Legal & Compliance
Legal & Compliance
The law is scrambling to keep up with AI. New regulations, court rulings, and enforcement actions are arriving monthly. This section tracks all of it — jurisdiction by jurisdiction, authority by authority, case by case.
If you’re deploying AI, advising on AI, or affected by AI decisions, this is where the rules live.
The EU
The most comprehensive regulatory framework in the world.
- EU AI Act — The first major AI-specific law. Risk-based categories. Fines up to 7% of global turnover.
- GDPR & AI — How data protection law applies to AI. The tensions, the enforcement, the practical guidance.
- EU Country Codes & Authorities — All 27 member states. Who regulates AI. Who regulates data. How they overlap.
The US
A patchwork of executive orders, state laws, and agency guidance.
- US AI Executive Order — Biden’s Oct 2023 order. Reporting requirements, safety standards, NIST frameworks.
- State laws — California, Colorado, and others (to be expanded)
- Federal agencies — NIST, FTC, and their AI-specific work (to be expanded)
Standards & Best Practice
The voluntary frameworks.
- ISO 42001 AI Management System — The AI equivalent of ISO 27001. Certifiable. Growing in importance.
- NIST AI Risk Management Framework (to be expanded)
Court Rulings
Landmark cases that are writing AI law in real time.
- NYT v OpenAI — Can you train AI on copyrighted content? The case that could redefine the economics of the industry.
- Getty v Stability AI — Image generation and copyright under UK law.
- Thaler v Perlmutter — Can AI be an author? US court says no. Copyright requires human authorship.
- Clearview AI — Regulatory Actions — Mass facial recognition scraping. Multiple jurisdictions. €90M+ in fines.
Regulator Watch
What regulators are saying, doing, and signalling. Our early warning system.
Tracking: EU AI Office, EDPB, CNIL, ICO, NIST, FTC, UK AI Safety Institute, OECD, and more. See Regulator Watch for the full monitoring dashboard.
Supply Chain
AI governance in procurement. How to assess vendors. Third-party risk.
supply-chain/— To be expanded
Why This Matters
Three reasons to care about AI regulation, even if you’re not a lawyer:
1. Compliance is mandatory. The EU AI Act applies to anyone serving EU users. Non-compliance: €35M or 7% of global turnover.
2. The rules shape what gets built. Regulation determines what’s legal to deploy, what needs oversight, what needs documentation. It shapes the product.
3. It’s moving fast. New enforcement actions, court rulings, and guidance appear constantly. What was legal last year might not be next year.
Who This Section Serves
| You are… | Start here |
|---|---|
| A business deploying AI | EU AI Act → ISO 42001 AI Management System → GDPR & AI |
| A developer building AI products | AI Safety Courses (developer path) → Prompt Injection → EU AI Act |
| A lawyer or compliance officer | Court Rulings → Regulator Watch → EU Country Codes & Authorities |
| A regulator | Regulator Watch → Court Rulings → cross-jurisdiction comparison |
| Curious about the rules | Start with EU AI Act — it’s the most comprehensive single reference |
Go Deeper
- AI Safety & Ethics — The principles behind the rules. Practical security too.
- AI Security — The threats that drive regulation
- AI Companies — The companies these laws regulate
- AI Models — The technology the law is trying to govern
- AI Intelligence Hub — Back to the hub home
- The use of AI in the workplace – from permitted to prohibited practices