Global AI Regulations Hub

Most boards still treat AI regulation as a 2027 problem.The EU just made it a 2026 problem.

Six global regimes, dozens of sector overlays, and a wall of state-level laws are landing inside the next eighteen months. This is the operator's map. What applies, what triggers it, what evidence you need, and what it costs if you do nothing.

Download the AI Regulations Playbook
6

Global regimes

EU AI Act, NIST, ISO 42001, UK, SG, CA

10

Sector overlays

Healthcare, finance, manufacturing, more

€35M

Max EU penalty

Or 7% of global revenue

2026

When it hits

EU high-risk + US state laws in force

Filter by sector

The Six Global Regimes

Pick the one you think doesn't apply to you. It probably does.

Each card shows scope, what triggers it, the obligations you inherit, the evidence you need on file, and the penalty exposure. Click any card to open the full detail.

Sector Overlays

Every sector has its own rulebook.

The global regimes set the floor. Your sector regulators add the rest. Use the sector filter above to pull the overlays that apply to you.

Enforcement Timeline

The next 30 months, on one screen.

Feb 2025EU AI Act prohibited practices in force.
Aug 2025EU AI Act GPAI model obligations in force.
Feb 2026Colorado AI Act effective. Texas TRAIGA enforcement begins.
Aug 2026EU AI Act high-risk Annex III systems in force.
Jan 2027EU Machinery Regulation 2023/1230 fully applies.
Aug 2027EU AI Act full enforcement including legacy high-risk systems.

Where audits actually start

An auditor opens with one of three questions. Be ready for all three.

01

Show me your AI inventory.

Every model, agent, and AI-enabled feature in production. If the answer takes more than two days, you have already failed step one.

What you produce

Model registry, intended-use statements, business owner per system.

02

Show me your risk classification per system.

Which systems are high-risk under EU Annex III. Which trigger sector overlays. Which use generative AI requiring AI 600-1 treatment.

What you produce

Risk classification documentation, conformity assessment status, GenAI risk profile.

03

Show me the evidence for one system end-to-end.

TEVV results, data lineage, human oversight logs, incident reporting trail, change control. The audit is the artifacts, not the policy deck.

What you produce

Per-system audit package: design records, validation, monitoring, incidents.

Lead magnet

The AI Regulations Playbook

A 4-page board-ready brief. The six global regimes, the timeline, the audit-trigger questions, and a one-page checklist of the evidence your team needs on file. Built for CEO and CFO use, not for a compliance binder.

Download the Playbook

Map your exposure before someone else does.

A Sophizo Regulatory Diagnostic produces your AI inventory, risk classification per system, gap analysis against the regimes that apply, and a 90-day remediation plan. Board-ready. Auditor-defensible.