NIST AI Risk Management Framework
The US-issued, internationally adopted reference for identifying and governing AI risk across the system lifecycle.
The US National Institute of Standards and Technology's framework for AI risk across a system's full lifecycle. Four functions: Govern, Map, Measure, Manage. Voluntary and non-prescriptive — the de facto international reference even outside the US.
Use case
A structured way to document AI risk without locking into one control set — useful where ISO 42001 is the destination but the team isn't ready for it yet.
How Far West applies it
Anchors risk-identification in Integration and Advisory; used in Discovery to flag where AI risk is real versus theoretical.
nist.gov · AI Risk Management Framework ISO/IEC 42001
The international management system standard for AI — the audit-ready structure for governed AI use.
The international management-system standard for AI (2023) — the AI equivalent of ISO 9001 or ISO 27001. It specifies the structure for governed, audit-ready AI use: policy, accountability, lifecycle controls, continuous improvement.
Use case
Boards, regulators, and enterprise clients increasingly ask "show me how you govern AI." 42001 is the certifiable answer.
How Far West applies it
The management-system layer above risk identification — it keeps AI governance from drifting after launch: quarterly reviews, documented controls, defined ownership.
iso.org · ISO/IEC 42001:2023 AIA — Algorithmic Impact Assessment (Canada)
Canada's Algorithmic Impact Assessment (AIA) — a structured way to classify AI systems by potential impact.
The assessment tool under Canada's Treasury Board Directive on Automated Decision-Making. The AIA classifies federal automated-decision systems by potential impact on rights and services — distinct from AIDA, the separate Artificial Intelligence and Data Act.
Use case
Classifying AI systems by impact before deployment — how much harm if it's wrong, and how reversible is it?
How Far West applies it
Borrowed from the public sector as a private-sector impact lens: what the system decides, who's affected, what's reversible — portable across sectors.
canada.ca · Algorithmic Impact Assessment OSFI Guideline E-23 — Model Risk Management
Canada's banking regulator guideline for model risk management — including ML and AI models.
Canada's OSFI guideline for model risk management. The updated E-23 (final 2025, in force May 2027) sets expectations for how federally regulated financial institutions identify, validate, and govern model risk, including ML and AI: validation, monitoring, model inventory, defined ownership.
Use case
In regulated industries — banks, insurers, asset managers — AI models are inheriting model-risk-management expectations, and E-23 is one of the better-articulated references.
How Far West applies it
Engagements with financial-sector clients lean on E-23's posture even when the client isn't OSFI-regulated. The discipline is portable.
osfi-bsif.gc.ca · Guideline E-23 EU AI Act, Article 4 — AI Literacy
In force since February 2025 — organizations operating in the EU must ensure sufficient AI literacy among their staff.
The EU's AI regulation (Regulation 2024/1689), in force since August 2024. Article 4 obligates providers and deployers to ensure a sufficient level of AI literacy among their staff, applying from 2 February 2025. It carries no standalone fine, though non-compliance can compound penalties for other breaches under the Act's enforcement regime.
Use case
For any organization operating in the EU — or with EU-based staff, customers, or vendors — AI literacy training is now a regulatory requirement.
How Far West applies it
Training pathways are designed to satisfy Article 4 literacy requirements — documented curriculum, role-appropriate depth, evidence of completion.
eur-lex.europa.eu · Regulation (EU) 2024/1689 US DOL AI Literacy Framework
Five federally defined competency areas for AI-literate workers in the US (February 2026).
The US Department of Labor's competency framework for workforce AI literacy (February 2026) — a federal reference for what AI-literate worker means, across five core areas. The US counterpart to EU AI Act Article 4, but guidance, not regulation.
Use case
US employers now have a federal taxonomy to align training against — useful for procurement, HR documentation, and government-contract reporting.
How Far West applies it
Aligns training to the five DOL competency areas so US clients can report against a recognized framework.
dol.gov · AI Literacy Framework (2026) Singapore Model AI Governance Framework
The leading APAC AI governance framework — issued by Singapore's IMDA and PDPC.
Singapore's government-issued AI governance framework, from the IMDA and the Personal Data Protection Commission (PDPC), with the AI Verify Foundation now stewarding its testing toolkit and GenAI edition. Principle-based and voluntary. Widely referenced across APAC.
Use case
Gives APAC clients a governance reference anchored in their region — often the de facto reference for cross-border work in Singapore, Malaysia, Hong Kong, or Indonesia.
How Far West applies it
Adds APAC-anchored governance alongside the North American and European frameworks Far West already works from.
pdpc.gov.sg · Model AI Governance Framework (2nd ed., PDF) OECD AI Principles
The first intergovernmental AI standard. The baseline behind most national and regional AI policy.
The first intergovernmental AI standard, adopted in May 2019. Five values-based principles — inclusive growth, human-centred values, transparency, robustness, accountability — plus five recommendations for governments. Most national AI strategies, including the EU, US, Japan, Singapore, and Canada, trace back to it.
Use case
The "everyone agreed on this" baseline before jurisdiction-specific detail — useful for explaining why national frameworks share a shape.
How Far West applies it
Establishes that the practice operates from internationally aligned principles, not jurisdiction-specific accident.
oecd.ai · OECD AI Principles 
