Curated tools, open-source packages, and official regulatory guidance. Everything here is something we use with clients — nothing is filler.
Tools and open-source packages you can use today — no sign-up required.
48-question governance-first diagnostic covering Strategy, Skills, Data, and Governance. Scores your organisation across four pillars and delivers an instant board-ready PDF.
Python toolkit for building GDPR-aware RAG pipelines. Handles PII detection, token redaction, audit logging, and PostgreSQL-backed retrieval. Used in every AskEngine and ComplianceRAG deployment.
Deep-dive introduction to gdpr-safe-rag: automatic PII detection with checksum validation, GDPR Article 30 audit logging, compliance checks for retention and erasure, and LangChain integration — all from one pip install.
Authoritative references from UK and international regulators. The sources we use when advising clients.
The UK Information Commissioner's Office guidance on using AI lawfully under UK GDPR — covering transparency, purpose limitation, automated decision-making, and data minimisation.
The UK government's regulatory framework for AI — setting out five principles (safety, transparency, fairness, accountability, contestability) that sector regulators apply to AI in their domains.
UK organisations supplying AI systems or outputs into the EU market must comply with the EU AI Act. This covers risk classification, conformity assessments, and prohibited practices.
Internationally recognised frameworks that underpin responsible AI practice.
A voluntary framework to help organisations identify, assess, and manage AI risks. Four core functions — Govern, Map, Measure, Manage — covering the full AI lifecycle. Widely adopted beyond the US.
The first international standard specifically for AI management systems. Defines requirements for establishing, implementing, and continually improving a responsible AI programme within an organisation.
No affiliate links, no sponsored content, no aggregated lists. Every item here is referenced in our client work.
Every resource on this page is something we use with clients. Nothing is here for SEO or padding.
We are ICO registered and operate under UK GDPR. Guidance is filtered for UK relevance.
We flag when a framework is better suited to large enterprises. SMEs need different starting points.
Each resource maps to one or more pillars in the AI Readiness Assessment — use your score to prioritise what to read.
The free AI Readiness Assessment takes 15–20 minutes and maps your results to each of these governance frameworks automatically.
ICO registered · ZB960703 · GDPR compliant · Data never sold