What the Mandate Requires
The NIST AI Risk Management Framework 1.0 establishes four core functions: GOVERN (establishing organizational accountability), MAP (identifying and categorizing AI risks), MEASURE (analyzing and assessing risks), and MANAGE (prioritizing and treating risks). OMB M-24-10 requires federal agencies to designate a Chief AI Officer, conduct AI use case inventories, and conduct impact assessments for rights-impacting or safety-impacting AI. Executive Order 14110 requires safety and security testing for high-capability AI models.
| Statutory Reference | Requirement |
|---|---|
| NIST AI RMF 1.0 | AI Risk Management Framework GOVERN, MAP, MEASURE, MANAGE functions for responsible AI deployment |
| OMB M-24-10 | Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence |
| EO 14110 | Safe, Secure, and Trustworthy Artificial Intelligence — safety and security testing requirements |
| ISO/IEC 42001:2023 | International standard for AI management systems — de facto enterprise governance benchmark |
| FTC Act § 5 | Unfair or deceptive acts or practices — applicable to AI-driven consumer harms and bias |
Enforcement Authority & Penalties
OMB M-24-10 enforcement applies to federal agencies through appropriations and OMB oversight. State-level AI governance legislation is advancing in multiple states. FTC Act Section 5 unfair or deceptive practices enforcement applies to AI-related consumer harms. EEOC guidance addresses AI use in employment decisions.
What VerdoCo Provides
Each document is delivered in both editable Word (.docx) format — with teal-bracketed fields for your organization's specific data — and a locked, forensically personalized PDF. Your organization's name, authorized representative, transaction ID, and canary reference code are injected into every page at the moment of purchase.
Establishes the foundational AI governance infrastructure aligned to the NIST AI RMF 1.0 GOVERN function — the AI governance policy, system inventory documenting all deployed AI, risk classification framework, risk assessment, impact assessment for high-risk systems, and governance program self-evaluation.
Delivers the operational AI governance infrastructure — per-system deployment readiness checklists, AI incident response plan, third-party AI vendor risk agreement tracker, AI awareness training matrix, continuous AI monitoring plan, and annual AI governance report.
Related Regulatory Series
Many organizations subject to VCO-AI also have obligations under the following frameworks. VerdoCo provides a complete series for each.
VCO-AI — Ready to Begin?
Select your phase or purchase the complete Command Kit. All documents delivered within minutes — personalized to your organization, forensically protected, and ready to complete.
View in Shop How It Works