STANDARDIZATION PROTOCOL FOR ARTIFICIAL INTELLIGENCE GOVERNANCE BASED ON INTERNATIONAL STANDARDS AND REGULATIONS: LITERATURE REVIEW
Abstract
The rapid expansion of artificial intelligence (AI) systems has intensified organizational governance challenges, particularly when ethical principles, technical standards, and regulatory obligations are addressed in a fragmented manner. This article proposes, through a literature review and comparative documentary analysis, a standardization protocol for AI governance based on international standards and regulations. The qualitative, exploratory, and descriptive study examined a corpus of 27 references, including academic studies and normative, regulatory, and institutional documents published between 2016 and 2026, such as ISO/IEC 42001, ISO/IEC 23894, ISO/IEC 42005, ISO/IEC 42006, the NIST AI RMF, the Brazilian LGPD, the GDPR, the European Union AI Act, OECD and UNESCO recommendations, and Brazilian documents either in force or under legislative discussion. The findings reveal functional convergence across six dimensions: institutional governance, risk classification, data and model governance, integrated impact assessment, deployment with human oversight, and continuous monitoring. The protocol translates these dimensions into six operational phases and minimum compliance artifacts, including system inventories, risk matrices, technical documentation, integrated impact reports, human oversight plans, incident records, and audit reports. The article concludes that AI governance requires the integration of controls, responsibilities, and auditable evidence throughout the system lifecycle, with applicability to the Brazilian context and to transnational operations.
Author Biographies
Master’s degree candidate in Business Administration at Florida Christian University (USA), postgraduate degree in Business Administration from FAAP, extension program in Project Management from FGV/SP, and bachelor’s degree in Data Processing from Mackenzie University.
Master’s Degree in Administration from Florida Christian University, with research focused on Advanced New Technologies. Holds an MBA in IT Project Management and international certifications, including Certified Information Security Officer (CISO), ISO/IEC 27001 Lead Implementer, and DPO–EXIN. Graduated in Computer Network Technology. Has extensive experience leading projects in companies such as NTT Ltd., ISH Tecnologia, and Grupo Cornélio Brennand.
Master’s student in Administration at Florida Christian University, conducting research in Explainable Artificial Intelligence (XAI). Holds a postgraduate degree in IT Management and Cloud Computing from the Federal University of São Carlos (UFSCar) and a bachelor’s degree in IT Management from Paulista University (UNIP). Holds international certifications including ITIL® 4, Security+, DPO, and ISO 27001. Works as a Mid-Level Support Analyst at Stefanini Brasil (BAT Latam South) and as a Junior IT Consultant. Also serves as an academic evaluator in IT programs and as National Coordinator of the Startech Committee at APDADOS.
Ph.D. in IT Administration from Florida Christian University (USA), officially recognized in Brazil. Holds a Master’s Degree in Administration with a focus on Green IT (2015), an Extension Program in IT Management from Fundação Getulio Vargas (FGV/SP) (2011), and a Postgraduate Degree in Project Management (2009). Professor of Information Security at Paulista University (UNIP), the Municipal University of São Caetano do Sul (USCS), and Florida Christian University (FCU). Holds PMP®, ITIL® Expert, C|EH®, C|HFI®, and EXIN Data Protection certifications. Works in the United States as a Cybersecurity Project Manager (R&D), focusing on Data Privacy (LGPD/GDPR), Computer Forensics, Ethical Hacking, and Artificial Intelligence (AI). President of the National Association of Data Privacy Professionals (APDADOS).
Ph.D. in Economics from the Pontifical Catholic University of Campinas (PUC-Campinas). Holds an MBA in Marketing from ESAMC, Sorocaba. Master’s Degree in Administration from the University of Guarulhos (UNG) and Master’s Degree in Sociology from the Pontifical Catholic University of São Paulo (PUC-SP). Earned Ph.D. degrees in Sociology from PUC-SP and in Administration from Florida Christian University (FCU, USA). Completed postdoctoral studies at the University of Campinas (UNICAMP), Florida Christian University (FCU, USA), and the University of Coimbra (UC, Portugal). Journalist and author. Evaluator for the Brazilian Ministry of Education/National Institute for Educational Studies and Research (MEC/INEP). Vice Rector of the University of Guarulhos (UNG), São Paulo, Brazil.
Technologist in Marketing from Paulista University (UNIP) and postgraduate in Data Protection Officer (LGPD/GDPR), with specialization in Social Media and experience managing social media strategies for IT professionals and third-sector institutions. He serves as Marketing Manager and Advisor to the Steering Committee of APDADOS, with institutional activities in BrasÃlia alongside federal agencies between 2021 and 2023. Internationally, he has participated in official missions to countries such as France, England, and Angola, where he was an invited speaker by the Minister of Technology.
References
BRASIL. Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). BrasÃlia, DF: Presidência da República, 2018. DisponÃvel em: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm Acesso em: 24 maio 2026.
BRASIL. Ministério da Ciência, Tecnologia e Inovação. Portaria MCTI nº 4.617, de 6 de abril de 2021. Institui a Estratégia Brasileira de Inteligência Artificial. BrasÃlia, DF: MCTI, 2021. DisponÃvel em: https://antigo.mctic.gov.br/mctic/opencms/legislacao/portarias/Portaria_MCTI_n_4617_de_06042021.html Acesso em: 24 maio 2026.
BRASIL. Câmara dos Deputados. Projeto de Lei nº 2.338, de 2023. Dispõe sobre o desenvolvimento, o fomento e o uso ético e responsável da inteligência artificial com base na centralidade da pessoa humana. BrasÃlia, DF: Câmara dos Deputados, 2025. DisponÃvel em: https://www.camara.leg.br/proposicoesWeb/fichadetramitacao?idProposicao=2487262 Acesso em: 24 maio 2026.
COMISSÃO EUROPEIA. AI Act. Brussels: European Commission, 2026. DisponÃvel em: https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai Acesso em: 24 maio 2026.
CONSELHO DA EUROPA. Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. Strasbourg: Council of Europe, 2024. DisponÃvel em: https://www.coe.int/en/web/artificial-intelligence/the-framework-convention-on-artificial-intelligence Acesso em: 24 maio 2026.
FALCO, Gregory et al. Governing AI safety through independent audits. Nature Machine Intelligence, v. 3, p. 566-571, 2021. DOI: https://doi.org/10.1038/s42256-021-00370-7
FLORIDI, Luciano et al. AI4People - An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations. Minds and Machines, v. 28, p. 689-707, 2018. DOI: https://doi.org/10.1007/s11023-018-9482-5
ISO/IEC. ISO/IEC 22989:2022. Information technology - Artificial intelligence - Artificial intelligence concepts and terminology. Geneva: ISO/IEC, 2022a. DisponÃvel em: https://www.iso.org/standard/74296.html Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 38507:2022. Information technology - Governance of IT - Governance implications of the use of artificial intelligence by organizations. Geneva: ISO/IEC, 2022b. DisponÃvel em: https://www.iso.org/standard/56641.html Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 23894:2023. Information technology - Artificial intelligence - Guidance on risk management. Geneva: ISO/IEC, 2023a. DisponÃvel em: https://www.iso.org/standard/77304.html Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 42001:2023. Information technology - Artificial intelligence - Management system. Geneva: ISO/IEC, 2023b. DisponÃvel em: https://www.iso.org/standard/42001 Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 42005:2025. Information technology - Artificial intelligence (AI) - AI system impact assessment. Geneva: ISO/IEC, 2025a. DisponÃvel em: https://www.iso.org/standard/42005 Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 42006:2025. Information technology - Artificial intelligence - Requirements for bodies providing audit and certification of artificial intelligence management systems. Geneva: ISO/IEC, 2025b. DisponÃvel em: https://www.iso.org/standard/42006 Acesso em: 24 maio 2026.
ISO/IEC. ISO/IEC 5338:2023. Information technology - Artificial intelligence - AI system life cycle processes. Geneva: ISO/IEC, 2023c. DisponÃvel em: https://www.iso.org/standard/81118.html Acesso em: 24 maio 2026.
JANSSEN, Heleen; LEE, Michelle Seng Ah; SINGH, Jatinder. Practical fundamental rights impact assessments. International Journal of Law and Information Technology, v. 30, n. 2, p. 200-232, 2022. DOI: https://doi.org/10.1093/ijlit/eaac018
JOBIN, Anna; IENCA, Marcello; VAYENA, Effy. The global landscape of AI ethics guidelines. Nature Machine Intelligence, v. 1, p. 389-399, 2019. DOI: https://doi.org/10.1038/s42256-019-0088-2
KAMINSKI, Margot E.; MALGIERI, Gianclaudio. Algorithmic impact assessments under the GDPR: producing multi-layered explanations. International Data Privacy Law, v. 11, n. 2, p. 125-144, 2021. DOI: https://doi.org/10.1093/idpl/ipaa020
MITTELSTADT, Brent. Principles alone cannot guarantee ethical AI. Nature Machine Intelligence, v. 1, p. 501-507, 2019. DOI: https://doi.org/10.1038/s42256-019-0114-4
MÖKANDER, Jakob; AXENTE, Maria. Ethics-based auditing of automated decision-making systems: intervention points and policy implications. AI & Society, v. 38, p. 153-171, 2023. DOI: https://doi.org/10.1007/s00146-021-01286-x
MÖKANDER, Jakob; MORLEY, Jessica; TADDEO, Mariarosaria; FLORIDI, Luciano. Ethics-Based Auditing of Automated Decision-Making Systems: Nature, Scope, and Limitations. Science and Engineering Ethics, v. 27, art. 44, 2021. DOI: https://doi.org/10.1007/s11948-021-00319-4
MÖKANDER, Jakob; SHETH, Margi; GERSBRO-SUNDLER, Maria; BLOMGREN, Pontus; FLORIDI, Luciano. Challenges and best practices in corporate AI governance: Lessons from the biopharmaceutical industry. Frontiers in Computer Science, v. 4, art. 1068361, 2022. DOI: https://doi.org/10.3389/fcomp.2022.1068361
OECD. Recommendation of the Council on Artificial Intelligence. Paris: OECD, 2019. OECD/LEGAL/0449. DisponÃvel em: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449 Acesso em: 24 maio 2026.
OECD. OECD Due Diligence Guidance for Responsible AI. Paris: OECD Publishing, 2026. DOI: https://doi.org/10.1787/41671712-en DisponÃvel em: https://www.oecd.org/en/publications/oecd-due-diligence-guidance-for-responsible-ai_41671712-en.html Acesso em: 24 maio 2026.
TABASSI, Elham. Artificial Intelligence Risk Management Framework (AI RMF 1.0). Gaithersburg, MD: National Institute of Standards and Technology, 2023. NIST AI 100-1. DOI: https://doi.org/10.6028/NIST.AI.100-1
UNESCO. Recommendation on the Ethics of Artificial Intelligence. Paris: UNESCO, 2021. SHS/BIO/REC-AIETHICS/2021. DisponÃvel em: https://unesdoc.unesco.org/ark:/48223/pf0000381137 Acesso em: 24 maio 2026.
UNIÃO EUROPEIA. Regulamento (UE) 2016/679 do Parlamento Europeu e do Conselho, de 27 de abril de 2016, relativo à proteção das pessoas singulares no que diz respeito ao tratamento dos dados pessoais e à livre circulação desses dados (Regulamento Geral sobre a Proteção de Dados). Jornal Oficial da União Europeia, Bruxelas, 2016. DisponÃvel em: https://eur-lex.europa.eu/eli/reg/2016/679/oj?locale=pt Acesso em: 24 maio 2026.
UNIÃO EUROPEIA. Regulamento (UE) 2024/1689 do Parlamento Europeu e do Conselho, de 13 de junho de 2024, que estabelece regras harmonizadas em matéria de inteligência artificial (Regulamento da Inteligência Artificial). Jornal Oficial da União Europeia, Bruxelas, 2024. DisponÃvel em: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng Acesso em: 24 maio 2026.
License
Copyright (c) 2026 RECIMA21 - Revista CientÃfica Multidisciplinar - ISSN 2675-6218
This work is licensed under a Creative Commons Attribution 4.0 International License.
Os direitos autorais dos artigos/resenhas/TCCs publicados pertecem à revista RECIMA21, e seguem o padrão Creative Commons (CC BY 4.0), permitindo a cópia ou reprodução, desde que cite a fonte e respeite os direitos dos autores e contenham menção aos mesmos nos créditos. Toda e qualquer obra publicada na revista, seu conteúdo é de responsabilidade dos autores, cabendo a RECIMA21 apenas ser o veÃculo de divulgação, seguindo os padrões nacionais e internacionais de publicação.Â