EveryAILaw.comISO/IEC 38507 Governance of AI
Obligations Covered
Regulatory Crosswalk
Binding regulations that require the same obligations this standard addresses. Implementing this standard can help satisfy these regulatory requirements.
| Regulation | Jurisdiction | Shared Obligations |
|---|---|---|
| Brazil AI Bill (PL 2338/2023) | Brazil | 1 |
| California AB 3030 (AI in Health Care Services) | California | 1 |
| California SB 1120 (Physicians Make Decisions Act) | California | 1 |
| CMS Medicare Advantage AI Rule | United States | 1 |
| Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) | Council of Europe | 1 |
| Colorado Privacy Act Rules (4 CCR 904-3) | Colorado | 1 |
| Colorado ADMT (SB 24-205) | Colorado | 1 |
| Colorado ADMT Act (SB 26-189) | Colorado | 1 |
| EU AI Act | European Union | 1 |
| Law on Artificial Intelligence | Italy | 1 |
| AI Basic Act | South Korea | 1 |
| Artificial Intelligence Regulations 2025 | Malta | 1 |
| Federal Law on the Protection of Personal Data (LFPDPPP) — 2025 AI Provisions | Mexico | 1 |
| QCB Artificial Intelligence Guideline | Qatar | 1 |
| UK Data Protection Act 2018 — Automated Decision-Making | United Kingdom | 1 |
| Utah AI Policy Act (stack — SB 149 + 2025 + 2026 amendments) | Utah | 1 |
| Law on Artificial Intelligence | Vietnam | 1 |
Provisions (1)
Board-Level AI Governance #
ISO/IEC 38507 is the only international standard specifically addressed to governing bodies (boards, executives) rather than technical teams — directing boards to evaluate, direct, and monitor AI use. As regulators increasingly hold organisations accountable at the board level for AI governance, this standard defines what board-level AI oversight looks like.
Requirements
| Requirement | Details |
|---|---|
| Governing body responsibility | Boards and governing bodies must evaluate, direct, and monitor the organisation's use of AI |
| Effective use | Ensure AI is used effectively to fulfil organisational objectives |
| Efficient use | Ensure AI use delivers value proportionate to resources and risks |
| Acceptable use | Ensure AI use complies with applicable laws, regulations, and ethical expectations |
| AI governance framework | Establish governance structures for oversight of AI across the organisation |
| Accountability assignment | Assign clear accountability for AI-related decisions and outcomes at executive level |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Voluntary — no binding enforcement mechanism |