References & Bibliography

Last reviewed: 2026-05-11

Sources cited throughout this handbook. Citations are also embedded as footnotes within each chapter; this page provides a consolidated bibliography organised by topic.

Primary regulatory sources

  1. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal.
  2. European Commission. Regulatory framework on artificial intelligence.
  3. European Commission. (2025, February 4). Guidelines on prohibited artificial intelligence practices defined by the AI Act.
  4. EU GPAI Code of Practice. code-of-practice.ai.
  5. Council of the EU. (2026, May 7). Artificial intelligence: Council and Parliament agree to simplify and streamline rules.
  6. Artificial Intelligence Act EU. Article 99: Penalties.

US federal

  1. The White House. (2025, January 23). Executive Order 14179 — Removing Barriers to American Leadership in Artificial Intelligence.
  2. The White House. (2025, July 23). America’s AI Action Plan.
  3. The White House. (2025, December 11). Eliminating State Law Obstruction of National Artificial Intelligence Policy.
  4. OMB Memorandum M-25-21 (April 2025). Federal Use of Artificial Intelligence.
  5. OMB Memorandum M-25-22 (April 2025). Federal AI Procurement.
  6. TAKE IT DOWN Act, Pub. L. 119-12 (2025). Overview.
  7. NIST. AI Risk Management Framework.
  8. NIST. Center for AI Standards and Innovation (CAISI).
  9. NIST. AI 600-1: Generative AI Profile.
  10. CFPB. (2025, September 26). AI Compliance Plan for OMB M-25-21.
  11. Wiley. BIS Rescinds AI Diffusion Rule.
  12. FedScoop. (2025). Trump administration rebrands AI Safety Institute as CAISI.

US state law

  1. Colorado General Assembly. SB 24-205 — Colorado AI Act.
  2. Clark Hill. Colorado’s AI law delayed until June 2026.
  3. Latham & Watkins. Texas Signs Responsible AI Governance Act into Law.
  4. Office of the Governor of California. (2025, September 29). Governor Newsom signs SB 53.
  5. Utah Legislature. SB 226 (2025).
  6. New York State Comptroller. (2025, December 2). Enforcement of Local Law 144.

International law

  1. Fasken. Prorogation’s Digital Impact — Canada Bill C-27.
  2. Osborne Clarke. Regulatory Outlook January 2026: Artificial Intelligence (UK).
  3. Cooley. South Korea’s AI Basic Act: Overview and Key Takeaways.
  4. White & Case. Japan’s First AI Legislation Becomes Law.
  5. China Law Translate. AI Labeling Measures.
  6. Library of Congress. Brazil Senate Advances Discussions on Bill to Regulate AI Use.

ISO/IEC standards

  1. ISO/IEC. 42001:2023 — AI Management Systems.
  2. ISO/IEC. 23894:2023 — AI Risk Management.
  3. ISO/IEC. 22989:2022 — AI Concepts and Terminology.
  4. ISO/IEC. 42005:2025 — AI System Impact Assessment.
  5. ISO/IEC. 42006:2025 — Requirements for Bodies Providing Audit and Certification of AI Management Systems.
  6. Osler, Hoskin & Harcourt LLP. The role of ISO/IEC 42001 in AI governance.

Sector-specific

  1. FDA. Predetermined Change Control Plan for AI-Enabled Device Software Functions (Final Guidance, December 2024).
  2. OCC Bulletin 2025-26. Model Risk Management Clarifications for Community Banks.

Case law

  1. Bartz v. Anthropic, N.D. Cal. (2025). Ruling: ArentFox Schiff, Landmark Ruling on AI Copyright.
  2. Authors Guild. What Authors Need to Know About the Anthropic Settlement.
  3. Kadrey v. Meta Platforms, Inc., N.D. Cal. (2025).

Privacy and data protection

  1. GDPR Info. Art. 22 GDPR — Automated individual decision-making.
  2. Cloudflare. What is the CCPA?.

Frameworks and principles

  1. OECD. AI Principles.
  2. ANSI. (2024, May 9). OECD Updates AI Principles.
  3. OECD. (2019). Recommendation of the Council on Artificial Intelligence.
  4. UNESCO. (2021). Recommendation on the Ethics of Artificial Intelligence.
  5. AI Action Summit, Paris (2025). Wikipedia overview.

Academic literature

  1. Mitchell, M., Wu, S., Zaldivar, A., Barnes, P., Vasserman, L., Hutchinson, B., Spitzer, E., Raji, I. D., & Gebru, T. (2019). Model cards for model reporting. Proceedings of FAccT '19. https://doi.org/10.1145/3287560.3287596
  2. Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daumé III, H., & Crawford, K. (2021). Datasheets for Datasets. Communications of the ACM, 64(12). https://doi.org/10.1145/3458723
  3. Arrieta, A. B., et al. (2020). Explainable Artificial Intelligence (XAI). Information Fusion, 58. https://doi.org/10.1016/j.inffus.2019.12.012
  4. Sánchez, I., et al. (2024). Evolving AI Risk Management: A Maturity Model based on the NIST AI Risk Management Framework. arXiv:2401.15229.

Industry frameworks and reports

  1. GSMA. (2024). The GSMA Responsible AI Maturity Roadmap (PDF).
  2. Trustible. Everything you need to know about the NIST AI RMF.
  3. Thoropass. Understanding the NIST AI Risk Management Framework.