Compliance
Regulation is arriving. Here is what it means for how your organisation uses AI.
AI-specific regulation is no longer theoretical. The EU AI Act and amendments to the Australian Privacy Act both have fixed compliance dates in 2026, with penalties that will get attention at board level. We track the rules, the deadlines, and what they mean in practice.
California Wants to Ban Employers From Using Worker Data to Train AI That Replaces Their Jobs. The Bill Just Cleared Committee.
AB 2027 would bar employers from using worker data to train AI that replaces their jobs. It cleared committee on 22 April and is now in Appropriations.
ComplianceA Federal Judge Fined Two Oregon Lawyers USD 110,000 for AI-Fabricated Citations. US Courts Imposed at Least USD 145,000 in AI Sanctions in Q1 2026 Alone.
US courts imposed at least USD 145,000 in AI sanctions in Q1 2026. Oregon's record penalty and per-citation fine formula make AI hallucination costs scalable.
ComplianceThe DOJ Just Backed Elon Musk's xAI Against Colorado's AI Discrimination Law. Compliance Teams Should Keep Building Anyway.
The US Department of Justice intervened in xAI's constitutional challenge to Colorado SB24-205 on 24 April 2026, calling the state's algorithmic discrimination requirements unconstitutional. The law's 30 June 2026 compliance date has not changed.
ComplianceEU AI Act Delay Talks Collapsed. The 2 August 2026 High-Risk Deadline Is Back.
Twelve hours of EU trilogue negotiations broke down on 28 April 2026 without agreement on the Digital Omnibus reforms. The original 2 August 2026 deadline for high-risk AI systems and Article 50 transparency obligations is still in force. Compliance teams that were banking on an extension need to change course.
ComplianceThe FTC Has Quietly Built an AI Enforcement Playbook. A Dozen Cases in 2025 Show What Comes Next.
The FTC brought at least 12 AI-related enforcement actions in 2025, targeting deceptive capability claims, undisclosed automated decisions, and AI-generated fake content. Section 5 of the FTC Act is doing the work that AI-specific legislation has not.
ComplianceThe UK Just Made an AI Code of Practice a Legal Requirement. The ICO Has No Choice but to Write One.
A new statutory instrument requires the UK Information Commissioner to produce a formal code of practice on AI and automated decision-making. SI 2026/425 comes into force on 12 May 2026 and includes mandatory guidance on children's data.
ComplianceThe EU Just Moved the AI Act's High-Risk Deadline. Systems Deployed Before It May Never Have to Comply.
The EU is pushing back high-risk AI obligations from August 2026 to late 2027 or 2028. Non-retroactivity means systems deployed before those dates may never have to comply.
ComplianceDOJ Is Using Existing Law to Police AI-Generated Job Ads. Employers Are Still Treating It as a Tech Problem.
Two DOJ settlements in six weeks have put AI-assisted recruitment squarely inside federal anti-discrimination enforcement. The vendor did not draft the ads, the AI did, and the employer still paid.
ComplianceCanada's Privacy Act Review Puts AI Transparency and Mandatory PIAs on the Statutory Agenda
Canada has opened the first comprehensive review of its 1983 Privacy Act in 43 years. The proposed reforms would write AI transparency and mandatory privacy impact assessments into statute.
ComplianceAustralia's Draft Children's Online Privacy Code Quietly Sets a New Baseline for AI Data Handling
Australia's OAIC has released the draft Children's Online Privacy Code. The rules target children's data, but the AI design baseline they set will likely become the expectation for every AI system.
ComplianceConnecticut's Attorney General Just Showed How Existing Laws Already Regulate AI
Connecticut's Attorney General has mapped AI uses to existing privacy, civil rights and consumer protection laws. The message: regulators do not need new AI laws to come after you.
ComplianceNSW Has Passed Australia's First AI Workplace Safety Law. Here Is What Employers Need to Do Before It Starts.
NSW has passed Australia's first law putting AI explicitly inside the WHS Act. Both duties await proclamation. Employers using AI-driven rostering, monitoring or performance tools should be preparing now.
ComplianceAI Transparency Is Now a Legal Requirement: New York, Utah, and the EU Are Writing the Rules
New York requires generative AI accuracy warnings. Utah enacts provenance standards. The EU proposes a standard AI icon. These are hard UI requirements, consent obligations, and penalty regimes.
ComplianceFederal AI Preemption Moves From Executive Order to Legislative Blueprint
A White House legislative framework and a competing Senate draft both target state AI law pre-emption. Colorado's AI Act takes effect 30 June 2026. What compliance leads should do while federal and state laws collide.
ComplianceEU AI Act Enforcement Is Behind Schedule: Only 8 of 27 Member States Have Named AI Authorities
Member States were required to designate AI Act enforcement authorities by August 2025. Seven months late, only eight have done so. High-risk obligations start in August 2026.
ComplianceEU AI Act Compliance Tools Move to Two-Layer Transparency and Zero-Storage Design
A March 2026 update to an EU AI Act compliance tool shows how monitoring platforms are encoding the EU AI Office's emerging expectations: two-layer transparency, Article 14(4) automation bias checks, mandatory change-log tracking, and zero-storage documentation handling.
ComplianceAI Data Privacy in 2026: How EU AI Act, GDPR and US State Laws Now Collide
AI data privacy is a live enforcement risk in 2026, not a forward-looking concern. GDPR already applies to AI systems that process personal data. The EU AI Act adds a second layer from August 2026. US states added 145 more obligations in 2025 alone.
ComplianceFederal AI Preemption Push: Which State Laws Are Safe and Which Aren't
Washington is pushing to invalidate state AI laws but cannot do it overnight. A breakdown of which laws face real federal risk, which are effectively untouchable, and how compliance teams should operate in the gap.
ComplianceMarch 11 Federal AI Deadlines: What Businesses Everywhere Need to Watch
Two 90-day deadlines under Trump's December AI executive order land on March 11. The Commerce Department's state law evaluation and the FTC's AI policy statement will shape compliance decisions across US jurisdictions for the rest of 2026.
ComplianceOntario's IPC-OHRC AI Principles: A Governance Baseline Businesses Cannot Ignore
Ontario's Information and Privacy Commissioner and Human Rights Commission published joint AI principles in January 2026. Technically non-binding, they will ground regulatory assessments of AI adoption. Multiple law firms advise treating them as effective requirements.
ComplianceEU AI Act: What Australian Businesses Need to Know
The EU AI Act applies to Australian businesses touching EU customers, data, or markets. High-risk AI obligations start 2 August 2026. Here is what to do.
ComplianceAI Compliance Deadlines in 2026: What Every Business Needs to Know
The [EU AI Act](https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai) and Australian Privacy Act amendments both land in 2026 with real penalties. Here is what they require and what needs to happen before they arrive.