Compliance Monitor

AI Compliance & Law Monitor

Authoritative regulatory updates for AI operators. Track federal, state, and international AI laws with actionable guidance.

Last updated: January 15, 2026

Active Frameworks

Recent Updates

10+

Jurisdictions

20+

Sources Monitored

Upcoming Deadlines

Colorado AI Act Signed - First Comprehensive State AI Law

Colorado Legislature

Feb 1, 2026

Effective Date

Recent Regulatory Updates

CriticalCISA • 12/5/2024

CISA Issues AI Security Advisory for Critical Infrastructure

CISA releases security advisory on AI system vulnerabilities affecting critical infrastructure, including prompt injection and model manipulation attacks.

Impact:

•Affects AI in critical infrastructure
•Covers energy, healthcare, finance sectors
•Immediate patching recommended
•Incident reporting required

Recommended Actions:

Patch affected AI systems immediately
Implement input validation
Enable AI-specific logging
Report incidents to CISA

CriticalEuropean Commission • 12/1/2024

EU AI Act: High-Risk AI Systems Requirements Published

European Commission publishes detailed technical requirements for high-risk AI systems under the EU AI Act, including conformity assessment procedures and documentation requirements.

Impact:

•All high-risk AI systems must comply
•Affects healthcare, employment, education, law enforcement AI
•Requires technical documentation and conformity assessment
•Penalties up to 35M EUR or 7% global turnover

Recommended Actions:

Review if your AI systems qualify as high-risk
Begin conformity assessment preparation
Update technical documentation
Establish quality management system

HighFTC • 11/20/2024

FTC Issues Warning on AI-Generated Deceptive Content

Federal Trade Commission warns companies about liability for AI-generated deceptive content, including deepfakes and synthetic media used in advertising or fraud.

Impact:

•Applies to all commercial AI content generation
•Covers advertising, marketing, customer service
•Includes liability for third-party AI tools
•Enforcement actions already underway

Recommended Actions:

Audit AI-generated marketing content
Implement disclosure requirements
Review vendor AI tool agreements
Train staff on FTC AI guidelines

HighNIST • 11/15/2024

NIST Releases AI RMF 1.1 with Generative AI Profile

NIST updates the AI Risk Management Framework with specific guidance for generative AI systems, addressing unique risks like hallucinations, bias amplification, and content authenticity.

Impact:

•Applies to all organizations using generative AI
•New risk categories for LLMs
•Enhanced testing requirements
•Content provenance guidance

Recommended Actions:

Update AI risk assessments for GenAI
Implement content authenticity measures
Review hallucination mitigation strategies
Document model limitations

HighCalifornia CPPA • 11/1/2024

California CPPA Proposes Automated Decision-Making Rules

California Privacy Protection Agency proposes new regulations for automated decision-making technology (ADMT), requiring opt-out rights and impact assessments.

Impact:

•Affects all businesses with CA consumers
•Covers profiling and automated decisions
•Requires pre-deployment impact assessments
•Consumer opt-out rights mandated

Recommended Actions:

Inventory all ADMT systems
Prepare impact assessment templates
Implement opt-out mechanisms
Update privacy notices

MediumUK AI Safety Institute • 10/15/2024

UK AI Safety Institute Releases Evaluation Framework

UK AI Safety Institute publishes comprehensive evaluation framework for frontier AI models, establishing benchmarks for safety testing before deployment.

Impact:

•Voluntary framework for AI developers
•Focus on frontier/foundation models
•Establishes safety benchmarks
•May influence future regulation

Recommended Actions:

Review evaluation criteria for your models
Consider voluntary safety testing
Monitor for regulatory developments
Engage with AISI consultations

HighColorado Legislature • 5/17/2024

Colorado AI Act Signed - First Comprehensive State AI Law

Colorado becomes first US state to pass comprehensive AI legislation, requiring impact assessments and disclosure for high-risk AI systems.

Impact:

•First comprehensive state AI law
•Applies to deployers and developers
•High-risk AI systems regulated
•Consumer notification required

Recommended Actions:

Assess if systems are high-risk
Prepare for impact assessments
Plan disclosure mechanisms
Monitor implementation guidance

Key Frameworks & Regulations

EU Artificial Intelligence Act

European Commission • v2024

World's first comprehensive AI law establishing a risk-based regulatory framework for AI systems in the European Union.

•Risk-based approach: Unacceptable, High, Limited, Minimal risk categories
•Prohibits social scoring, real-time biometric surveillance (with exceptions)
•High-risk AI requires conformity assessments and CE marking
•Transparency obligations for chatbots and deepfakes

European UnionView Full Framework

OpenAI Model Specification - Safety Guidelines

OpenAI • v1.0

OpenAI releases detailed model specification document outlining safety behaviors, refusal categories, and alignment principles for AI assistants.

•Defines safe AI assistant behaviors
•Establishes refusal categories
•Outlines alignment principles
•Provides implementation guidance

InternationalView Full Framework

ISO/IEC 42001 - AI Management System

ISO • v42001:2023

International standard for establishing, implementing, and maintaining an AI management system.

•First international AI management system standard
•Based on Plan-Do-Check-Act cycle
•Covers AI policy, risk assessment, and controls
•Certifiable standard for organizations

InternationalView Full Framework

Anthropic Responsible Scaling Policy (RSP)

Anthropic • v1.0

Anthropic publishes Responsible Scaling Policy defining AI Safety Levels (ASL) and commitment to pause scaling if safety measures are insufficient.

•Defines AI Safety Levels ASL-1 to ASL-4
•Commits to safety evaluations before scaling
•Establishes red lines for deployment
•Requires security measures per ASL

InternationalView Full Framework

OWASP Machine Learning Security Top 10

OWASP • v2023

Top 10 security risks for machine learning systems, providing guidance for secure AI development.

•ML01: Input Manipulation (Adversarial Attacks)
•ML02: Data Poisoning
•ML03: Model Inversion Attacks
•ML04: Membership Inference

InternationalView Full Framework

NYC Local Law 144 (Automated Employment Decision Tools)

NYC DCWP • v2023

New York City law requiring bias audits for AI tools used in hiring and promotion decisions.

•Annual bias audits required for AEDTs
•Results must be publicly posted
•Candidates must be notified 10 days before use
•Applies to employers and employment agencies in NYC

New York City, USAView Full Framework

NIST AI Risk Management Framework (AI RMF 1.0)

NIST • v1.0

Voluntary framework providing organizations with guidance for managing AI risks throughout the AI lifecycle.

•Four core functions: Govern, Map, Measure, Manage
•Emphasizes human oversight and accountability
•Applies to all AI systems, not just high-risk
•Encourages continuous monitoring and improvement

United StatesView Full Framework

MITRE ATLAS (Adversarial Threat Landscape for AI Systems)

MITRE • v2023

Knowledge base of adversary tactics and techniques against AI systems, modeled after ATT&CK.

•Catalogs real-world AI attack techniques
•Organized by tactics: Reconnaissance to Impact
•Includes case studies of AI attacks
•Provides mitigations for each technique

InternationalView Full Framework

California Consumer Privacy Act (CCPA/CPRA)

California Privacy Protection Agency • vCPRA 2023

California's comprehensive privacy law with specific provisions for automated decision-making technology.

•Right to opt-out of automated decision-making
•Businesses must disclose use of ADM technology
•Risk assessments required for certain processing
•Right to access information about ADM logic

California, USAView Full Framework

General Data Protection Regulation (GDPR)

European Commission • v2016/679

EU regulation on data protection and privacy, with significant implications for AI systems processing personal data.

•Right to explanation for automated decisions (Article 22)
•Data minimization applies to AI training data
•Privacy by design required for AI systems
•Data Protection Impact Assessments for high-risk processing

European UnionView Full Framework

Stay Compliant

Get notified when critical regulatory changes affect your organization. All features are free during our beta period until 2026.

View AI Briefing Request a Source