90 Days to Compliance: Are You Ready for the Next Phase of the EU AI Act?
The EU AI Act's August 2, 2026 deadline is 90 days away. Here's what most organizations missed in their AI inventory, and how to close the gap in time.
Find flaws in AI Systems
Find flaws in web, mobile, and IoT applications.
Live-fire exercises to sharpen detection and response.
Time-boxed security assessments across networks, apps, and infrastructure.
Simulated attacks to test detection and incident response.
Named security experts integrated seamlessly into your team.
Real-time detection and automated threat response.
24x7 monitoring and response by expert analysts.
Detection-focused SIEM migration without visibility gaps.
UltraViolet's proprietary AI platform powering all application penetration testing.
Unified security platform powering all UV services.
Cross-platform toolkit for advanced red team ops.
UltraViolet Cyber provides security services across the AI lifecycle, combining strategy, threat modeling, adversarial testing, monitoring, and training to support secure AI adoption.
Learn how a major U.S. airport operator achieved 24/7 threat detection, improved security maturity, and ...
Secure your code, infrastructure, and deployment pipelines before attackers exploit them.
Three-quarters of companies have an AI policy. Few have a governance program. Here's why the NIST AI RMF is the framework to ...
AI Governance by DesignAn Architecture-Aware Approach for Embedding Governance into AI Systems
UltraViolet Cyber is a practitioner-led MSSP delivering offensive and defensive security to Global 2000 and Federal clients. Built by former intelligence operators, we unify application security, red teaming, detection, and engineering under one roof. Our UV Lens platform replaces silos with integrated, outcome-driven operations.
AI has entered the enterprise faster than any technology in history. Chatbots, coding assistants, and copilots are being introduced at a record pace, and they are delivering real gains with work compressed, decisions accelerated, and whole categories of manual effort automated away. The governance built to keep pace with all of it, though, is lagging, and often by a wide margin. These new capabilities are added quickly, but the oversight arrives later, if at all.
The statistics bear this out. While three out of four organizations now have an AI usage policy, only about a third have a governance framework behind it, and fewer than half monitor the systems already running in production (Pacific AI, 2025). McKinsey's most recent State of AI survey found that 28% of organizations say their CEO is directly responsible for AI governance and 17% say their board is (McKinsey, 2025). Economist Impact put the share of organizations maintaining what they would call a comprehensive governance framework at 8% (Economist Impact, 2025). And the gap is widening, not closing: Deloitte's 2026 survey found 74% of organizations plan to deploy agentic AI within two years, but only about one in five have a mature model for governing the autonomous agents they intend to run (Deloitte, 2026). Read together, these are not the statistics of an industry that lacks policies, they are the statistics of an industry that has confused having a policy with being governed.
Closing that gap is not a matter of adding another tool or tightening a few controls, it is a matter of building a governance program, the standing structure of ownership, assessment, controls, and oversight that keeps pace with what the organization has actually deployed. A program is what turns intent into practice, and most organizations have not built one.
The practical question, then, is not whether to govern AI but how, and that turns on which framework the program is built upon. A program needs a backbone that is recognized beyond the organization that adopted it, one regulators reference, auditors accept, and other enterprises are converging on, because a framework no one outside the building recognizes governs only until the first regulator, auditor, or customer asks it to prove something. Fortunately, that recognized framework already exists.
The National Institute of Standards and Technology published its AI Risk Management Framework in 2023, and it has since become the most widely recognized AI governance framework in the United States, particularly among technical leaders (Pacific AI, 2025). That recognition is not an accident of marketing, it follows a path NIST has blazed before. The Cybersecurity Framework (CSF) began in 2014 as voluntary guidance for critical-infrastructure operators and, within a decade, became the structure that regulators referenced, insurers priced against, and enterprises across every sector adopted as the default. The AI RMF is on the same trajectory, and a program built on the reference everyone else is converging toward inherits an interoperability that a program built on a private taxonomy never will.
Recognition is the reason to take the RMF seriously, but design is the reason it works. The RMF is not a checklist of controls or a static list of obligations. It rests on four functions: Govern, Map, Measure, Manage. These are actions an organization performs, and a framework built on actions operationalizes in a way one built on artifacts does not, whether that artifact is a signed policy, a completed questionnaire, or a certificate on the wall. That distinction is exactly where the alternatives sit differently rather than wrongly.
The RMF is not the only guidance organizations might consider, and the others are worth mentioning. ISO/IEC 42001 is a management-system standard an organization can certify against, but a certificate attests that the apparatus exists, not that it governs anything when an engineer turns on a new tool. The EU AI Act is law, not an operating model; it tells an organization which systems are high-risk and what it must do about them, but not how to run the program that produces compliance. Homegrown frameworks, another common path, carry neither the recognition that lets a program prove itself to outsiders nor interoperability with anyone else's.
None of these compete with the RMF so much as complement it. The management standard certifies the apparatus, the law defines the obligations, and the RMF is the operating spine that makes both demonstrable in practice. It earns that role because it does the one thing the others cannot: it tells an organization not just what to govern, but how to actually do it.
The four functions do not change as the stakes rise, only their depth does. The same functions that govern a writing assistant govern a model that grants or denies credit and a system standing watch over critical infrastructure; what deepens is the rigor of the assessment, the strength of the controls, and the constancy of the oversight. What follows is what each function asks of an organization, and the test for each is the same: not whether it has been written down, but whether it is actually being done.
Govern decides who is accountable and what the rules are, and it begins with a correction most organizations have not made. The instinct is to treat AI as a technical matter and hand its risks to whoever runs the tool. The outcomes these systems produce, though, arise from data, models, people, and context acting together, and no single technical owner sits across all four. AI risk is enterprise risk, and it belongs on the same footing as financial, legal, and operational risk, owned at leadership level and treated as continuous rather than episodic.
The 28% and 17% figures mentioned previously are a Govern failure in their purest form: ownership written into an org chart but not exercised. Govern is performed when a named leader carries the consequence of a bad outcome, when a cross-functional body holds standing authority to halt a deployment rather than merely advise on one, and when approval is a precondition for going live rather than a memory of something that happened once at launch. A model that screens applicants is simultaneously a legal question, a fairness question, a security question, and a business question. Routing it through any single function guarantees the other three are absent when it matters.
Map finds what the organization has and what it touches, and it is the function organizations skip most reliably, because the work feels as though it should be unnecessary. Surely an organization knows what software it runs. Unfortunately, it does not, because AI did not arrive through procurement with a security review attached to it. Quite often, it arrived one expensed subscription at a time, and much of it arrived switched on inside tools the organization already owned, enabled by default and announced in a release note nobody read. The result is the condition now called shadow AI, and it means the person nominally accountable cannot answer the question everything else depends on: what are we running?
Mapping covers both parts of the portfolio: what is already in production, surfaced through identity logs, expense records, and network data rather than surveys alone, and the pipeline of systems being built and piloted but not yet live. The pipeline matters just as much, because a rights or safety-impacting system is far cheaper to catch before it ships than after. And the inventory is a living record, not a one-time spreadsheet. The finding that fewer than half of organizations monitor deployed systems for drift or misuse (Pacific AI, 2025) is, at root, a Map that was performed once and never refreshed. A map of a living portfolio, taken once and filed, is a snapshot of something that has already changed.
Measure judges how much risk each system carries, and it is the first act of proportion. Systems differ enormously in what their failure costs, and the governance must differ with them. Wrapping a spam filter in the machinery a credit model requires is not diligence; it is waste, and the waste is not free, because rigor spent on the harmless system is rigor stolen from the dangerous one.
Grading is not a guess, it is one assessment applied to every system the same way, weighing how severe a failure would be and who would bear it, how sensitive the data is, how exposed the organization is to regulation, and how governable the system is in the first place; whether its outputs can be explained or only observed, whether a tester checks its decisions before they take effect, what it exposes. The discipline is consistency, the same questions asked of every system, producing a grade that can be defended when a regulator later asks how the organization decided. The tiers that result map cleanly onto the risk categories the EU AI Act already defines, which is part of why the analytical work transfers across jurisdictions even as the legal language does not.
Manage installs the controls, proportioned to the risk tier determined for each system. For the low-risk majority they are modest and procedural: access scoped to who needs it, data handled the way the policy promised, logging on so a record exists. Generative tools earn a few guardrails proportionate to how they fail, chiefly that the person using an output is responsible for checking it before it becomes a business record. Where outputs carry more weight, a review step sits in front of the consequential decision.
These controls govern only if they reach the moments where AI is actually used, written in the vocabulary of those moments and integrated with the privacy and security processes the organization already runs, because governance that fights the daily work loses to the daily work every time. None of this has to be built from scratch. A mature tooling layer already exists to carry the load: AI asset discovery and shadow-AI detection to find what is running, AI security posture management (AISPM) and data security posture management (DSPM) to assess and monitor it, and governance platforms to enforce the gate that clears a deployment before it goes live and again before it scales. While the framework defines the discipline, the tooling sustains it.
The pressures are all moving in the same direction. AI incidents are becoming more frequent, not less. The EU AI Act applies extraterritorially, which means any organization with European exposure already carries an obligation to classify every AI system it operates, whether it has recognized that obligation or not, and other jurisdictions are moving in the same direction. The recurring crisis underneath all of it is the adoption-capability gap: organizations are deploying faster than they are building the oversight to manage what they have deployed, and the data on policies without programs is simply that gap measured.
What makes the gap closable is that the hard architectural work is done. The framework exists, it is recognized, it maps to the standard and the law, and it was built to be performed rather than filed. Choosing it is not the work, doing it is. Governance that cannot produce evidence that its controls actually hold cannot sustain the trust a public-facing system exists to build, and a framework adopted on paper produces no such evidence. The policy was never the program, the practice is.
There is a question every AI governance effort eventually runs into, and most organizations cannot answer it: where does our governance actually stand against the four functions, not on paper but in practice? Knowing that the RMF is the right framework does not tell an organization which of its functions are performed, which are merely documented, and which are absent. Establishing that baseline is where the work begins, because a program can only improve what it has honestly assessed.
This is the work UltraViolet Cyber does. An AI RMF Maturity Assessment applies the framework’s own Map function to the organization itself, surfacing where Govern, Map, Measure, and Manage are exercised and where they stop at the org chart, and producing a graded baseline that can be defended when a regulator later asks how the organization decided. From there the engagement scales to the gap: standing up a full governance program built on the RMF, or operationalizing the specific functions an organization has not yet made real. The framework supplies the architecture, we supply the practitioners who turn it into the discipline.
The framework provides the architecture, experienced practitioners bring the judgment, and the two together turn a recognized standard into a working program. The organization that implements these principles now will be governing its AI, not hoping it behaves.
Deloitte. (2026). State of AI in the enterprise, 2026. Deloitte Insights.
Economist Impact. (2025). The future of work study (in partnership with Kyocera). The Economist Group.
McKinsey & Company. (2025). The state of AI in 2025: Agents, innovation, and transformation.
Pacific AI. (2025). 2025 AI governance survey.
We’re here to help. Get in touch for an initial conversation with one of our security experts and learn more about how UltraViolet Cyber can help you take cyber readiness and resilience to new levels.