the EU market regardless of provider location.
Evidence Requirements
NIST AI RMF Evidence
AI Governance Policy (GOVERN)
AI Risk Register (MAP)
Impact Assessment documentation (MAP)
Bias and fairness evaluation records (MEASURE)
Model performance documentation (MEASURE)
Incident response records (MANAGE)
Monitoring reports (MANAGE)
EU AI Act Evidence
Technical Documentation per Annex IV
Risk Management System documentation (Art. 9)
Data governance records (Art. 10)
Human oversight documentation (Art. 14)
EU AI Database registration
Declaration of Conformity
CE marking technical file
Control Mapping Table

Selected high-overlap control mappings. Full crosswalk documentation available on request.

NIST AI RMF Control EU AI Act Control
AI RMF GOVERN GV.OC (Organizational Context)
EU AI Act Art. 9 (Risk Management System)
AI RMF GOVERN GV.PO (Policy)
EU AI Act Art. 17 (Quality Management System)
AI RMF MAP MP.1 (Categorize)
EU AI Act Annex III (High-Risk Classification)
AI RMF MAP MP.2 (Scientific Basis)
EU AI Act Art. 10 (Data Governance)
AI RMF MEASURE MG.2 (Risk Evaluation)
EU AI Act Art. 15 (Accuracy & Robustness)
AI RMF MANAGE MG.4 (Risk Residual)
EU AI Act Art. 14 (Human Oversight)
AI RMF MANAGE MG.5 (Post-Deployment)
EU AI Act Art. 26 (Post-Market Monitoring)
Related Institute Research
ELDR Advisory

Multi-framework programs
require unified documentation.

Request an Engagement Discussion

Full Crosswalk Library →