AI governance, as code
Governance for every jurisdiction. Starting with the EU.
AI regulation is arriving region by region. AiExponent generates the evidence each regime demands, and because the obligations overlap, you produce it once and map it everywhere. We begin with the most mature regime, the EU AI Act.
Not legal advice. Not a notified body. Tools produce evidence, not conformity assessment.
Coverage
The global picture
Every region is writing its own AI law.
We ship evidence where the law is enforceable today — the EU — and follow the wave outward, region by region, as each regime matures.
Regulation (EU) 2024/1689 (AI Act)
Interim Measures for the Management of Generative AI Services (2023) + Measures for Labeling of AI-Generated Synthetic Content (2025)
No federal AI statute; NIST AI RMF 1.0 (voluntary) + state patchwork (Texas TRAIGA HB 149; Colorado SB 24-205 repealed)
National AI strategies + ethics charters (non-binding); a DIFC free-zone data regulation binding within the DIFC free zone only
MeitY India AI Governance Guidelines (2025, non-binding) + Digital Personal Data Protection Act 2023 (data protection, not AI-specific)
Proposed Mandatory Guardrails for AI in High-Risk Settings (2024 proposals paper) — not adopted
Position = law maturity, badge = our coverage. Tracked against a citation-grade register, re-verified monthly. Not legal advice.
Live today · the EU toolchain
Four tools. One artefact per article.
Free · Apache 2.0 · zero telemetry
License Compliance Checker
Article 53 requires model documentation. Scan the repo; the licence and training-data report comes out.
bashpip install license-compliance-checkerRiskForge
Article 9 requires a documented risk management system. 37 guided questions produce the file, no consultants, ~30 minutes.
bashpip install riskforgeRAG Benchmarking
Article 15 requires declared accuracy and robustness. Benchmark the system; the metrics report comes out.
bashpip install rag-benchmarkingFind your obligation
What are you deploying?
Pick one. We show the EU AI Act article that applies, when it bites, and the file it demands.
GPAI duties under Article 53 carry live enforcement today.
GPAI provider obligations
You must produce OSS + model licence report (JSON).
bashpip install license-compliance-checkerMaximum fine
Up to €15M or 3% global turnover
Art. 101(1) · Commission-imposed
The file
OSS + model licence report (JSON)
Not legal advice. Not a notified body. Tools produce evidence, not conformity assessment. Dates and fine bands cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689).
EU AI Act · enforcement
Four dates. One regulation.
Feb 2025
Bans + AI literacy apply
Art. 4 & Art. 5 in force.
Aug 2025
GPAI duties apply
Art. 53 documentation in force.
2 Aug 2026 · next
GPAI fining powers attach
Commission may fine up to €15M / 3%.
Dec 2027 · pending OJEU
High-risk systems comply
Annex III, deferred by the Digital Omnibus.
Dates cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689). Deferred high-risk dates reflect the Digital Omnibus, adopted 29 Jun 2026, pending OJEU publication. Other jurisdictions' dates are tracked in our coverage register.
Beyond the tools
Where the tools end, judgment begins.
AiExponent ships the evidence, the file a regulator will accept. Deciding your risk posture, reading overlapping regimes, and building AI literacy across your teams is human work. When you want the strategy before you deploy, that is our advisory arm.
Not sure where to start?
A governance readiness review: what applies to you, and in what order.
Want the trends and frameworks first?
Thought leadership and workshops on AI strategy, risk and responsible deployment.
Need hands-on help?
Advisory engagements that take the evidence our tools produce the rest of the way.