DARR
MR-040 Regulatory compliance Organization scope

Regulatory non-compliance and legal liability

The system or its use breaches laws, regulations, or contractual/ethical obligations, exposing the deployer to enforcement and litigation.

Risk family
Regulatory compliance
MIT domain
6. Socioeconomic and Environmental
MIT subdomain
6.5 > Governance failure
AI type
GPAI, Classical_ML, Agentic
Scope
Organization
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
9 source framework citation keys
Anwar2024, EPIC2023, G'sell2024, Hagendorff2024, IBM2025, Sun2023, Uuk2025, Wirtz2020, Wirtz2022
ISO/IEC references
23894 obj A.2; src 1 | 42001 ctrl A.2.3, A.8.5, A.10.4
EU AI Act articles
Art. 26(12) | (umbrella for all EU AI Act obligations)

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.2 ISO/IEC 23894 Annex A A.2
ISO 420013
  • A.10.4 ISO/IEC 42001 Annex A A.10.4
  • A.2.3 ISO/IEC 42001 Annex A A.2.3
  • A.8.5 ISO/IEC 42001 Annex A A.8.5
EU AI Act2
  • (umbrella for all EU AI Act obligations)
  • Art. 26(12)
Cross-checksframeworks mapped in to test coverage
IBM1
  • ibm-model-usage-rights-restrictions Model usage rights restrictions partial

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.