The regulatory clock, read the way buyers read it.
Regulator deadlines move. Procurement does not wait for them. The questionnaires sitting on enterprise security desks already cite the frameworks below, whatever the enforcement date says. This page tracks each one with a dated status, so you can quote the timeline accurately instead of repeating a deadline that has already shifted.
We track the clock so your team does not have to.
Three rules govern everything below. kolm tracks these frameworks and stamps every status with the date it was checked. kolm maps audit evidence to the controls these frameworks name. kolm certifies nothing, and no row on this page is a claim that anyone complies with anything.
Tracked
Dated, not vibes
Each status below reflects the primary source as of the stamp at the top of this page. When a timeline moves, the row changes and the change lands in the changelog at the bottom, in the open.
as of 2026-06-10
Mapped
Evidence ties to the control
Findings in a kolm report map to the specific controls these frameworks name, so a reviewer reads your evidence against the framework their own questionnaire cites, not one we invented.
Never certified
The line we do not cross
kolm is not a certification body. A signed kolm report is evidence a reviewer can verify offline. It is not a certificate, an accreditation, or a statement that a law is satisfied.
maps, never certifies
Framework statuses, stamped 2026-06-10.
Six frameworks dominate the agent-security questions in enterprise procurement today. Here is where each one stands, what it asks of an agent vendor, and which part of a kolm report answers it.
| Framework | What it asks | Status as of 2026-06-10 | What kolm maps |
|---|---|---|---|
| EU AI Act Art.12 / Art.14 | Activity logging and human oversight for high-risk AI systems | Annex III high-risk obligations, originally 2 August 2026, are provisionally deferred to 2 December 2027 under the Digital Omnibus agreement of 7 May 2026 (Annex I embedded systems to 2 August 2028). The deferral takes legal effect when the Omnibus is published in the Official Journal, expected before 2 August 2026. | Append-only audit trail (ASR-6), oversight and approval hooks (ASR-5) |
| ISO/IEC 42001 | An auditable AI management system covering governance, risk and lifecycle | In force and certifiable now. Published December 2023; accredited certification bodies issue certificates today, and buyer questionnaires already ask for them. | Model and dependency provenance (ASR-4), signed evidence for the management-system record |
| CSA AICM / STAR for AI | 243 control objectives across 18 domains for AI systems, with a STAR registry entry | Live. AI Controls Matrix published 2025; STAR for AI Level 1 (AI-CAIQ self-assessment) is open now, and Level 2 pairs third-party ISO/IEC 42001 certification with a Valid-AI-ted AI-CAIQ. | Control-mapped findings and AI-CAIQ questionnaire autofill from the signed report |
| NIST COSAiS (SP 800-53 overlays) | Control overlays for securing AI systems, including single-agent and multi-agent deployments | In development. Concept paper August 2025; annotated outline released as a discussion draft January 2026; the NISTIR 8605 series, including agent-specific overlays, is still in draft as of June 2026. | Draft mapping: permission posture (ASR-1), injection findings (ASR-2), pinned to overlay IDs when NIST finalizes them |
| OWASP Top 10 for Agentic Applications | The ten agentic attack classes, ASI01 Agent Goal Hijack through ASI10 Rogue Agents | Published. Released December 2025 as the 2026 list; already cited by name in security reviews of agent vendors. | Prompt-injection battery (ASI01), tool misuse (ASI02), identity and privilege abuse (ASI03), delegation chains (ASI07) |
| HITRUST AI Security Certification | Independent testing of security controls on deployed AI systems | Available now. Launched late 2024; positioned as the deployed-system complement to ISO/IEC 42001's management-system scope. | Security-control evidence a HITRUST assessor can consume: scopes, egress, audit-trail integrity |
kolm maps findings to these frameworks. It does not certify against any of them, and a date in this table is a date, not a claim that anyone complies with anything. Primary sources move; the changelog below records every revision to this page.
Deadlines defer. Questionnaires do not.
The EU has provisionally agreed to move its high-risk date sixteen months, and not one enterprise security questionnaire got easier. Buyers ask for agent evidence because their own risk teams demand it, not because a regulator set a date. That is why this page tracks statuses instead of counting down to anything.
The questionnaire is the deadline
ISO/IEC 42001 audits, AI-CAIQ submissions and HITRUST assessments are running today. The framework rows above are already procurement questions, whatever the enforcement calendar says.
Evidence outlives date changes
A signed kolm report maps to the control, not to the deadline. When a timeline moves, the evidence still answers the same questionnaire row. Nothing in your data room expires because a regulator blinked.
Accuracy is the credibility test
Vendors still pitching the August 2026 date as settled, with no mention of the provisional deferral, tell reviewers exactly how closely they track the rules they cite. Quoting the timeline correctly is itself a signal.
Every revision to this page, in the open.
When a status above changes, the edit is recorded here with the date it was made. If this log and the table ever disagree, tell us: dev@kolm.ai.
| Date | Change |
|---|---|
| 2026-06-10 | Page created. Initial statuses recorded for the EU AI Act (Digital Omnibus deferral to 2 December 2027), ISO/IEC 42001, CSA AICM / STAR for AI, NIST COSAiS, OWASP Top 10 for Agentic Applications, and HITRUST AI Security Certification. |
Answer the questionnaire, not the countdown.
A signed, offline-verifiable report maps your agent's evidence to the frameworks above, dated and checkable by the reviewer who asked.
Caveats: Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.