Skip to content
Literature
EN

Governance, risk, and compliance frameworks for AI Security: A review of emerging standards and challenges

Abimbola Filani, Jochebed Akoto Opoku — Magna Scientia Advanced Research and Reviews

Magna Scientia Advanced Research and Reviews
DOI

Content

Artificial intelligence (AI) adoption is accelerating across industries, introducing novel governance, risk, and compliance (GRC) challenges that traditional cybersecurity frameworks cannot fully address. Standards such as ISO/IEC 27001 and the NIST Risk Management Framework safeguard IT assets but do not comprehensively mitigate AI-specific risks like adversarial attacks, model drift, and ethical concerns such as fairness and accountability. This gap raises critical questions about how organizations can govern AI responsibly while maintaining security and compliance. This paper reviews emerging AI-GRC frameworks and regulations, including the OECD AI Principles, ISO/IEC 42001, the NIST AI Risk Management Framework, and the EU AI Act, alongside industry standards from Microsoft, Google, and IBM. Through comparative analysis, we examine how these frameworks address governance structures, risk assessment methodologies, compliance mechanisms, and transparency requirements. We also explore integration strategies with existing cybersecurity and enterprise risk models. Our findings reveal a fragmented ecosystem with overlapping principles but inconsistent enforcement and technical depth. While global standards emphasize values such as transparency and accountability, operational guidance on adversarial robustness and lifecycle risk monitoring remains limited. The review identifies best practices for embedding GRC into AI development pipelines, including continuous monitoring, documentation artifacts, and risk-tiering strategies. It also highlights gaps in interoperability, audit tooling, and liability regimes. This research speaks to policymakers, compliance officers, cybersecurity professionals, and AI developers seeking harmonized governance approaches. Future work should prioritize unified audit standards, empirical evaluation of governance effectiveness, and integration of AI risk metrics into ESG reporting to ensure trustworthy and sustainable AI deployment.

Similar Content