The Complete AI Policy Outline
Every section a governance-grade AI policy needs, on one page and mapped to ISO 42001, the NIST AI RMF, and the EU AI Act. From foundation and scope to assurance and incident response.
TechLetter is an independent newsletter on AI. This is its companion library: the cheat sheets, reports, and AI Wrapped editions published alongside it, spanning AI governance and regulation, business and strategy, responsible use, and the impact of AI on society.
Cited. ✳ Dated. ✳ On the record.
Two references to start with: the complete AI policy outline that ties the frameworks together, and the ISO 42001 management standard. New editions land here as they publish in the newsletter.
Every section a governance-grade AI policy needs, on one page and mapped to ISO 42001, the NIST AI RMF, and the EU AI Act. From foundation and scope to assurance and incident response.
The world's first certifiable AI management system standard, explained for people who run companies. What it is, who is in scope, and how it works with the EU AI Act. Updated July 2026.
Every cheat sheet, report, and AI Wrapped edition from the newsletter, in one place. Filter by category or search by topic. Cited, dated, and on the record.
TL·004PDFWhat changed on 7 May 2026. The fixed high-risk timeline, a new Article 5 prohibition, and the shortened watermarking grace period.
TL·005PDFTen security vulnerabilities found when AI agents run in a sandbox, based on Shapira et al. (2026). Real cases and six safety behaviors.
TL·008PDFThe new risks when agents coordinate: identity sprawl, cascading failures, and emergent behavior. Policy, technical, and operational controls.
TL·001PDFEvery section a governance-grade AI policy needs, mapped to ISO 42001, the NIST AI RMF, and the EU AI Act. A ready structure for writing your own policy.
TL·002PDFThe certifiable AI management system standard, explained for founders and teams. What it is, who is in scope, and how it works with the EU AI Act.
TL·003PDFThe world's first comprehensive AI regulation. Principles, risk tiers, GPAI rules, penalties, and the compliance timeline.
TL·006PDFThe world's first dedicated governance framework for AI agents, from Singapore's IMDA. Four dimensions and four levels of human involvement.
TL·007PDFHow agentic AI differs from generative AI. The four autonomy levels, governance essentials, and real agent failures.
TL·009PDFSimple principles to keep Claude's context clean so it performs better and costs less. Applies today and tomorrow.
TL·010InteractiveTechLetter's review of the year in AI governance, regulation, and technology policy. The shifts that defined 2025 and what they mean for 2026.
TL·011PDFTechLetter's review of the year in AI governance, regulation, and technology policy.
Nothing on this page is repurposed from elsewhere. Each cheat sheet and report begins as an issue of the newsletter, then gets condensed into a reference you can keep on your desk, cite in a memo, or hand to a board. Same reading, less scrolling.
Every claim points to a primary document, EUR-Lex, ISO, NIST, the Cloud Security Alliance, OWASP, or a national regulator, so you can follow it yourself and quote it with confidence.
AI governance changes fast, so each file carries a filed or updated date. When the EU AI Act shifted in May and ISO 42001 in July, the sheets moved with it.
Outlines, matrices, and checklists that go straight into a policy draft or a review, whether you lead governance, run a business, or ship products.
Every cheat sheet and report here starts as an issue of TechLetter, the newsletter on AI across governance, business, responsible use, and society. Join 9,800+ readers across 90+ countries.
Unsubscribe anytime. We never share your address.
Questions about a resource, an idea for the next one, or consulting and training for your team, it all reaches the same inbox. Say hello.