Unorma

Resources

Compliance, without the jargon

Practical guidance on AI compliance, governance and risk management — written by practitioners who build and audit these programs, not by marketers.

  • AI Compliance Software
  • EU AI Act
  • ISO 42001
  • NIST AI RMF
  • AI Risk Management
  • AI Governance
  • White Label GRC

EU AI Act

EU AI Act

EU AI Act Deadlines in 2026 and 2027: What the Digital Omnibus Actually Changed

In May 2026, EU lawmakers provisionally agreed to delay the AI Act's high-risk deadlines. Here's exactly what changed, what didn't, and what's legally binding today.

Jasper Claes
Jasper Claes · Jun 22, 2026 · 10 min read

ISO 42001

ISO 42001

ISO 42001 Certification Requirements: The Complete Checklist

ISO 42001 has 10 clauses and 38 Annex A controls. This is the complete, plain-language checklist for what you actually need to have in place before your audit.

Zofia Kubiak
Zofia Kubiak · Jun 29, 2026 · 13 min read

NIST AI RMF

NIST AI RMF

The NIST AI RMF Playbook Explained: Govern, Map, Measure, Manage

Govern, Map, Measure, Manage — the NIST AI RMF's four functions sound simple. Here's what each one actually requires you to do, with the playbook's real structure.

Zofia Kubiak
Zofia Kubiak · Jul 1, 2026 · 12 min read

AI Risk Management

AI Risk Management

AI Risk Management: A Practical Framework for Getting Started

Most AI risk registers fail because they copy generic IT risk templates. Here's a framework built for how AI systems actually fail, with a register you can use today.

Jasper Claes
Jasper Claes · Jul 3, 2026 · 11 min read

AI Governance

AI Governance

AI Governance Tools Explained: What They Do and How to Structure a Program Around Them

AI governance tools are often confused with AI compliance software, model monitoring, or MLOps. Here's a precise breakdown of what governance tooling actually does — and how to build a program around it.

Jasper Claes
Jasper Claes · Jun 12, 2026 · 17 min read

White Label GRC

White Label GRC

White Label GRC Software: The Complete Guide for Consultancies and Auditors

White label GRC software lets consultancies sell compliance delivery under their own brand instead of reselling someone else's. Here's how the model works, what it costs, and how to launch a practice on it.

Jasper Claes
Jasper Claes · Jun 17, 2026 · 16 min read

ISO 42001

ISO 42001

ISO 42001 Certification Software: How It Actually Speeds Up Your Audit

Software doesn't get you ISO 42001 certified — your organization does. But the right software removes months of manual evidence-wrangling from the process. Here's exactly where it helps and where it can't.

Zofia Kubiak
Zofia Kubiak · Jun 24, 2026 · 16 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Software: Automating Govern, Map, Measure and Manage at Scale

The NIST AI RMF is a voluntary framework with no software of its own — which is exactly why the market for RMF-mapped software exists. Here's what good implementations actually automate.

Zofia Kubiak
Zofia Kubiak · Jul 4, 2026 · 16 min read

EU AI Act

EU AI Act

EU AI Act High-Risk AI Systems: The Full Compliance Checklist

If your AI system falls into one of the EU AI Act's 8 high-risk categories, articles 8 through 15 apply in full. Here's every obligation, organized into a checklist you can actually use.

Jasper Claes
Jasper Claes · Jul 6, 2026 · 18 min read

AI Compliance Software

AI Compliance Software

AI Compliance Software Buyer's Guide: 15 Features That Actually Matter

Every AI compliance vendor claims to do everything. This buyer's guide breaks down the 15 features that actually determine whether a platform will work for you, and how to test each one before you sign.

Jasper Claes
Jasper Claes · May 15, 2026 · 18 min read

AI Governance

AI Governance

AI Governance Framework: How to Structure Your Program in 2026

Most 'AI governance framework' guides describe principles. This one describes the actual org chart, policy stack and review cadence you need to run a program that works.

Jasper Claes
Jasper Claes · May 20, 2026 · 19 min read

AI Risk Management

AI Risk Management

How to Build an AI Risk Register (With a Working Template)

Most AI risk register templates are generic IT risk sheets with a new title. Here's a field-by-field walkthrough of one built specifically for how AI systems fail, with worked examples.

Jasper Claes
Jasper Claes · May 26, 2026 · 17 min read

EU AI Act

EU AI Act

EU AI Act Fines: What They Are and How to Actually Avoid Them

€35M or 7% of global turnover sounds abstract until you understand how EU AI Act fines actually get calculated and enforced. Here's the real mechanics, and how to stay out of them.

Jasper Claes
Jasper Claes · Jun 10, 2026 · 16 min read

White Label GRC

White Label GRC

How Consultancies Use White Label GRC Software to Scale Client Delivery

Scaling a compliance consultancy past a handful of clients requires more than good advisors — it requires restructuring how delivery actually works. Here's how firms do it with white label GRC software.

Jasper Claes
Jasper Claes · Jun 15, 2026 · 18 min read

ISO 42001

ISO 42001

ISO 42001 vs. ISO 27001: What's the Difference?

ISO 42001 and ISO 27001 share the same management-system DNA, but they're not the same standard wearing a different label. Here's exactly where they overlap and where they diverge.

Zofia Kubiak
Zofia Kubiak · Jun 19, 2026 · 17 min read

ISO 42001

ISO 42001

Best ISO 42001 Software Features: A Practical Evaluation Guide

Every ISO 42001 vendor demo looks impressive. Here's a practical evaluation framework — including the exact questions to ask and a scoring rubric — to see past the demo script.

Zofia Kubiak
Zofia Kubiak · Jun 26, 2026 · 18 min read

NIST AI RMF

NIST AI RMF

How to Implement the NIST AI RMF: A Step-by-Step Playbook

Understanding the NIST AI RMF's four functions is the easy part. Actually implementing them across a real organization is where most programs stall. Here's a concrete, staged playbook.

Zofia Kubiak
Zofia Kubiak · Jun 30, 2026 · 19 min read

NIST AI RMF

NIST AI RMF

How to Choose NIST AI RMF Software: Key Capabilities

Plenty of platforms now claim NIST AI RMF alignment. Here's how to tell which ones actually map to the framework's structure, and which just added it to a features page.

Zofia Kubiak
Zofia Kubiak · Jul 5, 2026 · 17 min read

AI Risk Management

AI Risk Management

AI Risk Assessment: A Step-by-Step Methodology

A good AI risk assessment isn't a form you fill out once — it's a repeatable methodology. Here's a step-by-step process you can apply consistently across every AI system you own.

Jasper Claes
Jasper Claes · Apr 16, 2026 · 17 min read

AI Compliance Software

AI Compliance Software

Best AI Compliance Software in 2026: How to Evaluate Vendors

'Best' depends entirely on your framework mix, team size and delivery model. Here's how to build a shortlist and evaluate it fairly, instead of chasing a generic top-10 list.

Jasper Claes
Jasper Claes · Apr 18, 2026 · 7 min read

AI Governance

AI Governance

AI Governance Tools for Enterprise: Build vs. Buy

Enterprise engineering teams can build almost anything — the real question is whether they should. Here's a clear-eyed framework for the AI governance build-vs-buy decision.

Jasper Claes
Jasper Claes · Apr 19, 2026 · 7 min read

AI Risk Management

AI Risk Management

AI Risk Management Software: What to Look For

Plenty of software claims to manage AI risk. Here's what to actually look for — and the questions that reveal whether a platform understands AI-specific risk at all.

Jasper Claes
Jasper Claes · Apr 20, 2026 · 7 min read

EU AI Act

EU AI Act

EU AI Act Compliance Software: What It Is and Who Needs It

Not every AI compliance tool understands the EU AI Act's specific structure. Here's what EU AI Act compliance software actually needs to do, and who needs it most urgently.

Jasper Claes
Jasper Claes · Apr 22, 2026 · 7 min read

White Label GRC

White Label GRC

White Label vs. Reseller GRC Models: Which Fits Your Agency?

Both models let you sell GRC software to clients — but they trade brand control, margin and effort very differently. Here's how to pick the one that fits your agency.

Jasper Claes
Jasper Claes · Apr 23, 2026 · 7 min read

ISO 42001

ISO 42001

How Long Does ISO 42001 Certification Take? A Realistic Timeline

Vendor marketing says weeks. Reality says months. Here's a realistic, stage-by-stage ISO 42001 certification timeline, and the specific factors that move it in either direction.

Zofia Kubiak
Zofia Kubiak · Apr 25, 2026 · 7 min read

ISO 42001

ISO 42001

From Gap Analysis to Certificate: Using Software to Run Your ISO 42001 Project

Most ISO 42001 guides describe the standard. This one describes the project — how gap analysis, document generation and evidence tracking chain together into a certificate.

Zofia Kubiak
Zofia Kubiak · Apr 26, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF vs. EU AI Act: Mapping the Two Frameworks

One is voluntary US guidance; the other is binding EU law. Here's exactly where the NIST AI RMF and the EU AI Act overlap enough to share evidence, and where they don't.

Zofia Kubiak
Zofia Kubiak · Apr 28, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Software vs. Manual Spreadsheets: A Real Cost Comparison

Spreadsheets are free until you count the hours. Here's a grounded, line-item comparison of what NIST AI RMF implementation actually costs on spreadsheets versus software.

Zofia Kubiak
Zofia Kubiak · Apr 29, 2026 · 7 min read

AI Risk Management

AI Risk Management

Third-Party AI Risk Management: Managing Vendor and Model Risk

You can't inspect a vendor's training data or model weights — but you can still manage the risk they introduce. Here's how, with a due-diligence checklist you can use today.

Jasper Claes
Jasper Claes · Apr 30, 2026 · 7 min read

AI Compliance Software

AI Compliance Software

Building a Business Case: The ROI of AI Compliance Software

'Compliance' rarely wins budget on its own. Here's how to build a business case for AI compliance software that finance and leadership actually approve.

Jasper Claes
Jasper Claes · May 2, 2026 · 7 min read

AI Compliance Software

AI Compliance Software

AI Compliance Software vs. Spreadsheets: Why Manual Tracking Fails at Scale

Spreadsheets work fine for one AI system and one framework. Here's exactly where — and why — they stop working as both multiply.

Jasper Claes
Jasper Claes · May 3, 2026 · 7 min read

AI Governance

AI Governance

Top AI Governance Tools Compared: Feature Checklist

Instead of a ranked top-10 list that goes stale in a quarter, here's a feature checklist you can use to compare any AI governance tools yourself.

Jasper Claes
Jasper Claes · May 4, 2026 · 7 min read

EU AI Act

EU AI Act

How to Choose EU AI Act Compliance Software: 12 Questions to Ask Vendors

Twelve questions, asked in writing, that separate vendors who understand the EU AI Act's actual structure from those who've added it to a features page.

Jasper Claes
Jasper Claes · May 6, 2026 · 7 min read

White Label GRC

White Label GRC

Launching a Compliance Practice on White Label GRC Software: A Playbook

A step-by-step playbook for the first 90 days of launching a compliance practice on white label software — from brand setup to your first paying clients.

Jasper Claes
Jasper Claes · May 7, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 Audit: What Auditors Actually Look For

Auditors aren't grading your paperwork's writing quality — they're checking for specific evidence patterns. Here's what they actually look for, stage by stage.

Zofia Kubiak
Zofia Kubiak · May 9, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 for Startups: Is Certification Worth It Yet?

Certification is expensive in time a startup often doesn't have. Here's a candid framework for deciding whether ISO 42001 is worth it yet — or worth waiting on.

Zofia Kubiak
Zofia Kubiak · May 10, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 Documentation Templates You Actually Need (And How Software Generates Them)

Not every ISO 42001 document needs to be written from scratch. Here are the templates you actually need, and how software should draft the first version of each.

Zofia Kubiak
Zofia Kubiak · May 11, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Profiles: Building Your Organization's Risk Profile

A NIST AI RMF 'profile' sounds abstract until you build one. Here's exactly what fields it needs and a worked example of a current-vs-target profile.

Zofia Kubiak
Zofia Kubiak · May 13, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

Implementing NIST AI RMF Software: A 30/60/90 Day Rollout Plan

Buying NIST AI RMF software is the easy part. Here's a concrete 30/60/90-day plan for actually rolling it out without stalling after the first system.

Zofia Kubiak
Zofia Kubiak · May 14, 2026 · 7 min read