A record of AI & compliance regulation, annotated weekly.
A complete ISO 42001 checklist covering all 48 requirements across 7 phases—from context and leadership through operations, performance evaluation, and improvement.
A practical AI compliance checklist for 2026—covering inventory, risk classification, impact assessments, governance, bias audits, documentation, and ongoing monitoring.
A complete guide to AI bias audits—what they test, which laws require them, the 5-step audit process, how to choose an auditor, and what to expect on cost and timing.
Which roles to hire first, what skills actually matter, realistic salary ranges, and interview questions that separate genuine AI compliance expertise from resume inflation.
Step-by-step checklist to prepare for the Colorado AI Act. Updated May 2026: SB 26-189 moves the effective date to January 1, 2027.
A practical 5-step preparation guide for Colorado deployers. Updated: effective date moved to January 1, 2027 under SB 26-189.
Governor Youngkin vetoed Virginia’s AI regulation bill on March 24, 2025. Here’s what the bill proposed, why it was vetoed, and what Virginia businesses should watch for next.
A practical walkthrough of the RFQ process for an AI bias audit: what auditors assess, typical timelines and costs, and the right questions to ask.
What the NIST AI Risk Management Framework is, how its four core functions work, and how it maps to the EU AI Act and Colorado requirements.
The Colorado AI Act has been substantially rewritten by SB 26-189. New effective date is January 1, 2027. Here’s what changed and what you need to do.
The general-purpose AI (GPAI) model provisions of the EU AI Act are now in effect. Here’s what developers and deployers of foundation models need to know.
New York City has begun enforcing Local Law 144. We break down the first enforcement actions, the amounts fined, and what employers need to fix immediately.
If you use AI tools for hiring in New York City or Colorado, you need a bias audit. Here’s exactly how to find an auditor, what the process looks like, and how to post results.
Texas is moving toward its own AI regulation modeled on Colorado. Here’s what the bill proposes, where it stands, and how to prepare if you operate in Texas.
You don’t need a team of 10 to build an effective AI governance program. This guide covers the essentials: policy, inventory, risk assessment, and documentation.
California’s Automated Decision-Making Technology rules are now in force. Here’s what they require, who they cover, and what your AI team must do to comply.
California and New York City both regulate automated decisions, but with fundamentally different approaches. Side-by-side comparison for employers operating in both.
California’s ADMT rules require meaningful human oversight for certain automated decisions. Here’s what “meaningful” actually means and how to build a compliant review process.
Colorado offers a safe harbor to businesses that align with NIST AI RMF. Here’s what that requires in practice and how to document it for enforcement.
GOVERN, MAP, MEASURE, MANAGE — what each function actually requires in practice and how to implement them in your AI governance program.
Both are legitimate AI governance frameworks — but they serve different purposes. Here’s how to choose, and when you might need both.
ISO 42001 is the first certifiable AI management system standard. Here’s what the audit process looks like, what auditors check, and how to prepare.
ISO 42001 is a candidate harmonized standard for the EU AI Act. Here’s how they map to each other and what certification means for EU conformity.
The EU AI Office published the GPAI Code of Practice. Here’s what it requires for Tier 1 and Tier 2 GPAI providers and what foundation model developers must do.
Every Annex III high-risk AI category explained with practical examples of what’s in scope and what’s not — for compliance teams who need to classify their systems.
The EU went comprehensive. The UK went principles-based. Here’s how the two approaches compare for companies operating in both markets.
Both apply to most AI systems in the EU. Here’s how they interact, where they duplicate obligations, and how to satisfy both simultaneously.
Clearview AI faced enforcement actions totaling hundreds of millions in fines. Here’s what the cases reveal about how regulators treat AI and biometric data.
Colorado’s AI Act requires impact assessments before deploying high-risk AI. Here’s exactly what to cover and how to document it for enforcement.
The effective date has moved to January 1, 2027 under SB 26-189. Here’s where organizations stand and what the extended timeline means.
From finding an auditor to publishing results — here’s exactly how the NYC LL 144 annual bias audit process works for employers using AI in hiring.
California’s AB 2013 requires GenAI providers to post training data documentation. Here’s who it covers, what must be disclosed, and what to do now.
Illinois’ AI Video Interview Act has been in force since 2020 and class action risk has grown. Here’s exactly what employers must do before using AI to evaluate video interviews.
Illinois BIPA litigation generated billions in settlements. Here’s the state of play after the Cothron ruling and what employers must do to limit exposure.
Illinois BIPA is the most litigated biometric law, but it’s not alone. Here’s every state biometric privacy law — requirements, enforcement, and compliance risk.
The largest privacy settlement in US history. Here’s what Texas proved, what Meta did, and what it means for companies using facial recognition.
Illinois and Texas both restrict biometric data but use completely different enforcement models. Side-by-side comparison for companies operating in both states.
Every Friday — the week’s new regulations, enforcement actions, and compliance deadlines. Free forever. No tracking pixels.