Compliance readiness

Module 4

Why it matters

Even the best AI use case can unravel if it isn’t compliant. Whether your organization is subject to external regulations like the EU AI Act or simply needs to uphold its own ethical and operational standards, compliance must be embedded in the AI lifecycle, not treated as an afterthought.

This module equips you to evaluate your AI projects for compliance gaps, using a practical scorecard aligned to key frameworks: EU AI Act, GDPR, NIST and your internal governance policies.

Even if your use case doesn’t fall under formal regulation, Off-the-Books (OTB) risk assessments help ensure internal alignment, risk mitigation and long-term scalability.

Exercise: AI compliance scorecard

Want to learn how to approach the EU AI Act? Read this report from Forrester to get ahead.

Use the checklist below to assess your current or proposed AI use case:

Yes – fully addressed
In progress – partially addressed or underway
No – not addressed

Governance and oversight

1. Governance roles are clearly defined

Project is documented in a central system (e.g., Collibra)
Risk classification has been completed
Audit trail exists for key decisions

2. Data and model transparency

Data sources are documented and traceable
Data quality and bias have been assessed
The model is explainable to non-technical stakeholders
Output decisions can be reviewed and challenged

3. Regulatory alignment

Project has been assessed under the EU AI Act (if applicable)
Data privacy practices comply with GDPR or local laws
Internal policies on fairness, accountability and data retention are followed
A plan exists for model monitoring and retraining

(cont'd)

4. OTB risk awareness

Even if not “high-risk” or regulated, the use case has been reviewed for ethical and reputational risk
There is a fallback or escalation plan for unintended outcomes
Stakeholders are aware of the risk exposure, even in unregulated environments

Output: Compliance gap report

Review your scorecard. Where are you fully compliant? Where are you vulnerable?

Summarize your top 3–5 compliance risks and gaps. Then, create a simple action plan to close them, either by adapting processes, improving documentation or engaging relevant teams.

Pro tip: Collibra can help you track compliance across AI projects with centralized documentation, integrated policy templates and model lineage tracking—all mapped to regulatory standards like the EU AI Act.

Next step: In Module 5, you’ll turn all of this into an AI literacy roadmap and tie together training, governance and compliance into a strategic plan for responsible scaling.