For compliance, risk, and product leaders

AI Governance
by Industry

The EU AI Act is the primary driver of AI governance work in every regulated sector. How it lands depends on the industry: which Annex III category applies, which sector regulation layers on top, and which ISO or NIST control set gives you audit-grade evidence. Each industry page below explains exactly that.

Working With Key Players Across Regulated Sectors

Six industries where AI governance is already a board-level topic. Pick your sector to see the applicable EU AI Act article, the sector rules that stack on top, and the AI use cases driving regulator attention.

Why One Governance Graph Beats Six Programmes

The EU AI Act sets the horizontal baseline, but every regulated sector adds its own layer. A bank running an AI underwriting model reconciles the AI Act high-risk regime with DORA, ECB model risk expectations, and GDPR. A rail operator runs the same AI Act obligations against NIS2, the CER Directive, and safety rules from the European Union Agency for Railways. A mobility OEM runs UN Regulation 155, 156, and 157 alongside the AI Act and ISO/PAS 8800.

The cost of treating AI governance as a single cross-cutting programme is duplicate work. Each team ends up maintaining its own spreadsheet of controls, its own incident playbook, its own evidence store. Modulos is built on a single governance graph, so a control written once for ISO/IEC 42001 also serves the EU AI Act, DORA, NIS2, and sector guidance. Everything traces back to the original requirement.

The industry pages below describe the specific regulatory pressure, the AI use cases most likely to be classified high-risk, and the governance pattern that actually works in that sector. They are starting points for AI governance strategy, board briefings, and vendor conversations, not a substitute for legal advice.

Map AI Governance to Your Industry

See how Modulos models sector-specific obligations, controls, and evidence in a single governance graph, so the EU AI Act, DORA, NIS2, and ISO/IEC 42001 stop competing for attention.