AI compliance

AI compliance, in plain English

What the EU AI Act, GDPR, and HIPAA actually require when your team uses AI — and how to get compliant without a 100-page program.

What does the EU AI Act require if your company uses AI?

If your company uses AI tools like ChatGPT or Claude, the EU AI Act mostly requires governance, not engineering: know wh

Read →

How do you use AI tools without breaking GDPR?

Under GDPR, entering personal data into an AI tool is processing it — so you need a lawful basis, a Data Processing Agre

Read →

Can you use ChatGPT or other AI tools with PHI under HIPAA?

Under HIPAA, you may only use an AI tool with Protected Health Information (PHI) if the vendor will sign a Business Asso

Read →

How do you build an AI governance program (without a 100-page binder)?

A workable AI governance program comes down to five things: an inventory of AI tools in use, a clear AI usage policy, da

Read →

What does AI compliance look like for healthcare?

For healthcare, safe AI use means treating every AI tool as a potential PHI exposure: only use vendors that sign a BAA,

Read →

What does AI compliance look like in financial services?

In financial services, AI use intersects GLBA, SOX, GDPR/CCPA, and sector rules — so the priorities are keeping customer

Read →

Know your exposure in 2 minutes

Free AI Exposure assessment — risk scored and mapped to the regulations that apply to you.

Assess your AI risk — freeTalk to a Fractional CAIO →

We use privacy-respecting analytics to understand how visitors use this site. No data is shared with AI providers and you can decline at any time.