FAIrMindFAIrMindCONSOLE
FAIrMind Console

Govern AI before
the regulator arrives.

An integrated Risk Console for ERM, BCM, AI Governance and CTEM — built clause-by-clause around ISO 42001, NIST AI RMF, the EU AI Act and the UAE AI governance stack. Twelve registers. 225 mapped framework items across five frameworks. Five open-source scanners integrated. Browser-native. Deployable in days.

12AI Gov registers
225Framework items
5OS scanners
641Tests passing

Three deadlines. Not one.

The European Parliament gave final approval to the Digital Omnibus on 16 June 2026 (423–57–174), awaiting only formal Council adoption. It relieves the high-risk timeline — but August 2026 still binds, and a new December 2026 date arrives in between. Three clocks are running.

~2 MONTHS FROM TODAY

2 August 2026

Transparency + penalties activate

  • Article 50 deployer transparency — AI disclosure, deepfake labelling, biometric / emotion-recognition notice
  • Penalty regime fully active — up to €35M / 7% of global turnover
  • National authorities operational
~6 MONTHS FROM TODAY

2 December 2026

Watermarking + the new nudifier ban

  • Art. 50(2) watermarking — machine-readable marking of AI-generated content
  • Nudifier / CSAM ban (new Art. 5) — non-consensual intimate-image systems prohibited
  • Bring systems into line — compliance required by this date
~18 MONTHS FROM TODAY

2 December 2027

Full high-risk obligations bind

  • Articles 9–17 + Article 26 — risk management, data governance, oversight
  • Conformity assessment + Annex IV file — signed Declaration of Conformity
  • AIMS + EU database registration — aligned to ISO 42001

The high-risk runway is generous — the August and December 2026 duties are not. Use the time.

Sources: European Parliament final approval of the Digital Omnibus on AI, 16 June 2026 (423–57–174), awaiting Council adoption; Bird & Bird, Gibson Dunn, Hogan Lovells, Latham & Watkins — May/Jun 2026. Art. 50(1)/(3)/(4) transparency and the penalty regime are NOT delayed; only Art. 50(2) watermarking shifts to 2 Dec 2026.

One platform for the four disciplines.

ERM, BCM, AI Governance and CTEM share a register, a workflow, and one audit log. Buy the full suite or just the AI side — switch in Settings.

ERM

Enterprise Risk

Risk register, controls, appetite, heatmap, regions. ISO 31000 + COSO ERM + Three Lines.

BCM

Business Continuity

BIA, incidents, drills, recovery objectives. ISO 22301 aligned.

AI GOVERNANCE

12 Registers · 5 frameworks

Mapped clause-by-clause to ISO 42001, NIST AI RMF, EU AI Act, ISO 23894 and the UAE / GCC stack.

CTEM

AI Exposure Management

5-phase Gartner framework. Ingests Garak / PyRIT / ART scans. Findings flow to AI Risk Register.

Twelve registers. Five frameworks. 225 mapped items.

Every register cites the framework clause it satisfies. Not a checklist — an evidence engine.

ISO 42001

65 items

Certifiable AIMS — clauses 4–10 + Annex A controls A.2–A.10.

NIST AI RMF

72 items

Govern · Map · Measure · Manage + GenAI Profile (NIST 600-1).

EU AI ACT + ISO 23894

38 + 26

EU AI Act Articles + ISO 23894 process guidance.

UAE / GCC

24 items

UAE AI Act tiering · CBUAE five principles · DIFC Reg 10 · ADGM. Self-assessment due 16 Sep 2026.

AI Inventory
Use Case Intake
AI Risk Register
Impact Assessments
Datasets
Bias & Fairness
Red-team Tests
AI Incidents
Human Oversight
Third-Party AI
Model Assessors
Explainability

Security findings flow into governance.

CTEM ingests output from NVIDIA Garak, Microsoft PyRIT and IBM ART, then promotes findings to the AI Risk Register with one click. Gartner's 5-phase framework adapted for AI exposures.

The Promote-to-AI-Risk workflow

  1. 1 Run scanner

    Garak / PyRIT / ART on your endpoints (your runner, your environment)

  2. 2 Import JSON

    CTEM ingests the report into the Discovery phase

  3. 3 Triage

    Sort by P1/P2/P3; validate; assign owner

  4. 4 Promote

    One click → new AIR-NNN in the AI Risk Register with full trace

  5. 5 Govern

    Board-visible AI risk with owner, treatment, next-review date

Open-source tools, verified Jun 2026

NVIDIA Garak · Apache-2.0 · v0.14.0 — primary LLM vulnerability scanner
Microsoft PyRIT · MIT · v0.11.0 — multi-turn red-teaming (Crescendo, TAP, Skeleton Key)
IBM ART · MIT — classical-ML adversarial testing (FGSM, PGD)
UK AISI Inspect · MIT — evaluation framework
Promptfoo · MIT — CI-friendly prompt-test runner

FAIrMind Console is the management overlay. Tools run on your own infrastructure with model access; results ingest via JSON. Honest scope.

Buy what fits. Switch any time.

Seven editions. Toggle in Settings. The spine — Dashboard, Compliance, Governance, News, Glossary — is always on.

TYPICAL ENTRY POINT

AIRM only

AI Governance (4 frameworks · 12 registers) + CTEM + spine. The EU-AI-Act-readiness pack.

  • AI Inventory + Use Case Intake + AI Risk Register
  • Datasets + Bias + Red-team + Incidents + Oversight
  • Third-Party AI + Model Assessors + Explainability
  • CTEM with Garak/PyRIT/ART integration

Full Suite

ERM + BCM + AIRM

ERM + AIRM

Risk + AI Governance

BCM + AIRM

Continuity + AI focus

ERM only

Enterprise risk + appetite

BCM only

BIA + incidents + drills

ERM + BCM

Traditional risk pack

Running this quarter. Audit-ready well before the deadline.

Browser-native PWA. No procurement gate. No IT integration to start.

DAY 1

Browser link in your inbox

Open it; demo data shows a full register, 12 AI Gov registers, CTEM findings.

WEEK 1

Connect identity provider

Cloudflare Access / SSO. Real users sign in. Soft RBAC enforces tier-based views.

QUARTER 1

First conformity artefacts

Use Case Intake completed across high-risk systems; FRIAs drafted; datasets registered; bias-test plans in place.

BY Q3 2027

ISO 42001 certified

Stage-1 and Stage-2 audits passed. Article 9–17 evidence file complete. Twelve months ahead of 2 Dec 2027.

NEED A SENIOR HAND?

The Console operates the AIMS. Advisory builds it.

Some prospects need only the tool — they have the framework knowledge in-house and want to operationalise it. Others need a senior hand to architect the AIMS, brief the board, and dry-run an ISO 42001 audit. FAIrMind Advisory exists for that — 6-week Sprints, full conformity engagements, or monthly board retainers.

Every Advisory engagement includes 12 months of Console use at no additional cost.

Explore FAIrMind Advisory →

Thirty minutes. One high-risk system. A working demo.

Bring your toughest AI governance question. We will load your AI system into the console and show you what FAIrMind says about it — frameworks, gaps, exposures, the lot.

Book the demo →
No procurement gate · No IT integration · No contract for the demo