Compliance

Run Your First AI Compliance Assessment

Complete a comprehensive AI compliance assessment in 30 minutes. TruthVouch maps your AI usage against EU AI Act, SOC 2, and ISO 42001 requirements and gives you a prioritised action plan.

Compliance Officers & Legal 30 min beginner
Run Your First AI Compliance Assessment — platform screenshot

AI compliance is no longer optional. The EU AI Act is entering into force in stages through 2026, SOC 2 auditors are increasingly asking about AI governance controls, and ISO 42001 — the first international standard for AI management systems — is being adopted by enterprise procurement requirements worldwide.

TruthVouch Compliance AI automates the assessment process: mapping your actual AI usage against regulatory obligations, identifying gaps, and giving you a prioritised remediation plan — in one session.

Why Act Now

The EU AI Act’s prohibited practice rules and transparency obligations took effect on 2 August 2024. High-risk AI system requirements begin applying from August 2026. Many organisations that have not yet started their compliance preparation are already behind.

Key milestones to be aware of:

  • August 2024: Prohibited AI practices banned (subliminal manipulation, social scoring, real-time biometric identification in public spaces)
  • February 2025: Governance and AI literacy obligations for GPAI providers
  • August 2026: Full high-risk AI system requirements, including conformity assessments, technical documentation, and human oversight requirements
  • Continuously: SOC 2 Type II AI governance controls; ISO 42001 certification requirements from enterprise customers

The 30 minutes you invest in this guide will give you a clear picture of where you stand and what you need to do first.

Step 1: Start the AI Maturity Assessment

The AI Maturity Assessment is the foundation of your compliance posture. It takes approximately 5–10 minutes and covers your current AI governance practices across five dimensions.

TruthVouch AI Maturity Assessment intake form with category scoring

  1. Log in to app.truthvouch.ai
  2. Navigate to AI Advisor in the left sidebar
  3. Click Start Assessment
  4. Select your organisation type and primary industry (this calibrates the regulatory framework selection)
  5. Begin the assessment questionnaire

If you have already completed an assessment, you can start a new one to track progress over time. All historical assessments are saved for audit purposes.

Step 2: Answer Questions About Your AI Usage

The assessment covers five categories, each with 8–12 questions. You do not need to answer every question perfectly — honest, approximate answers produce a more actionable result than optimistic over-reporting.

Category 1: AI Governance Questions about your AI governance structure: Do you have an AI policy? An AI ethics committee? Executive accountability for AI decisions? An inventory of AI systems in use?

Category 2: Risk Management Questions about how you identify and manage AI-related risks: Do you conduct risk assessments before deploying AI? Do you have incident response procedures for AI failures? Are AI systems classified by risk level?

Category 3: Transparency & Explainability Questions about disclosure practices: Do users know when they are interacting with AI? Can you explain AI-driven decisions when required? Do you document model selection criteria?

Category 4: Human Oversight Questions about human-in-the-loop controls: Are there human review steps for high-stakes AI decisions? Can operators override AI recommendations? How are AI errors detected and corrected?

Category 5: Data Governance Questions about training data and data practices: Is training data documented and traceable? Are data quality checks in place? Is personal data processed in compliance with GDPR/privacy regulations?

Tip: If you are not sure of the answer to a question, select the most conservative option. It is better to see a real gap in your results than to miss it in an assessment.

Step 3: Review Your AI Maturity Score

After completing the questionnaire, TruthVouch generates your AI Maturity Score across each category.

AI Advisor maturity score dashboard showing scores by category and overall maturity level

The score uses a five-level maturity model:

LevelScoreDescription
1 — Ad hoc0–20No formal AI governance; practices are informal and inconsistent
2 — Developing21–40Some policies and procedures exist but are not systematically applied
3 — Defined41–60Formal processes established and documented; consistently followed
4 — Managed61–80Processes are measured and controlled; continuous improvement in place
5 — Optimising81–100Best-in-class governance; proactive risk management; external certification

Most organisations beginning their AI compliance journey score between Level 1 and Level 2. This is normal — the assessment is designed to reveal real gaps, not to produce flattering results.

Pay attention to your weakest category, not just the overall score. A Level 4 in governance but Level 1 in human oversight still means you have EU AI Act compliance gaps.

Step 4: Explore Your Compliance Gaps

From your Maturity Score, navigate to Compliance AI > Dashboard to see how your current practices map against specific regulatory frameworks.

Compliance AI dashboard showing regulatory gap analysis across EU AI Act, SOC 2, and ISO 42001

The compliance dashboard shows:

  • Framework coverage: How many obligations in each framework you currently meet, partially meet, or have gaps against
  • Gap severity: Critical (regulatory risk), High (significant gap), Medium (best practice gap), Low (minor improvement)
  • Priority order: Gaps ranked by regulatory deadline and business risk
  • Effort estimate: TruthVouch estimates the implementation effort for each gap based on your maturity level and organisation size

Click any gap to expand the detail view, which shows:

  • The specific regulatory text (EU AI Act article, SOC 2 criterion, ISO 42001 clause)
  • What a compliant implementation looks like
  • Examples of evidence that satisfies this requirement
  • Suggested remediation steps with estimated effort

For EU AI Act, TruthVouch automatically determines your AI risk classification (Unacceptable, High, Limited, Minimal) based on the AI systems you described in the assessment.

Step 5: Assign Obligations and Owners

Compliance is a team sport. Once you have identified your gaps, you need to assign ownership so each obligation gets addressed.

Compliance AI evidence and obligation assignment screen

  1. From the compliance dashboard, click Manage Obligations
  2. For each open obligation, click Assign Owner
  3. Select a team member from your organisation (you can invite new members from the Settings page)
  4. Set a target completion date
  5. Add notes or link to supporting tickets in your project management system

Assigned obligations appear in the assignee’s personal compliance dashboard, with deadline reminders. You can also connect TruthVouch to Jira or Linear (via the Integrations settings page) to automatically create tickets for each assigned obligation.

Step 6: Generate Your First Compliance Report

Before your next board meeting or audit preparation, generate a formal compliance status report.

  1. Navigate to Compliance AI > Reports
  2. Click + New Report
  3. Select the frameworks to include (EU AI Act, SOC 2, ISO 42001, or all)
  4. Select the date range and maturity snapshot to use as baseline
  5. Add a custom executive summary section (optional)
  6. Click Generate Report

The report is generated as a PDF. It includes:

  • Executive summary with overall compliance posture
  • Maturity score trend (if you have run previous assessments)
  • Framework-by-framework gap analysis with evidence status
  • Remediation roadmap with assigned owners and target dates
  • Appendix with evidence documents linked to each obligation

This report is suitable for sharing with your board, legal counsel, or an external auditor. All generated reports are stored in TruthVouch for audit trail purposes.

Next Steps

You have completed your first compliance assessment and have a clear view of your AI compliance posture. Here is what to do next:

  • ISO 42001 deep-dive — If your procurement requirements include ISO 42001 certification, the Compliance AI ISO 42001 module provides a guided implementation path including internal audit checklists.
  • Set Up Your Truth Nuggets Knowledge Base — Compliance-category Truth Nuggets can be used as direct evidence artifacts in your compliance dashboard, automating evidence collection for many obligations.
  • Set Up Brand Intelligence Monitoring — Brand accuracy obligations under the EU AI Act’s transparency requirements are addressed through Brand Intelligence monitoring.
  • Book a compliance walkthrough — Our compliance team can review your assessment results with you and help prioritise your remediation roadmap.
← Previous 🔧 Trust API Quickstart Developer · 10 min Next → 🧠 Set Up Your Truth Nuggets Knowledge Base Platform · 20 min

Ready to see it live?

Book a personalised walkthrough with our team. We will show you the platform in action against your specific use case and help you get set up.

Book a walkthrough → Browse all guides

Not sure where to start? Take our free AI Maturity Assessment

Get your personalized report in 5 minutes — no credit card required

Start Free Assessment →