AI Security
Evaluation

Which AI providers red-team their models, maintain threat taxonomies, implement control protocols, and submit to independent security evaluation?

How we score β†’

Evaluating AI vendor security posture for your organisation?

Book a Demo
Choose your assessment path

What are you looking for?

Explore in Screener β†’
Compliance Deadlines

Regulatory Calendar

Upcoming regulatory milestones that affect procurement timing and vendor assessment.

Regulatory Calendar

Key regulatory milestones and policy deadlines shaping the AI governance market.

2025
6 milestones
2026
2 milestones
2027
2 milestones

Links to official regulatory sources. Mappera maps the regulatory landscape for intelligence purposes. This is not legal advice.

Regulatory Intelligence

Cross-Regulatory Mapping

Active Regulations

Supply Chain Layer

Sector

€80M+Cumulative Max Fine Exposure

Theoretical maximum across all applicable regulations if non-compliant simultaneously.

Enforcement Timeline

Key regulatory deadlines. Already enforced (solid), approaching (pulsing), future (dashed).

GDPRenforced
25 May 2018

Full enforcement since 2018

Mature enforcement

No GDPR enforcement action specifically targeting AI automated decision-making under Art. 22 yet. The right-to-explanation tension remains legally untested for deep learning systems.

NIS2enforced
17 Oct 2024

Member state transposition deadline passed

Early enforcement

NIS2 does not specifically address AI risk. AI systems fall under general ICT risk management. Regulatory interpretation of AI within NIS2 scope is untested.

DORAenforced
17 Jan 2025

Financial sector ICT resilience requirements active

Early enforcement

DORA applies to ICT risk broadly. AI-specific obligations are implied through general ICT risk management requirements. Practical interpretation for AI systems is evolving.

AI Act (Prohibited)enforced
2 Feb 2025

Prohibited AI practices ban in effect

Pre-enforcement

Zero enforcement actions. The practical meaning of many requirements (especially Art. 9 risk management, Art. 14 human oversight) will only become clear through enforcement and litigation.

AI Act (GPAI)approaching
2 Aug 2025

General-purpose AI model obligations

Pre-enforcement

Zero enforcement actions. The practical meaning of many requirements (especially Art. 9 risk management, Art. 14 human oversight) will only become clear through enforcement and litigation.

AI Act (High-Risk)approaching
2 Aug 2026

High-risk AI system obligations β€” the major compliance deadline

Pre-enforcement

Zero enforcement actions. The practical meaning of many requirements (especially Art. 9 risk management, Art. 14 human oversight) will only become clear through enforcement and litigation.

CRAfuture
11 Dec 2027

Product cybersecurity requirements for digital elements

Pre-enforcement

AI products fall under scope as 'products with digital elements'. Specific AI requirements within CRA are minimal - primarily vulnerability handling.

Mappera maps the regulatory landscape for intelligence purposes. This is not legal advice.

Security posture scores reflect publicly available information only. A low score may indicate limited transparency rather than poor security practices.
Mappera is not affiliated with any vendor assessed. Methodology v0.1.