Frameworks

AI governance frameworks, explained.

Enterprise buyers no longer ask only about SOC 2. They ask how you govern AI - under ISO 42001, the EU AI Act, India’s DPDP Act, and NIST AI RMF. These plain-language guides explain each one and how to get ready. Map your evidence once, reuse it across all of them.

The guides

ISO 42001 →

The first international management-system standard for AI. Enterprise buyers increasingly ask for it. A 6-step readiness path.

EU AI Act →

The EU’s risk-tiered AI law, with extraterritorial reach. The four risk tiers, who it applies to, and a 5-step plan.

DPDP (India) →

India’s Digital Personal Data Protection Act - Rules gazetted Nov 2025. Who must comply, penalties, and a 5-step readiness plan.

Also referenced in reviews

NIST AI RMF: A voluntary US risk-management framework many enterprise buyers reference. Mitravan maps your evidence to it.
SOC 2 & ISO 27001: The information-security baselines most questionnaires assume. Reuse that evidence across AI frameworks instead of starting over.

All of this shows up inside security questionnaires. See how to answer them in minutes with security questionnaire automation.

These guides are general information, not legal or certification advice. Compliance is an organisational and legal outcome - Mitravan speeds up the operational work (AI inventory, framework mapping, audit-ready evidence) but does not replace counsel or an accredited auditor.

Map your frameworks once

15 minutes on a real questionnaire. See your evidence mapped across ISO 42001, the EU AI Act, and DPDP.

Book a 15-min call