EXPOSURE
Map your regulatory exposure.
Understand which AI regulations apply to your organization and when they take effect.
EXPOSURE ASSESSMENT
Which regulations apply to you?
AI coverage is not one-size-fits-all. Your exposure depends on your jurisdiction, industry, AI use cases, and system classifications. Use this assessment to understand your specific obligations.
JURISDICTION
Where your organization operates and where your users are located determines which AI laws apply.
KEY QUESTIONS
- Do you operate in the European Union?
- Do you have users or customers in the EU?
- Do you operate in any US state with AI laws?
- Do you have users or customers in any US state with AI laws?
COVERAGE IMPLICATIONS
- EU AI Act applies to all AI system operators in the EU
- EU AI Act applies to AI systems used by EU residents, regardless of operator location
- State AI laws apply to organizations operating in those states
- State AI laws may apply based on user location, not just operator location
INDUSTRY
Certain industries have additional AI coverage requirements beyond general regulations.
KEY QUESTIONS
- Are you in healthcare?
- Are you in legal services?
- Are you in financial services?
- Are you a government contractor?
COVERAGE IMPLICATIONS
- HIPAA and other healthcare regulations add additional AI coverage requirements
- ABA Rules and legal ethics requirements add additional AI coverage requirements
- SEC, FINRA, DORA, and other financial regulations add additional AI coverage requirements
- FedRAMP, EO 14110, and other government requirements add additional AI coverage requirements
AI USE CASES
Certain AI use cases are classified as high-risk and face stricter coverage requirements.
KEY QUESTIONS
- Do you use AI for credit scoring or lending decisions?
- Do you use AI for medical diagnosis or treatment recommendations?
- Do you use AI for legal analysis or case strategy?
- Do you use AI for hiring or employment decisions?
COVERAGE IMPLICATIONS
- Credit scoring and lending AI may be classified as high-risk under EU AI Act and US regulations
- Medical AI is classified as high-risk under EU AI Act Annex III
- Legal AI may have special coverage requirements under ABA Rules
- Employment AI may be classified as high-risk under EU AI Act and US regulations
AI SYSTEM CLASSIFICATION
How your AI systems are classified determines your coverage obligations.
KEY QUESTIONS
- Do you develop or deploy high-risk AI systems?
- Do you use third-party AI systems?
- Do you modify or fine-tune AI systems?
- Do you use general-purpose AI systems?
COVERAGE IMPLICATIONS
- High-risk AI system operators have the most stringent coverage obligations
- Users of high-risk AI systems have coverage obligations
- Modifying AI systems may make you an operator with full coverage obligations
- General-purpose AI systems may still be subject to transparency and disclosure requirements
REGULATORY TIMELINE
When do these regulations take effect?
AI coverage is not a future problem. It is happening now, in waves. Understanding the timeline is critical to understanding your urgency.
WAVE 1
AUGUST 2, 2026
EU AI Act Article 50 transparency enforcement begins. Chatbot identification and AI-generated content disclosure become mandatory.
AFFECTED ORGANIZATIONS
All organizations using AI systems accessible to EU users
URGENCY
IMMEDIATE
WAVE 2
JANUARY 1, 2027
US State AI Laws coverage. Colorado SB 24-205 and California CCPA Automated Decision-Making rules become enforceable.
AFFECTED ORGANIZATIONS
Organizations operating in Colorado and California using AI for automated decisions
URGENCY
HIGH
WAVE 3
DECEMBER 2, 2027
EU AI Act Annex III enforcement. Full high-risk operator obligations for AI systems in education, employment, essential services, and certain other categories.
AFFECTED ORGANIZATIONS
Operators of high-risk AI systems in EU and organizations serving EU users
URGENCY
HIGH
WAVE 4
AUGUST 2, 2028
EU AI Act Annex I enforcement. Full enforcement for safety-critical AI systems (medical devices, transportation, etc.).
AFFECTED ORGANIZATIONS
Operators of safety-critical AI systems in EU and organizations serving EU users
URGENCY
CRITICAL
EXPOSURE MATRIX
Your industry + jurisdiction = your exposure.
This matrix shows the coverage exposure for common industry and jurisdiction combinations. Find your cell to understand your likely obligations.
| INDUSTRY / JURISDICTION | EU | US | GLOBAL |
|---|---|---|---|
| Healthcare | HIGH (EU AI Act + HIPAA-equivalent) | HIGH (HIPAA + State AI laws) | CRITICAL |
| Legal | HIGH (EU AI Act + ABA-equivalent) | HIGH (ABA Rules + State AI laws) | CRITICAL |
| Finance | HIGH (EU AI Act + DORA) | HIGH (SEC/FINRA + State AI laws) | CRITICAL |
| Government | HIGH (EU AI Act + Public sector rules) | HIGH (FedRAMP + EO 14110) | CRITICAL |
| Enterprise (General) | MEDIUM (EU AI Act transparency) | MEDIUM (State AI laws) | HIGH |
| Education | MEDIUM (EU AI Act) | LOW-MEDIUM (State AI laws) | MEDIUM |
| Retail/E-commerce | LOW-MEDIUM (EU AI Act transparency) | LOW (State AI laws) | MEDIUM |
| Media/Entertainment | LOW (EU AI Act transparency) | LOW (State AI laws) | LOW-MEDIUM |
Note: This matrix provides general guidance only. Your specific exposure may vary based on your exact use cases, system classifications, and other factors. Consult with legal counsel for a definitive assessment.
UNDERSTAND YOUR EXPOSURE
Knowledge is the first step. Action is the next.
Now that you understand your regulatory exposure, it is time to take action. The Interceptor provides structural coverage for all four waves of enforcement.
BEGIN ONBOARDING →