The same governance substrate, tuned to the regulator on the other side of the table — CFPB, Fed, OCC, FDA, EU AI Act Article 9, Colorado AI Act.
The frameworks below are not hypothetical. Each is a live deadline or an already-active enforcement surface. Countdowns are computed fresh on every page load and tick every thirty seconds client-side.
High-risk AI — credit scoring, healthcare devices, fraud screening, worker management — must ship with documented risk management and regulator-readable evidence.
Non-compliant systems face suspension and fines up to 7% of global turnover.
Developers and deployers of high-risk AI must use reasonable care to protect consumers from algorithmic discrimination — and document governance, impact assessment, and consumer notice.
First U.S. comprehensive AI law. Applies to lending, employment, healthcare, insurance, and government services.
AI used in consumer-facing decisions — including lending, insurance, healthcare, employment, and housing — must meet documented governance, impact-assessment, and disclosure obligations enforced by the Texas Attorney General.
Texas joins Colorado as the second comprehensive U.S. state AI law. Penalties are tiered and per-violation.
Generative-AI providers with 1M+ monthly users must offer free AI-detection tools, embed manifest and latent disclosures in generated content, and contractually require licensees to maintain those disclosures.
First U.S. state law mandating watermarking and provenance disclosure on generative AI output.
Employers using AI in recruitment, hiring, promotion, or discharge decisions must provide notice, document non-discrimination testing, and avoid AI use that produces disparate impact.
Brings the second-largest employment market under bias-audit obligations on a fixed deadline.
Full conformity for high-risk AI in regulated products under Article 6 — and the end of the grandfather window for systems placed on the market before 2026.
The legacy carve-out closes. Every covered system in the field must produce the full evidence package.
ML-enabled medical devices must pre-specify the envelope within which the model may adapt in the field, and provide ongoing evidence of bounded behavior.
SaMD adaptive-ML is now governable without per-update 510(k). Evidence of envelope adherence is the regulatory ask.
Covered lenders must collect, retain, and report demographic and pricing data on small-business applications — including evidence that algorithmic scoring is non-discriminatory.
First-tier compliance is live; Tier 2 and 3 deadlines in 2025 and 2026.
Employers using AEDTs in hiring or promotion must complete annual independent bias audits and notify candidates.
First major jurisdiction to require bias-audit evidence for hiring AI. EEOC technical assistance follows.
Specifies the AI management system that organizations developing or using AI must establish, maintain, and continually improve — with audit-grade evidence.
Becoming the global procurement baseline. Customers and procurement teams now ask for 42001 conformity evidence.
Voluntary framework — Govern, Map, Measure, Manage — referenced by federal agencies, state regulators, and OMB as the baseline for AI risk evidence.
Treated as the floor of expectation across U.S. AI examinations and procurement.
Federal agencies must implement minimum AI risk-management practices for safety- and rights-impacting AI uses — and publish AI use-case inventories.
Sets the standard for AI vendors selling into the federal supply chain.
Healthcare entities receiving federal financial assistance must prevent discrimination in patient-care decision-support tools — including AI — and document risk identification, mitigation, and monitoring.
First federal healthcare AI nondiscrimination rule. Audit-grade evidence is the affirmative defense.
Model-risk framework for banking models — independent validation, documentation, ongoing monitoring.
Examiners now apply SR 11-7 to adaptive ML and agentic systems inside banks.
Medical device software, including ML-driven SaMD, must meet conformity assessment, post-market surveillance, and clinical evaluation evidence requirements.
Forces evidence of bounded behavior over the full device lifecycle. PCCP-equivalent rules now under negotiation in EU.
Consumer health data — including data inferred by AI — is protected with strict consent, processing, and audit-trail requirements.
Health-AI providers must produce per-decision audit evidence on demand. State template likely to spread.
Establishes state oversight of AI use by Texas agencies and produces recommendations that increasingly shape Texas state procurement and rule-making.
Early signal of how large U.S. states will frame AI procurement and disclosure.
Five stages and the evidence artifact. Isometric DFD-0.
Formal safety models, ODD, assurance cases, reviewer briefs.
How we are set up and why the trust structure matters.
Direct line to the inventor. No demo, no deck.
Fifteen minutes. Architecture, not sales. On the regulatory surface you already know.
