Blog
AI compliance, unpacked.
Editorial analysis of the frameworks, vendors, and decisions shaping how companies govern AI. Written for compliance leaders, CISOs, and founders. Editorial commentary is not for sale.
AI Compliance Vendor Pricing in 2026: What 10 Vendors Actually Charge
Verified public pricing for 10 AI compliance and governance vendors. Real tiers, hidden costs, and where the bulk of the market still hides behind a sales call.
By ACV Editorial · May 18, 2026 · 9 min read
EU AI Act Deadline Extension Explained: The Digital Omnibus, Dec 2 2027, and Aug 2 2028
Brussels agreed on May 7 2026 to push the EU AI Act deadline extension for high-risk AI systems to Dec 2 2027 and Aug 2 2028. Here is what survived and what slipped.
May 17, 2026 · 13 min read
OneTrust vs Credo AI vs Fairly AI (Asenion) vs Saidot: Four-Way AI Governance Comparison
OneTrust vs Credo AI vs Fairly AI (now Asenion) vs Saidot — a verified head-to-head on funding, framework coverage, certifications, pricing, and ideal buyers.
May 17, 2026 · 11 min read
AI Compliance Tools for Insurers: Colorado SB 21-169, NAIC, NYDFS, and California
AI compliance tools for insurers must handle Colorado SB 21-169, the NAIC Model Bulletin in 24+ states, NYDFS Circular Letter No. 7, and California CDI guidance on utilization management.
May 17, 2026 · 12 min read
AI Compliance Tools for Healthcare: HIPAA, FDA PCCP, ONC HTI-1, and the MDR Overlap
AI compliance tools for healthcare must cover HIPAA Security Rule modernization, FDA PCCP for AI medical devices, ONC HTI-1 transparency, and the EU MDR/AI Act overlap.
May 17, 2026 · 12 min read
GDPR Article 22 vs EU AI Act: How Automated Decision Rules Overlap
GDPR Article 22 and the EU AI Act both regulate automated decisions. After the Schufa CJEU ruling, the overlap is sharper than ever. Here is what triggers each regime.
May 17, 2026 · 11 min read
ISO 42001 Certified Companies: The Living List of Verified Certifications
A verified, source-cited list of companies certified to ISO/IEC 42001:2023 — AWS, KPMG, Anthropic, Microsoft, Snowflake, ServiceNow, and more. Updated monthly.
May 17, 2026 · 9 min read
EU AI Act Article 50 Transparency Deadline: What Lives August 2 2026
Article 50 transparency obligations under the EU AI Act take effect August 2 2026. Chatbot disclosure, deepfake labels, public-interest AI text. Watermarking moves to Dec 2 2026.
May 17, 2026 · 10 min read
NYC Local Law 144: The Complete 2026 AEDT Bias Audit Guide
NYC Local Law 144 has been enforced since July 5 2023, and DCWP just adopted an enforcement-forward posture in 2026. Here is what AEDT users must actually do.
May 17, 2026 · 12 min read
ISO 42006 Explained: How Auditor Accreditation Works for ISO 42001
ISO/IEC 42006:2025 is the standard certification bodies must follow to audit and issue ISO 42001 certificates. Here is what it requires and which CBs are accredited.
May 17, 2026 · 11 min read
Free vs Paid AI Compliance Tools: When the Open-Source Stack Is Enough (2026 Framework)
Promptfoo, Giskard, Langfuse OSS, the NIST AI RMF Playbook, FairLearn, and the OWASP LLM Top 10 can form a credible AI compliance baseline for many teams. But five specific triggers — enterprise RFPs, EU AI Act high-risk classification, regulated industries, FRIA obligations, and board-level reporting — signal when open-source tools alone are no longer sufficient.
April 26, 2026 · 10 min read
GPAI Code of Practice: Who Signed, Who Didn't, and What It Means for Enterprise AI Buyers
The EU AI Office published the final General-Purpose AI Code of Practice on July 10, 2025. Google, OpenAI, Anthropic, Microsoft, Mistral, Cohere, Amazon, and IBM signed. Meta publicly refused. Here is what the three chapters require, what Article 56 means for non-signatories, and how procurement teams should respond.
April 26, 2026 · 8 min read
OSFI E-23 Final Guideline (2025): What Canadian Banks and Insurers Must Do Before May 2027
OSFI published the final E-23 Guideline on September 11, 2025. Effective May 1, 2027, it extends to all federally regulated financial institutions and all models — including third-party AI. This post covers what changed from the 2017 version, the AI/ML-specific obligations, the 18-month transition window, and a gap-assessment checklist for Canadian FRFIs.
April 26, 2026 · 10 min read
AI Impact Assessment Template: Free Download (NIST, ISO 42001, EU AI Act)
A free, ready-to-use AI Impact Assessment (AIIA) template mapped to NIST AI RMF, ISO/IEC 42001, EU AI Act Article 27, and the Colorado AI Act. Download the branded 13-page PDF and adapt it to your deployments.
April 24, 2026 · 11 min read
The Texas AI Act (TRAIGA): Complete Compliance Guide for January 1, 2026
Texas HB 149 takes effect January 1, 2026. This guide walks through prohibited practices, penalties up to $200,000 per violation, the 60-day cure period, NIST AI RMF safe harbor, and the 36-month sandbox — with every provision cited to primary source.
April 24, 2026 · 14 min read
EU AI Act GPAI Obligations Explained: What Foundation Model Providers Must Do
Articles 53 and 55 of the EU AI Act impose layered obligations on GPAI model providers. Here's what applies, to whom, and when enforcement kicks in.
April 22, 2026 · 12 min read
Colorado AI Act: What Insurers and Employers Need to Do Before June 2026
Colorado SB24-205 takes effect June 30, 2026. Here's what insurers and employers must do now on impact assessments, consumer notices, and AG enforcement.
April 22, 2026 · 11 min read
AI Audit Firms Compared: Big 4 vs Boutique Specialists in 2026
Compare Big 4 firms (Deloitte, EY, KPMG, PwC) and boutique AI audit specialists on scope, cost, credentials, and which fits your engagement. Independent.
April 22, 2026 · 13 min read
AI Bill of Materials (AIBOM): The Missing Layer in AI Supply Chain Security
An AIBOM inventories every model, dataset, and dependency in an AI system. How CycloneDX ML-BOM, SPDX 3.0, and EU AI Act requirements converge in practice.
April 22, 2026 · 12 min read
The AI Vendor Due Diligence Questionnaire (Free Template)
SIG and CAIQ weren't designed for AI. A 30-question DDQ template covering training data, model provenance, hallucination rates, prompt injection, and IP indemnification.
April 22, 2026 · 11 min read
AI Governance Platform Pricing: What to Expect in 2026
What AI governance platforms actually cost in 2026: pricing models, real published figures, build vs buy calculus, and ballpark ranges by organisation size.
April 22, 2026 · 11 min read
LLM Red Teaming Tools: Buyer's Guide for 2026
A practitioner's guide to LLM red teaming tools in 2026—covering OWASP LLM Top 10, automated vs manual testing, 7 evaluated vendors, and a 90-day pilot framework.
April 22, 2026 · 13 min read
Model Risk Management for Banks: Integrating SR 11-7 and OCC 2011-12 with AI Governance
SR 11-7 and OCC 2011-12 still govern model risk at banks—but ML and LLMs demand new validation. Here's what examiners expect from AI governance in 2026.
April 22, 2026 · 12 min read
The EU AI Act Compliance Checklist for 2026
A practical 20-item checklist covering risk classification, GPAI obligations, high-risk system requirements, conformity assessment, and fines under the EU AI Act.
April 22, 2026 · 11 min read
NIST AI RMF vs ISO/IEC 42001: Which Should You Adopt First?
NIST AI RMF is a flexible US risk framework; ISO 42001 is a certifiable international standard. Here's how they differ, overlap, and how to sequence both.
April 22, 2026 · 12 min read