What's Changing in AI Regulation
Practical breakdowns of new AI laws, enforcement actions, and compliance developments — written so you can act on them.
The EU AI Act Risk Classification: What You Actually Need to Know
A practical breakdown of the EU AI Act's four risk tiers, with specific examples of what qualifies as high-risk and the Annex III categories that catch most organizations off guard.
The Federal Push to Preempt State AI Laws: What It Means for Compliance
The December 2025 executive order on federal preemption of state AI laws signaled a major shift in the regulatory landscape. Here's what it actually does, what it doesn't, and why you shouldn't abandon your state compliance programs yet.
EU AI Act Compliance Checklist: What to Do Before August 2026
A phased, practical checklist for organizations preparing to meet the EU AI Act's Annex III high-risk compliance deadline in August 2026, covering system inventory, documentation, conformity assessment, and supply chain obligations.
The GPAI Code of Practice: What AI Model Providers Need to Know
The EU AI Office published the General-Purpose AI Code of Practice in July 2025. Here's what it requires, who it applies to, and what downstream deployers should be asking their model providers right now.
AI Vendor Due Diligence: 10 Questions to Ask Before You Buy
You're liable for the AI tools your vendors provide. Here are the ten questions you should be asking before procurement, why each one matters, and the red flags that should make you walk away.
AI Compliance for Startups: Where to Start When Resources Are Limited
Most startups think AI compliance is a big-company problem. It isn't. Here's a minimum viable compliance program that won't drain your runway but will satisfy investors, customers, and regulators.
AI Compliance Across Borders: Managing Multi-Jurisdictional Requirements
Operating AI systems in multiple countries means navigating conflicting rules with no mutual recognition. Here's how to build a compliance strategy that works across the EU, US, and UK simultaneously.
5 U.S. States Now Regulate AI in Hiring — Is Yours Next?
A practical comparison of state laws governing AI-driven hiring tools, covering NYC LL144, Illinois AIVITA, Colorado SB 24-205, Maryland HB 1202, and New Jersey's new disclosure rules.
AI in Insurance: What Underwriters Need to Know About Compliance
Insurers using AI for underwriting, pricing, and claims face a tightening regulatory environment. From the NAIC model bulletin to Colorado's specific provisions, here's what compliance looks like for insurance AI.
The EU AI Act's AI Literacy Requirement: What It Actually Means
Article 4 of the EU AI Act requires AI literacy for staff involved in AI systems — and it applies to every organization using AI in the EU, not just high-risk deployers. Here's what you need to do.
Building an AI Risk Management Program: A Practical Template
A four-phase roadmap for building an AI risk management program from scratch, mapped to the NIST AI RMF and designed to produce real governance outcomes within four months.
When AI Goes Wrong: Building an AI Incident Response Plan
Discriminatory outputs, hallucinations in critical contexts, model failures — AI incidents are inevitable. Here's how to build a response plan before something goes wrong, not after.
Shadow AI Is Your Biggest Compliance Risk (And How to Fix It)
Employees are using ChatGPT, Claude, and Copilot without organizational oversight. Here's why that's a compliance problem and what practical steps actually work to address it.
ISO 42001 Explained: The AI Management System Standard
ISO 42001 is the first international standard for AI management systems. Here's what it covers, how it maps to the EU AI Act and NIST AI RMF, what certification involves, and whether it's worth the investment.
NIST AI RMF in Practice: From Framework to Action Plan
A step-by-step guide to implementing the NIST AI Risk Management Framework, translating the four core functions into concrete activities your organization can start this quarter.