AI Governance Updates

Federal agencies are using existing statutes to police AI conduct while state AGs and private plaintiffs fill the gaps. A new Morgan Lewis analysis identifies four high-exposure areas for 2026. Here is what small teams need to know.

A landmark 2026 settlement ruled AI training on copyrighted books is fair use — but training on pirated copies is not. The practical implication for small teams is that data provenance is now a legal risk control, not just a best practice.

Colorado SB 24-205 takes effect June 30, 2026. With under 90 days left, here is exactly what developers and deployers of high-risk AI must have in place — and what the AG's enforcement posture means for small teams.

This article delves into the media influence on AI governance, examining how media narratives shape public discourse and policy decisions. It highlights the implications for small teams and offers insights on navigating the evolving landscape of AI governance.

This article discusses responsible AI practices in cultural contexts, emphasizing the need for tech companies to recognize their role in preserving Mongolian culture. It highlights the importance of cultural sensitivity in AI governance to prevent online repression and promote ethical technology use.

The EU Digital Omnibus proposes pushing the high-risk AI compliance deadline to late 2027, but trilogue is live and the August 2026 deadline still stands until a deal is signed. Here is what small teams must do right now.

The White House and Senate are pushing to override state AI laws with a single federal framework. Until that happens, Colorado, California, Texas and a dozen other states remain live obligations. Here is how to stay compliant through the transition.

The SEC's FY2026 examination priorities embed AI oversight into every exam category, not just tech reviews. Financial services teams using AI in investment, compliance, or operations need documented governance today — before an examiner asks for it.

Choosing an AI developer tool without vendor security questions invites supply-chain surprises. Use these ten prompts — build hygiene, disclosure culture, telemetry, SBOM — before you standardise an AI developer tool across your team.

An AI vendor security incident on a tool you depend on is still your governance problem. This practical guide helps small teams assess scope, rotate credentials, update threat models, and document decisions — without waiting for confirmed harm.

Hidden AI features often ship behind feature flags — without clear notice. Here is what that means for policy, vendor contracts, and small-team governance, and how to close the documentation gap.

Anthropic's Claude Code source code was accidentally exposed via a .map file in their npm registry. Here's what the leak reveals and what small teams should learn about AI vendor security and governance.

How GDPR and CCPA apply when your team uses AI tools — what counts as personal data, when you need a DPA, and the practical steps to stay compliant without a legal team.

No AI team, no compliance officer — who owns AI governance? A practical RACI and role guide for small teams running AI without dedicated resources.

When your SaaS tools ship with AI features built in — Notion AI, Copilot, HubSpot AI, Zoom AI — your team is using AI whether you approved it or not. Here's how to govern it.

A practical template to inventory every AI tool your team uses — approved and shadow — with ownership, data handling, and review dates.

A practical onboarding template to get new hires using AI tools safely from day one — policy acknowledgment, approved tool list, and a 15-minute briefing guide.

This playbook provides essential guidance on AI governance for small teams, focusing on compliance, risk management, and responsible AI adoption. It outlines key strategies and frameworks to ensure effective governance.

Ship a credible AI policy baseline this week: what to document first, which templates to reuse, and the rollout sequence that works without a compliance team.

A fast procurement pass for AI vendors: the questions that matter, a simple risk score, and how to document evidence when the team has no procurement desk.

Run AI governance like a product ops loop: explicit rituals, lightweight artefacts, and decision rights so small teams keep pace without compliance theatre.

AI governance: a practical AI governance overview for small teams, with a policy baseline, concrete risk controls, and an execution-friendly weekly review loop.

AI governance: a practical AI governance overview for small teams, with a policy baseline, concrete risk controls, and an execution-friendly weekly review loop.

This playbook provides essential guidance on AI governance for small teams, focusing on compliance, risk management, and responsible AI adoption. Learn how to establish a strong AI governance framework.

This playbook provides essential guidance on AI governance for small teams, focusing on compliance, risk management, and responsible AI adoption. Learn how to navigate the complexities of AI governance effectively.

AI governance: a practical AI governance overview for small teams, with a policy baseline, concrete risk controls, and an execution-friendly weekly review loop.

A practical comparison framework for choosing AI monitoring, safety, and observability tools for small teams—criteria, trade-offs, and how to align with your governance baseline.

A step-by-step workflow to audit AI usage in your organisation—inventory, sampling, interviews, and follow-ups you can run without a compliance department.

A practical guide to building your first AI governance framework — without a compliance department. Covers the five components every small team needs.

This playbook provides essential guidance on AI governance for small teams, focusing on compliance, risk management, and responsible AI adoption. It outlines key strategies and considerations for effective governance.

AI Upgrades, Security Breaches, and Industry Shifts Define T are crucial topics for small teams navigating the complexities of AI governance. This playbook provides insights into effective strategies and risk management.

A practical guide for small teams on when you become a “modifier” under the EU AI Act, how to classify AI systems, and what controls to add without slowing delivery.

Learn how AI governance for small teams can navigate the EU AI Act's requirements, ensuring compliance and responsible AI adoption in staffing businesses.

What whistleblowing means under the EU AI Act for small teams, and how to set up a practical reporting + incident loop without a compliance department.

A step-by-step guide to running your first AI risk assessment — without a risk team. Covers use-case mapping, likelihood scoring, and key controls.

Shadow AI is the use of unauthorized AI tools inside your company. Learn what it is, why it happens, and six practical steps to prevent it.

A ready-to-use AI acceptable use policy for small teams. Covers approved tools, data rules, prohibited uses, and enforcement — one page, plain English.

What to do when an AI tool causes a data leak, ships a bad output, or gets misused. A step-by-step response playbook sized for teams without a security team.

A practical checklist for evaluating AI vendors before you sign: data handling, security, compliance, and exit clauses — in under 30 minutes.

A practical checklist covering inventory, policy, vendors, and review cadence — built for teams without a dedicated compliance department.