The regulatory perimeter inside which AI-driven clinical workflows and adaptive-learning medical devices now have to operate.
Every framework below is enforceable today or about to be. Velma evidence is the format both sides expect.
Sorted by soonest deadline first.
AI used in consumer-facing decisions (including lending, insurance, healthcare, employment, and housing) must meet documented governance, impact-assessment, and disclosure obligations enforced by the Texas Attorney General.
Texas joins Colorado as the second comprehensive U.S. state AI law. Penalties are tiered and per-violation.
Developers and deployers of high-risk AI must use reasonable care to protect consumers from algorithmic discrimination, and document governance, impact assessment, and consumer notice.
First U.S. comprehensive AI law. Applies to lending, employment, healthcare, insurance, and government services.
Final phase of patient-care AI nondiscrimination compliance. Covered entities must demonstrate active monitoring, mitigation, and documented risk-identification for all clinical decision-support tools in use.
Brings the full federal healthcare-AI nondiscrimination regime into routine examination on this date.
Comprehensive AI regulation covering high-risk AI in lending, healthcare, employment, and public services, with risk classification, governance documentation, and impact assessments enforced by the ANPD.
Largest Latin American market joining the EU/U.S. governance arc. Cross-border vendors face a third major framework.
Anticipated obligations for the largest frontier-AI developers. Safety case, capability evaluation, and incident reporting to a new statutory regulator.
UK is on track to be the third major frontier-AI regulator after the EU and California. Multinational vendors will face a fourth distinct framework.
AI systems and software are treated as products under EU law. Strict-liability for defects, with reversed burden of proof when claimants face technical complexity barriers.
Lending, healthcare, and agentic-AI vendors now carry product-defect liability. Tamper-evident audit evidence is the primary defense.
High-risk AI (credit scoring, healthcare devices, fraud screening, worker management) must ship with documented risk management and regulator-readable evidence.
Original 2 Aug 2026 deadline deferred by the Omnibus VII provisional agreement (May 2026). Standalone systems now in force 2 Dec 2027; embedded systems 2 Aug 2028. Fines up to 7% of global turnover. Deferral confirms the audit-format gap; it does not eliminate it.
Full conformity for the eight Annex III high-risk categories (including credit scoring, employment, education, law enforcement, and democratic processes) alongside Article 9.
Original 2 Aug 2026 deadline deferred by the Omnibus VII provisional agreement. Pulls every adaptive AI product touching one of these surfaces into the formal conformity-assessment process on the new date.
Full conformity for high-risk AI in regulated products under Article 6, and the end of the grandfather window for embedded systems.
Original 2 Aug 2027 deadline deferred to 2 Aug 2028 by the Omnibus VII provisional agreement. The legacy carve-out closes on this date. Every covered system in the field must produce the full evidence package.
The examiner can cite any of these on first request.
Healthcare entities receiving federal financial assistance must prevent discrimination in patient-care decision-support tools (including AI) and document risk identification, mitigation, and monitoring.
First federal healthcare AI nondiscrimination rule. Audit-grade evidence is the affirmative defense.
ML-enabled medical devices must pre-specify the envelope within which the model may adapt in the field, and provide ongoing evidence of bounded behavior.
SaMD adaptive-ML is now governable without per-update 510(k). Evidence of envelope adherence is the regulatory ask.
Consumer health data (including data inferred by AI) is protected with strict consent, processing, and audit-trail requirements.
Health-AI providers must produce per-decision audit evidence on demand. State template likely to spread.
Medical device software, including ML-driven SaMD, must meet conformity assessment, post-market surveillance, and clinical evaluation evidence requirements.
Forces evidence of bounded behavior over the full device lifecycle. PCCP-equivalent rules now under negotiation in EU.
Five stages. The evidence artifact. Sealed forecasts at horizon. Isometric DFD-0.
Formal safety models, ODD, assurance cases, reviewer briefs.
How we are set up and why the trust structure matters.
Direct line to the inventor. No demo, no deck.
Thirty minutes. Architecture, not sales. On the regulatory surface you already know.
