AI governance, as code

Governance for every jurisdiction. Starting with the EU.

AI regulation is arriving region by region. AiExponent generates the evidence each regime demands, and because the obligations overlap, you produce it once and map it everywhere. We begin with the most mature regime, the EU AI Act.

Not legal advice. Not a notified body. Tools produce evidence, not conformity assessment.

Coverage

European UnionTools live
United StatesCross-maps
Also tracking+4 regimes
Next enforcement · GPAI fining powers · 2 Aug 2026

The global picture

Every region is writing its own AI law.

We ship evidence where the law is enforceable today — the EU — and follow the wave outward, region by region, as each regime matures.

Next enforcement · GPAI fining powers · 2 Aug 2026
In force
European Union

Regulation (EU) 2024/1689 (AI Act)

Tools live
China

Interim Measures for the Management of Generative AI Services (2023) + Measures for Labeling of AI-Generated Synthetic Content (2025)

Tracking
Emerging
United States

No federal AI statute; NIST AI RMF 1.0 (voluntary) + state patchwork (Texas TRAIGA HB 149; Colorado SB 24-205 repealed)

Cross-maps
UAE & Saudi Arabia

National AI strategies + ethics charters (non-binding); a DIFC free-zone data regulation binding within the DIFC free zone only

Tracking
India

MeitY India AI Governance Guidelines (2025, non-binding) + Digital Personal Data Protection Act 2023 (data protection, not AI-specific)

Tracking
Proposed
Australia

Proposed Mandatory Guardrails for AI in High-Risk Settings (2024 proposals paper) — not adopted

TrackingNot adopted

Position = law maturity, badge = our coverage. Tracked against a citation-grade register, re-verified monthly. Not legal advice.

Live today · the EU toolchain

Four tools. One artefact per article.

Free · Apache 2.0 · zero telemetry

Art. 53 · in forceLive · v1.0.0

License Compliance Checker

Article 53 requires model documentation. Scan the repo; the licence and training-data report comes out.

licence + model reportJSONSBOM
bashpip install license-compliance-checker
Art. 9 · applies Dec 2027 · pending OJEULive · v1.0.0

RiskForge

Article 9 requires a documented risk management system. 37 guided questions produce the file, no consultants, ~30 minutes.

Risk Management FileJSONPDF
bashpip install riskforge
Art. 15 · applies Dec 2027 · pending OJEULive · v1.0.0

RAG Benchmarking

Article 15 requires declared accuracy and robustness. Benchmark the system; the metrics report comes out.

accuracy + robustness reportJSON
bashpip install rag-benchmarking
Art. 5 · in forceLive · v1.0.0

LitmusAI

Article 5 prohibits eight AI practices. Screen the system; a per-prohibition verdict comes out.

prohibited-practices verdictSARIF
bashpip install litmus-screener

Find your obligation

What are you deploying?

Pick one. We show the EU AI Act article that applies, when it bites, and the file it demands.

Art. 53In force

GPAI duties under Article 53 carry live enforcement today.

GPAI provider obligations

You must produce OSS + model licence report (JSON).

bashpip install license-compliance-checker
Generate now with License Compliance Checker

Maximum fine

Up to €15M or 3% global turnover

Art. 101(1) · Commission-imposed

The file

OSS + model licence report (JSON)

Not legal advice. Not a notified body. Tools produce evidence, not conformity assessment. Dates and fine bands cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689).

EU AI Act · enforcement

Four dates. One regulation.

  1. Feb 2025

    Bans + AI literacy apply

    Art. 4 & Art. 5 in force.

  2. Aug 2025

    GPAI duties apply

    Art. 53 documentation in force.

  3. 2 Aug 2026 · next

    GPAI fining powers attach

    Commission may fine up to €15M / 3%.

  4. Dec 2027 · pending OJEU

    High-risk systems comply

    Annex III, deferred by the Digital Omnibus.

Dates cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689). Deferred high-risk dates reflect the Digital Omnibus, adopted 29 Jun 2026, pending OJEU publication. Other jurisdictions' dates are tracked in our coverage register.

Beyond the tools

Where the tools end, judgment begins.

AiExponent ships the evidence, the file a regulator will accept. Deciding your risk posture, reading overlapping regimes, and building AI literacy across your teams is human work. When you want the strategy before you deploy, that is our advisory arm.

Explore advisory at AskAjay.ai ↗Tools stay free and open source. Advisory is a separate engagement under AI Exponent LLC.
  • Not sure where to start?

    A governance readiness review: what applies to you, and in what order.

  • Want the trends and frameworks first?

    Thought leadership and workshops on AI strategy, risk and responsible deployment.

  • Need hands-on help?

    Advisory engagements that take the evidence our tools produce the rest of the way.