Glossary term
Glossary term
Governance and Compliance
A maintained record of applicable AI, privacy, cybersecurity, sector, contractual, and internal requirements. It helps convert changing law and standards into owners, controls, evidence, and review dates. For mature teams, this register maps each obligation to a control owner, evidence source, review frequency, system scope, and change-monitoring trigger.
Tools such as OneTrust GRC, ServiceNow IRM, and LogicGate Risk Cloud are widely used to maintain regulatory obligation registers for AI laws.
The IAPP Global AI Law and Policy Tracker is a publicly available register mapping AI-related law across more than 60 jurisdictions.
Under ISO 42001 clause 4.2, organizations must determine interested parties and their requirements, which often becomes a regulatory obligation register in practice.