AI600: AI Governance, Risk & Compliance for Executives UPDATE

Agenda:

• The EU AI Act - Understanding the New Regulatory Reality
  • Introduction & Context
    • Fundamental Principles & Objectives
    • The Risk Classification System
    • Timeline & Enforcement
    • Penalties
  • Case Study evaluation: Risk Categorisation & Role Definition
  • Hands-on: Participants classify the AI systems based on the Case Study (plus optional: use cases from own professional experiences)
    
    
• Focus: High-risk AI
  • EU AI Act Articles 8-15: What compliance actually entails
  • Technical documentation requirements (Annex IV walkthrough)
  • Data governance and quality requirements
  • Hands-on: Map compliance requirements to case study high-risk system
    
    
• Related Regulation & EU Omnibus on AI
  • AI Liability Framework
    • Current status & regulatory gaps
  • Regulatory Ecosystem
    • GDPR intersection: Automated decision-making (Art. 22), data protection by design
    • Sector-specific overlays: Financial services (DORA, MiFID), healthcare (MDR, IVDR), critical infrastructure
    • Cybersecurity Act & NIS2: Security requirements for AI systems
    • Digital Services Act: Platform responsibilities for AI-generated content
  • The AI Omnibus Package
    • Which amendments are proposed – and what they would mean
  • Discussion: Identifying your organization's regulatory intersection points
    
    
• ISO42001 as an enabler
  • Why ISO 42001 Matters for AI Act Compliance
  • Core Components of ISO 42001
  • Mapping ISO to EU AI Act
  • Positioning ISO 42001
• NIST AI RMF as a translator
  • Why NIST AI RMF for EU AI Act Compliance
    • The Four Core Functions: GOVERN; MAP; MEASURE; MANAGE
  • Operationalizing Risk Assessment
  • NIST as a Common Language
  • Practical Application Preview
    
    
• Governance Structure Design
  • Governance requirements: Roles, responsibilities, accountability
  • Organizational models: Centralized AI Office vs. distributed ownership
  • Policy framework essentials
  • Hands-on: Design case study organization's AI governance operating model
    
    
• Deep Dive 1: Operationalizing Risk Management
  • NIST AI RMF deep dive: Map, Measure, Manage, Govern functions
  • EU AI Act conformity assessment process
  • Fundamental Rights Impact Assessment (FRIA) methodology
    
    
• Deep Dive 2: Documentation & Transparency
  • Technical documentation packages (Art. 11)
  • Transparency obligations and user information requirements
  • Record-keeping and logging requirements
  • Hands-on: Create documentation framework for case study high-risk system
    
    
• Deep Dive 3: Post-Market Monitoring & Incident Management
  • Ongoing monitoring requirements
  • Incident reporting obligations
  • Modification and substantial change assessment
  • Hands-on: Design post-market monitoring plan for case study organization
    
    
• Your Compliance Roadmap
  • Third-party and supplier governance (addressing external AI tools in case study)
  • Conformity assessment pathways and notified body engagement
  • Change management and stakeholder communication
  • Hands-on: Participants work on their own organization's compliance roadmap & apply case study learnings to their context
    
    
• Wrap-up & Action Planning
• Key takeaways
• Resource kit and next steps
• Q&A and peer learning

Objectives:

• classify the EU AI Act and apply it to your own organization
• classify AI systems according to risk and identify High-Risk AI systems
• implement key compliance requirements in a practical manner
• assess requirements for technical documentation and data governance
• identify regulatory overlaps with GDPR, NIS2, DORA, MDR, and IVDR
• use ISO/IEC 42001 and the NIST AI RMF for effective AI governance
• define AI governance structures, roles, and responsibilities within the organization
• classify requirements for FRIA, transparency, logging, post-market monitoring, and incident management
• develop a compliance roadmap for your own organization

Target audience:

• CISO
• Senior IT managers
• AI decision-makers
• GRC strategists

Prerequisites:

Description:

This two-day training course, AI600 AI Governance, Risk & Compliance for Executives, provides practical guidance on how organizations can systematically classify the requirements of the EU AI Act and translate them into robust governance, risk, and compliance structures. The focus is on the regulatory requirements for AI systems, particularly High-Risk AI, and their practical implementation using a continuous case study.

Participants learn how the requirements of the EU AI Act intersect with related regulations such as GDPR, NIS2, DORA, MDR, and IVDR, and what implications this creates for their own organization. In addition, the course shows how ISO/IEC 42001 can be used as a governance framework and the NIST AI Risk Management Framework (AI RMF) as an operational model to translate regulatory requirements into practice in a structured way.

Further focal points of the course AI600 AI Governance, Risk & Compliance for Executives include the establishment of appropriate AI governance structures, the definition of roles and responsibilities, the implementation of requirements for risk management, FRIA, technical documentation, transparency, logging, post-market monitoring, and incident management, as well as the development of an initial compliance roadmap for the participant’s own organization. Hands-on exercises and transfer tasks support the direct application of the taught content to specific use cases.

Other Info: