The seven frameworks at a glance
| Framework | What it governs | Who it binds | Status (June 2026, best-effort) |
|---|
| HIPAA | Protected Health Information (PHI) handled by covered entities and their business associates | US healthcare providers, plans, clearinghouses, and their vendors | Active. BAAs required before any vendor touches PHI. |
| GLBA Safeguards Rule | Customer financial information at non-bank financial institutions | FTC-regulated financial institutions | Active. 2023 amendments fully in force; FTC breach-notification rule live since May 2024. |
| SOX (AS 2201 / AS 2101) | Internal control over financial reporting at US public companies | SEC registrants and their auditors | PCAOB amended standards effective for fiscal years beginning on or after Dec 15, 2026. |
| GDPR (incl. Art. 22) | Personal data of people in the EU/UK; automated decision-making with legal or similarly significant effects | Any controller or processor handling EU/UK personal data | Active since 2018. ICO + Alan Turing Institute AI guidance published 2020. |
| CCPA + ADMT regulations | Personal information of California residents; automated decision-making technology for significant decisions | Businesses meeting CCPA thresholds | CPPA ADMT/risk-assessment/cyber-audit rules took effect Jan 1, 2026; ADMT compliance required by Jan 1, 2027. |
| EU AI Act | AI systems placed on the EU market by risk tier (prohibited, high-risk, limited-risk, minimal) | Providers, deployers, importers, distributors with EU touchpoints | Art. 5 prohibitions in force since Feb 2, 2025. High-risk Annex III obligations: original date Aug 2, 2026; May 2026 Omnibus political agreement proposes deferral to Dec 2, 2027 (not yet formally adopted as of June 2026). |
| NIST AI RMF 1.0 / ISO 42001 | Voluntary US framework (GOVERN-MAP-MEASURE-MANAGE) and certifiable international AI Management System standard | Anyone designing, deploying, or evaluating AI | RMF 1.0 published Jan 26, 2023; GenAI Profile 2024. ISO 42001 published Dec 2023; hyperscaler certifications began 2024. |
FrameworkHIPAA
What it governsProtected Health Information (PHI) handled by covered entities and their business associates
Who it bindsUS healthcare providers, plans, clearinghouses, and their vendors
Status (June 2026, best-effort)Active. BAAs required before any vendor touches PHI.
FrameworkGLBA Safeguards Rule
What it governsCustomer financial information at non-bank financial institutions
Who it bindsFTC-regulated financial institutions
Status (June 2026, best-effort)Active. 2023 amendments fully in force; FTC breach-notification rule live since May 2024.
FrameworkSOX (AS 2201 / AS 2101)
What it governsInternal control over financial reporting at US public companies
Who it bindsSEC registrants and their auditors
Status (June 2026, best-effort)PCAOB amended standards effective for fiscal years beginning on or after Dec 15, 2026.
FrameworkGDPR (incl. Art. 22)
What it governsPersonal data of people in the EU/UK; automated decision-making with legal or similarly significant effects
Who it bindsAny controller or processor handling EU/UK personal data
Status (June 2026, best-effort)Active since 2018. ICO + Alan Turing Institute AI guidance published 2020.
FrameworkCCPA + ADMT regulations
What it governsPersonal information of California residents; automated decision-making technology for significant decisions
Who it bindsBusinesses meeting CCPA thresholds
Status (June 2026, best-effort)CPPA ADMT/risk-assessment/cyber-audit rules took effect Jan 1, 2026; ADMT compliance required by Jan 1, 2027.
FrameworkEU AI Act
What it governsAI systems placed on the EU market by risk tier (prohibited, high-risk, limited-risk, minimal)
Who it bindsProviders, deployers, importers, distributors with EU touchpoints
Status (June 2026, best-effort)Art. 5 prohibitions in force since Feb 2, 2025. High-risk Annex III obligations: original date Aug 2, 2026; May 2026 Omnibus political agreement proposes deferral to Dec 2, 2027 (not yet formally adopted as of June 2026).
FrameworkNIST AI RMF 1.0 / ISO 42001
What it governsVoluntary US framework (GOVERN-MAP-MEASURE-MANAGE) and certifiable international AI Management System standard
Who it bindsAnyone designing, deploying, or evaluating AI
Status (June 2026, best-effort)RMF 1.0 published Jan 26, 2023; GenAI Profile 2024. ISO 42001 published Dec 2023; hyperscaler certifications began 2024.
HIPAA: the BAA is the gate
HIPAA's logic is simple. If a vendor creates, receives, maintains, or transmits PHI on behalf of a covered entity, it is a business associate, and a signed Business Associate Agreement must be in place before PHI flows to that vendor. The Privacy Rule and Security Rule then layer on top.
For AI, this collapses into one practical question: is the surface you are using covered by a BAA, or not? Public ChatGPT (the consumer product), Claude Free, Claude Pro, Claude Max, and Claude Team plans are not. Inputting PHI into any of them is a HIPAA violation, full stop, regardless of how careful the prompt is. Anthropic publishes a BAA that covers the Anthropic API and Enterprise plans but explicitly excludes Workbench, Console, the consumer apps, and beta features. OpenAI offers BAAs for ChatGPT Enterprise, ChatGPT Edu, and API customers with managed accounts. Azure OpenAI Service is covered under Microsoft's standard BAA for text workloads, with documented modality caveats (image and realtime audio handling lag the text coverage; verify before sending PHI through those paths).
If you cannot get a BAA, or the use case falls outside one (research with re-identifiable data, beta features, image inputs not yet covered), the safe alternative is local inference: an Ollama-served open-weights model on hardware you control, with no PHI leaving your network and no third-party processor in the chain.
The BAA should also explicitly prohibit the vendor from using your PHI to train, improve, or refine its models. This is now table-stakes language, but verify the exact clause.
HIPAA: do, never-do, evidence
Do
45 CFR 164.502, 164.504
Execute a BAA before any PHI touches an AI surface. Use Azure OpenAI under Microsoft's BAA, the Anthropic API with a signed BAA, ChatGPT Enterprise with a sales-managed BAA, or a local Ollama deployment with no third-party processor. Maintain an asset inventory of which AI surface gets which class of PHI.
Do not paste PHI into a consumer ChatGPT, Claude Pro, Gemini consumer app, or any free public chatbot. Do not assume a vendor's general SOC 2 report or enterprise security marketing language substitutes for a HIPAA BAA. It does not.
Signed BAA on file. Data flow diagram showing which AI service handles which PHI class. Logged consent for any patient-facing AI feature. Vendor list with BAA status reviewed annually.
GLBA Safeguards Rule: written program, named owner, encrypted everywhere
GLBA's Safeguards Rule (16 CFR Part 314), amended in 2021 and 2023, governs how non-bank financial institutions protect customer information. It does not mention AI by name, but it captures any AI system that processes or has access to customer financial data through its general technical requirements.
The core obligations: a written information security program, a designated Qualified Individual (often functionally a CISO) responsible for it, encryption of customer information in transit and at rest (or a documented equivalent control), multi-factor authentication, access controls based on least privilege, secure disposal, and a written incident response plan. Since May 13, 2024, financial institutions covered by the rule must also notify the FTC no later than 30 days after discovering a security breach involving unencrypted customer information of 500 or more consumers.
The AI question becomes: does the model surface meet those controls? An LLM that retains your prompts in a vendor's training corpus is not encrypted at rest in your control. A consumer chatbot with no role-based access is not access-controlled. For finance lanes, the same pattern as HIPAA applies: enterprise-tier AI with a contract that mirrors GLBA's controls, or local inference. Many institutions treat AI vendors the same way they treat any other service provider under Section 314.4(f) — written risk assessment, due diligence, contractual obligations, periodic review.
Do: treat AI vendors as Section 314.4(f) service providers; require written contracts that mirror Safeguards Rule controls; document the risk assessment that justifies the vendor selection; designate the Qualified Individual who owns AI risk. Never do: let customer financial information flow into any AI surface without contractual coverage; skip the written risk assessment because the vendor has a marketing-page security certification. Evidence: signed service-provider agreement, risk assessment dated and signed by the Qualified Individual, encryption attestation, incident response plan that names the AI surfaces.
SOX: the AI said so is not a control
Sarbanes-Oxley Section 404 requires US public companies to maintain internal control over financial reporting (ICFR) and have those controls audited. The PCAOB's auditing standards (AS 2201 on integrated audits, AS 2101 on audit planning) were amended and, as of the most recent guidance, take effect for audits of fiscal years beginning on or after December 15, 2026. The substance: when AI is in the path of any control that produces or supports financial reporting, the AI's contribution must be auditable.
Three practical requirements emerge. First, the AI's output must be traceable. If a model categorizes journal entries, flags reconciliation breaks, or drafts narrative disclosures, the auditor will want to see the input, the model version, the timestamp, and the human review step. Prompt-and-response logs with cryptographic timestamps are increasingly the baseline. Second, model changes must be controlled. A model upgrade that silently changes how a control behaves is a SOX change-management event, not a product update. Third, the human in the loop must be real. A reviewer who clicks through 200 flagged entries in 90 seconds is not exercising control judgment, and an auditor with a sample-testing protocol will notice.
AI can strengthen SOX programs — continuous control monitoring, anomaly detection, and journal-entry analytics are well-established uses. But the bar is that the AI augments human judgment, and the augmentation is logged.
Do: log every AI-touched control (input, model version, output, timestamp, reviewer, decision); version-control prompts and model configurations like code; run change management for model upgrades touching financial-reporting paths. Never do: let an AI output flow into financial reporting without a documented human review step; upgrade the model touching ICFR without a controlled change; rely on vendor documentation alone — your auditor will ask for your evidence. Evidence: control narrative naming the AI system; sample test results showing reviewer judgment was exercised; change log for model version changes; walkthrough documentation an auditor can follow end-to-end.
GDPR Article 22 and the ICO guidance
GDPR's broader rules (lawful basis under Art. 6, special-category data under Art. 9, data subject rights under Arts. 15-22, security under Art. 32) apply to AI the same way they apply to any other processing. The AI-specific point of pressure is Article 22.
Article 22 gives every data subject the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects or similarly significantly affects them. Exceptions exist (necessary for a contract, authorized by law with safeguards, explicit consent), but even when an exception applies, the data subject retains the right to obtain human intervention, to express their point of view, and to contest the decision.
The ICO and the Alan Turing Institute published 'Explaining decisions made with AI' in May 2020, which is still the working reference for the UK and broadly aligned with EU-level guidance. The headline: a human cannot 'rubber stamp' an AI decision and call it not-solely-automated. ICO guidance is explicit that human involvement is meaningful only when the human has the authority and the practical capacity to change the decision. A reviewer who lacks the data, the time, or the institutional permission to override the model is, in regulatory terms, ornament.
In the UK, the Data (Use and Access) Act 2025 narrows the scope of Art. 22 slightly via a new Art. 22A, but the meaningful-human-involvement standard persists. The EU position has not changed.
Do: identify any AI system that makes solely automated decisions with legal or similarly significant effect; establish a lawful basis under Art. 6 (and Art. 9 if special-category data); provide meaningful information about the logic involved; build a real human-review path with the authority to override. Never do: assume Art. 22 does not apply because a human checks at the end — if that human cannot realistically override, the decision is still solely automated; skip the DPIA for high-risk AI processing. Evidence: records of processing (Art. 30); DPIA for high-risk AI; documented lawful basis; plain-language explanation of model logic and consequences; logs of human-override events that show the path is real.
CCPA + the 2026 ADMT regulations
California's privacy regime parallels GDPR in spirit but with US-specific mechanics. The California Privacy Protection Agency finalized regulations in 2025 covering Automated Decisionmaking Technology (ADMT), cybersecurity audits, and risk assessments. They took effect January 1, 2026, with phased compliance deadlines.
The ADMT rules apply when a business uses automated decision-making technology to make a 'significant decision' — defined in the final regulations as a decision that results in the provision or denial of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services. Where ADMT is used for significant decisions, businesses must provide: a pre-use notice; an opt-out right (with limited exceptions); and an access right covering information about the ADMT's use. Businesses already using ADMT for significant decisions before January 1, 2027 must reach full compliance by that date.
Risk assessments for high-risk processing must be completed (with initial assessments for pre-existing processing due by December 31, 2027) and partial summaries submitted to the CPPA by April 1, 2028. Cybersecurity audits phase in by revenue band — businesses over $100M annual revenue must complete their first audit by April 1, 2028; smaller bands follow.
Do: classify whether any of your AI touches a 'significant decision' under the CCPA definition; wire the three rights (pre-use notice, opt-out, access) into the user flow from day one; complete risk assessments and prepare for CPPA submission; schedule the cybersecurity audit consistent with your revenue band. Never do: assume CCPA is just a US version of GDPR with no AI-specific obligations — the ADMT rules are now distinct and binding. Evidence: ADMT inventory; pre-use notice copy; opt-out mechanism log; risk-assessment file; cybersecurity audit on the calendar.
EU AI Act: the risk-tier compass
The EU AI Act classifies AI systems into four risk tiers with very different obligations. The Article 5 prohibitions have been in force since February 2, 2025. The high-risk obligations were originally due August 2, 2026, but in May 2026 EU institutions reached political agreement on an Omnibus amendment that defers stand-alone Annex III high-risk system obligations to December 2, 2027 and AI embedded in regulated products under Annex I to August 2, 2028. That deferral is not yet formally adopted as of June 2026 — check the Official Journal before relying on it.
The maximum fines exceed GDPR: up to €35M or 7% of global annual turnover for prohibited-practice violations.
Do: map your AI systems to risk tiers now, even if you are not in scope yet; if you might be high-risk, start the conformity-assessment paperwork early (quality management system, technical documentation, post-market monitoring, EU database registration); watch the Omnibus amendment formal adoption. Never do: deploy an Article 5 prohibited practice in the EU under any circumstance; assume you are out of scope because you are not headquartered in the EU — the Act applies to systems placed on the EU market or whose outputs are used in the EU. Evidence: risk-tier classification record; technical documentation per Annex IV (for high-risk); logs of operations; human-oversight design documentation; conformity assessment certificate where required.
- Prohibited (Art. 5): social scoring with disproportionate or out-of-context effects; certain biometric categorization (inferring race, political opinion, union membership, religion, sexual orientation); real-time remote biometric identification in public spaces by law enforcement except under narrow conditions; AI exploiting vulnerabilities; certain manipulative systems. In force since Feb 2, 2025.
- High-risk (Annex III stand-alone + Annex I embedded): recruitment, credit scoring, education, law enforcement, border, critical infrastructure, medical devices, machinery, vehicles. Obligations: risk management system, data governance, technical documentation, logging, human oversight, accuracy/robustness/cybersecurity, conformity assessment, EU database registration.
- Limited-risk: transparency obligations — chatbots must disclose they are AI; deepfakes must be labeled; generative AI must mark synthetic content.
- Minimal-risk: no specific obligations beyond voluntary codes of conduct.
- General-purpose AI (GPAI) models: separate obligations on providers, with extra requirements for systemic-risk models above the compute threshold.
NIST AI RMF: voluntary, but the de-facto US frame
The NIST AI Risk Management Framework 1.0, published January 26, 2023, is voluntary, but it has become the working language of US AI risk governance. It is frequently referenced in vendor contracts, in board-level AI policies, and as a crosswalk to other frameworks including ISO 42001.
The Framework is built around four functions, intended to operate continuously rather than sequentially. GOVERN — establish a culture of risk management. Policies, accountabilities, processes, training. GOVERN is cross-cutting and applies at every stage. MAP — understand the context and the AI system. Who are the stakeholders, what is the intended use, what is the impact, what are the legal and ethical considerations, what data does it use. MEASURE — analyze and assess. Quantitative and qualitative metrics for trustworthiness characteristics (validity, reliability, safety, security, accountability, transparency, explainability, privacy, fairness). MANAGE — respond to identified risks. Prioritize, allocate resources, implement controls, plan for incidents.
The companion AI RMF Playbook gives concrete suggestions for each subcategory, and the Generative AI Profile (NIST AI 600-1, 2024) extends the framework to GenAI-specific risks. Adopting RMF 1.0 will not by itself make you HIPAA-compliant or GDPR-compliant, but it gives you the connective tissue that those frameworks all expect you to have.
ISO/IEC 42001: the certification path
ISO/IEC 42001:2023, published December 2023, is the first international management-system standard for AI. It is to AI what ISO/IEC 27001 is to information security — a certifiable management system rather than a technical specification. Organizations design, document, and operate an AI Management System (AIMS) covering the AI lifecycle from concept to retirement, then have it audited by an accredited certification body.
The standard follows the standard ISO management-system structure (clauses 4-10): context, leadership, planning, support, operation, performance evaluation, and improvement. Annex A lists controls covering policies, internal organization, resources, impact assessment, lifecycle, data, information for stakeholders, AI system use, and third-party and customer relationships.
As of 2024, major cloud providers including AWS and Microsoft began publishing ISO 42001 certifications for their AI services. For enterprise buyers in regulated industries, a vendor's ISO 42001 certificate is increasingly part of standard due diligence — not a replacement for HIPAA BAAs or GLBA contractual controls, but a strong signal that the vendor has a real, audited program.
Achieving certification yourself is a multi-quarter effort. The value is in the discipline: writing down what you actually do, identifying gaps, and creating the artifact trail that makes every other framework on this page easier to evidence.
Compliance calendar (best-effort as of June 2026 — verify before relying)
Feb 2, 2025
EU AI Act Art. 5 prohibitions in force
Prohibited AI practices became enforceable across the EU.
May 13, 2024
FTC Safeguards Rule breach-notification live
Non-bank financial institutions must notify FTC within 30 days of a qualifying breach affecting 500+ consumers.
Jan 1, 2026
CCPA ADMT/risk-assessment/cybersecurity-audit regulations effective
California's new rules took effect; phased compliance deadlines follow.
Aug 2, 2026 (original)
EU AI Act high-risk obligations original date
Original date for Annex III high-risk obligations. May 2026 Omnibus political agreement proposes deferral; not yet formally adopted as of June 2026.
Dec 15, 2026
PCAOB amended AS 2201 / AS 2101 effective
Applies to audits of fiscal years beginning on or after this date. AI-touched controls move into formal audit scrutiny.
Jan 1, 2027
CCPA ADMT compliance deadline
Businesses using ADMT for significant decisions before this date must be in full compliance.
Dec 2, 2027 (proposed)
EU AI Act Annex III high-risk obligations (deferred)
Under the May 2026 Omnibus political agreement, stand-alone Annex III high-risk system obligations would apply from this date. Subject to formal adoption.
Dec 31, 2027
CCPA initial risk assessments due
For processing activities already underway as of Jan 1, 2026.
Apr 1, 2028
First CCPA cybersecurity audits due ($100M+)
Businesses with annual revenue exceeding $100M file first audit. Smaller revenue bands phase in 2029 and 2030.
Aug 2, 2028 (proposed)
EU AI Act Annex I embedded high-risk obligations (deferred)
Under the May 2026 Omnibus political agreement. Subject to formal adoption.
If you remember three things
First: the consumer product and the enterprise product are not the same product. ChatGPT, Claude Pro, and Gemini consumer surfaces do not carry HIPAA BAAs or enterprise contractual controls. Move PHI, customer financial data, or EU-significant personal data only across surfaces that come with a contract. When in doubt, run a local Ollama model instead.
Second: the human in the loop must be real. GDPR Art. 22, the EU AI Act, SOX, and the CCPA ADMT rules all converge on the same point — a reviewer who lacks the authority, the time, or the data to override the model is not exercising oversight in the regulatory sense. Design the path so a 'no' from the human actually reverses the outcome, and log it.
Third: evidence beats intent. Write down the program, name the owner, log the decisions, version the model and the prompts, retain the logs. The compliance gap is rarely the technology — it is the missing artifact when someone shows up asking how you know this is working.
