The rapid adoption of Artificial Intelligence (AI) across commercial and public sectors has introduced significant legal and regulatory challenges, particularly in relation to accountability, liability, data protection, and algorithmic transparency. While existing governance frameworks, including the NIST Artificial Intelligence Risk Management Framework and ISO/IEC 42001, provide structured approaches to risk management, they do not fully operationalise legal compliance within organisational practice. This paper addresses this gap by developing a six-phase AI legal governance framework that integrates regulatory requirements, including the EU Artificial Intelligence Act, data protection law, and emerging international standards, into organisational processes. Using an integrative synthesis of legal, regulatory, and governance literature, the study identifies persistent fragmentation between ethical principles, technical controls, and enforceable legal obligations. The proposed framework operationalises legal compliance through structured phases encompassing legal and regulatory alignment, risk classification, compliance-by-design, organisational capability development, continuous legal auditing, and regulatory assurance. It provides organisations with a practical mechanism to mitigate legal risk, ensure regulatory compliance, and enhance accountability in AI deployment. This study contributes to the field of commercial law and technology by bridging the gap between regulatory principles and organisational implementation, offering a legally grounded model for responsible and enforceable AI governance.
Bernard Wong (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: