Anyone who develops, deploys, or uses AI — including new business owners, solo operators, freelancers, consultants, startups, and small businesses using off-the-shelf tools like ChatGPT or Copilot. If AI touches your work, your customers, or decisions about people, you have readiness and regulatory considerations worth understanding. You don’t need a big team to get started — but you do need a clear picture of what you’re using and what’s at stake.

Yes, if your AI system affects people in the EU or if the output of your AI system is used in the EU. This is similar to how GDPR applies to U.S. companies that handle EU residents' data. Many U.S. companies are subject to the EU AI Act without realizing it.

It varies by regulation. The EU AI Act can impose fines up to €35 million or 7% of global annual revenue. U.S. state laws vary — some carry civil penalties, others create private rights of action. The reputational and operational costs of enforcement actions often exceed the fines themselves.

Start with an inventory: what AI tools do you use, what data do they process, and what decisions do they influence? From there, put a basic acceptable use policy in place and identify the regulations that apply to your industry and geography. Our free AI Readiness Assessment above gives you a quick starting point.

Yes, but they can be lightweight. An acceptable use policy and a simple tool inventory put you ahead of the curve. You don't need a 50-page governance manual - you need clear expectations about what tools are approved, what data can go into them, and who is responsible for reviewing AI outputs. Start simple and build from there.

If you are using AI in a paid product, client work, automation, app, website, or business process, you should at least know what the AI does, what data it touches, what claims you make about it, and what you would change if something goes wrong. You do not need an enterprise governance manual. You need a simple record that keeps the basics from becoming invisible.

The Solo Builder AI Launch Kit is for one-person AI projects and focuses on launch claims, user data, disclosures, red flags, customer questions, model/vendor notes, incident notes, and change logs. The AI Governance Starter Kit is broader and better for founders, new businesses, consultants, operators, and lean teams that need inventories, use rules, risk intake, approval records, rollout materials, and governance basics.

Not yet. AI regulation is fragmented across jurisdictions and sectors. The NIST AI Risk Management Framework is the closest thing to a universal baseline, but it's voluntary. Most people dealing with AI end up touching multiple overlapping frameworks — which is why having a single resource that tracks all of them matters.

AIRegReady is a practical self-service starting point for AI governance documents and readiness work. It helps you understand the landscape, organize internal records, and identify better questions before engaging a consultant or law firm. Consultants and law firms remain valuable for complex situations and legal advice.

Extremely fast. New AI laws, amendments, and enforcement actions are appearing monthly. Over the past year, dozens of U.S. states passed AI-related legislation, the EU AI Act moved into active enforcement, Japan and South Korea adopted comprehensive AI laws, and the federal policy landscape shifted sharply. A December 2025 executive order set up a DOJ AI Litigation Task Force to challenge state AI laws, followed by a White House National Policy Framework in March 2026. Meanwhile, the May 2026 EU Digital Omnibus political agreement shifted many high-risk AI Act planning dates to December 2027 or August 2028, while transparency duties remain on the August 2026 track. Staying current is a real challenge — and a core reason this resource exists.