Technology Compliance Glossary
Plain-English definitions of AI, cyber, resilience, and compliance terms used across NudgeCompliant.
- EU AI Act
- The EU AI Act is Regulation (EU) 2024/1689, a risk-based legal framework for artificial intelligence. It sets rules for organisations that provide, deploy, import, distribute, or manufacture products using AI, including some organisations outside the EU.
- AI Deployer
- An AI deployer is a person or organisation that uses an AI system under its authority in a professional context. A company using a third-party chatbot, hiring system, or workplace AI tool is commonly a deployer, although its exact role depends on the system and activity.
- AI Provider
- An AI provider develops an AI system or general-purpose AI model, or has one developed, and places it on the market or puts it into service under its own name or trademark. A business can be a provider for one system and a deployer for another.
- Article 50
- Article 50 is the EU AI Act provision covering specified transparency duties. These include notices for direct AI interaction, emotion recognition and biometric categorisation, and labelling or disclosure rules for certain synthetic or manipulated content.
- Transparency Obligation
- A transparency obligation requires relevant information about an AI system or its output to be communicated clearly. The required notice, timing, audience, and format depend on the legal provision and how the system is used.
- AI System Register
- An AI System Register is an internal inventory of AI systems, owners, purposes, providers, users, data, risk classifications, and controls. Maintaining one is a practical governance measure, but it is not a universal Article 50 requirement for every deployer.
- Risk Classification
- Risk classification groups AI uses by their legal and practical risk. The EU AI Act is often described using minimal, limited, high, and unacceptable risk. The Act prohibits specified practices, imposes detailed rules on defined high-risk systems, and applies targeted transparency duties to certain other systems.
- NIS2 Directive
- NIS2 is the EU cybersecurity directive for essential and important entities in covered sectors. It addresses governance, cybersecurity risk management, supply-chain security, incident reporting, and management accountability through national implementing laws.
- DORA
- The Digital Operational Resilience Act is an EU regulation for financial entities and relevant technology providers. It covers ICT risk management, incident reporting, resilience testing, third-party risk, information sharing, and oversight of critical ICT providers.
- Cyber Essentials
- Cyber Essentials is a UK government-backed certification scheme based on five technical security controls. It is commonly requested in procurement and is mandatory for some UK government contracts, but it is not a general-purpose statutory certification for every business.
- UK AI Bill
- UK AI Bill is a general label used for possible UK AI legislation. As of July 2026, businesses should distinguish enacted UK laws and regulator rules from proposals, policy papers, and anticipated legislation whose final scope and timetable are not settled.
- Readiness Score
- A readiness score is a product metric showing how many identified actions or obligations have been addressed. It helps prioritise work but is not a legal certification, regulatory rating, or guarantee of compliance.
- Cross-compliance
- Cross-compliance is the reuse of one control or evidence item across multiple legal or assurance requirements. For example, a supplier-risk process may support parts of NIS2, DORA, GDPR, and customer security reviews without making those frameworks identical.
- Evidence Pack
- An evidence pack is an organised collection of policies, registers, training records, decisions, screenshots, contracts, and other material used to demonstrate that required actions have been taken.
- Verification Marketplace
- A verification marketplace is a service model that connects organisations seeking independent review with qualified reviewers. The reviewer checks defined evidence or claims; the result should state its scope and must not be treated as a universal legal guarantee.
Last updated 17 July 2026. Definitions are general information, not legal advice.